On Sun, 25 Sep 2011 08:49:47 -0700 Tom Eastep <teas...@shorewall.net> wrote:
> On Sun, 2011-09-25 at 01:20 -0700, Christ Schlacta wrote: > > I was reading through the config files, and noticed that many of > > them would be well suited by being replaced or supplemented with an > > (optionally optional) shiny new XML format that would allow the > > user to specify only the needed attributes and not have to fill in > > -s where not needed. Would prevent such mishaps as 1-too-many or > > 1-too-few -s resulting in entries being placed in the column, and > > as I understand it perl already has simple to use XML tools. > > Complicated files may end up longer in some cases, but overall > > specification of rules would be.. simpler to write and understand, > > if a bit more verbose. Examples: > > > > <rule> > > <action>DNAT</action> > > <source>net</source> > > <dest>loc:10.0.0.1</dest> > > <proto>tcp</proto> > > <port>80</port> > > <mark>88</mark> <!-- this is the line that makes it simpler --> > > </rule> > > <!-- also, reading this in a console is a lot more intuitive when > > you come back > > 6 months later than an ass-ton of columns with no header > > information (because > > it's three page-ups away, not because it's deleted, obviously --> > > I agree that the rules file, in particular, is outgrowing the columnar > format but I am reluctant to accept that XML is the answer. I worry > that if the ruleset is represented in XML, you won't be able to see > the forest for all of the trees. > > I'll think about it, > -Tom No, don't think about it. No offense intended to anyone, but it's a bad idea. XML files lend themselves to editing via graphical user interface and machine processing, but not rapid human separation of signal from noise and manual editing. There are numerous ways to work around the issue of heading visibility, using two vertically-tiled views of the file being the most obvious (as provided by any split-screen editor or screen-like application). If the file (or files) are going to XML format (no thank you), then provide a curses-based editing interface that looks like a spreadsheet and scrolls while maintaining visibility of the headers, while hiding the XML tags. My two cents.
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
