WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/westermo/WESTERMO-SW6-FIREWALL-MIB

1049 lines
35 KiB
Plaintext
Raw Blame History

-- *****************************************************************
-- WESTERMO-SW6-FIREWALL-MIB :
-- SNMP feature configuration of Westermo devices with SW6.
--
-- Copyright (c) 2018 by Westermo Teleindustri AB
-- All rights reserved.
-- *****************************************************************
-- *****************************************************************
-- This script has been tested using the SMI checker smilint
-- the tool can be downloaded at
-- http://www.ibr.cs.tu-bs.de/projects/libsmi/smilint.html
-- or use alternatively the online version at:
-- http://www.simpleweb.org/ietf/mibs/validate/
--
-- smilint -m -s -l 6 -i nameLength-32 ./WESTERMO-SW6-FIREWALL-MIB
-- Ensure that all needed MIBS are located in the SMIPATH.
-- *****************************************************************
-- **********************************************************************
-- * FIREWALL MIB
-- **********************************************************************
WESTERMO-SW6-FIREWALL-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE,
IpAddress, Integer32 FROM SNMPv2-SMI
DisplayString FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF
;
-- **********************************************************************
-- * MODULE IDENTITY
-- **********************************************************************
firewall MODULE-IDENTITY
LAST-UPDATED "201909060000Z"
ORGANIZATION "Westermo Teleindustri AB"
CONTACT-INFO "E-mail: info@westermo.com"
DESCRIPTION "MIB Module for the Westermo RT-300 Radio Modem Device - Firewall definitions"
REVISION "201909060000Z"
DESCRIPTION "Release 6.9.0-RC0"
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1)
westermo(16177) products(1) rt(400) feature(2) 1 }
-- **********************************************************************
-- * Begin Major sections
-- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
-- Configuration
-- =============
configuration OBJECT IDENTIFIER ::= { firewall 1 }
-- Conformance Information
-- =======================
conformance OBJECT IDENTIFIER ::= { firewall 10000 }
groups OBJECT IDENTIFIER ::= { conformance 1 }
groupConfiguration OBJECT IDENTIFIER ::= { groups 1 }
compliances OBJECT IDENTIFIER ::= { conformance 2 }
-- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
-- * End Major Sections
-- **********************************************************************
-- **********************************************************************
-- * Begin Object Types
-- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
cfgFwEnabled OBJECT-TYPE
SYNTAX INTEGER { disabled(0), enabled(1) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Firewall disabled or enabled.
Applies to AP and STA."
::= { configuration 1 }
-- =============================================================================
cfgFwNat OBJECT IDENTIFIER ::= { configuration 2 }
cfgFwNatPortForwardTable OBJECT-TYPE
SYNTAX SEQUENCE OF CfgFwNatPrtFwdTableSeq
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Firewall port forward rules table."
::= { cfgFwNat 1 }
cfgFwNatPortForwardTableEntry OBJECT-TYPE
SYNTAX CfgFwNatPrtFwdTableSeq
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Firewall port forward rules table entry."
INDEX {cfgFwNatPrtFwdIndex}
::= { cfgFwNatPortForwardTable 1 }
CfgFwNatPrtFwdTableSeq ::=
SEQUENCE { cfgFwNatPrtFwdIndex Integer32,
cfgFwNatPrtFwdEnabled INTEGER,
cfgFwNatPrtFwdInterface DisplayString,
cfgFwNatPrtFwdProtocol INTEGER,
cfgFwNatPrtFwdSourceAddress DisplayString,
cfgFwNatPrtFwdSourcePortStart DisplayString,
cfgFwNatPrtFwdSourcePortEnd Integer32,
cfgFwNatPrtFwdDestinationAddress DisplayString,
cfgFwNatPrtFwdDestinationPortStart DisplayString,
cfgFwNatPrtFwdDestinationPortEnd Integer32,
cfgFwNatPrtFwdRedirectDestinationAddress IpAddress,
cfgFwNatPrtFwdRedirectDestinationPort Integer32
}
cfgFwNatPrtFwdIndex OBJECT-TYPE
SYNTAX Integer32 (0..255)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entry index of port forward table."
