-- ***************************************************************** -- WESTERMO-SW6-FIREWALL-MIB : -- SNMP feature configuration of Westermo devices with SW6. -- -- Copyright (c) 2018 by Westermo Teleindustri AB -- All rights reserved. -- ***************************************************************** -- ***************************************************************** -- This script has been tested using the SMI checker smilint -- the tool can be downloaded at -- http://www.ibr.cs.tu-bs.de/projects/libsmi/smilint.html -- or use alternatively the online version at: -- http://www.simpleweb.org/ietf/mibs/validate/ -- -- smilint -m -s -l 6 -i nameLength-32 ./WESTERMO-SW6-FIREWALL-MIB -- Ensure that all needed MIBS are located in the SMIPATH. -- ***************************************************************** -- ********************************************************************** -- * FIREWALL MIB -- ********************************************************************** WESTERMO-SW6-FIREWALL-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, IpAddress, Integer32 FROM SNMPv2-SMI DisplayString FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF ; -- ********************************************************************** -- * MODULE IDENTITY -- ********************************************************************** firewall MODULE-IDENTITY LAST-UPDATED "201909060000Z" ORGANIZATION "Westermo Teleindustri AB" CONTACT-INFO "E-mail: info@westermo.com" DESCRIPTION "MIB Module for the Westermo RT-300 Radio Modem Device - Firewall definitions" REVISION "201909060000Z" DESCRIPTION "Release 6.9.0-RC0" ::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) westermo(16177) products(1) rt(400) feature(2) 1 } -- ********************************************************************** -- * Begin Major sections -- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -- Configuration -- ============= configuration OBJECT IDENTIFIER ::= { firewall 1 } -- Conformance Information -- ======================= conformance OBJECT IDENTIFIER ::= { firewall 10000 } groups OBJECT IDENTIFIER ::= { conformance 1 } groupConfiguration OBJECT IDENTIFIER ::= { groups 1 } compliances OBJECT IDENTIFIER ::= { conformance 2 } -- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -- * End Major Sections -- ********************************************************************** -- ********************************************************************** -- * Begin Object Types -- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * cfgFwEnabled OBJECT-TYPE SYNTAX INTEGER { disabled(0), enabled(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "Firewall disabled or enabled. Applies to AP and STA." ::= { configuration 1 } -- ============================================================================= cfgFwNat OBJECT IDENTIFIER ::= { configuration 2 } cfgFwNatPortForwardTable OBJECT-TYPE SYNTAX SEQUENCE OF CfgFwNatPrtFwdTableSeq MAX-ACCESS not-accessible STATUS current DESCRIPTION "Firewall port forward rules table." ::= { cfgFwNat 1 } cfgFwNatPortForwardTableEntry OBJECT-TYPE SYNTAX CfgFwNatPrtFwdTableSeq MAX-ACCESS not-accessible STATUS current DESCRIPTION "Firewall port forward rules table entry." INDEX {cfgFwNatPrtFwdIndex} ::= { cfgFwNatPortForwardTable 1 } CfgFwNatPrtFwdTableSeq ::= SEQUENCE { cfgFwNatPrtFwdIndex Integer32, cfgFwNatPrtFwdEnabled INTEGER, cfgFwNatPrtFwdInterface DisplayString, cfgFwNatPrtFwdProtocol INTEGER, cfgFwNatPrtFwdSourceAddress DisplayString, cfgFwNatPrtFwdSourcePortStart DisplayString, cfgFwNatPrtFwdSourcePortEnd Integer32, cfgFwNatPrtFwdDestinationAddress DisplayString, cfgFwNatPrtFwdDestinationPortStart DisplayString, cfgFwNatPrtFwdDestinationPortEnd Integer32, cfgFwNatPrtFwdRedirectDestinationAddress IpAddress, cfgFwNatPrtFwdRedirectDestinationPort Integer32 } cfgFwNatPrtFwdIndex OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry index of port forward table." ::= { cfgFwNatPortForwardTableEntry 1 } cfgFwNatPrtFwdEnabled OBJECT-TYPE SYNTAX INTEGER { disabled(0), enabled(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "Disable or enable the rule. Applies to AP and STA." ::= { cfgFwNatPortForwardTableEntry 2 } cfgFwNatPrtFwdInterface OBJECT-TYPE SYNTAX DisplayString (SIZE(1..