version 1.1, 2017/08/22 12:33:54
|
version 1.1.1.1.2.1, 2017/08/22 13:06:49
|
Line 3942 protocol static {
|
Line 3942 protocol static {
|
</code> |
</code> |
|
|
|
|
|
<sect>Firewall |
|
|
|
<p>Firewall protocol doesn't communicate with any network devices, |
|
but instead it allows you to add announced prefixes to given firewall table. |
|
At the moment IPFW and PF are supported. One can also specify special integer tag |
|
that can be passed as argument to IPFW table. Any number of instances can be configured. |
|
|
|
<p>Firewall protocol does not have many configuration options. |
|
|
|
<descrip> |
|
<tag>fwtype pf|ipfw</tag> Select firewall type. |
|
<tag>fwtable <m/name/</tag> Specifies firewall table name. |
|
<tag>keep on startup|shutdown</tag>Do not flush table on protocol startup or shutdown. |
|
<tag>keep always</tag>Do not flush table on protocol startup and shutdown. |
|
</descrip> |
|
|
|
<p>Firewall defines single route attribute: |
|
|
|
<descrip> |
|
<tag>int <cf/fw_value/</tag> Value that can be passed with prefix. |
|
Value is unsigned 4-byte integer. It can be set when importing routes from the other |
|
protocols or on protocol export. |
|
</descrip> |
|
|
|
<p>Example firewall config might look like this: |
|
|
|
<p><code> |
|
protocol firewall { |
|
table testable; # Connect to a non-default routing table |
|
fwtype ipfw; # Use IPFW as backend |
|
fwtable "2"; # Use table 2 |
|
export filter { fw_value = 125; accept; }; # Set value 125 for all prefixes |
|
} |
|
</code> |
<chapt>Conclusions |
<chapt>Conclusions |
<label id="conclusion"> |
<label id="conclusion"> |
|
|