Am 21.03.2014 01:00, schrieb Lennart Poettering:
On Thu, 20.03.14 13:44, Stephen John Smoogen (smooge(a)gmail.com)
wrote:
>> Well, all mails servers as well as sshd have much better ways to do
>> such filtering. sshd has "Match", Postfix for example has
>> "smtpd_client_restrictions=", and so on.
>>
> And now I need to have X number applications special syntax to
> whitelist/blacklist a site. I need to change X files to make that change.
> Each of those could be a separate change control process depending on the
> size of the organization. Or I have 1 file that I can make a change to
> which has usually one syntax and one set of reviews.
Well, if you filter in postfix or ssh, then you have a domain-specific,
powerful language there. You can not only match on source addresses, but
also on user names, groups, authentication methods, connection features
SASL schemes, crypto algorithms
what has this to do with "I have 1 file that I can make a change to
which has usually one syntax and one set of reviews"?