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "Name of the network interface on which the rule applies. Defines on which interface traffic is comming in. Groups of interfaces can be matched by adding the character '+' at the end. E.g. eth+ to match the interfaces eth0, eth1 and eth2. To match all interfaces use the character '+' alone. Applies to AP and STA." ::= { cfgFwNatPortForwardTableEntry 3 } cfgFwNatPrtFwdProtocol OBJECT-TYPE SYNTAX INTEGER { any(0), udp(1), tcp(2), udptcp(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Choose which IP protocol the rule matches. Allowed protocols are: * **any(0):** Any ip protocol. * **udp(1):** Only UDP protocol. * **tcp(2):** Only TCP protocol. * **udptcp(3):** UDP and TCP protocol. Applies to AP and STA. " ::= { cfgFwNatPortForwardTableEntry 4 } cfgFwNatPrtFwdSourceAddress OBJECT-TYPE SYNTAX DisplayString (SIZE(9..19)) MAX-ACCESS read-write STATUS current DESCRIPTION "Source address to match. This can be a specific ip address or a range in CIDR notation. Set to 0.0.0.0/0 to match all inbound traffic. Set to 172.17.29.7/32 to match the specific IP 172.17.29.7 You can use ! to invert the sense of the rule: E.g. !192.168.0.0/24 **Notice:** Usually you want 0.0.0.0/0. Applies to AP and STA. " ::= { cfgFwNatPortForwardTableEntry 5 } cfgFwNatPrtFwdSourcePortStart OBJECT-TYPE SYNTAX DisplayString (SIZE(1..6)) MAX-ACCESS read-write STATUS current DESCRIPTION "Source start port to match. Specify the port or start of a port range from which a connection originates. Can only be used with TCP, UDP or TCP/UDP. Leave this on -1 to disable. You can use ! to invert the sense of the rule: E.g. !80. When used in a range, the inversion applies to the range. **Notice:** Usually you want this disabled. Applies to AP and STA. " ::= { cfgFwNatPortForwardTableEntry 6 } cfgFwNatPrtFwdSourcePortEnd OBJECT-TYPE SYNTAX Integer32 (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Destination end port to match. When matching multiple port, this value is the end of the range. Set to -1 if no range is to be matched. Can only be used with TCP, UDP or TCP/UDP. **Notice:** Usually you want this disabled. Applies to AP and STA. " ::= { cfgFwNatPortForwardTableEntry 7 } cfgFwNatPrtFwdDestinationAddress OBJECT-TYPE SYNTAX DisplayString (SIZE(9..19)) MAX-ACCESS read-write STATUS current DESCRIPTION "Destination address to redirect. This can be a specific ip address or a range in CIDR notation. Set to 0.0.0.0/0 to match all inbound traffic on the interface specified in cfgFwNatPrtFwdInterface. You can use ! to invert the sense of the rule: E.g. !192.168.0.0/24. When using static IPs set this to the configured address of the respective interface or alias you want to forward. Be aware, that setting 0.0.0.0/0 will redirect everything arriving on the configured interface, even if not sent to the device itself. **Notice:** Leave this on 0.0.0.0/0 when using DHCP. Applies to AP and STA. " ::= { cfgFwNatPortForwardTableEntry 8 } cfgFwNatPrtFwdDestinationPortStart OBJECT-TYPE SYNTAX DisplayString (SIZE(1..