|
Packit |
022b05 |
TUBS-IBR-LINUX-NETFILTER-MIB DEFINITIONS ::= BEGIN
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
-- @(#) $Id: TUBS-IBR-LINUX-NETFILTER-MIB,v 1.7 2002/08/26 16:46:14 wellnitz Exp $
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
IMPORTS
|
|
Packit |
022b05 |
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
|
|
Packit |
022b05 |
Unsigned32, Counter64
|
|
Packit |
022b05 |
FROM SNMPv2-SMI
|
|
Packit |
022b05 |
TEXTUAL-CONVENTION, TruthValue, StorageType, RowStatus, TimeStamp
|
|
Packit |
022b05 |
FROM SNMPv2-TC
|
|
Packit |
022b05 |
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
|
|
Packit |
022b05 |
FROM SNMPv2-CONF
|
|
Packit |
022b05 |
SnmpAdminString
|
|
Packit |
022b05 |
FROM SNMP-FRAMEWORK-MIB
|
|
Packit |
022b05 |
InetAddressType, InetAddress, InetAddressPrefixLength
|
|
Packit |
022b05 |
FROM INET-ADDRESS-MIB
|
|
Packit |
022b05 |
ibr
|
|
Packit |
022b05 |
FROM TUBS-SMI;
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfMIB MODULE-IDENTITY
|
|
Packit |
022b05 |
LAST-UPDATED "200207230000Z"
|
|
Packit |
022b05 |
ORGANIZATION "TU Braunschweig"
|
|
Packit |
022b05 |
CONTACT-INFO
|
|
Packit |
022b05 |
"Frank Strauss, Oliver Wellnitz
|
|
Packit |
022b05 |
TU Braunschweig
|
|
Packit |
022b05 |
Muehlenpfordtstrasse 23
|
|
Packit |
022b05 |
38106 Braunschweig
|
|
Packit |
022b05 |
Germany
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
Tel: +49 531 391 3283
|
|
Packit |
022b05 |
Fax: +49 531 391 5936
|
|
Packit |
022b05 |
E-mail: {strauss,wellnitz}@ibr.cs.tu-bs.de"
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"Experimental MIB module for the Linux 2.4 netfilter
|
|
Packit |
022b05 |
subsystem."
|
|
Packit |
022b05 |
REVISION "200207260000Z"
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The initial revision of this module. This revision does
|
|
Packit |
022b05 |
not cover any match extensions and target extensions."
|
|
Packit |
022b05 |
::= { ibr 13 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
--
|
|
Packit |
022b05 |
-- The various groups defined within this MIB module:
|
|
Packit |
022b05 |
--
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfObjects OBJECT IDENTIFIER ::= { lnfMIB 1 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfTraps OBJECT IDENTIFIER ::= { lnfMIB 2 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfConformance OBJECT IDENTIFIER ::= { lnfMIB 3 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
--
|
|
Packit |
022b05 |
-- Textual Conventions:
|
|
Packit |
022b05 |
--
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
LnfTarget ::= TEXTUAL-CONVENTION
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"This data type represents an action that is about to
|
|
Packit |
022b05 |
be applied to a packet.
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
none(1): No action, except increasing counters.
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
other(2): An unknown extension action which cannot
|
|
Packit |
022b05 |
be described by the values specified below.
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
drop(3): Drop the packet on the floor.
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
accept(4): Let the packet through.
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
queue(5): Pass the packet to userspace.
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
return(6): Stop traversing this chain and resume at the
|
|
Packit |
022b05 |
next rule in the previous (calling) chain.
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
chain(7): Jump to the user chain specified by a
|
|
Packit |
022b05 |
related object.
|
|
Packit |
022b05 |
"
|
|
Packit |
022b05 |
SYNTAX INTEGER {
|
|
Packit |
022b05 |
none(1),
|
|
Packit |
022b05 |
other(2),
|
|
Packit |
022b05 |
drop(3),
|
|
Packit |
022b05 |
accept(4),
|
|
Packit |
022b05 |
queue(5),
|
|
Packit |
022b05 |
return(6),
|
|
Packit |
022b05 |
chain(7)
|
|
Packit |
022b05 |
}
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
--
|
|
Packit |
022b05 |
-- Object definitions:
|
|
Packit |
022b05 |
--
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfLastChange OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX TimeStamp
|
|
Packit |
022b05 |
MAX-ACCESS read-only
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The time of the last netfilter configuration change of any kind,
|
|
Packit |
022b05 |
including any creation, deletion or modification of any table of this
|
|
Packit |
022b05 |
MIB."