::= { cfgFwNatPortForwardTableEntry 1 }
cfgFwNatPrtFwdEnabled OBJECT-TYPE
SYNTAX INTEGER { disabled(0), enabled(1) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Disable or enable the rule.
Applies to AP and STA."
::= { cfgFwNatPortForwardTableEntry 2 }
cfgFwNatPrtFwdInterface OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..255))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Name of the network interface on which the rule applies.
Defines on which interface traffic is comming in. Groups of
interfaces can be matched by adding the character '+' at the end.
E.g. eth+ to match the interfaces eth0, eth1 and eth2. To match all
interfaces use the character '+' alone.
Applies to AP and STA."
::= { cfgFwNatPortForwardTableEntry 3 }
cfgFwNatPrtFwdProtocol OBJECT-TYPE
SYNTAX INTEGER { any(0), udp(1), tcp(2), udptcp(3) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Choose which IP protocol the rule matches.
Allowed protocols are:
* **any(0):** Any ip protocol.
* **udp(1):** Only UDP protocol.
* **tcp(2):** Only TCP protocol.
* **udptcp(3):** UDP and TCP protocol.
Applies to AP and STA.
"
::= { cfgFwNatPortForwardTableEntry 4 }
cfgFwNatPrtFwdSourceAddress OBJECT-TYPE
SYNTAX DisplayString (SIZE(9..19))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Source address to match.
This can be a specific ip address or a range in CIDR notation. Set
to 0.0.0.0/0 to match all inbound traffic. Set to 172.17.29.7/32 to
match the specific IP 172.17.29.7 You can use ! to invert the sense
of the rule: E.g. !192.168.0.0/24
**Notice:** Usually you want 0.0.0.0/0.
Applies to AP and STA.
"
::= { cfgFwNatPortForwardTableEntry 5 }
cfgFwNatPrtFwdSourcePortStart OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..6))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Source start port to match.
Specify the port or start of a port range from which a connection
originates. Can only be used with TCP, UDP or TCP/UDP. Leave this
on -1 to disable. You can use ! to invert the sense of the rule:
E.g. !80. When used in a range, the inversion applies to the range.
**Notice:** Usually you want this disabled.
Applies to AP and STA.
"
::= { cfgFwNatPortForwardTableEntry 6 }
cfgFwNatPrtFwdSourcePortEnd OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Destination end port to match.
When matching multiple port, this value is the end of the range.
Set to -1 if no range is to be matched. Can only be used with TCP,
UDP or TCP/UDP.
**Notice:** Usually you want this disabled.
Applies to AP and STA.
"
::= { cfgFwNatPortForwardTableEntry 7 }
cfgFwNatPrtFwdDestinationAddress OBJECT-TYPE
SYNTAX DisplayString (SIZE(9..19))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Destination address to redirect.
This can be a specific ip address or a range in CIDR notation.
Set to 0.0.0.0/0 to match all inbound traffic on the interface
specified in cfgFwNatPrtFwdInterface. You can use ! to invert the
sense of the rule: E.g. !192.168.0.0/24. When using static IPs set
this to the configured address of the respective interface or alias
you want to forward.
Be aware, that setting 0.0.0.0/0 will redirect everything arriving
on the configured interface, even if not sent to the device itself.
**Notice:** Leave this on 0.0.0.0/0 when using DHCP.
Applies to AP and STA.
"
::= { cfgFwNatPortForwardTableEntry 8 }
cfgFwNatPrtFwdDestinationPortStart OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..20))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Destination start port to redirect.
Specify the port or start of a port range for the destination.
You can use ! to invert the sense of the rule: E.g. !80. When used
in a range, the inversion applies to the range. Can only be used
with TCP, UDP or TCP/UDP.
Applies to AP and STA.
"
::= { cfgFwNatPortForwardTableEntry 9 }
cfgFwNatPrtFwdDestinationPortEnd OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Destination end port to redirect.
When forwarding multiple port, this value is the end of the range.
Set to -1 if no range is forwarded. Can only be used with TCP, UDP
or TCP/UDP.
