The 1.2 firewall contains messy logic to support the old sample configurations in that any rule that contains "none" in any of its columns is ignored. I''m considering removing that messiness in 1.3 and seek the opinion of the list. Thanks, -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
I think it is always a good idea to try to clarify the code, especially in a security tool like yours, even in the sake of backward compatibility. When one is involved in installing and maintaining his/her firewall, one has to expect that with each new version a careful revision of predefined rules has to be made. So I say "yeah" to removing any code that will make Shorewall less clear. Regards, Pascal PS: Thanks for your continued commitment in enhancing and supporting an already beautiful tool. On Wed, 2002-05-15 at 10:37, Tom Eastep wrote:> The 1.2 firewall contains messy logic to support the old sample > configurations in that any rule that contains "none" in any of its columns > is ignored. > > I''m considering removing that messiness in 1.3 and seek the opinion of the > list. > > Thanks, > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > > _______________________________________________ > Shorewall-devel mailing list > Shorewall-devel@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-devel
Tom Eastep wrote:> The 1.2 firewall contains messy logic to support the old sample > configurations in that any rule that contains "none" in any of its columns > is ignored. > > I''m considering removing that messiness in 1.3 and seek the opinion of the > list.Sounds fine to me, too. I''ve never used it. I can''t think why i would want to put in a special value in the column to get the rule to be ignored when i could just comment out the line instead... Paul http://paulgear.webhop.net
On Thu, 16 May 2002, Paul Gear wrote:> > Sounds fine to me, too. I''ve never used it. I can''t think why i would want > to put in a special value in the column to get the rule to be ignored when i > could just comment out the line instead... >It will also have the nice side effect of rooting out the last users of the parameterized samples. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Tom Eastep wrote:> On Thu, 16 May 2002, Paul Gear wrote: > > > > > Sounds fine to me, too. I''ve never used it. I can''t think why i would want > > to put in a special value in the column to get the rule to be ignored when i > > could just comment out the line instead... > > > > It will also have the nice side effect of rooting out the last users of > the parameterized samples.Bring it on, and don''t hold back! :-) Paul http://paulgear.webhop.net