560 lines
14 KiB
Plaintext
560 lines
14 KiB
Plaintext
-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00
|
|
|
|
|
|
-- (C)opyright 1991-2003 BinTec Communications AG, All Rights Reserved
|
|
-- (C)opyright 2003-2014 bintec elmeg GmbH
|
|
-- All Rights Reserved
|
|
-- $RCSfile: mibipsrv,v $
|
|
-- $Revision: 1.12 $
|
|
|
|
BIANCA-BRICK-IP-SERVICE-MIB DEFINITIONS ::= BEGIN
|
|
IMPORTS
|
|
IpAddress, Counter, TimeTicks, enterprises
|
|
FROM RFC1155-SMI
|
|
|
|
DisplayString
|
|
FROM RFC1158-MIB
|
|
|
|
OBJECT-TYPE
|
|
FROM RFC-1212;
|
|
|
|
bintec OBJECT IDENTIFIER ::= { enterprises 272 }
|
|
bibo OBJECT IDENTIFIER ::= { bintec 4 }
|
|
biboip OBJECT IDENTIFIER ::= { bibo 5 }
|
|
biboipsrv OBJECT IDENTIFIER
|
|
::= { biboip 14 }
|
|
|
|
localTcpAllowTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF LocalTcpAllowEntry
|
|
ACCESS not-accessible
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Filter rule table for incoming TCP packets for local services.
|
|
This table is used to restrict access to TCP services provided
|
|
by the system.
|
|
|
|
o active rules have at least one of 'localTcpAllowAddrMode'
|
|
and 'localTcpAllowIfMode' set to 'verify'
|
|
|
|
o if there are active rules for a certain service,
|
|
incoming connections of this service type (port) must
|
|
match at least one of them.
|
|
|
|
o incoming connections to a service (port) without
|
|
an active rule are always allowed.
|
|
|
|
o connections originating from 127.0.0.1 are always
|
|
allowed
|
|
"
|
|
::= { biboipsrv 1 }
|
|
|
|
localTcpAllowEntry OBJECT-TYPE
|
|
SYNTAX LocalTcpAllowEntry
|
|
ACCESS not-accessible
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
""
|
|
INDEX { localTcpAllowAddr, localTcpAllowService }
|
|
::= { localTcpAllowTable 1 }
|
|
|
|
LocalTcpAllowEntry ::=
|
|
SEQUENCE {
|
|
localTcpAllowAddrMode INTEGER,
|
|
localTcpAllowAddr IpAddress,
|
|
localTcpAllowMask IpAddress,
|
|
localTcpAllowIfMode INTEGER,
|
|
localTcpAllowIfIndex INTEGER,
|
|
localTcpAllowService INTEGER
|
|
}
|
|
|
|
localTcpAllowAddrMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
dont-verify(1),
|
|
verify(2),
|
|
delete(3)
|
|
}
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Specifies wether or not the IP source address of incoming
|
|
TCP packets should be checked against localTcpAllowAddr and
|
|
localTcpAllowMask."
|
|
DEFVAL { dont-verify}
|
|
::= { localTcpAllowEntry 1 }
|
|
|
|
localTcpAllowAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Check source IP address against contents of this variable,
|
|
taking localTcpAllowMask into account."
|
|
::= { localTcpAllowEntry 2 }
|
|
|
|
localTcpAllowMask OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Specifies address mask to use for IP source address comparisson
|
|
with address contained in localTcpAllowAddr."
|
|
::= { localTcpAllowEntry 3 }
|
|
|
|
localTcpAllowIfMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
dont-verify(1),
|
|
verify(2)
|
|
}
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Specifies wether or not the source interface of incoming
|
|
TCP packets should be checked."
|
|
DEFVAL { dont-verify}
|
|
::= { localTcpAllowEntry 4 }
|
|
|
|
localTcpAllowIfIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Specifies source interface index for interface check in case
|
|
localTcpAllowIfMode is set to verify."
|
|
::= { localTcpAllowEntry 5 }
|
|
|
|
-- services MUST be in sync with those from localTcpLImitTable
|
|
|
|
localTcpAllowService OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
telnet(1),
|
|
trace(2),
|
|
snmp(3),
|
|
capi(4),
|
|
tapi(5),
|
|
rfc1086(6),
|
|
http(7),
|
|
https(8),
|
|
ssh(9)
|
|
}
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"TCP service"
|
|
DEFVAL { telnet }
|
|
::= { localTcpAllowEntry 6 }
|
|
|
|
|
|
localUdpAllowTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF LocalUdpAllowEntry
|
|
ACCESS not-accessible
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Filter rule table for incoming UDP packets for local services.
|
|
This table is used to restrict access to UDP services provided
|
|
by the system.
|
|
|
|
o active rules have at least one of 'localUdpAllowAddrMode'
|
|
and 'localUdpAllowIfMode' set to 'verify'
|
|
|
|
o if there are active rules for a certain service,
|
|
incoming packets of this service type must
|
|
match at least one of them.
|
|
|
|
o incoming packets to a service (port) without
|
|
an active rule are always allowed.
