Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
Last revisionBoth sides next revision
policies [2012-06-08 14:30] – [Specifications] randersonpolicies [2012-07-16 14:16] – [Specifications] randerson
Line 49: Line 49:
     * present in r493+ and v2.1.x     * present in r493+ and v2.1.x
  
-  * Match a groupwhich in turn can comprise of a list of any of the above specification types including groups+  * Match a group whichin turncan comprise of a list of any of the above specification types including groups. Policyd cycles through the group members recursively and looks for an item to match. Making groups ideal for cases where  you could have any number of negative results before matching, or a large pool of matching members, depending on your set up. Effectively, this is a way to accomplish a type of OR "select".
   * <code>%group</code>   * <code>%group</code>
  
Line 57: Line 57:
   * Match the reverse dns of the IP where the client is connecting from   * Match the reverse dns of the IP where the client is connecting from
   * <code>whatever.example.com</code>   * <code>whatever.example.com</code>
-    * You can use * as a wildcard match against anything except the ., for example hello.*.example.com . You can use * as much as you like+    * You can use * as a wildcard match against anything except the ., for example hello.*.example.com
     * Specifying example.com will only match example.com     * Specifying example.com will only match example.com
     * Specifying .example.com will match anything.example.com and fu.bar.example.com     * Specifying .example.com will match anything.example.com and fu.bar.example.com
-  * As a technical note, * is expanded into [a-z0-9\-_\.] and if . doesn't prefix the specification it gets ^. All reverse dns specifications are matched with end of line $ at the end.+    * As a technical note, * is expanded into [a-z0-9\-_\.] and if . doesn't prefix the specification it gets ^. All reverse dns specifications are matched with end of line $ 
 + 
 +=====Examples===== 
 +The preconfigured default polices are defined as follows 
 + 
 +  * <code>Default System Policy 
 +Priority: 0 
 +Source: ANY 
 +Desination: ANY</code> 
 +  * <code>Default Outbound Policy 
 +Priority: 10 
 +Source: %internal_ips,%internal_domains 
 +Destination: !%internal_domains</code> 
 +  * <code>Default Inbound Policy 
 +Priority: 10 
 +Source: !%internal_ips,!%internal_domains 
 +Destination: %internal_domains</code> 
 +  * <code>Default Internal Policy 
 +Priority: 20 
 +Source: %internal_ips,%internal_domains 
 +Destination: %internal_domains</code> 
 + 
 +These groups are defined in the following manner 
 + 
 +  * <code>internal_ips 
 +10.0.0.0/8</code> 
 +  * <code>internal_domains 
 +example.org 
 +example.com 
 +example.net</code>