-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00 -- (C)opyright 1991-2003 BinTec Communications AG, All Rights Reserved -- (C)opyright 2003-2014 bintec elmeg GmbH -- All Rights Reserved -- $RCSfile: mibipsrv,v $ -- $Revision: 1.12 $ BIANCA-BRICK-IP-SERVICE-MIB DEFINITIONS ::= BEGIN IMPORTS IpAddress, Counter, TimeTicks, enterprises FROM RFC1155-SMI DisplayString FROM RFC1158-MIB OBJECT-TYPE FROM RFC-1212; bintec OBJECT IDENTIFIER ::= { enterprises 272 } bibo OBJECT IDENTIFIER ::= { bintec 4 } biboip OBJECT IDENTIFIER ::= { bibo 5 } biboipsrv OBJECT IDENTIFIER ::= { biboip 14 } localTcpAllowTable OBJECT-TYPE SYNTAX SEQUENCE OF LocalTcpAllowEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Filter rule table for incoming TCP packets for local services. This table is used to restrict access to TCP services provided by the system. o active rules have at least one of 'localTcpAllowAddrMode' and 'localTcpAllowIfMode' set to 'verify' o if there are active rules for a certain service, incoming connections of this service type (port) must match at least one of them. o incoming connections to a service (port) without an active rule are always allowed. o connections originating from 127.0.0.1 are always allowed " ::= { biboipsrv 1 } localTcpAllowEntry OBJECT-TYPE SYNTAX LocalTcpAllowEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { localTcpAllowAddr, localTcpAllowService } ::= { localTcpAllowTable 1 } LocalTcpAllowEntry ::= SEQUENCE { localTcpAllowAddrMode INTEGER, localTcpAllowAddr IpAddress, localTcpAllowMask IpAddress, localTcpAllowIfMode INTEGER, localTcpAllowIfIndex INTEGER, localTcpAllowService INTEGER } localTcpAllowAddrMode OBJECT-TYPE SYNTAX INTEGER { dont-verify(1), verify(2), delete(3) } ACCESS read-write STATUS mandatory DESCRIPTION "Specifies wether or not the IP source address of incoming TCP packets should be checked against localTcpAllowAddr and localTcpAllowMask." DEFVAL { dont-verify} ::= { localTcpAllowEntry 1 } localTcpAllowAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "Check source IP address against contents of this variable, taking localTcpAllowMask into account." ::= { localTcpAllowEntry 2 } localTcpAllowMask OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "Specifies address mask to use for IP source address comparisson with address contained in localTcpAllowAddr." ::= { localTcpAllowEntry 3 } localTcpAllowIfMode OBJECT-TYPE SYNTAX INTEGER { dont-verify(1), verify(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Specifies wether or not the source interface of incoming TCP packets should be checked." DEFVAL { dont-verify} ::= { localTcpAllowEntry 4 } localTcpAllowIfIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "Specifies source interface index for interface check in case localTcpAllowIfMode is set to verify." ::= { localTcpAllowEntry 5 } -- services MUST be in sync with those from localTcpLImitTable localTcpAllowService OBJECT-TYPE SYNTAX INTEGER { telnet(1), trace(2), snmp(3), capi(4), tapi(5), rfc1086(6), http(7), https(8), ssh(9) } ACCESS read-write STATUS mandatory DESCRIPTION "TCP service" DEFVAL { telnet } ::= { localTcpAllowEntry 6 } localUdpAllowTable OBJECT-TYPE SYNTAX SEQUENCE OF LocalUdpAllowEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Filter rule table for incoming UDP packets for local services. This table is used to restrict access to UDP services provided by the system. o active rules have at least one of 'localUdpAllowAddrMode' and 'localUdpAllowIfMode' set to 'verify' o if there are active rules for a certain service, incoming packets of this service type must match at least one of them. o incoming packets to a service (port) without an active rule are always allowed. o packets originating