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Destination start port to redirect. Specify the port or start of a port range for the destination. You can use ! to invert the sense of the rule: E.g. !80. When used in a range, the inversion applies to the range. Can only be used with TCP, UDP or TCP/UDP. Applies to AP and STA. " ::= { cfgFwNatPortForwardTableEntry 9 } cfgFwNatPrtFwdDestinationPortEnd OBJECT-TYPE SYNTAX Integer32 (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Destination end port to redirect. When forwarding multiple port, this value is the end of the range. Set to -1 if no range is forwarded. Can only be used with TCP, UDP or TCP/UDP. Applies to AP and STA. " ::= { cfgFwNatPortForwardTableEntry 10 } cfgFwNatPrtFwdRedirectDestinationAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Redirect traffic to this redirection destination address. Applies to AP and STA. " ::= { cfgFwNatPortForwardTableEntry 11 } cfgFwNatPrtFwdRedirectDestinationPort OBJECT-TYPE SYNTAX Integer32 (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Redirect traffic to this destination port. Can only be used with TCP, UDP or TCP/UDP. Applies to AP and STA. " ::= { cfgFwNatPortForwardTableEntry 12 } -- ----------------------------------------------------------------------------- cfgFwNatOutboundTable OBJECT-TYPE SYNTAX SEQUENCE OF CfgFwNatOutTableSeq MAX-ACCESS not-accessible STATUS current DESCRIPTION "Firewall outbound NAT rules table." ::= { cfgFwNat 2 } cfgFwNatOutboundTableEntry OBJECT-TYPE SYNTAX CfgFwNatOutTableSeq MAX-ACCESS not-accessible STATUS current DESCRIPTION "Firewall outbound NAT rules table entry." INDEX {cfgFwNatOutIndex} ::= { cfgFwNatOutboundTable 1 } CfgFwNatOutTableSeq ::= SEQUENCE { cfgFwNatOutIndex Integer32, cfgFwNatOutEnabled INTEGER, cfgFwNatOutInterface DisplayString, cfgFwNatOutProtocol INTEGER, cfgFwNatOutSourceAddress DisplayString, cfgFwNatOutSourcePortStart DisplayString, cfgFwNatOutSourcePortEnd Integer32, cfgFwNatOutDestinationAddress DisplayString, cfgFwNatOutDestinationPortStart DisplayString, cfgFwNatOutDestinationPortEnd Integer32, cfgFwNatOutSourceRewriteAddress IpAddress, cfgFwNatOutSourceRewritePort Integer32 } cfgFwNatOutIndex OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry index of Table." ::= { cfgFwNatOutboundTableEntry 1 } cfgFwNatOutEnabled OBJECT-TYPE SYNTAX INTEGER { disabled(0), enabled(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "Disable or enable the rule. Applies to AP and STA." ::= { cfgFwNatOutboundTableEntry 2 } cfgFwNatOutInterface OBJECT-TYPE SYNTAX DisplayString (SIZE(1..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "Name of the network interface on which the rule applies. Matches traffic leaving on this interface. Needs to be set to an interface name if you are using DHCP. Set to -1 if you don't know on which interface traffic will be leaving. Match the traffic with cfgFwNatOutDestinationAddress instead. You can use ! to invert the sense of the rule. E.g. !wlan0. Applies to AP and STA." ::= { cfgFwNatOutboundTableEntry 3 } cfgFwNatOutProtocol OBJECT-TYPE SYNTAX INTEGER { any(0), udp(1), tcp(2), udptcp(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Choose which IP protocol the rule matches. Allowed protocols are: * **any(0):** Any ip protocol. * **udp(1):** Only UDP protocol. * **tcp(2):** Only TCP protocol. * **udptcp(3):** UDP and TCP protocol. Applies to AP and STA." ::= { cfgFwNatOutboundTableEntry 4 } cfgFwNatOutSourceAddress OBJECT-TYPE SYNTAX DisplayString (SIZE(9..19)) MAX-ACCESS read-write STATUS current DESCRIPTION "Source address to match. This can be a specific ip address or a range in CIDR notation. Set to 0.0.0.0/0 to match all inbound traffic. Set to 172.17.29.7/32 to match the specific IP 172.17.29.7. You can use ! to invert the sense of the rule: E.g. !192.168.0.0/24. **Note:** Usually you want 0.0.0.0/0. Applies to AP and STA." ::= { cfgFwNatOutboundTableEntry 5 } cfgFwNatOutSourcePortStart OBJECT-TYPE SYNTAX DisplayString (SIZE(1..6)) MAX-ACCESS read-write STATUS current DESCRIPTION "Source start port to match. Specify the port or start of a port range from which a connection originates. Can only be used with TCP, UDP or TCP/UDP. Leave this on -1 to disable. You can use ! to invert the sense of the rule: E.g. !80. When