1 <?xml version="1.0"?> 2 <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> 3 <!-- 4 Copyright 2009 Sun Microsystems, Inc. All rights reserved. 5 Use is subject to license terms. 6 7 CDDL HEADER START 8 9 The contents of this file are subject to the terms of the 10 Common Development and Distribution License (the "License"). 11 You may not use this file except in compliance with the License. 12 13 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 14 or http://www.opensolaris.org/os/licensing. 15 See the License for the specific language governing permissions 16 and limitations under the License. 17 18 When distributing Covered Code, include this CDDL HEADER in each 19 file and include the License file at usr/src/OPENSOLARIS.LICENSE. 20 If applicable, add the following below this CDDL HEADER, with the 21 fields enclosed by brackets "[]" replaced with your own identifying 22 information: Portions Copyright [yyyy] [name of copyright owner] 23 24 CDDL HEADER END 25 26 NOTE: This service description is not editable; its contents 27 may be overwritten by package or patch operations, including 28 operating system upgrade. Make customizations in a different 29 file. 30 31 Service manifest for the ipfilter service. 32 --> 33 34 <service_bundle type='manifest' name='SUNWipfr:ipfilter'> 35 36 <service 37 name='network/ipfilter' 38 type='service' 39 version='1'> 40 41 <single_instance /> 42 43 <dependency 44 name='filesystem' 45 grouping='require_all' 46 restart_on='none' 47 type='service'> 48 <service_fmri value='svc:/system/filesystem/minimal' /> 49 </dependency> 50 51 <dependency 52 name='physical' 53 grouping='require_all' 54 restart_on='restart' 55 type='service'> 56 <service_fmri value='svc:/network/physical' /> 57 </dependency> 58 59 <dependency 60 name='identity' 61 grouping='require_all' 62 restart_on='restart' 63 type='service'> 64 <service_fmri value='svc:/system/identity:node' /> 65 </dependency> 66 67 <dependency 68 name='domain' 69 grouping='require_all' 70 restart_on='restart' 71 type='service'> 72 <service_fmri value='svc:/system/identity:domain' /> 73 </dependency> 74 75 <dependent 76 name='network' 77 grouping='optional_all' 78 restart_on='restart'> 79 <service_fmri value='svc:/milestone/network' /> 80 </dependent> 81 82 <exec_method 83 type='method' 84 name='stop' 85 exec='/lib/svc/method/ipfilter %m' 86 timeout_seconds='60' > 87 </exec_method> 88 89 <exec_method 90 type='method' 91 name='start' 92 exec='/lib/svc/method/ipfilter %m' 93 timeout_seconds='30' > 94 </exec_method> 95 96 <exec_method 97 type='method' 98 name='refresh' 99 exec='/lib/svc/method/ipfilter reload' 100 timeout_seconds='30' > 101 </exec_method> 102 103 <instance name='default' enabled='false'> 104 <property_group name='firewall_config_default' 105 type='com.sun,fw_configuration'> 106 <propval name='policy' type='astring' value='none' /> 107 <propval name='custom_policy_file' type='astring' value='' /> 108 <propval name='apply_to' type='astring' value='' /> 109 <propval name='exceptions' type='astring' value='' /> 110 <propval name='open_ports' type='astring' value='' /> 111 <propval name='version' type='count' value='0' /> 112 <propval name='value_authorization' type='astring' 113 value='solaris.smf.value.firewall.config' /> 114 </property_group> 115 116 <property_group name='firewall_config_override' 117 type='com.sun,fw_configuration'> 118 <propval name='policy' type='astring' value='none' /> 119 <propval name='apply_to' type='astring' value='' /> 120 <propval name='value_authorization' type='astring' 121 value='solaris.smf.value.firewall.config' /> 122 </property_group> 123 </instance> 124 125 <stability value='Unstable' /> 126 127 <template> 128 <common_name> 129 <loctext xml:lang='C'>IP Filter</loctext> 130 </common_name> 131 <description> 132 <loctext xml:lang='C'> 133 Solaris IP Filter - host-based firewall 134 </loctext> 135 </description> 136 <documentation> 137 <manpage title='ipfilter' section='5' 138 manpath='/usr/share/man' /> 139 </documentation> 140 141 <pg_pattern name='firewall_config_default' 142 type='com.sun,fw_configuration' target='this' 143 required='false'> 144 <common_name> 145 <loctext xml:lang='C'> 146 Global Default firewall 147 </loctext> 148 </common_name> 149 <description> 150 <loctext xml:lang='C'> 151 The default system-wide firewall policy. 152 </loctext> 153 </description> 154 <prop_pattern name='policy' type='astring' 155 required='true'> 156 <common_name> 157 <loctext xml:lang='C'> 158 Global Default policy 159 </loctext> 160 </common_name> 161 <description> 162 <loctext xml:lang='C'> 163 Firewall policy. 