|
|
Packit |
022b05 |
::= { lnfObjects 1 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfTableTable OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX SEQUENCE OF LnfTableEntry
|
|
Packit |
022b05 |
MAX-ACCESS not-accessible
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"A list of all tables installed on the netfilter subsystem."
|
|
Packit |
022b05 |
::= { lnfObjects 2 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfTableEntry OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX LnfTableEntry
|
|
Packit |
022b05 |
MAX-ACCESS not-accessible
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"An entry describing a particular netfilter table."
|
|
Packit |
022b05 |
INDEX { lnfTableAddressType, lnfTableName }
|
|
Packit |
022b05 |
::= { lnfTableTable 1 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
LnfTableEntry ::=
|
|
Packit |
022b05 |
SEQUENCE {
|
|
Packit |
022b05 |
lnfTableAddressType InetAddressType,
|
|
Packit |
022b05 |
lnfTableName SnmpAdminString,
|
|
Packit |
022b05 |
lnfTableLastChange TimeStamp
|
|
Packit |
022b05 |
}
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfTableAddressType OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX InetAddressType { ipv4(1), ipv6(2) }
|
|
Packit |
022b05 |
MAX-ACCESS not-accessible
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The address type for which the netfilter table works."
|
|
Packit |
022b05 |
::= { lnfTableEntry 1 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfTableName OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX SnmpAdminString (SIZE (0..32))
|
|
Packit |
022b05 |
MAX-ACCESS not-accessible
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The name of the netfilter table."
|
|
Packit |
022b05 |
::= { lnfTableEntry 2 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfTableLastChange OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX TimeStamp
|
|
Packit |
022b05 |
MAX-ACCESS read-only
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The time of the last modification of this netfilter
|
|
Packit |
022b05 |
table, including the creation or deletion of a netfilter
|
|
Packit |
022b05 |
chain that belongs to this table."
|
|
Packit |
022b05 |
::= { lnfTableEntry 3 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
--
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfChainTable OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX SEQUENCE OF LnfChainEntry
|
|
Packit |
022b05 |
MAX-ACCESS not-accessible
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"A list of all chains installed on the netfilter
|
|
Packit |
022b05 |
subsystem."
|
|
Packit |
022b05 |
::= { lnfObjects 3 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfChainEntry OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX LnfChainEntry
|
|
Packit |
022b05 |
MAX-ACCESS not-accessible
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"An entry describing a particular netfilter chain."
|
|
Packit |
022b05 |
INDEX { lnfTableAddressType, lnfTableName, lnfChainName }
|
|
Packit |
022b05 |
::= { lnfChainTable 1 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
LnfChainEntry ::=
|
|
Packit |
022b05 |
SEQUENCE {
|
|
Packit |
022b05 |
lnfChainName SnmpAdminString,
|
|
Packit |
022b05 |
lnfChainPackets Counter64,
|
|
Packit |
022b05 |
lnfChainOctets Counter64,
|
|
Packit |
022b05 |
lnfChainTarget LnfTarget,
|
|
Packit |
022b05 |
lnfChainLastChange TimeStamp,
|
|
Packit |
022b05 |
lnfChainStorage StorageType,
|
|
Packit |
022b05 |
lnfChainStatus RowStatus
|
|
Packit |
022b05 |
}
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfChainName OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX SnmpAdminString (SIZE (0..32))
|
|
Packit |
022b05 |
MAX-ACCESS not-accessible
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The netfilter chain to which the rule belongs."
|
|
Packit |
022b05 |
::= { lnfChainEntry 1 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfChainPackets OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX Counter64
|
|
Packit |
022b05 |
MAX-ACCESS read-only
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The number of packets that passed this chain since
|
|
Packit |
022b05 |
the rule was installed or reset."
|
|
Packit |
022b05 |
::= { lnfChainEntry 2 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfChainOctets OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX Counter64
|
|
Packit |
022b05 |
MAX-ACCESS read-only
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The number of octets that passed this chain since
|
|
Packit |
022b05 |
the chain was installed or reset."
|
|
Packit |
022b05 |
::= { lnfChainEntry 3 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfChainTarget OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX LnfTarget { drop(3), accept(4), return(6) }
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The action that shall be applied to a packet if no rule
|
|
Packit |
022b05 |
within the chain matches. Note that user-defined chains
|
|
Packit |
022b05 |
only allow return(6)."