used in a range, the inversion applies to the range. **Note:** Usually you want this disabled. Applies to AP and STA." ::= { cfgFwNatOutboundTableEntry 6 } cfgFwNatOutSourcePortEnd OBJECT-TYPE SYNTAX Integer32 (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Destination end port to match. When matching multiple port, this value is the end of the range. Set to -1 if no range is to be matched. Can only be used with TCP, UDP or TCP/UDP. **Note:** Usually you want this disabled. Applies to AP and STA." ::= { cfgFwNatOutboundTableEntry 7 } cfgFwNatOutDestinationAddress OBJECT-TYPE SYNTAX DisplayString (SIZE(9..19)) MAX-ACCESS read-write STATUS current DESCRIPTION "Destination address to match. This can be a specific ip address or a range in CIDR notation. Set to 0.0.0.0/0 to match all outbound traffic on the interface specified in cfgFwNatOutInterface. You can use ! to invert the sense of the rule: E.g. !192.168.0.0/24. Applies to AP and STA." ::= { cfgFwNatOutboundTableEntry 8 } cfgFwNatOutDestinationPortStart OBJECT-TYPE SYNTAX DisplayString (SIZE(1..6)) MAX-ACCESS read-write STATUS current DESCRIPTION "Destination start port to match. Specify the port or start of a port range for the destination. Can only be used with TCP, UDP or TCP/UDP. You can use ! to invert the sense of the rule: E.g. !80. When used in a range, the inversion applies to the range. **Note:** Usually you want this disabled. Applies to AP and STA." ::= { cfgFwNatOutboundTableEntry 9 } cfgFwNatOutDestinationPortEnd OBJECT-TYPE SYNTAX Integer32 (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Destination end port to match. When forwarding multiple port, this value is the end of the range. Set to -1 if no range is forwarded. Can only be used with TCP, UDP or TCP/UDP. **Note:** Usually you want this disabled. Applies to AP and STA." ::= { cfgFwNatOutboundTableEntry 10 } cfgFwNatOutSourceRewriteAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Set the address with which outbound traffic shall be rewritten. In case you are using DHCP leave this on 0.0.0.0. **Note:** If you are not rewriting the source to a specific aliases you can set this to 0.0.0.0 to automatically rewrite to the configured primary (first) address of the interface. Applies to AP and STA." ::= { cfgFwNatOutboundTableEntry 11 } cfgFwNatOutSourceRewritePort OBJECT-TYPE SYNTAX Integer32 (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Set the source-port with which outbound traffic shall be rewritten. Can only be used with TCP, UDP or TCP/UDP. Set to -1 to disable source port rewrite. **Note:** Usually you want this disabled. Applies to AP and STA." ::= { cfgFwNatOutboundTableEntry 12 } -- ============================================================================= cfgFwL2IpFilter OBJECT IDENTIFIER ::= { configuration 3 } cfgFwL2IpFilterEnabled OBJECT-TYPE SYNTAX INTEGER { disabled(0), enabled(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "Globally enable or disable the L2 IP Filter option of all Bridges. This filter will only apply on IP frames and will not touch anything else. Applies to AP and STA." ::= { cfgFwL2IpFilter 1 } cfgFwL2IpFilterDefaultAction OBJECT-TYPE SYNTAX INTEGER { accept(0), drop(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "Set the default action of all bridges when filtering is enabled. Take care to not lock yourself out when the default action is 'drop'. Applies to AP and STA." ::= { cfgFwL2IpFilter 2 } cfgFwL2IpFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF CfgNetL2IpFilterTableSeq MAX-ACCESS not-accessible STATUS current DESCRIPTION "L2 IP Filter" ::= { cfgFwL2IpFilter 3 } cfgFwL2IpFilterTableEntry OBJECT-TYPE SYNTAX CfgNetL2IpFilterTableSeq MAX-ACCESS not-accessible STATUS current DESCRIPTION "L2 IP Filter" INDEX {cfgFwL2IpFltrIndex} ::= { cfgFwL2IpFilterTable 1 } CfgNetL2IpFilterTableSeq ::= SEQUENCE { cfgFwL2IpFltrIndex