[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "would-be-nice-to-have" feature of the parser in pfctl



I have something similar in the way dfd_keeper expands variables.
Basically it will expand a python variable to a macro if it contains
one value (that is, if the python variable is a string or singleton
list/tuple), and a list if it contains more than one (that is, if it
is a list/tuple of length two or greater).
If you reference a variable that doesn't have a value, it throws and
exception which inhibits feeding that rule to pfctl, so rules that
refer to empty values don't get rendered.
If you wish to take advantage of this, you can model your script after
static_example.py --- it is not necessary to use the whole twisted
run-time event loop if you just want a static config file.
For the code, see the URL in my sig and look for "Dynamic Firewall Daemon".
--
http://www.lightconsulting.com/~travis/  -><-
"We already have enough fast, insecure systems." -- Schneier & Ferguson
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B