|
version 1.1, 2017/08/22 12:33:54
|
version 1.1.1.1.2.1, 2017/08/22 13:06:49
|
|
Line 3942 protocol static {
|
Line 3942 protocol static {
|
| </code> |
</code> |
| |
|
| |
|
| |
<sect>Firewall |
| |
|
| |
<p>Firewall protocol doesn't communicate with any network devices, |
| |
but instead it allows you to add announced prefixes to given firewall table. |
| |
At the moment IPFW and PF are supported. One can also specify special integer tag |
| |
that can be passed as argument to IPFW table. Any number of instances can be configured. |
| |
|
| |
<p>Firewall protocol does not have many configuration options. |
| |
|
| |
<descrip> |
| |
<tag>fwtype pf|ipfw</tag> Select firewall type. |
| |
<tag>fwtable <m/name/</tag> Specifies firewall table name. |
| |
<tag>keep on startup|shutdown</tag>Do not flush table on protocol startup or shutdown. |
| |
<tag>keep always</tag>Do not flush table on protocol startup and shutdown. |
| |
</descrip> |
| |
|
| |
<p>Firewall defines single route attribute: |
| |
|
| |
<descrip> |
| |
<tag>int <cf/fw_value/</tag> Value that can be passed with prefix. |
| |
Value is unsigned 4-byte integer. It can be set when importing routes from the other |
| |
protocols or on protocol export. |
| |
</descrip> |
| |
|
| |
<p>Example firewall config might look like this: |
| |
|
| |
<p><code> |
| |
protocol firewall { |
| |
table testable; # Connect to a non-default routing table |
| |
fwtype ipfw; # Use IPFW as backend |
| |
fwtable "2"; # Use table 2 |
| |
export filter { fw_value = 125; accept; }; # Set value 125 for all prefixes |
| |
} |
| |
</code> |
| <chapt>Conclusions |
<chapt>Conclusions |
| <label id="conclusion"> |
<label id="conclusion"> |
| |
|
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to bird.sgml CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / bird / doc