On Wed, Sep 24, 2008 at 12:14:33PM +0200, Darren Reed wrote:
> I am submitting this case on behalf of Tony Nguyen.
> This case seeks to enable tieing together service availability in SMF
> with IPFilter for firewalling of access to them.
> This case is requesting patch/micro binding.
> The timeout has been set for Wednesday next week (30/9/2008.)
> policy
>
> "none" policy mode - no access restriction. For a global policy, this
> mode allows all incoming traffic. For a service policy, this mode
> allows all incoming traffic to its service.
>
> "deny" policy mode: more restrictive than "none". This mode allows
> incoming traffic from all sources except those specified in the
> "apply_to" property.
>
> "allow" policy mode: most restrictive mode. This mode blocks incoming
> traffic from all sources except those specified in the "apply_to"
> property.
>
> apply_to
>
> A multi-value property listing network entities to enforce the
> chosen policy mode. Entities listed in apply_to property will be denied
> if policy is "deny" and allowed if policy is "allow". The syntax for
> possible values are:
>
> host: host:IP "host:192.168.84.14"
> subnet: network:IP/netmask "network:129.168.1.5/24"
> interface: if:interface_name "if:e1000g0"
Any chance that this could be extended to allow specification of a
pre-existing ippool? It's certainly the case here that a set of
developers are often given access to different services together via a
pool.
Ceri
--
That must be wonderful! I don't understand it at all.
-- Moliere
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL:
<http://mail.opensolaris.org/pipermail/opensolaris-arc/attachments/20080924/2d9879ca/attachment.bin>
