Re: [Leaf-devel] First crack at the XML LRP config

Sat, 3 Feb 2001 16:56:33 -0500 (EST) 

Ly:
        Going to take a stab myself here...

<RULE>
  <CHAIN>input</CHAIN>
  <ACTION>policy=deny</ACTION>
</RULE>
<RULE>
  <CHAIN>input</CHAIN>
  <ACTION>flush</ACTION>
</RULE>
<RULE>
  <CHAIN>input</CHAIN>
  <ACTION>ADD
    <INT>external</INT>
    <SOURCE_IP>anywhere</SOURCE_IP>
    <SOURCE_MASK>0</SOURCE_MASK>
    <DEST_IP>255.255.255.255</DEST_IP>
    <DEST_MASK>32</DEST_MASK>
    <PROTOCOL>tcp</PROTOCOL>
    <LOGGING>no</LOGGING>
    <FLAGS>syn</FLAGS>
    <POLICY>deny</POLICY>
  </ACTION>
</RULE>

        A starting point?

-Scott

On Fri, 2 Feb 2001, Anh (Ly) Vuong wrote:

> Greetings,
> 
> I am just typing as go here, and hope to stimulate more thoughts in
> definning an XML LRP config. I have not dare to start the firewall rules
> just yet, any thoughts on this topic?
> 
> Cheers,
> Ly
> ---
> <?xml version="1.0" standalone="yes"?>
> <LEAF>
>    <KERNEL>
>       <VERSION>2.2.16</VERSION>
>       <FEATURES>
>          <IP FWDING="YES" ALWAYS_DEFRAG="YES"/>
>       </FEATURES>
>    </KERNEL>
>    <INTERFACES REDIRECT_ICMP="YES">
>       <INTERFACE START_ON_BOOT="YES" BRIDGE="NO" PROXY_ARP="YES">
>          <ID>eth0</ID>
>          <ALIAS>dmz</ALIAS>
>          <TYPE>ethernet</TYPE>
>          <IP SPOOF="YES" LOG_MARTIANS="NO">
>             <ADDRESS>198.162.1.1</ADDRESS>
>             <MASK_LENGTH>24</MASK_LENGTH>
>             <BROADCAST>198.162.1.0</BROADCAST>
>             <GATEWAY>198.162.10.1</GATEWAY>
>          </IP>
>       </INTERFACE>
>       <INTERFACE START_ON_BOOT="YES" BRIDGE="NO" PROXY_ARP="YES">
>          <ID>eth1</ID>
>          <ALIAS>private</ALIAS>
>          <TYPE>ethernet</TYPE>
>          <IP SPOOF="YES" LOG_MARTIANS="NO">
>             <ADDRESS>198.162.2.1</ADDRESS>
>             <MASK_LENGTH>24</MASK_LENGTH>
>             <BROADCAST>198.162.2.0</BROADCAST>
>             <GATEWAY>198.162.1.1</GATEWAY>
>          </IP>
>       </INTERFACE>
>    </INTERFACES>
>    <DNS>
>       <DOMAINS>
>          <DOMAIN>config.lrp.net</DOMAIN>
>          <DOMAIN>another.com</DOMAIN>
>       </DOMAINS>
>       <SERVERS>
>          <SERVER>dns.another.com</SERVER>
>          <SERVER>198.162.10.1</SERVER>
>       </SERVERS>
>    </DNS>
> </LEAF>
> -- 
> "If you find yourself digging a deeper and deeper hole... stop digging."
> - Anonymous
> 
> _______________________________________________
> Leaf-devel mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/leaf-devel
> 


_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel

Reply via email to