Ceri Davies wrote: > On Wed, Sep 24, 2008 at 12:14:33PM +0200, Darren Reed wrote: >> I am submitting this case on behalf of Tony Nguyen. >> This case seeks to enable tieing together service availability in SMF >> with IPFilter for firewalling of access to them. >> This case is requesting patch/micro binding. >> The timeout has been set for Wednesday next week (30/9/2008.) > >> policy >> >> "none" policy mode - no access restriction. For a global policy, this >> mode allows all incoming traffic. For a service policy, this mode >> allows all incoming traffic to its service. >> >> "deny" policy mode: more restrictive than "none". This mode allows >> incoming traffic from all sources except those specified in the >> "apply_to" property. >> >> "allow" policy mode: most restrictive mode. This mode blocks incoming >> traffic from all sources except those specified in the "apply_to" >> property. >> >> apply_to >> >> A multi-value property listing network entities to enforce the >> chosen policy mode. Entities listed in apply_to property will be denied >> if policy is "deny" and allowed if policy is "allow". The syntax for >> possible values are: >> >> host: host:IP "host:192.168.84.14" >> subnet: network:IP/netmask "network:129.168.1.5/24" >> interface: if:interface_name "if:e1000g0" > > Any chance that this could be extended to allow specification of a > pre-existing ippool? It's certainly the case here that a set of > developers are often given access to different services together via a > pool. >
Hi Ceries, A very good suggestion and Darren also suggested this in the past. I'll work on providing support for ippool. Thanks, tony