Applies to AP and STA.
"
::= { cfgFwNatPortForwardTableEntry 10 }
cfgFwNatPrtFwdRedirectDestinationAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Redirect traffic to this redirection destination address.
Applies to AP and STA.
"
::= { cfgFwNatPortForwardTableEntry 11 }
cfgFwNatPrtFwdRedirectDestinationPort OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Redirect traffic to this destination port.
Can only be used with TCP, UDP or TCP/UDP.
Applies to AP and STA.
"
::= { cfgFwNatPortForwardTableEntry 12 }
-- -----------------------------------------------------------------------------
cfgFwNatOutboundTable OBJECT-TYPE
SYNTAX SEQUENCE OF CfgFwNatOutTableSeq
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Firewall outbound NAT rules table."
::= { cfgFwNat 2 }
cfgFwNatOutboundTableEntry OBJECT-TYPE
SYNTAX CfgFwNatOutTableSeq
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Firewall outbound NAT rules table entry."
INDEX {cfgFwNatOutIndex}
::= { cfgFwNatOutboundTable 1 }
CfgFwNatOutTableSeq ::=
SEQUENCE { cfgFwNatOutIndex Integer32,
cfgFwNatOutEnabled INTEGER,
cfgFwNatOutInterface DisplayString,
cfgFwNatOutProtocol INTEGER,
cfgFwNatOutSourceAddress DisplayString,
cfgFwNatOutSourcePortStart DisplayString,
cfgFwNatOutSourcePortEnd Integer32,
cfgFwNatOutDestinationAddress DisplayString,
cfgFwNatOutDestinationPortStart DisplayString,
cfgFwNatOutDestinationPortEnd Integer32,
cfgFwNatOutSourceRewriteAddress IpAddress,
cfgFwNatOutSourceRewritePort Integer32
}
cfgFwNatOutIndex OBJECT-TYPE
SYNTAX Integer32 (0..255)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entry index of Table."
::= { cfgFwNatOutboundTableEntry 1 }
cfgFwNatOutEnabled OBJECT-TYPE
SYNTAX INTEGER { disabled(0), enabled(1) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Disable or enable the rule.
Applies to AP and STA."
::= { cfgFwNatOutboundTableEntry 2 }
cfgFwNatOutInterface OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..255))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Name of the network interface on which the rule applies.
Matches traffic leaving on this interface. Needs to be set to an
interface name if you are using DHCP. Set to -1 if you don't know
on which interface traffic will be leaving. Match the traffic with
cfgFwNatOutDestinationAddress instead. You can use ! to invert the
sense of the rule. E.g. !wlan0.
Applies to AP and STA."
::= { cfgFwNatOutboundTableEntry 3 }
cfgFwNatOutProtocol OBJECT-TYPE
SYNTAX INTEGER { any(0), udp(1), tcp(2), udptcp(3) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Choose which IP protocol the rule matches.
Allowed protocols are:
* **any(0):** Any ip protocol.
* **udp(1):** Only UDP protocol.
* **tcp(2):** Only TCP protocol.
* **udptcp(3):** UDP and TCP protocol.
Applies to AP and STA."
::= { cfgFwNatOutboundTableEntry 4 }
cfgFwNatOutSourceAddress OBJECT-TYPE
SYNTAX DisplayString (SIZE(9..19))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Source address to match.
This can be a specific ip address or a range in CIDR notation. Set
to 0.0.0.0/0 to match all inbound traffic. Set to 172.17.29.7/32 to
match the specific IP 172.17.29.7. You can use ! to invert the
sense of the rule: E.g. !192.168.0.0/24.
**Note:** Usually you want 0.0.0.0/0.
Applies to AP and STA."
::= { cfgFwNatOutboundTableEntry 5 }
cfgFwNatOutSourcePortStart OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..6))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Source start port to match.
Specify the port or start of a port range from which a connection
originates. Can only be used with TCP, UDP or TCP/UDP. Leave this
on -1 to disable. You can use ! to invert the sense of the rule:
E.g. !80. When used in a range, the inversion applies to the range.
