> I was thinking about that as well, and it would indeed be easier. > > How about this: > > ACCEPT <src> <dst> ; MATCH -m <match 1> -m <match 2> ... > > The preprocessor already looks for ';' and the MATCH keyword would > trigger the new interpretation of the text that follows. > Yep, I agree, though the 'MATCH' word may not be present at all, so the trigger, if you like, could be the 'INLINE' keyword, i.e.:
INLINE <src> <dst> ; ... (see my next comment). > I would prefer to keep the rule target (the '-j ...' part) in the ACTION > column if possible. > Nope, that would prevent me from using custom-made targets (something like '-j SECCTX --name <name>' for example). ------------------------------------------------------------------------------ Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html _______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
