BIND 10 #2066: general description on ACL in bind10 guide
BIND 10 Development
do-not-reply at isc.org
Tue Aug 14 09:14:37 UTC 2012
#2066: general description on ACL in bind10 guide
-------------------------------------+-------------------------------------
Reporter: | Owner: UnAssigned
jinmei | Status: reviewing
Type: | Milestone:
defect | Sprint-20120821
Priority: | Resolution:
medium | Sensitive: 0
Component: | Sub-Project: Core
documentation | Estimated Difficulty: 4
Keywords: | Total Hours: 0
Defect Severity: N/A |
Feature Depending on Ticket: |
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Changes (by vorner):
* owner: vorner => UnAssigned
Comment:
Hello
Sorry, it seems the packing took longer than I thought, so I'm not going
to edit the code now, just a quick answer.
Replying to [comment:9 jinmei]:
> I made a couple of minor editorial fixes.
Thanks for pointing out the missing quotes, but I think this is wrong ‒
the semicolon is part of the html entity, so it must be >", not >";
> > However, I noticed other thing. It rejected the example with a new
error,
> > complaining that something is not a string and I found out it doesn't
like the
> > syntax with listing multiple possible values in a list. I believe that
thing is
> > a bug and possibly easy to fix (I guess there's false returned from
somewhere
> > instead of true in the definition of the IP check). OK to fix it, or
should we
> > just scratch the part about the lists?
>
> I don't know specifically which case you are referring to, but based
> on the lack of time my suggestion is to defer the fix to a separate
> ticket, and either
> - keep the doc but add a note that it currently doesn't work,
> referring to the corresponding bug-fix ticket number.
Good idea.
It is complaining about:
{{{
{"action": "ACCEPT", "ip": ["192.0.2.1", "2001:/16"]}
}}}
That should mean „if it is from one of those IP addresses, accept it“. But
it tries to interpret the whole list as a string.
> > Yes. But I believe this should go to a separate ticket.
>
> Then please open one.
OK, just going to.
> > I think I made this note irrelevant in one of the commits. The specs
> > were missing default values for the items, which was wrong, so I
> > fixed that instead of returning the note. Also, when #2184
> > (currently in review) is merged, the ACLs will act mostly sanely (so
> > you will be able to do config add followed by config set action and
> > config set address).
>
> If you confirmed the examples actually work, I'm okay with this.
If I remove the lists (see above), they do.
> A couple of other points:
Sorry. Can someone else take it over, please? (I'm going to ask on jabber)
--
Ticket URL: <http://bind10.isc.org/ticket/2066#comment:11>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list