Feature #2705

Updated by Giacomo Sanchietti over 6 years ago

Firewall should implement a simple way to describe reusable objects. All objects are stored inside the @fobjects@ database.

Firewall module uses these system objects:
• Host
• Group of host
• Zone

A host is an already defined entry inside the @hosts@ db, @host@ represents a machine or a new key of type @host@: network. An @host@ db entry can be something like:
<pre>
name=host
IpAddress=IP
MacAddress=MAC
Description=
Address=IP/MAC/CIDR
</pre>



A @host-group@ is a group of hosts inside the @hosts@ db. A hosts. An @host-group@ db entry can be something like:
<pre>
name=group
Members=host1,host2
</pre>

A zone @zone@ represents a network zone which can be associated to an interface or a set of IP address. interface. A @zone@ db entry in @networks@ database can be something like:
<pre>
name=zone
Interface=eth0 interface=eth0
</pre>
or
<pre>
name=zone
Network=CIDR/IP Range
</pre>

Network property can be:
• a network in CIDR format
• an IP address range of the form low.address-high.address.

Back