On Sun, 2011-10-02 at 13:03 +0100, Ed W wrote: > > What I have done for RC 1 is eliminate the need for the columnar format. > > Here is an example of a blacklist file: > > > > ;proto=udp port=1024:1033,1434,5948,23773 > > ;networks=221.192.199.48 > > Sure - I'm just highlighting that the above is already an abitrary > "markup" and you might want to consider if it's optimal before > committing to it... If it is, then no complaints here...
I think that 'optimal' is likely to be hard to define but will rather be
in the eye of the beholder.
>
> Consider two other interesting alternatives (not claiming either is
> *better*, just alternatives)
>
> Perl style:
> proto=>udp, port=>1024:1033,1434,5948,23773
> networks=>221.192.199.48
It's trivial to support that notion in addition to what I have currently
implemented. I notice that you used a comma after the first pair and
below you mention the possibility of adding a comma separator. That's
okay so long as we require that the comma be followed by whitespace.
Otherwise, the syntax is ambiguous in as much as comma is used
frequently as a separator in column values.
>
> or
>
> "web" style
> {proto:"udp" port:"1024:1033,1434,5948,23773"},
> {networks:"221.192.199.48"},
>
I assume that the curly braces denote column/value pairs and that the
semicolon is unnecessary in this syntax.
> Both have pros and conns. Just highlighting some existing ideas really?
> Perl style feels natural to me
>
> With regards to your current key=value markup, a couple of things occur
> to me that might be nice to decide on while it's new:
>
> 1) You are using whitespace as the break between value and the next key.
> Some people will assume that a comma is necessary (comma separated
> values being probably at least as common, possibly more common). Do we care?
Noted above.
>
> 2) I don't know if there are currently any values which might contain
> spaces, however, it seems something that may happen in the future. I
> couldn't quickly see whether the current config file allows something
> like key="value with spaces", but is that something you might want to allow?
There are no instances of that and never will be. There really isn't a
lexical analyzer in the compiler; it rather simply uses "split(' ',
$line)" to isolate the individual columns. That precludes embedded
whitespace in column values.
>
>
> Look, don't misundertand. All I'm saying is that personally I see
> little difference between
> ;key=value key2=value
> or
> ;key="value", key2=value
> or
> ;key=>value, key2=value
> or
> {key:value, key2:value}
>
> ...By all means pick your favourite. All I'm asking is if you looked at
> all the options? They all seem fairly similar to my eye...
>
They are. And now, all are supported and in combination. The following
is equivalent to the file that I posted earlier.
{ proto:udp, port=1024:1033,1434,5948,23773 }
{ proto=tcp
port=>"57,1433,1434,2401,2745,3127,3306,3410,4899,5554,5948,6101,8081,9898,23773"
}
;networks=>221.192.199.48
; networks=61.158.162.9
; networks=81.21.54.100\
proto=tcp\
port=25
; networks=84.108.168.139
; networks=200.55.184.18
; networks=1.2.3.4, options:dst
>
> Note, I think the current column format is quite nice (I haven't tried,
> but I bet it's quite easy to edit using OpenOffice/Excel?).
Yes -- I've tried that. Excel can export a space-separated format but
OpenOffice cannot (unless I'm missing something).
> Is it possible to produce a VIM syntax that makes the config files easier to
> edit? (Not a vim expert, but it would seem that such a thing could
> largely eliminate editing issues?)
Don't know -- I prefer emacs.
I hope that this topic can now be put to bed once and for all.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
