Do we wish to handle file tables specially, like this?
   class table_base(variable):
       def __str__(self):
           return "<" + variable.render(self) + ">"
       def render(self):
           return "table <" + variable.render(self) + ">"

   class file_table(table_base):
       def __init__(self, name, filename, persist=False, const=False):
           self.filename = filename
           self.persist = persist
           self.const = const
           return variable.__init__(self, name)
       def render(self, name):
           # NOTE: This is the other way to do it.  See previous NOTE.
           return table_base.render(self) + " " + \
                  " ".join((x for x in ("persist", "const") if getattr(self, x),
                           "file", repr(self.filename))

   class table(table_base, pf.list):
       def __init__(self, name, *args, persist=False, const=False):
           self.persist = persist
           self.const = const
           return pf.list.__init__(self, name, *args)
       def render(self):
           modifiers = (x for x in ("persist", "const") if getattr(self, x))
           if len(self) != 0:
               modifiers.extend(("{", str(x) for x in self, "}"))
           return " ".join((table_base.render(self), modifiers))

# Printing doc strings:

# TODO: Check pydoc program and modules for applicability.
import TextWrapper
# Get rid of leading spaces.
doc_string = whatever.__doc__
# Expand tabs.  Important to do before dedenting.
expanded = doc_string.expandtabs()
# Dedent.
dedented = TextWrapper.dedent(expanded)
# Split into paragraphs.
paragraphs = dedented.split("\n\n")
# Create a TextWrapper instance.
tw = TextWrapper()
# Fill and wrap the paragraphs.
paragraphs = map(tw.fill, paragraphs)
# Join the paragraphs together.
return "\n".join(paragraphs)

# Use a generator to iterate over every rule in every section.
class pf:
   class pf:
       def render(self):
           for s in self:
               yield s.render()
   class rule_container(whatever):
       def render(self):
           for r in self:
               yield r.render()

  check return codes of pfctl for errors
  make allowances for a minimal backup ruleset
  make live CD showing off example dfd_keeper scripts and showing cool web stats
     show top 100 probed ports
     show graphs of usage (bandwidth)
     show pie charts for queue usage
     show pie charts to show what rules match most
  make sample logwatching scripts
  make sample sniffer
     implement SPA (portknocking)
     implement automagic p2p
     implement shunning
* The ability to notify an administrator of the current block list (and/or "repeat offenders") so that s/he can notify administrators by phone or e-mail;
* The ability to mail or page an administrator when an attack is detected from a host on the "do not block" list (or under other conditions);
* The ability to gather statistics (such as the number of hits received from a particular Web address or subnet per hour) and automatically notice anomalies;
* The ability to place the log monitor on a separate machine, so as to preserve both copies of logs and information about attacks or malfunctions in the event of catastrophic system failure or tampering; and
* The ability to view a display and/or reports detailing the log monitor's actions.
    * Compatibility with the "legacy" logging facilities and facility/severity codes of current UNIX implementations;
    * The ability to apply pre-written message parsing templates to messages (akin to the "distillation" process used by Lire [25] but performed in real time) so that rules can refer to message field by name;
    * The ability to identify and report messages which were not parsed (possibly indicating an obsolete template and/or a software problem);
    * The ability to access all information associated with a log message and the process that generated it -- including the identity of the program, effective user and group ids, facility and severity codes, point of origin (if not on the local system), etc.;
    * Accumulation of statistics (e.g. number of e-mail messages received from a specific user or IP address) for use in rules;
    * The ability to correlate log messages and statistics produced by different applications, e.g. a POP server and an SMTP server;
    * The ability to generate one or more periodically refreshed displays (e.g. bar graphs) based on log statistics;
    * The ability to query external databases such as DNS blacklists;
    * The ability to maintain, save, and restore internal databases (e.g. of blocked hosts and times at which they were blocked) and report their contents at runtime;
    * The ability to "fire" rules at specific times or intervals as well as in response to messages;
    * The ability to send log messages to, and accept them on or from, arbitrary UDP or TCP ports;
    * The ability to log to another machine via an encrypted connection (e.g. through SSH or SSL);
    * Stronger authentication than that implemented in current versions of syslogd (most of which use source IP address and port number);
    * Flexible notification facilities, including the ability to send notices via e-mail, pager, IRC, and instant messaging systems;
    * The ability to issue commands to firewalls, routers, bridges, managed hubs, and remote power controllers; and
    * The ability to allow or deny users access to facilities (e.g. by changing group memberships, changing a user's login shell to /etc/nologin, or removing and restoring passwords).

when substitute fails, be cmore clear about what key is failing to be found