|
|
Packit |
022b05 |
DEFVAL { return }
|
|
Packit |
022b05 |
::= { lnfChainEntry 4 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfChainLastChange OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX TimeStamp
|
|
Packit |
022b05 |
MAX-ACCESS read-only
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The time of the last modification of this netfilter
|
|
Packit |
022b05 |
chain, including the creation or deletion of a netfilter
|
|
Packit |
022b05 |
rule that belongs to this chain."
|
|
Packit |
022b05 |
::= { lnfChainEntry 5 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfChainStorage OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX StorageType
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"This object defines whether this row is kept in
|
|
Packit |
022b05 |
volatile storage and lost upon reboot or whether it
|
|
Packit |
022b05 |
is backed up by stable storage or builtin."
|
|
Packit |
022b05 |
::= { lnfChainEntry 6 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfChainStatus OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX RowStatus
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"This object is used to create and delete rows in the
|
|
Packit |
022b05 |
lnfChainTable."
|
|
Packit |
022b05 |
::= { lnfChainEntry 7 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
--
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleTable OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX SEQUENCE OF LnfRuleEntry
|
|
Packit |
022b05 |
MAX-ACCESS not-accessible
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"A list of all rules installed on the netfilter
|
|
Packit |
022b05 |
subsystem."
|
|
Packit |
022b05 |
::= { lnfObjects 4 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleEntry OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX LnfRuleEntry
|
|
Packit |
022b05 |
MAX-ACCESS not-accessible
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"An entry describing a particular netfilter rule. Rules
|
|
Packit |
022b05 |
of different netfilter tables and chains are
|
|
Packit |
022b05 |
distinguished by the corresponding index objects."
|
|
Packit |
022b05 |
INDEX { lnfTableAddressType, lnfTableName,
|
|
Packit |
022b05 |
lnfChainName, lnfRuleIndex }
|
|
Packit |
022b05 |
::= { lnfRuleTable 1 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
LnfRuleEntry ::=
|
|
Packit |
022b05 |
SEQUENCE {
|
|
Packit |
022b05 |
lnfRuleIndex Unsigned32,
|
|
Packit |
022b05 |
lnfRuleProtocol Unsigned32,
|
|
Packit |
022b05 |
lnfRuleProtocolInv TruthValue,
|
|
Packit |
022b05 |
lnfRuleSourceAddress InetAddress,
|
|
Packit |
022b05 |
lnfRuleSourceAddressPrefixLength InetAddressPrefixLength,
|
|
Packit |
022b05 |
lnfRuleSourceAddressInv TruthValue,
|
|
Packit |
022b05 |
lnfRuleDestinationAddress InetAddress,
|
|
Packit |
022b05 |
lnfRuleDestinationAddressPrefixLength InetAddressPrefixLength,
|
|
Packit |
022b05 |
lnfRuleDestinationAddressInv TruthValue,
|
|
Packit |
022b05 |
lnfRuleInInterface SnmpAdminString,
|
|
Packit |
022b05 |
lnfRuleInInterfaceInv TruthValue,
|
|
Packit |
022b05 |
lnfRuleOutInterface SnmpAdminString,
|
|
Packit |
022b05 |
lnfRuleOutInterfaceInv TruthValue,
|
|
Packit |
022b05 |
lnfRuleFragment TruthValue,
|
|
Packit |
022b05 |
lnfRuleFragmentInv TruthValue,
|
|
Packit |
022b05 |
lnfRulePackets Counter64,
|
|
Packit |
022b05 |
lnfRuleOctets Counter64,
|
|
Packit |
022b05 |
lnfRuleTarget LnfTarget,
|
|
Packit |
022b05 |
lnfRuleTargetChain SnmpAdminString,
|
|
Packit |
022b05 |
lnfRuleTrapEnable TruthValue,
|
|
Packit |
022b05 |
lnfRuleLastChange TimeStamp,
|
|
Packit |
022b05 |
lnfRuleStorage StorageType,
|
|
Packit |
022b05 |
lnfRuleStatus RowStatus
|
|
Packit |
022b05 |
}
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleIndex OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX Unsigned32
|
|
Packit |
022b05 |
MAX-ACCESS not-accessible
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"A unique number identifying the rule within a netfilter
|
|
Packit |
022b05 |
chain."