|
|
|
|
o packets originating from 127.0.0.1 are always
|
|
allowed
|
|
"
|
|
::= { biboipsrv 2 }
|
|
|
|
localUdpAllowEntry OBJECT-TYPE
|
|
SYNTAX LocalUdpAllowEntry
|
|
ACCESS not-accessible
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
""
|
|
INDEX { localUdpAllowAddr, localUdpAllowService }
|
|
::= { localUdpAllowTable 1 }
|
|
|
|
LocalUdpAllowEntry ::=
|
|
SEQUENCE {
|
|
localUdpAllowAddrMode INTEGER,
|
|
localUdpAllowAddr IpAddress,
|
|
localUdpAllowMask IpAddress,
|
|
localUdpAllowIfMode INTEGER,
|
|
localUdpAllowIfIndex INTEGER,
|
|
localUdpAllowService INTEGER
|
|
}
|
|
|
|
localUdpAllowAddrMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
dont-verify(1),
|
|
verify(2),
|
|
delete(3)
|
|
}
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Specifies wether or not the IP source address of incoming
|
|
UDP packets should be checked against localUdpAllowAddr and
|
|
localUdpAllowMask."
|
|
DEFVAL { dont-verify}
|
|
::= { localUdpAllowEntry 1 }
|
|
|
|
localUdpAllowAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Check source IP address against contents of this variable,
|
|
taking localUdpAllowMask into account."
|
|
::= { localUdpAllowEntry 2 }
|
|
|
|
localUdpAllowMask OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Specifies address mask to use for IP source address comparisson
|
|
with address contained in localUdpAllowAddr."
|
|
::= { localUdpAllowEntry 3 }
|
|
|
|
localUdpAllowIfMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
dont-verify(1),
|
|
verify(2)
|
|
}
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Specifies wether or not the source interface of incoming
|
|
UDP packets should checked"
|
|
DEFVAL { dont-verify}
|
|
::= { localUdpAllowEntry 4 }
|
|
|
|
localUdpAllowIfIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Specifies source interface index for interface check in case
|
|
localUdpAllowIfMode is set to verify."
|
|
::= { localUdpAllowEntry 5 }
|
|
|
|
-- services MUST be in sync with those from localUdpLImitTable
|
|
|
|
localUdpAllowService OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
snmp(1),
|
|
rip(2),
|
|
bootps(3),
|
|
dns(4),
|
|
nbns(5),
|
|
statmon(6)
|
|
}
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"service"
|
|
DEFVAL { snmp }
|
|
::= { localUdpAllowEntry 6 }
|
|
|
|
|
|
localIcmpAllowTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF LocalIcmpAllowEntry
|
|
ACCESS not-accessible
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Filter rule table for incoming ICMP packets.
|
|
|
|
o active rules have at least one of 'localIcmpAllowAddrMode'
|
|
and 'localIcmpAllowIfMode' set to 'verify'
|
|
|
|
o if there are active rules for a certain ICMP packet type,
|
|
incoming packets of this type must
|
|
match at least one of them.
|
|
|
|
o incoming ICMP packets with a packet type not listed in
|
|
any active rule are always allowed.
|
|
|
|
o packets originating from 127.0.0.1 are always
|
|
allowed
|
|
"
|
|
::= { biboipsrv 5 }
|
|
|
|
localIcmpAllowEntry OBJECT-TYPE
|
|
SYNTAX LocalIcmpAllowEntry
|
|
ACCESS not-accessible
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
""
|
|
INDEX { localIcmpAllowAddr, localIcmpAllowType }
|
|
::= { localIcmpAllowTable 1 }
|
|
|
|
LocalIcmpAllowEntry ::=
|
|
SEQUENCE {
|
|
localIcmpAllowAddrMode INTEGER,
|
|
localIcmpAllowAddr IpAddress,
|
|
localIcmpAllowMask IpAddress,
|
|
localIcmpAllowIfMode INTEGER,
|
|
localIcmpAllowIfIndex INTEGER,
|
|
localIcmpAllowType INTEGER
|
|
}
|
|
|
|
localIcmpAllowAddrMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
dont-verify(1),
|
|
verify(2),
|
|
delete(3)
|
|
}
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Specifies wether or not the IP source address of incoming
|
|
ICMP packets should checked"
|
|
DEFVAL { dont-verify}
|
|
::= { localIcmpAllowEntry 1 }
|
|
|
|
localIcmpAllowAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"source IP address"
|
|
::= { localIcmpAllowEntry 2 }
|
|
|
|
localIcmpAllowMask OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"source IP address mask"
|
|
::= { localIcmpAllowEntry 3 }
|
|
|
|
localIcmpAllowIfMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
dont-verify(1),
|
|
verify(2)
|
|
}
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Specifies wether or not the source interface of incoming
|
|
ICMP packets should checked"
|
|
DEFVAL { dont-verify}
|
|
::= { localIcmpAllowEntry 4 }
|
|
|
|
localIcmpAllowIfIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"source interface index"
|
|
::= { localIcmpAllowEntry 5 }
|
|
|
|
localIcmpAllowType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
echoRep(1),
|
|
destUnreach(4),
|
|
srcQuench(5),
|
|
redirect(6),
|
|
echo(9),
|
|
timeExcds(12),
|
|
parmProb(13),
|
|
timestamp(14),
|
|
timestampRep(15),
|
|
addrMask(18),
|
|
addrMaskRep(19)
|
|
}
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"ICMP packet type"
|
|
DEFVAL { echo }
|
|
::= { localIcmpAllowEntry 6 }
|
|
|
|
|
|
|
|
localTcpLimitTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF LocalTcpLimitEntry
|
|
ACCESS not-accessible
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Table to be used to limit access to local TCP services."