Integer32, cfgFwL2IpFltrEnabled INTEGER, cfgFwL2IpFltrBridge Integer32, cfgFwL2IpFltrAction INTEGER, cfgFwL2IpFltrPriority Integer32, cfgFwL2IpFltrSource DisplayString, cfgFwL2IpFltrDestination DisplayString } cfgFwL2IpFltrIndex OBJECT-TYPE SYNTAX Integer32 (0..63) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry index of Table" ::= { cfgFwL2IpFilterTableEntry 1 } cfgFwL2IpFltrEnabled OBJECT-TYPE SYNTAX INTEGER { disabled(0), enabled(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "Rule disabled or enabled. Applies to AP and STA." ::= { cfgFwL2IpFilterTableEntry 2 } cfgFwL2IpFltrBridge OBJECT-TYPE SYNTAX Integer32 (-1..255) MAX-ACCESS read-write STATUS current DESCRIPTION "Bridge on which the rule will be applied. Applies to AP and STA." ::= { cfgFwL2IpFilterTableEntry 3 } cfgFwL2IpFltrAction OBJECT-TYPE SYNTAX INTEGER { accept(0), drop(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action to perform. Applies to AP and STA." ::= { cfgFwL2IpFilterTableEntry 4 } cfgFwL2IpFltrPriority OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "Filter priority When multiple rules match, the rule with the highest priority will be applied. **NOTE:** When multiple matching rules with the same priority exist, the rule which was first created will be used. This may lead to unexpected behaviour. Applies to AP and STA." ::= { cfgFwL2IpFilterTableEntry 5 } cfgFwL2IpFltrSource OBJECT-TYPE SYNTAX DisplayString (SIZE(9..19)) MAX-ACCESS read-write STATUS current DESCRIPTION "Filter source The source network/IP on which the rule matches (CIDR notation). Applies to AP and STA." ::= { cfgFwL2IpFilterTableEntry 6 } cfgFwL2IpFltrDestination OBJECT-TYPE SYNTAX DisplayString (SIZE(9..19)) MAX-ACCESS read-write STATUS current DESCRIPTION "Filter destination The destination network/IP on which the rule matches (CIDR notation). Applies to AP and STA." ::= { cfgFwL2IpFilterTableEntry 7 } -- ============================================================================= cfgFwFilter OBJECT IDENTIFIER ::= { configuration 4 } cfgFwFltDefaultPolicyInput OBJECT-TYPE SYNTAX INTEGER { drop(0), accept(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "The default filter policy on the input path. Applies to AP and STA." ::= { cfgFwFilter 1 } cfgFwFltDefaultPolicyForward OBJECT-TYPE SYNTAX INTEGER { drop(0), accept(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "The default filter policy on the forward path. Applies to AP and STA." ::= { cfgFwFilter 2 } cfgFwFltDefaultPolicyOutput OBJECT-TYPE SYNTAX INTEGER { drop(0), accept(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "The default filter policy on the output path. Applies to AP and STA." ::= { cfgFwFilter 3 } cfgFwFilterRulesTable OBJECT-TYPE SYNTAX SEQUENCE OF CfgFwFilterRulesTableSeq MAX-ACCESS not-accessible STATUS current DESCRIPTION "Firewall filter rules table." ::= { cfgFwFilter 10 } cfgFwFilterRulesTableEntry OBJECT-TYPE SYNTAX CfgFwFilterRulesTableSeq MAX-ACCESS not-accessible STATUS current DESCRIPTION "Firewall filter rules table entry." INDEX {cfgFwNatOutIndex} ::= { cfgFwFilterRulesTable 1 } CfgFwFilterRulesTableSeq ::= SEQUENCE { cfgFwFltRIndex Integer32, cfgFwFltREnabled INTEGER, cfgFwFltRChain INTEGER, cfgFwFltRAction INTEGER, cfgFwFltRInputInterface DisplayString, cfgFwFltROutputInterface DisplayString, cfgFwFltRProtocol Integer32, cfgFwFltRSourceAddress DisplayString, cfgFwFltRSourcePortStart DisplayString, cfgFwFltRSourcePortEnd Integer32, cfgFwFltRDestinationAddress DisplayString, cfgFwFltRDestinationPortStart DisplayString, cfgFwFltRDestinationPortEnd Integer32 } cfgFwFltRIndex OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry index of Table." ::= { cfgFwFilterRulesTableEntry 1 } cfgFwFltREnabled OBJECT-TYPE SYNTAX INTEGER { disabled(0), enabled(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "Disable or enable the rule. Applies to