|
|
Packit |
022b05 |
::= { lnfRuleEntry 1 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleProtocol OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX Unsigned32 (0..255)
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The protocol of the rule. The number zero matches all
|
|
Packit |
022b05 |
protocols."
|
|
Packit |
022b05 |
DEFVAL { 0 }
|
|
Packit |
022b05 |
::= { lnfRuleEntry 2 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleProtocolInv OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX TruthValue
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"This flag specifies whether the lnfRuleProtocol test
|
|
Packit |
022b05 |
has to be inverted."
|
|
Packit |
022b05 |
DEFVAL { false }
|
|
Packit |
022b05 |
::= { lnfRuleEntry 3 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleSourceAddress OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX InetAddress
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The source address of a packet. The exact format depends
|
|
Packit |
022b05 |
on the address type specified by lnfRuleAddressType.
|
|
Packit |
022b05 |
This test is applied for an address prefix whose length
|
|
Packit |
022b05 |
is specified by lnfRuleSourceAddressPrefixLength.
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
If a new row is created this object should default to
|
|
Packit |
022b05 |
an all-zeros value with a length approrpiate for the
|
|
Packit |
022b05 |
corresponding lnfRuleAddressType object value."
|
|
Packit |
022b05 |
::= { lnfRuleEntry 4 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleSourceAddressPrefixLength OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX InetAddressPrefixLength
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The network prefix length associated with
|
|
Packit |
022b05 |
lnfRuleSourceAddress."
|
|
Packit |
022b05 |
DEFVAL { 0 }
|
|
Packit |
022b05 |
::= { lnfRuleEntry 5 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleSourceAddressInv OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX TruthValue
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"This flag specifies whether the lnfRuleSourceAddress
|
|
Packit |
022b05 |
and lnfRuleSourceAddressPrefixLength test has to
|
|
Packit |
022b05 |
be inverted."
|
|
Packit |
022b05 |
DEFVAL { false }
|
|
Packit |
022b05 |
::= { lnfRuleEntry 6 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleDestinationAddress OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX InetAddress
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The destination address of a packet. The exact format
|
|
Packit |
022b05 |
depends on the address type specified by
|
|
Packit |
022b05 |
lnfRuleAddressType. This test is applied for an address
|
|
Packit |
022b05 |
prefix whose length is specified by
|
|
Packit |
022b05 |
lnfRuleDestinationAddressPrefixLength.
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
If a new row is created this object should default to
|
|
Packit |
022b05 |
an all-zeros value with a length approrpiate for the
|
|
Packit |
022b05 |
corresponding lnfRuleAddressType object value."
|
|
Packit |
022b05 |
::= { lnfRuleEntry 7 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleDestinationAddressPrefixLength OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX InetAddressPrefixLength
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The network prefix length associated with
|
|
Packit |
022b05 |
lnfRuleDestinationAddress."
|
|
Packit |
022b05 |
DEFVAL { 0 }
|
|
Packit |
022b05 |
::= { lnfRuleEntry 8 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleDestinationAddressInv OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX TruthValue
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"This flag specifies whether the lnfRuleDestinationAddress
|
|
Packit |
022b05 |
and lnfRuleDestinationAddressPrefixLength test has to
|
|
Packit |
022b05 |
be inverted."
|
|
Packit |
022b05 |
DEFVAL { false }
|
|
Packit |
022b05 |
::= { lnfRuleEntry 9 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleInInterface OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX SnmpAdminString (SIZE (0..16))
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"Name of an interface via which a packet is going to be
|
|
Packit |
022b05 |
received (only for packets entering the INPUT, FORWARD and
|
|
Packit |
022b05 |
PREROUTING chains). If the interface name ends in a '+',
|
|
Packit |
022b05 |
then any interface which begins with this name will match.
|
|
Packit |
022b05 |
If this is an empty string, any interface name will match."
|
|
Packit |
022b05 |
DEFVAL { "" }
|
|
Packit |
022b05 |
::= { lnfRuleEntry 10 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleInInterfaceInv OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX TruthValue
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"This flag specifies whether the lnfRuleInInterface test
|
|
Packit |
022b05 |
has to be inverted."
|
|
Packit |
022b05 |
DEFVAL { false }
|
|
Packit |
022b05 |
::= { lnfRuleEntry 11 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleOutInterface OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX SnmpAdminString (SIZE (0..16))
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"Name of an interface via which a packet is going to be
|
|
Packit |
022b05 |
sent (for packets entering the FORWARD, OUTPUT and
|
|
Packit |
022b05 |
POSTROUTING chains). If the interface name ends in a '+',
|
|
Packit |
022b05 |
then any interface which begins with this name will match.
