From: Brian B. <bbu...@qu...> - 2004-06-14 17:32:54
|
James Matheson wrote: >> >>There should be method to give priority at which generated policies >> >>should be inserted. >> >>Shoud we use separate directive "priority xxxxx" or "prio xxxx" in >>{generate|accept}_policy, or allow both? >> >> > >Adding a priority xxxxx option to the {generate|accept}_policy syntax >seems fine. Do we allow lists of policies and if so does each policy have >the same priority or does each have a separate priority? Perhaps clearest >if each {generate|accept}_policy has at most one "priority xxxxx" >statement but we allow multiple instances of {generate|accept}_policy ? > I think that if lists of policies are supported, they should either all share the same priority or inherit the last specified priority, allowing for the priority to be optionally changed as you go further in the list. However, I agree that this would probably add too much complexity to the config file and the meaning would not be readily apparent from reading the config file without reading the man page. So unless there is a case in which this flexibility is definitely needed, I'd vote for a single priority statement per {generate|accept}_policy and allow multiple instances of {generate|accept}_policy. Although this leads to more verbosity in the config file, it is probably more understandable and easier to read without having to always refer back to the man page. Brian |