|
||||||||||
X-Post to m0n0wall-dev list. IMHO, we should discuss this only there. Am Dienstag, den 20.09.2005, 22:22 -0400 schrieb Kris Maglione: > Actually, my idea was to add a field to each rule saying what it depends > on. If the dependency can't be found, the rule is void, and should be > deleted. > > i.e. a firewall rule would have <depend component="NAT" ruleid="<some > hash>" /> And an interface definition has an entry like: <depend component="filter" ruleid="<some hash>" <depend component="NAT" ruleid="<some hash>" No, I don't think that this is a passable way to go. From what the current design is, I would prefer an extra datastructure. Call it dependency tree. It's a container, where you can fill in fields, if you add a rule and it can be be checked, if a rule is to be deleted. The structure should be a sorted tree for better searching, what kind of tree is a discussion for its own. There may be other solutions to this, if we switch to an OO design, but this is a place other people do know more about than I. > This is obviously not something for the 1.2beta line. Totally agree about this. But it's a good point to consider for 1.3. Ciao ... ... PIT ... --------------------------------------------------------------------------- copyleft(c) by | This code passes Torvalds test grades 0, 1 and Peter Allgeyer | _-_ 2 (it looks ok, it compiles and it booted). | 0(o_o)0 -- Alan Cox ---------------oOO--(_)--OOo----------------------------------------------- |