On Tue, 30 Mar 2004 11:18:51 +0200 John Williams Floroiu <floroiu@fokus.fraunhofer.de> wrote: > Brian and me were discussing offline about the issue of structuring > the policies in a better way than a list, so that some kind of > automation in dealing with them would be possible. > > The basic question that we tried to find an answer to was what should > be done if more a datagram matches more policies and more specifically > how the "best" policy in the SPD rather the first policy in the SPD > list could be determined. Like for firewalling, people want an ordered list. When adding/deleting policies, order can be imposed using priorities, but other than that 'first match in list' is the thing to do. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
