Menu
▾
▴
Re: [Shorewall-devel] Shorewall and IPV6
|
From: Tom E. <te...@sh...> - 2005-01-06 22:13:02
|
Simon Matter wrote: >>On Thu, 2005-01-06 at 14:45 -0200, Eduardo Ferreira wrote: >> >>>Tom wrote on 06/01/2005 14:31:06: >>> >>> >>>>On Thu, 2005-01-06 at 07:58 -0800, Tom Eastep wrote: >>>> >>>>>On Thu, 2005-01-06 at 19:11 +1000, Paul Gear wrote: >>>>> >>>>> >>>>I shouldn't try to do design before my first morning coffee. Using >>> >>>"/" >>> >>>>is awkward because it appears in CIDR notation. But another >>> >>>separator, >>> >>>>such as ";" would work. >>>> >>>>-Tom >>> >>>Could I humbly suggest using "=" as the separator? I think a rule >>>like >>> >>>ACCEPT loc=192.168.0.1 net tcp 3133 >>> >>>is better to read then >>> >>>ACCEPT loc;192.168.0.1 net tcp 3133 >>> >>>is it not? >> >>Actually, I prefer ";". In Shorewall, "=" has its usual Shell meaning >>(assignment). > > > I'm afraid I don't like the ";" here because it's usually a separator for > a list of things. What about "@"? Like > > ACCEPT loc@192.168.0.1 net tcp 3133 > > I'd prefer it. > Given the current syntax, there are cases where we need to know where the END of the address or address-list is. How about if we require IPV6 addresses appearing in ":"-separated constructs to be enclosed in [..] or <..>? ACCEPT loc:<::ffff:206.124.146.177> net tcp 25 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key |
