> I vision a nested tree of matches (acl) and operators > (allow/deny/refresh_pattern/outgoing_ip/tos/no-cache/ignore-xxx/deny_info/logmessage/peergroup/...). > > But it requires a different parser which is not single line oriented as > you can not express a tree on a single line in a meaningful manner.. > > > request_access { > if [!]acls.. { > if [!]acls.. { > ... > } > ... > accept > } > deny > }
YES please.. I'm quite familiar with the JunOS ACL format and it resembes this pretty closely, it's very flexible.. -- /kinkie