164 </loctext> 165 </description> 166 <visibility value='readwrite'/> 167 <cardinality min='1' max='1'/> 168 <values> 169 <value name='none'> 170 <description> 171 <loctext xml:lang='C'> 172 No firewall (allow all), this is the default value. 173 </loctext> 174 175 </description> 176 </value> 177 <value name='deny'> 178 <description> 179 <loctext xml:lang='C'> 180 Deny access to entities specified in 'apply_to' property. 181 </loctext> 182 </description> 183 </value> 184 <value name='allow'> 185 <description> 186 <loctext xml:lang='C'> 187 Allow access to entities specified in 'apply_to' property. 188 </loctext> 189 </description> 190 </value> 191 <value name='custom'> 192 <description> 193 <loctext xml:lang='C'> 194 Apply the custom ipfilter configuration stored in a custom file (custom file property must be set). 195 </loctext> 196 </description> 197 </value> 198 </values> 199 <choices> 200 <include_values type='values'/> 201 </choices> 202 </prop_pattern> 203 <prop_pattern name="apply_to" type="astring" 204 required="false"> 205 <common_name> 206 <loctext xml:lang='C'> 207 Apply policy to 208 </loctext> 209 </common_name> 210 <description> 211 <loctext xml:lang="C"> 212 The host and network IPs, network interfaces, and ippools to deny if the policy is set to deny, or accept if the policy is set to accept. 213 </loctext> 214 </description> 215 </prop_pattern> 216 <prop_pattern name="exceptions" type="astring" 217 required="false"> 218 <common_name> 219 <loctext xml:lang='C'> 220 Make exceptions to 221 </loctext> 222 </common_name> 223 <description> 224 <loctext xml:lang="C"> 225 The host and network IPs, network interfaces, and ippools which will be exempted from the set policy, accept if the policy is set to deny, or deny if the policy is set to accept. 226 </loctext> 227 </description> 228 </prop_pattern> 229 <prop_pattern name="custom_policy_file" type="astring" 230 required="false"> 231 <common_name> 232 <loctext xml:lang='C'> 233 Custom policy IPfilter file 234 </loctext> 235 </common_name> 236 <description> 237 <loctext xml:lang='C'> 238 The file containing a custom ipfilter configuration to use if a custom policy is enforced. 239 </loctext> 240 </description> 241 </prop_pattern> 242 <prop_pattern name="open_ports" type="astring" 243 required="false"> 244 <common_name> 245 <loctext xml:lang='C'> 246 Open ports 247 </loctext> 248 </common_name> 249 <description> 250 <loctext xml:lang='C'> 251 A set of ports to leave open regardless of firewall policy. 252 </loctext> 253 </description> 254 </prop_pattern> 255 <prop_pattern name="upgraded" type="boolean" 256 required="false"> 257 <visibility value='hidden'/> 258 </prop_pattern> 259 </pg_pattern> 260 261 <pg_pattern name='firewall_config_override' 262 type='com.sun,fw_configuration' target='this' 263 required='false'> 264 <common_name> 265 <loctext xml:lang='C'> 266 Global Override firewall 267 </loctext> 268 </common_name> 269 <description> 270 <loctext xml:lang='C'> 271 The system-wide firewall policy that overrides default system-wide and all services' policies. 272 </loctext> 273 </description> 274 <prop_pattern name='policy' type='astring' 275 required='true'> 276 <common_name> 277 <loctext xml:lang='C'> 278 Global Override policy 279 </loctext> 280 </common_name> 281 <description> 282 <loctext xml:lang='C'> 283 Firewall policy. 284 </loctext> 285 </description> 286 <visibility value='readwrite'/> 287 <cardinality min='1' max='1'/> 288 <values> 289 <value name='none'> 290 <description> 291 <loctext xml:lang='C'> 292 No firewall (allow all), this is the default value. 293 </loctext> 294 </description> 295 </value> 296 <value name='deny'> 297 <description> 298 <loctext xml:lang='C'> 299 Deny access to entities specified in 'apply_to' property. 300 </loctext> 301 </description> 302 </value> 303 <value name='allow'> 304 <description> 305 <loctext xml:lang='C'> 306 Allow access to entities specified in 'apply_to' property. 307 </loctext> 308 </description> 309 </value> 310 </values> 311 <choices> 312 <include_values type='values'/> 313 </choices> 314 </prop_pattern> 315 <prop_pattern name="apply_to" type="astring" 316 required="false"> 317 <common_name> 318 <loctext xml:lang='C'> 319 Apply policy to 320 </loctext> 321 </common_name> 322 <description> 323 <loctext xml:lang="C"> 324 The host and network IPs, network interfaces, and ippools to deny if the 325 policy is set to deny, or accept if the policy is set to accept. 326 </loctext> 327 </description> 328 </prop_pattern> 329 </pg_pattern> 330 331 </template> 332 </service> 333 334 </service_bundle> 335
Indexes created Wed Feb 10 08:45:31 UTC 2010
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Site Map |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
© 2010, Oracle Corporation and/or its affiliates