AP and STA." ::= { cfgFwFilterRulesTableEntry 2 } cfgFwFltRChain OBJECT-TYPE SYNTAX INTEGER { none(0), input(1), forward(2), output(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action to be performed. Applies to AP and STA." ::= { cfgFwFilterRulesTableEntry 3 } cfgFwFltRAction OBJECT-TYPE SYNTAX INTEGER { drop(0), accept(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action to be performed. Applies to AP and STA." ::= { cfgFwFilterRulesTableEntry 4 } cfgFwFltRInputInterface OBJECT-TYPE SYNTAX DisplayString (SIZE(1..16)) MAX-ACCESS read-write STATUS current DESCRIPTION "Name of the input interface to match. Groups of interfaces can be matched by adding the character '+' at the end. E.g. eth+ to match the interfaces eth0, eth1 and eth2. To match all interfaces use the character '+' alone. Set to -1 to not use this parameter. Applies to AP and STA." ::= { cfgFwFilterRulesTableEntry 5 } cfgFwFltROutputInterface OBJECT-TYPE SYNTAX DisplayString (SIZE(1..16)) MAX-ACCESS read-write STATUS current DESCRIPTION "Name of the output interface to match. Groups of interfaces can be matched by adding the character '+' at the end. E.g. eth+ to match the interfaces eth0, eth1 and eth2. To match all interfaces use the character '+' alone. Set to -1 to not use this parameter. This parameter is ignored for rules on the input chain. Applies to AP and STA." ::= { cfgFwFilterRulesTableEntry 6 } cfgFwFltRProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-write STATUS current DESCRIPTION "Choose which IP protocol the rule matches. For a list of the currently existing protocols see: https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers Some examples are: * **any(0)**: Match any ip protocol * **icmp(1)** * **igmp(2)** * **tcp(6)** * **udp(17)** * **gre(47)** * **esp(50)** * **ah(51)** * **ospf(89)** * **vrrp / carp(112)** * **l2tp(115)** Applies to AP and STA." ::= { cfgFwFilterRulesTableEntry 7 } cfgFwFltRSourceAddress OBJECT-TYPE SYNTAX DisplayString (SIZE(1..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Source address to match. This can be a specific ip address or a range in CIDR notation. Set to 0.0.0.0/0 to match all sources. Set to 172.17.29.7/32 to match the specific IP 172.17.29.7. You can use ! to invert the sense of the rule: E.g. !192.168.0.0/24 Set to -1 to not use this parameter. Applies to AP and STA." ::= { cfgFwFilterRulesTableEntry 8 } cfgFwFltRSourcePortStart OBJECT-TYPE SYNTAX DisplayString (SIZE(1..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Source start port to match. Specify the port or start of a port range from which a connection originates. Can only be used with tcp or udp. You can use ! to invert the sense of the rule: E.g. !80. When used in a range, the inversion applies to the range. Set to -1 to not use this parameter. Applies to AP and STA." ::= { cfgFwFilterRulesTableEntry 9 } cfgFwFltRSourcePortEnd OBJECT-TYPE SYNTAX Integer32 (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Source end port to match. When matching multiple ports, this value is the end of the range. Can only be used with tcp or udp. Set to -1 when no range is to be matched. Applies to AP and STA." ::= { cfgFwFilterRulesTableEntry 10 } cfgFwFltRDestinationAddress OBJECT-TYPE SYNTAX DisplayString (SIZE(1..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Destination address to match. This can be a specific ip address or a range in CIDR notation. Set to 0.0.0.0/0 to match all destinations. Set to 172.17.29.7/32 to match the specific IP 172.17.29.7. You can use ! to invert the sense of the rule: E.g. !192.168.0.0/24 Set to -1 to not use this parameter. Applies to AP and STA." ::= { cfgFwFilterRulesTableEntry 11 } cfgFwFltRDestinationPortStart OBJECT-TYPE SYNTAX DisplayString (SIZE(1..