from 127.0.0.1 are always allowed " ::= { biboipsrv 2 } localUdpAllowEntry OBJECT-TYPE SYNTAX LocalUdpAllowEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { localUdpAllowAddr, localUdpAllowService } ::= { localUdpAllowTable 1 } LocalUdpAllowEntry ::= SEQUENCE { localUdpAllowAddrMode INTEGER, localUdpAllowAddr IpAddress, localUdpAllowMask IpAddress, localUdpAllowIfMode INTEGER, localUdpAllowIfIndex INTEGER, localUdpAllowService INTEGER } localUdpAllowAddrMode OBJECT-TYPE SYNTAX INTEGER { dont-verify(1), verify(2), delete(3) } ACCESS read-write STATUS mandatory DESCRIPTION "Specifies wether or not the IP source address of incoming UDP packets should be checked against localUdpAllowAddr and localUdpAllowMask." DEFVAL { dont-verify} ::= { localUdpAllowEntry 1 } localUdpAllowAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "Check source IP address against contents of this variable, taking localUdpAllowMask into account." ::= { localUdpAllowEntry 2 } localUdpAllowMask OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "Specifies address mask to use for IP source address comparisson with address contained in localUdpAllowAddr." ::= { localUdpAllowEntry 3 } localUdpAllowIfMode OBJECT-TYPE SYNTAX INTEGER { dont-verify(1), verify(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Specifies wether or not the source interface of incoming UDP packets should checked" DEFVAL { dont-verify} ::= { localUdpAllowEntry 4 } localUdpAllowIfIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "Specifies source interface index for interface check in case localUdpAllowIfMode is set to verify." ::= { localUdpAllowEntry 5 } -- services MUST be in sync with those from localUdpLImitTable localUdpAllowService OBJECT-TYPE SYNTAX INTEGER { snmp(1), rip(2), bootps(3), dns(4), nbns(5), statmon(6) } ACCESS read-write STATUS mandatory DESCRIPTION "service" DEFVAL { snmp } ::= { localUdpAllowEntry 6 } localIcmpAllowTable OBJECT-TYPE SYNTAX SEQUENCE OF LocalIcmpAllowEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Filter rule table for incoming ICMP packets. o active rules have at least one of 'localIcmpAllowAddrMode' and 'localIcmpAllowIfMode' set to 'verify' o if there are active rules for a certain ICMP packet type, incoming packets of this type must match at least one of them. o incoming ICMP packets with a packet type not listed in any active rule are always allowed. o packets originating from 127.0.0.1 are always allowed " ::= { biboipsrv 5 } localIcmpAllowEntry OBJECT-TYPE SYNTAX LocalIcmpAllowEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { localIcmpAllowAddr, localIcmpAllowType } ::= { localIcmpAllowTable 1 } LocalIcmpAllowEntry ::= SEQUENCE { localIcmpAllowAddrMode INTEGER, localIcmpAllowAddr IpAddress, localIcmpAllowMask IpAddress, localIcmpAllowIfMode INTEGER, localIcmpAllowIfIndex INTEGER, localIcmpAllowType INTEGER } localIcmpAllowAddrMode OBJECT-TYPE SYNTAX INTEGER { dont-verify(1), verify(2), delete(3) } ACCESS read-write STATUS mandatory DESCRIPTION "Specifies wether or not the IP source address of incoming ICMP packets should checked" DEFVAL { dont-verify} ::= { localIcmpAllowEntry 1 } localIcmpAllowAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "source IP address" ::= { localIcmpAllowEntry 2 } localIcmpAllowMask OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "source IP address mask" ::= { localIcmpAllowEntry 3 } localIcmpAllowIfMode OBJECT-TYPE SYNTAX INTEGER { dont-verify(1), verify(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Specifies wether or not the source interface of incoming ICMP packets should checked" DEFVAL { dont-verify} ::= { localIcmpAllowEntry 4 } localIcmpAllowIfIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "source