Object-table
Use the object list to define the objects to be filtered. The following may apply as objects:
![]()
Protocols
![]()
Individual computers
![]()
Entire networks
![]()
Services or any combination of these elements. Furthermore, objects can be defined recursively. In this manner, for example, you could define objects for the TCP and UDP protocols. Later, objects such as those for FTP (= TCP + ports 20 and 21), HTTP (= TCP + port 80) and DNS (= TCP, UDP + port 53) could be added. These in turn could be combined into a single object, which would contain all permissions.
The object definition is stored in a string. The individual elements of the description are separated by the following tokens.
Individual descriptions are separated by '+' or spaces. Both have the same meaning. The union of sets of objects will be evaluated in the subsequent generation of filters. In the example above (FTP, HTTP and DNS), one filter each was generated for the ports 20-21, 53 and 80 for the TCP protocol, as well as a filter for port 53 of the UDP protocol.
The object table has the following structure (with DEFAULT values):
Name Description UDP %P17 TCP %P6 ICMP %P1 NETBIOS %S137-139 LOCALNET %L ANY
ANYHOST %a0.0.0.0 %m0.0.0.0 The object 'ANY' only stands for a placeholder that can be used in the rule list in the protocol column, for example, if the protocols to be filtered are already bound to objects (as in the case of FTP, HTTP and DNS).
© Copyright 2001, ELSA AG http://www.elsa.de |