Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
policies [2012-06-08 14:30] – [Specifications] randerson | policies [2012-07-16 14:05] – [Specifications] randerson | ||
---|---|---|---|
Line 49: | Line 49: | ||
* present in r493+ and v2.1.x | * present in r493+ and v2.1.x | ||
- | * Match a group, which in turn can comprise of a list of any of the above specification types including groups | + | * Match a group which, in turn, can comprise of a list of any of the above specification types including groups. Policyd cycles through the group members recursively and looks for an item to match. Making groups ideal for cases where you could have any number of negative results before matching, or a large pool of matching members, depending on your set up. |
* < | * < | ||
Line 57: | Line 57: | ||
* Match the reverse dns of the IP where the client is connecting from | * Match the reverse dns of the IP where the client is connecting from | ||
* < | * < | ||
- | * You can use * as a wildcard match against anything except the ., for example hello.*.example.com | + | * You can use * as a wildcard match against anything except the ., for example hello.*.example.com |
* Specifying example.com will only match example.com | * Specifying example.com will only match example.com | ||
* Specifying .example.com will match anything.example.com and fu.bar.example.com | * Specifying .example.com will match anything.example.com and fu.bar.example.com | ||
- | | + | |
+ | |||
+ | =====Examples===== | ||
+ | The preconfigured default polices are defined as follows | ||
+ | |||
+ | * < | ||
+ | Priority: 0 | ||
+ | Source: ANY | ||
+ | Desination: ANY</ | ||
+ | * < | ||
+ | Priority: 10 | ||
+ | Source: %internal_ips, | ||
+ | Destination: | ||
+ | * < | ||
+ | Priority: 10 | ||
+ | Source: !%internal_ips, | ||
+ | Destination: | ||
+ | * < | ||
+ | Priority: 20 | ||
+ | Source: %internal_ips, | ||
+ | Destination: | ||
+ | |||
+ | These groups are defined in the following manner | ||
+ | |||
+ | * < | ||
+ | 10.0.0.0/ | ||
+ | * < | ||
+ | example.org | ||
+ | example.com | ||
+ | example.net</ |