Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
policies [2012-06-08 14:30] – [Specifications] randerson | policies [2012-06-08 14:38] – [Specifications] randerson | ||
---|---|---|---|
Line 49: | Line 49: | ||
* present in r493+ and v2.1.x | * present in r493+ and v2.1.x | ||
- | * Match a group, which in turn can comprise of a list of any of the above specification types including groups | + | * Match a group which, in turn, can comprise of a list of any of the above specification types including groups |
* < | * < | ||
Line 57: | Line 57: | ||
* Match the reverse dns of the IP where the client is connecting from | * Match the reverse dns of the IP where the client is connecting from | ||
* < | * < | ||
- | * You can use * as a wildcard match against anything except the ., for example hello.*.example.com | + | * You can use * as a wildcard match against anything except the ., for example hello.*.example.com |
* Specifying example.com will only match example.com | * Specifying example.com will only match example.com | ||
* Specifying .example.com will match anything.example.com and fu.bar.example.com | * Specifying .example.com will match anything.example.com and fu.bar.example.com | ||
- | | + | |
+ | |||
+ | =====Examples===== | ||
+ | The preconfigured default polices are defined as follows | ||
+ | |||
+ | * < | ||
+ | Priority: 0 | ||
+ | Source: ANY | ||
+ | Desination: ANY</ | ||
+ | * < | ||
+ | Priority: 10 | ||
+ | Source: %internal_ips, | ||
+ | Destination: | ||
+ | * < | ||
+ | Priority: 10 | ||
+ | Source: !%internal_ips, | ||
+ | Destination: | ||
+ | * < | ||
+ | Priority: 20 | ||
+ | Source: %internal_ips, | ||
+ | Destination: | ||
+ | |||
+ | These groups are defined in the following manner | ||
+ | |||
+ | * < | ||
+ | 10.0.0.0/ | ||
+ | * < | ||
+ | example.org | ||
+ | example.com | ||
+ | example.net</ |