|
|
Packit |
022b05 |
If this is an empty string, any interface name will match."
|
|
Packit |
022b05 |
DEFVAL { "" }
|
|
Packit |
022b05 |
::= { lnfRuleEntry 12 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleOutInterfaceInv OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX TruthValue
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"This flag specifies whether the lnfRuleOutInterface test
|
|
Packit |
022b05 |
has to be inverted."
|
|
Packit |
022b05 |
DEFVAL { false }
|
|
Packit |
022b05 |
::= { lnfRuleEntry 13 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleFragment OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX TruthValue
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"If this flag is true, the rule only refers to second and
|
|
Packit |
022b05 |
further fragments of fragmented packets. Since there is
|
|
Packit |
022b05 |
no way to tell the source or destination ports of such a
|
|
Packit |
022b05 |
packet (or ICMP type), such a packet will not match any
|
|
Packit |
022b05 |
rules which specify them."
|
|
Packit |
022b05 |
DEFVAL { false }
|
|
Packit |
022b05 |
::= { lnfRuleEntry 14 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleFragmentInv OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX TruthValue
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"This flag specifies whether the lnfRuleFragmentInv test,
|
|
Packit |
022b05 |
if true, has to be inverted. An inverted rule will only
|
|
Packit |
022b05 |
match head fragments, or unfragmented packets."
|
|
Packit |
022b05 |
DEFVAL { false }
|
|
Packit |
022b05 |
::= { lnfRuleEntry 15 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRulePackets OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX Counter64
|
|
Packit |
022b05 |
MAX-ACCESS read-only
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The number of packets that matched this rule since
|
|
Packit |
022b05 |
the rule was installed or reset."
|
|
Packit |
022b05 |
::= { lnfRuleEntry 16 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleOctets OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX Counter64
|
|
Packit |
022b05 |
MAX-ACCESS read-only
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The number of octets that matched this rule since the
|
|
Packit |
022b05 |
rule was installed or reset."
|
|
Packit |
022b05 |
::= { lnfRuleEntry 17 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleTarget OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX LnfTarget
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The action that shall be applied to a packet if the
|
|
Packit |
022b05 |
rule matches. If the value is chain(7), then jump to
|
|
Packit |
022b05 |
the user chain specified by lnfRuleTargetChain."
|
|
Packit |
022b05 |
DEFVAL { none }
|
|
Packit |
022b05 |
::= { lnfRuleEntry 18 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleTargetChain OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX SnmpAdminString (SIZE (0..32))
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The name of the target chain if the value of
|
|
Packit |
022b05 |
lnfRuleTarget is chain(7)."
|
|
Packit |
022b05 |
::= { lnfRuleEntry 19 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleTrapEnable OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX TruthValue
|
|
Packit |
022b05 |
MAX-ACCESS read-write
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"Indicates whether lnfRuleMatch traps should be
|
|
Packit |
022b05 |
generated for packets matching this rule. Note
|
|
Packit |
022b05 |
that it's up to the implementation to delay and
|
|
Packit |
022b05 |
accumulate mutliple traps in order to reduce the
|
|
Packit |
022b05 |
number of emitted traps."
|
|
Packit |
022b05 |
DEFVAL { false }
|
|
Packit |
022b05 |
::= { lnfRuleEntry 20 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleLastChange OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX TimeStamp
|
|
Packit |
022b05 |
MAX-ACCESS read-only
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The time of the last modification of this netfilter rule.
|
|
Packit |
022b05 |
If it has been unchanged since the last re-initialization
|
|
Packit |
022b05 |
of the local network management subsystem, then this
|
|
Packit |
022b05 |
object contains a zero value."
|
|
Packit |
022b05 |
::= { lnfRuleEntry 21 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleStorage OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX StorageType
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"This object defines whether this row is kept in
|
|
Packit |
022b05 |
volatile storage and lost upon reboot or whether it
|
|
Packit |
022b05 |
is backed up by stable storage or builtin."
|
|
Packit |
022b05 |
::= { lnfRuleEntry 22 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleStatus OBJECT-TYPE
|
|
Packit |
022b05 |
SYNTAX RowStatus
|
|
Packit |
022b05 |
MAX-ACCESS read-create
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"This object is used to create and delete rows in the
|
|
Packit |
022b05 |
lnfRuleTable."