**Note:** Usually you want this disabled.
Applies to AP and STA."
::= { cfgFwNatOutboundTableEntry 6 }
cfgFwNatOutSourcePortEnd OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Destination end port to match.
When matching multiple port, this value is the end of the range.
Set to -1 if no range is to be matched. Can only be used with TCP,
UDP or TCP/UDP.
**Note:** Usually you want this disabled.
Applies to AP and STA."
::= { cfgFwNatOutboundTableEntry 7 }
cfgFwNatOutDestinationAddress OBJECT-TYPE
SYNTAX DisplayString (SIZE(9..19))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Destination address to match.
This can be a specific ip address or a range in CIDR notation. Set
to 0.0.0.0/0 to match all outbound traffic on the interface
specified in cfgFwNatOutInterface. You can use ! to invert the
sense of the rule: E.g. !192.168.0.0/24.
Applies to AP and STA."
::= { cfgFwNatOutboundTableEntry 8 }
cfgFwNatOutDestinationPortStart OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..6))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Destination start port to match.
Specify the port or start of a port range for the destination. Can
only be used with TCP, UDP or TCP/UDP. You can use ! to invert the
sense of the rule: E.g. !80. When used in a range, the inversion
applies to the range.
**Note:** Usually you want this disabled.
Applies to AP and STA."
::= { cfgFwNatOutboundTableEntry 9 }
cfgFwNatOutDestinationPortEnd OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Destination end port to match.
When forwarding multiple port, this value is the end of the range.
Set to -1 if no range is forwarded. Can only be used with TCP, UDP
or TCP/UDP.
**Note:** Usually you want this disabled.
Applies to AP and STA."
::= { cfgFwNatOutboundTableEntry 10 }
cfgFwNatOutSourceRewriteAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Set the address with which outbound traffic shall be rewritten.
In case you are using DHCP leave this on 0.0.0.0.
**Note:** If you are not rewriting the source to a specific
aliases you can set this to 0.0.0.0 to automatically rewrite
to the configured primary (first) address of the interface.
Applies to AP and STA."
::= { cfgFwNatOutboundTableEntry 11 }
cfgFwNatOutSourceRewritePort OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Set the source-port with which outbound traffic shall be rewritten.
Can only be used with TCP, UDP or TCP/UDP. Set to -1 to disable
source port rewrite.
**Note:** Usually you want this disabled.
Applies to AP and STA."
::= { cfgFwNatOutboundTableEntry 12 }
-- =============================================================================
cfgFwL2IpFilter OBJECT IDENTIFIER ::= { configuration 3 }
cfgFwL2IpFilterEnabled OBJECT-TYPE
SYNTAX INTEGER { disabled(0), enabled(1) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Globally enable or disable the L2 IP Filter option of all Bridges.
This filter will only apply on IP frames and will not touch anything else.
Applies to AP and STA."
::= { cfgFwL2IpFilter 1 }
cfgFwL2IpFilterDefaultAction OBJECT-TYPE
SYNTAX INTEGER { accept(0), drop(1) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Set the default action of all bridges when filtering is enabled.
Take care to not lock yourself out when the default action is 'drop'.
Applies to AP and STA."
::= { cfgFwL2IpFilter 2 }
cfgFwL2IpFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF CfgNetL2IpFilterTableSeq
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"L2 IP Filter"
::= { cfgFwL2IpFilter 3 }
cfgFwL2IpFilterTableEntry OBJECT-TYPE
SYNTAX CfgNetL2IpFilterTableSeq
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"L2 IP Filter"
INDEX {cfgFwL2IpFltrIndex}
::= { cfgFwL2IpFilterTable 1 }
CfgNetL2IpFilterTableSeq ::=
SEQUENCE { cfgFwL2IpFltrIndex Integer32,
cfgFwL2IpFltrEnabled INTEGER,
cfgFwL2IpFltrBridge Integer32,
cfgFwL2IpFltrAction INTEGER,
cfgFwL2IpFltrPriority Integer32,
cfgFwL2IpFltrSource DisplayString,
cfgFwL2IpFltrDestination DisplayString
}
cfgFwL2IpFltrIndex OBJECT-TYPE
SYNTAX Integer32 (0..63)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entry index of Table"
::= { cfgFwL2IpFilterTableEntry 1 }
cfgFwL2IpFltrEnabled OBJECT-TYPE
SYNTAX INTEGER { disabled(0), enabled(1) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Rule disabled or enabled.
