Menu
▾
▴
Re: [Shorewall-devel] Shorewall and IPV6
|
From: Louis L. <lo...@la...> - 2005-01-08 21:02:50
|
On Thu, 2005-01-06 at 14:13 -0800, Tom Eastep wrote: > > I'm afraid I don't like the ";" here because it's usually a separator f= or > > a list of things. What about "@"? Like > >=20 > > ACCEPT loc@192.168.0.1 net tcp 3133 > >=20 > > I'd prefer it. > > >=20 > Given the current syntax, there are cases where we need to know where > the END of the address or address-list is. How about if we require IPV6 > addresses appearing in ":"-separated constructs to be enclosed in [..] > or <..>? >=20 > ACCEPT loc:<::ffff:206.124.146.177> net tcp 25 >=20 Looks good to me: please note that those !@#$% V6 addresses are so long that one normally will want to use some kind of variable so there is no need to type the address a number of times. In actual fact I was wondering whether we need some support for the structure in addresses to make things manageble (e.g. prefix a.b.c.d/48, local network part/16 and address/64). This would allow for easy change of prefix (or having more then one prefix), while the local network part could easily map to zones etc. kind regards, Louis =20 --=20 Louis Lagendijk <lo...@la...> |