|
|
Packit |
022b05 |
::= { lnfRuleEntry 23 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
--
|
|
Packit |
022b05 |
-- Notifications:
|
|
Packit |
022b05 |
--
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfNotifications OBJECT IDENTIFIER ::= { lnfTraps 0 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleMatch NOTIFICATION-TYPE
|
|
Packit |
022b05 |
OBJECTS { lnfRulePackets, lnfRuleOctets }
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"A lnfRuleMatch trap signifies that the rule to which
|
|
Packit |
022b05 |
the lnfRulePackets and lnfRuleOctets objects belong
|
|
Packit |
022b05 |
was matched by at least one packets since the last
|
|
Packit |
022b05 |
trap for the same rule was emitted.
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
The agent may delay and accumulate mutliple traps in order
|
|
Packit |
022b05 |
to reduce the number of emitted traps, but the time for
|
|
Packit |
022b05 |
accumulation should be no more than 60 seconds.
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
Note that detailed information on the packet(s) that
|
|
Packit |
022b05 |
triggered a trap is not available from the trap's
|
|
Packit |
022b05 |
objects. This would cause problems with the accumulation
|
|
Packit |
022b05 |
of matches and/or increased trap traffic."
|
|
Packit |
022b05 |
::= { lnfNotifications 1 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
--
|
|
Packit |
022b05 |
-- Conformance statements:
|
|
Packit |
022b05 |
--
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfCompliances OBJECT IDENTIFIER ::= { lnfConformance 1 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfGroups OBJECT IDENTIFIER ::= { lnfConformance 2 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfCompliance MODULE-COMPLIANCE
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"The compliance statement for an SNMP entity which
|
|
Packit |
022b05 |
implements the Linux Netfilter MIB."
|
|
Packit |
022b05 |
MODULE -- this module
|
|
Packit |
022b05 |
MANDATORY-GROUPS { lnfGeneralGroup, lnfNotificationGroup }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
-- OBJECT lnfTableAddressType
|
|
Packit |
022b05 |
-- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
|
|
Packit |
022b05 |
-- DESCRIPTION
|
|
Packit |
022b05 |
-- "Other address types than IPv4 and IPv6 are not required."
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
::= { lnfCompliances 1 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfGeneralGroup OBJECT-GROUP
|
|
Packit |
022b05 |
OBJECTS {
|
|
Packit |
022b05 |
lnfLastChange,
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfTableLastChange,
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfChainPackets, lnfChainOctets, lnfChainTarget,
|
|
Packit |
022b05 |
lnfChainLastChange, lnfChainStorage, lnfChainStatus,
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfRuleProtocol, lnfRuleProtocolInv,
|
|
Packit |
022b05 |
lnfRuleSourceAddress, lnfRuleSourceAddressPrefixLength,
|
|
Packit |
022b05 |
lnfRuleSourceAddressInv, lnfRuleDestinationAddress,
|
|
Packit |
022b05 |
lnfRuleDestinationAddressPrefixLength,
|
|
Packit |
022b05 |
lnfRuleDestinationAddressInv, lnfRuleInInterface,
|
|
Packit |
022b05 |
lnfRuleInInterfaceInv, lnfRuleOutInterface,
|
|
Packit |
022b05 |
lnfRuleOutInterfaceInv, lnfRuleFragment,
|
|
Packit |
022b05 |
lnfRuleFragmentInv, lnfRulePackets, lnfRuleOctets,
|
|
Packit |
022b05 |
lnfRuleTarget, lnfRuleTargetChain, lnfRuleTrapEnable,
|
|
Packit |
022b05 |
lnfRuleLastChange, lnfRuleStorage, lnfRuleStatus
|
|
Packit |
022b05 |
}
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"A collection of all Linux Netfilter objects of
|
|
Packit |
022b05 |
the core table."
|
|
Packit |
022b05 |
::= { lnfGroups 1 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
lnfNotificationGroup NOTIFICATION-GROUP
|
|
Packit |
022b05 |
NOTIFICATIONS {
|
|
Packit |
022b05 |
lnfRuleMatch
|
|
Packit |
022b05 |
}
|
|
Packit |
022b05 |
STATUS current
|
|
Packit |
022b05 |
DESCRIPTION
|
|
Packit |
022b05 |
"A collection of all Linux Netfilter notifications."
|
|
Packit |
022b05 |
::= { lnfGroups 2 }
|
|
Packit |
022b05 |
|
|
Packit |
022b05 |
END
|