Applies to AP and STA."
::= { cfgFwL2IpFilterTableEntry 2 }
cfgFwL2IpFltrBridge OBJECT-TYPE
SYNTAX Integer32 (-1..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Bridge on which the rule will be applied.
Applies to AP and STA."
::= { cfgFwL2IpFilterTableEntry 3 }
cfgFwL2IpFltrAction OBJECT-TYPE
SYNTAX INTEGER { accept(0), drop(1) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Action to perform.
Applies to AP and STA."
::= { cfgFwL2IpFilterTableEntry 4 }
cfgFwL2IpFltrPriority OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Filter priority
When multiple rules match, the rule with the highest priority will
be applied.
**NOTE:** When multiple matching rules with the same priority exist,
the rule which was first created will be used. This may lead to
unexpected behaviour.
Applies to AP and STA."
::= { cfgFwL2IpFilterTableEntry 5 }
cfgFwL2IpFltrSource OBJECT-TYPE
SYNTAX DisplayString (SIZE(9..19))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Filter source
The source network/IP on which the rule matches (CIDR notation).
Applies to AP and STA."
::= { cfgFwL2IpFilterTableEntry 6 }
cfgFwL2IpFltrDestination OBJECT-TYPE
SYNTAX DisplayString (SIZE(9..19))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Filter destination
The destination network/IP on which the rule matches (CIDR notation).
Applies to AP and STA."
::= { cfgFwL2IpFilterTableEntry 7 }
-- =============================================================================
cfgFwFilter OBJECT IDENTIFIER ::= { configuration 4 }
cfgFwFltDefaultPolicyInput OBJECT-TYPE
SYNTAX INTEGER { drop(0), accept(1) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The default filter policy on the input path.
Applies to AP and STA."
::= { cfgFwFilter 1 }
cfgFwFltDefaultPolicyForward OBJECT-TYPE
SYNTAX INTEGER { drop(0), accept(1) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The default filter policy on the forward path.
Applies to AP and STA."
::= { cfgFwFilter 2 }
cfgFwFltDefaultPolicyOutput OBJECT-TYPE
SYNTAX INTEGER { drop(0), accept(1) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The default filter policy on the output path.
Applies to AP and STA."
::= { cfgFwFilter 3 }
cfgFwFilterRulesTable OBJECT-TYPE
SYNTAX SEQUENCE OF CfgFwFilterRulesTableSeq
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Firewall filter rules table."
::= { cfgFwFilter 10 }
cfgFwFilterRulesTableEntry OBJECT-TYPE
SYNTAX CfgFwFilterRulesTableSeq
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Firewall filter rules table entry."
INDEX {cfgFwNatOutIndex}
::= { cfgFwFilterRulesTable 1 }
CfgFwFilterRulesTableSeq ::=
SEQUENCE { cfgFwFltRIndex Integer32,
cfgFwFltREnabled INTEGER,
cfgFwFltRChain INTEGER,
cfgFwFltRAction INTEGER,
cfgFwFltRInputInterface DisplayString,
cfgFwFltROutputInterface DisplayString,
cfgFwFltRProtocol Integer32,
cfgFwFltRSourceAddress DisplayString,
cfgFwFltRSourcePortStart DisplayString,
cfgFwFltRSourcePortEnd Integer32,
cfgFwFltRDestinationAddress DisplayString,
cfgFwFltRDestinationPortStart DisplayString,
cfgFwFltRDestinationPortEnd Integer32
}
cfgFwFltRIndex OBJECT-TYPE
SYNTAX Integer32 (0..255)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entry index of Table."
::= { cfgFwFilterRulesTableEntry 1 }
cfgFwFltREnabled OBJECT-TYPE
SYNTAX INTEGER { disabled(0), enabled(1) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Disable or enable the rule.
