-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 24 August 2005 16:07, /dev/rob0 wrote: > On Wednesday 2005-August-24 13:14, Thomas Jones wrote: > > Abstract: > > I readily admit that this is not a good day for me. I am not operating > at full capacity, so to speak. But I have to say that this post made no > sense at all to me. Is it just me? Did anyone else understand it? If > so, can you explain it? > > > I once saw an online automated generator of scholarly papers. It was > hilarious! It used language just like this. Hehehe. Ok...lets make it simple for you. Various security documentation is composed using a custom XML markup language. Depending on the content, modules are included or excluded. Given that these document instances are security in nature they can be secured by a digital signature, encryption, or both. > > Okay, I think I see a little substance here. The poster wants something > which lists every possible valid netfilter rule. Right? Seemingly, you are the the person to do this feat? Realistically, I don't expect you or anybody else to have knowledge of all the rules. I have already developed the basic structure of the DTD. I just want to do some QA on various rulesets that I have not applied it to. > > Unfortunately, the list of valid rules is almost infinite. And what's > valid may vary in context: what's available in the kernel, other rules > in the chain, et c. "iptables I OUTPUT -j LOG" is a valid rule (rather > unfortunate if the local syslogd is logging to a remote syslog server, > as each packet generates another one ad infinitum), but only valid if > the LOG target is available. > The scenario you describe is what is called a conditional statement. Pretty self-explanatory with regards to an XML DTD(or many other disciplines for that reason). > > It's not even possible. > This statement is rather benign. Going back to your conditional statement scenario; the DTD is constructed like that of a programming language. It can be developed by means of pseudo-functions. An element may contain another, so on so forth. This is surely within the intended scope and capability. > > Perhaps the purpose and intent of the SDI Firewall Rule Subset project > should be reevaluated. Because you do no not fully understand does not make it wrong. How do you know what I don't know? You are not me. - ---Zhuang Zi - The Warring States Period Cheers, Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDDPPHoR5cE1e/kEIRAkM0AJ9KGwqKuzMCJjsm8oQ3RXHK43MVJgCfaqR7 nuf6UbusppcBeD62jfqcmVY= =qsSS -----END PGP SIGNATURE-----
