> If that is so, why not add a couple of shorewall.conf variables (you > can call then HELPER_*_ENABLE for example) to set/reset these checks, > instead of assuming that they all exists (your %helpers_enable" array > members are all enabled by default)? Failing that, and also assuming that the capabilities file is all-or-nothing, then you could alter the implementation which checks this file and import only what is specified (and ask shorewall to check the rest).
That way, I could create a partial capabilities file with the relevant helper lines disabled and in such a case shorewall will have to "fill-in" the gaps by performing the extra checks. Would that be better? ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