interface index" ::= { localIcmpAllowEntry 5 } localIcmpAllowType OBJECT-TYPE SYNTAX INTEGER { echoRep(1), destUnreach(4), srcQuench(5), redirect(6), echo(9), timeExcds(12), parmProb(13), timestamp(14), timestampRep(15), addrMask(18), addrMaskRep(19) } ACCESS read-write STATUS mandatory DESCRIPTION "ICMP packet type" DEFVAL { echo } ::= { localIcmpAllowEntry 6 } localTcpLimitTable OBJECT-TYPE SYNTAX SEQUENCE OF LocalTcpLimitEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table to be used to limit access to local TCP services." ::= { biboipsrv 3 } localTcpLimitEntry OBJECT-TYPE SYNTAX LocalTcpLimitEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { localTcpLimitService } ::= { localTcpLimitTable 1 } LocalTcpLimitEntry ::= SEQUENCE { localTcpLimitAdminState INTEGER, localTcpLimitService INTEGER, localTcpLimitMaxSessions INTEGER, localTcpLimitCurSessions INTEGER, localTcpLimitState INTEGER } -- services MUST be in sync with those from localTcpAllowTable localTcpLimitAdminState OBJECT-TYPE SYNTAX INTEGER { active(1), inactive(2), delete(3) } ACCESS read-write STATUS mandatory DESCRIPTION "The administrative state of this limit entry." DEFVAL { active } ::= { localTcpLimitEntry 1 } localTcpLimitService OBJECT-TYPE SYNTAX INTEGER { telnet(1), trace(2), snmp(3), capi(4), tapi(5), rfc1086(6), http(7), https(8), ssh(9) } ACCESS read-write STATUS mandatory DESCRIPTION "The corresponding TCP service." DEFVAL { telnet } ::= { localTcpLimitEntry 2 } localTcpLimitMaxSessions OBJECT-TYPE SYNTAX INTEGER (0..65536) ACCESS read-write STATUS mandatory DESCRIPTION "Maximum number of allowed sessions for this TCP service." DEFVAL { 128 } ::= { localTcpLimitEntry 3 } localTcpLimitCurSessions OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The current number of sessions for this TCP service." DEFVAL { 0 } ::= { localTcpLimitEntry 4 } localTcpLimitState OBJECT-TYPE SYNTAX INTEGER { below(1), exceeded(2) } ACCESS read-only STATUS mandatory DESCRIPTION "The current state for this TCP service." DEFVAL { below } ::= { localTcpLimitEntry 5 } localUdpLimitTable OBJECT-TYPE SYNTAX SEQUENCE OF LocalUdpLimitEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table to be used to limit access to local UDP services." ::= { biboipsrv 4 } localUdpLimitEntry OBJECT-TYPE SYNTAX LocalUdpLimitEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { localUdpLimitService } ::= { localUdpLimitTable 1 } LocalUdpLimitEntry ::= SEQUENCE { localUdpLimitAdminState INTEGER, localUdpLimitService INTEGER, localUdpLimitMaxRate INTEGER, localUdpLimitCurRate INTEGER, localUdpLimitState INTEGER } localUdpLimitAdminState OBJECT-TYPE SYNTAX INTEGER { active(1), inactive(2), delete(3) } ACCESS read-write STATUS mandatory DESCRIPTION "The administrative state of this limit entry." DEFVAL { active } ::= { localUdpLimitEntry 1 } -- services MUST be in sync with those from localUdpAllowTable localUdpLimitService OBJECT-TYPE SYNTAX INTEGER { snmp(1), rip(2), bootps(3), dns(4), nbns(5), statmon(6) } ACCESS read-write STATUS mandatory DESCRIPTION "The corresponding UDP service." DEFVAL { snmp } ::= { localUdpLimitEntry 2 } localUdpLimitMaxRate OBJECT-TYPE SYNTAX INTEGER (0..65536) ACCESS read-write STATUS mandatory DESCRIPTION "Maximum number of packets per second for this UDP service." DEFVAL { 1000 } ::= { localUdpLimitEntry 3 } localUdpLimitCurRate OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The current number of packets per second for this UDP service." DEFVAL { 0 } ::= { localUdpLimitEntry 4 } localUdpLimitState OBJECT-TYPE SYNTAX INTEGER { below(1), exceeded(2) } ACCESS read-only STATUS mandatory DESCRIPTION "The current state for this UDP service." DEFVAL { below } ::= { localUdpLimitEntry 5 } END