|
|
::= { biboipsrv 3 }
|
|
|
|
localTcpLimitEntry OBJECT-TYPE
|
|
SYNTAX LocalTcpLimitEntry
|
|
ACCESS not-accessible
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
""
|
|
INDEX { localTcpLimitService }
|
|
::= { localTcpLimitTable 1 }
|
|
|
|
LocalTcpLimitEntry ::=
|
|
SEQUENCE {
|
|
localTcpLimitAdminState INTEGER,
|
|
localTcpLimitService INTEGER,
|
|
localTcpLimitMaxSessions INTEGER,
|
|
localTcpLimitCurSessions INTEGER,
|
|
localTcpLimitState INTEGER
|
|
}
|
|
|
|
|
|
-- services MUST be in sync with those from localTcpAllowTable
|
|
|
|
localTcpLimitAdminState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
inactive(2),
|
|
delete(3)
|
|
}
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"The administrative state of this limit entry."
|
|
DEFVAL { active }
|
|
::= { localTcpLimitEntry 1 }
|
|
|
|
localTcpLimitService OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
telnet(1),
|
|
trace(2),
|
|
snmp(3),
|
|
capi(4),
|
|
tapi(5),
|
|
rfc1086(6),
|
|
http(7),
|
|
https(8),
|
|
ssh(9)
|
|
}
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"The corresponding TCP service."
|
|
DEFVAL { telnet }
|
|
::= { localTcpLimitEntry 2 }
|
|
|
|
localTcpLimitMaxSessions OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65536)
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Maximum number of allowed sessions for this TCP service."
|
|
DEFVAL { 128 }
|
|
::= { localTcpLimitEntry 3 }
|
|
|
|
localTcpLimitCurSessions OBJECT-TYPE
|
|
SYNTAX Counter
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"The current number of sessions for this TCP service."
|
|
DEFVAL { 0 }
|
|
::= { localTcpLimitEntry 4 }
|
|
|
|
localTcpLimitState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
below(1),
|
|
exceeded(2)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"The current state for this TCP service."
|
|
DEFVAL { below }
|
|
::= { localTcpLimitEntry 5 }
|
|
|
|
|
|
|
|
localUdpLimitTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF LocalUdpLimitEntry
|
|
ACCESS not-accessible
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Table to be used to limit access to local UDP services."
|
|
::= { biboipsrv 4 }
|
|
|
|
localUdpLimitEntry OBJECT-TYPE
|
|
SYNTAX LocalUdpLimitEntry
|
|
ACCESS not-accessible
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
""
|
|
INDEX { localUdpLimitService }
|
|
::= { localUdpLimitTable 1 }
|
|
|
|
LocalUdpLimitEntry ::=
|
|
SEQUENCE {
|
|
localUdpLimitAdminState INTEGER,
|
|
localUdpLimitService INTEGER,
|
|
localUdpLimitMaxRate INTEGER,
|
|
localUdpLimitCurRate INTEGER,
|
|
localUdpLimitState INTEGER
|
|
}
|
|
|
|
localUdpLimitAdminState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
inactive(2),
|
|
delete(3)
|
|
}
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"The administrative state of this limit entry."
|
|
DEFVAL { active }
|
|
::= { localUdpLimitEntry 1 }
|
|
|
|
-- services MUST be in sync with those from localUdpAllowTable
|
|
|
|
localUdpLimitService OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
snmp(1),
|
|
rip(2),
|
|
bootps(3),
|
|
dns(4),
|
|
nbns(5),
|
|
statmon(6)
|
|
}
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"The corresponding UDP service."
|
|
DEFVAL { snmp }
|
|
::= { localUdpLimitEntry 2 }
|
|
|
|
localUdpLimitMaxRate OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65536)
|
|
ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Maximum number of packets per second for this UDP service."
|
|
DEFVAL { 1000 }
|
|
::= { localUdpLimitEntry 3 }
|
|
|
|
localUdpLimitCurRate OBJECT-TYPE
|
|
SYNTAX Counter
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"The current number of packets per second for this UDP service."
|
|
DEFVAL { 0 }
|
|
::= { localUdpLimitEntry 4 }
|
|
|
|
localUdpLimitState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
below(1),
|
|
exceeded(2)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"The current state for this UDP service."
|
|
DEFVAL { below }
|
|
::= { localUdpLimitEntry 5 }
|
|
|
|
END
|