Applies to AP and STA."
::= { cfgFwFilterRulesTableEntry 2 }
cfgFwFltRChain OBJECT-TYPE
SYNTAX INTEGER { none(0), input(1), forward(2), output(3) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Action to be performed.
Applies to AP and STA."
::= { cfgFwFilterRulesTableEntry 3 }
cfgFwFltRAction OBJECT-TYPE
SYNTAX INTEGER { drop(0), accept(1) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Action to be performed.
Applies to AP and STA."
::= { cfgFwFilterRulesTableEntry 4 }
cfgFwFltRInputInterface OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..16))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Name of the input interface to match.
Groups of interfaces can be matched by adding the character '+' at
the end. E.g. eth+ to match the interfaces eth0, eth1 and eth2.
To match all interfaces use the character '+' alone.
Set to -1 to not use this parameter.
Applies to AP and STA."
::= { cfgFwFilterRulesTableEntry 5 }
cfgFwFltROutputInterface OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..16))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Name of the output interface to match.
Groups of interfaces can be matched by adding the character '+' at
the end. E.g. eth+ to match the interfaces eth0, eth1 and eth2.
To match all interfaces use the character '+' alone.
Set to -1 to not use this parameter.
This parameter is ignored for rules on the input chain.
Applies to AP and STA."
::= { cfgFwFilterRulesTableEntry 6 }
cfgFwFltRProtocol OBJECT-TYPE
SYNTAX Integer32 (0..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Choose which IP protocol the rule matches.
For a list of the currently existing protocols see:
https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers
Some examples are:
* **any(0)**: Match any ip protocol
* **icmp(1)**
* **igmp(2)**
* **tcp(6)**
* **udp(17)**
* **gre(47)**
* **esp(50)**
* **ah(51)**
* **ospf(89)**
* **vrrp / carp(112)**
* **l2tp(115)**
Applies to AP and STA."
::= { cfgFwFilterRulesTableEntry 7 }
cfgFwFltRSourceAddress OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..20))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Source address to match.
This can be a specific ip address or a range in CIDR notation.
Set to 0.0.0.0/0 to match all sources.
Set to 172.17.29.7/32 to match the specific IP 172.17.29.7.
You can use ! to invert the sense of the rule: E.g. !192.168.0.0/24
Set to -1 to not use this parameter.
Applies to AP and STA."
::= { cfgFwFilterRulesTableEntry 8 }
cfgFwFltRSourcePortStart OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..20))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Source start port to match.
Specify the port or start of a port range from which a connection
originates.
Can only be used with tcp or udp.
You can use ! to invert the sense of the rule: E.g. !80.
When used in a range, the inversion applies to the range.
Set to -1 to not use this parameter.
Applies to AP and STA."
::= { cfgFwFilterRulesTableEntry 9 }
cfgFwFltRSourcePortEnd OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Source end port to match.
When matching multiple ports, this value is the end of the range.
Can only be used with tcp or udp.
Set to -1 when no range is to be matched.
Applies to AP and STA."
::= { cfgFwFilterRulesTableEntry 10 }
cfgFwFltRDestinationAddress OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..20))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Destination address to match.
This can be a specific ip address or a range in CIDR notation.
Set to 0.0.0.0/0 to match all destinations.
Set to 172.17.29.7/32 to match the specific IP 172.17.29.7.
You can use ! to invert the sense of the rule: E.g. !192.168.0.0/24
Set to -1 to not use this parameter.
Applies to AP and STA."
::= { cfgFwFilterRulesTableEntry 11 }
cfgFwFltRDestinationPortStart OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..20))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Destination start port to match.
Specify the port or start of a port range to which a connection is
going.
Can only be used with tcp or udp.
You can use ! to invert the sense of the rule: E.g. !80.
When used in a range, the inversion applies to the range.
Set to -1 to not use this parameter.
Applies to AP and STA."
::= { cfgFwFilterRulesTableEntry 12 }
cfgFwFltRDestinationPortEnd OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Destination end port to match.
