On Sun, 2011-09-25 at 01:20 -0700, Christ Schlacta wrote: > I was reading through the config files, and noticed that many of them > would be well suited by being replaced or supplemented with an > (optionally optional) shiny new XML format that would allow the user to > specify only the needed attributes and not have to fill in -s where not > needed. Would prevent such mishaps as 1-too-many or 1-too-few -s > resulting in entries being placed in the column, and as I understand it > perl already has simple to use XML tools. Complicated files may end > up longer in some cases, but overall specification of rules would be.. > simpler to write and understand, if a bit more verbose. Examples: > > <rule> > <action>DNAT</action> > <source>net</source> > <dest>loc:10.0.0.1</dest> > <proto>tcp</proto> > <port>80</port> > <mark>88</mark> <!-- this is the line that makes it simpler --> > </rule> > <!-- also, reading this in a console is a lot more intuitive when you > come back > 6 months later than an ass-ton of columns with no header information > (because > it's three page-ups away, not because it's deleted, obviously -->
I agree that the rules file, in particular, is outgrowing the columnar format but I am reluctant to accept that XML is the answer. I worry that if the ruleset is represented in XML, you won't be able to see the forest for all of the trees. I'll think about it, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
