[bind10-dev] ACL Syntax proposal
JINMEI Tatuya / 神明達哉
jinmei at isc.org
Mon Jun 6 18:10:38 UTC 2011
At Mon, 6 Jun 2011 10:51:18 +0200,
Michal 'vorner' Vaner <michal.vaner at nic.cz> wrote:
> So, if we turn the original proposal inside out a little bit, something like
> this (for example, the exact serialisation isn't that important, but I need to
> show it somehow)?
It seems it's quite close to what most operators would expect, so I
think it's reasonable to consider it our primary goal to implement for
the next snapshot release.
Some minor comments
>
> [
> {
> "mode": "accept",
> "ip": "192.168.0.0/16"
I suspect "ip" should actually (better) be "source-address" (or
perhaps "destination-address").
I also think we should try to begin with something primitive and be
careful not to try to include richer functionality from the
beginning. Those include:
> "other_list",
importing other rules (I assume this notation means that) or
> {
> "mode": "accept",
> "any-of": [
more complicated conditions like this.
> {
> "ip": "1.2.3.4",
> "tsig": "key"
> },
> {
> "ip": "5.6.7.8",
> "tsig": "another_key"
> }
> ]
> }
> "reject"
> ]
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
More information about the bind10-dev
mailing list