When matching multiple ports, this value is the end of the range.
Can only be used with tcp or udp.
Set to -1 when no range is to be matched.
Applies to AP and STA."
::= { cfgFwFilterRulesTableEntry 13 }
-- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
-- * End of Object Types
-- **********************************************************************
-- **********************************************************************
-- * Begin GROUPS
-- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
groupCfgFirewall OBJECT-GROUP
OBJECTS {
cfgFwEnabled
}
STATUS current
DESCRIPTION
"Firewall settings."
::= { groupConfiguration 1 }
groupCfgFirewallPortForward OBJECT-GROUP
OBJECTS {
cfgFwEnabled,
cfgFwNatPrtFwdEnabled,
cfgFwNatPrtFwdInterface,
cfgFwNatPrtFwdProtocol,
cfgFwNatPrtFwdSourceAddress,
cfgFwNatPrtFwdSourcePortStart,
cfgFwNatPrtFwdSourcePortEnd,
cfgFwNatPrtFwdDestinationAddress,
cfgFwNatPrtFwdDestinationPortStart,
cfgFwNatPrtFwdDestinationPortEnd,
cfgFwNatPrtFwdRedirectDestinationAddress,
cfgFwNatPrtFwdRedirectDestinationPort
}
STATUS current
DESCRIPTION
"Firewall settings."
::= { groupConfiguration 2 }
groupCfgFirewallOutboundNat OBJECT-GROUP
OBJECTS {
cfgFwNatOutEnabled,
cfgFwNatOutInterface,
cfgFwNatOutProtocol,
cfgFwNatOutSourceAddress,
cfgFwNatOutSourcePortStart,
cfgFwNatOutSourcePortEnd,
cfgFwNatOutDestinationAddress,
cfgFwNatOutDestinationPortStart,
cfgFwNatOutDestinationPortEnd,
cfgFwNatOutSourceRewriteAddress,
cfgFwNatOutSourceRewritePort
}
STATUS current
DESCRIPTION
"Firewall settings."
::= { groupConfiguration 3 }
groupCfgFirewallL2IpFilter OBJECT-GROUP
OBJECTS {
cfgFwL2IpFilterEnabled,
cfgFwL2IpFilterDefaultAction,
cfgFwL2IpFltrEnabled,
cfgFwL2IpFltrBridge,
cfgFwL2IpFltrAction,
cfgFwL2IpFltrPriority,
cfgFwL2IpFltrSource,
cfgFwL2IpFltrDestination
}
STATUS current
DESCRIPTION
"Firewall settings."
::= { groupConfiguration 4 }
groupCfgFirewallFilter OBJECT-GROUP
OBJECTS {
cfgFwFltDefaultPolicyInput,
cfgFwFltDefaultPolicyForward,
cfgFwFltDefaultPolicyOutput,
cfgFwFltREnabled,
cfgFwFltRChain,
cfgFwFltRAction,
cfgFwFltRInputInterface,
cfgFwFltROutputInterface,
cfgFwFltRProtocol,
cfgFwFltRSourceAddress,
cfgFwFltRSourcePortStart,
cfgFwFltRSourcePortEnd,
cfgFwFltRDestinationAddress,
cfgFwFltRDestinationPortStart,
cfgFwFltRDestinationPortEnd
}
STATUS current
DESCRIPTION
"Firewall settings."
::= { groupConfiguration 5 }
-- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
-- * End GROUPS
-- **********************************************************************
-- **********************************************************************
-- * Begin COMPLIANCE STATEMENTS
-- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
compliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Implementation Requirements for DT50 bindings"
MODULE -- this module
MANDATORY-GROUPS {
groupCfgFirewall,
groupCfgFirewallPortForward,
groupCfgFirewallOutboundNat,
groupCfgFirewallL2IpFilter,
groupCfgFirewallFilter
}
::= { compliances 1 }
-- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
-- * End COMPLIANCE STATEMENTS
-- **********************************************************************
-- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
-- * End of MIB DEFINITION
-- **********************************************************************
END
-- **********************************************************************
-- **********************************************************************
View Git Blame Copy Permalink