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Destination start port to match. Specify the port or start of a port range to which a connection is going. Can only be used with tcp or udp. You can use ! to invert the sense of the rule: E.g. !80. When used in a range, the inversion applies to the range. Set to -1 to not use this parameter. Applies to AP and STA." ::= { cfgFwFilterRulesTableEntry 12 } cfgFwFltRDestinationPortEnd OBJECT-TYPE SYNTAX Integer32 (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Destination end port to match. When matching multiple ports, this value is the end of the range. Can only be used with tcp or udp. Set to -1 when no range is to be matched. Applies to AP and STA." ::= { cfgFwFilterRulesTableEntry 13 } -- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -- * End of Object Types -- ********************************************************************** -- ********************************************************************** -- * Begin GROUPS -- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * groupCfgFirewall OBJECT-GROUP OBJECTS { cfgFwEnabled } STATUS current DESCRIPTION "Firewall settings." ::= { groupConfiguration 1 } groupCfgFirewallPortForward OBJECT-GROUP OBJECTS { cfgFwEnabled, cfgFwNatPrtFwdEnabled, cfgFwNatPrtFwdInterface, cfgFwNatPrtFwdProtocol, cfgFwNatPrtFwdSourceAddress, cfgFwNatPrtFwdSourcePortStart, cfgFwNatPrtFwdSourcePortEnd, cfgFwNatPrtFwdDestinationAddress, cfgFwNatPrtFwdDestinationPortStart, cfgFwNatPrtFwdDestinationPortEnd, cfgFwNatPrtFwdRedirectDestinationAddress, cfgFwNatPrtFwdRedirectDestinationPort } STATUS current DESCRIPTION "Firewall settings." ::= { groupConfiguration 2 } groupCfgFirewallOutboundNat OBJECT-GROUP OBJECTS { cfgFwNatOutEnabled, cfgFwNatOutInterface, cfgFwNatOutProtocol, cfgFwNatOutSourceAddress, cfgFwNatOutSourcePortStart, cfgFwNatOutSourcePortEnd, cfgFwNatOutDestinationAddress, cfgFwNatOutDestinationPortStart, cfgFwNatOutDestinationPortEnd, cfgFwNatOutSourceRewriteAddress, cfgFwNatOutSourceRewritePort } STATUS current DESCRIPTION "Firewall settings." ::= { groupConfiguration 3 } groupCfgFirewallL2IpFilter OBJECT-GROUP OBJECTS { cfgFwL2IpFilterEnabled, cfgFwL2IpFilterDefaultAction, cfgFwL2IpFltrEnabled, cfgFwL2IpFltrBridge, cfgFwL2IpFltrAction, cfgFwL2IpFltrPriority, cfgFwL2IpFltrSource, cfgFwL2IpFltrDestination } STATUS current DESCRIPTION "Firewall settings." ::= { groupConfiguration 4 } groupCfgFirewallFilter OBJECT-GROUP OBJECTS { cfgFwFltDefaultPolicyInput, cfgFwFltDefaultPolicyForward, cfgFwFltDefaultPolicyOutput, cfgFwFltREnabled, cfgFwFltRChain, cfgFwFltRAction, cfgFwFltRInputInterface, cfgFwFltROutputInterface, cfgFwFltRProtocol, cfgFwFltRSourceAddress, cfgFwFltRSourcePortStart, cfgFwFltRSourcePortEnd, cfgFwFltRDestinationAddress, cfgFwFltRDestinationPortStart, cfgFwFltRDestinationPortEnd } STATUS current DESCRIPTION "Firewall settings." ::= { groupConfiguration 5 } -- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -- * End GROUPS -- ********************************************************************** -- ********************************************************************** -- * Begin COMPLIANCE STATEMENTS -- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * compliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Implementation Requirements for DT50 bindings" MODULE -- this module MANDATORY-GROUPS { groupCfgFirewall, groupCfgFirewallPortForward, groupCfgFirewallOutboundNat, groupCfgFirewallL2IpFilter, groupCfgFirewallFilter } ::= { compliances 1 } -- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -- * End COMPLIANCE STATEMENTS -- ********************************************************************** -- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -- * End of MIB DEFINITION -- ********************************************************************** END -- ********************************************************************** -- **********************************************************************