1<?xml version="1.0"?> 2<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> 3<!-- 4 Copyright 2010 Sun Microsystems, Inc. All rights reserved. 5 Use is subject to license terms. 6 7 CDDL HEADER START 8 9 The contents of this file are subject to the terms of the 10 Common Development and Distribution License (the "License"). 11 You may not use this file except in compliance with the License. 12 13 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 14 or http://www.opensolaris.org/os/licensing. 15 See the License for the specific language governing permissions 16 and limitations under the License. 17 18 When distributing Covered Code, include this CDDL HEADER in each 19 file and include the License file at usr/src/OPENSOLARIS.LICENSE. 20 If applicable, add the following below this CDDL HEADER, with the 21 fields enclosed by brackets "[]" replaced with your own identifying 22 information: Portions Copyright [yyyy] [name of copyright owner] 23 24 CDDL HEADER END 25 26 NOTE: This service description is not editable; its contents 27 may be overwritten by package or patch operations, including 28 operating system upgrade. Make customizations in a different 29 file. 30 31 Service manifest for the ipfilter service. 32--> 33 34<service_bundle type='manifest' name='SUNWipfr:ipfilter'> 35 36<service 37 name='network/ipfilter' 38 type='service' 39 version='1'> 40 41 <single_instance /> 42 43 <dependency 44 name='filesystem' 45 grouping='require_all' 46 restart_on='none' 47 type='service'> 48 <service_fmri value='svc:/system/filesystem/minimal' /> 49 </dependency> 50 51 <dependency 52 name='physical' 53 grouping='require_all' 54 restart_on='restart' 55 type='service'> 56 <service_fmri value='svc:/network/physical' /> 57 </dependency> 58 59 <dependency 60 name='identity' 61 grouping='require_all' 62 restart_on='restart' 63 type='service'> 64 <service_fmri value='svc:/system/identity:node' /> 65 </dependency> 66 67 <dependency 68 name='domain' 69 grouping='require_all' 70 restart_on='restart' 71 type='service'> 72 <service_fmri value='svc:/system/identity:domain' /> 73 </dependency> 74 75 <dependent 76 name='ipf_network' 77 grouping='optional_all' 78 restart_on='restart'> 79 <service_fmri value='svc:/milestone/network' /> 80 </dependent> 81 82 <exec_method 83 type='method' 84 name='stop' 85 exec='/lib/svc/method/ipfilter %m' 86 timeout_seconds='60' > 87 </exec_method> 88 89 <exec_method 90 type='method' 91 name='start' 92 exec='/lib/svc/method/ipfilter %m' 93 timeout_seconds='30' > 94 </exec_method> 95 96 <exec_method 97 type='method' 98 name='refresh' 99 exec='/lib/svc/method/ipfilter reload' 100 timeout_seconds='30' > 101 </exec_method> 102 103 <instance name='default' enabled='false'> 104 <property_group name='firewall_config_default' 105 type='com.sun,fw_configuration'> 106 <propval name='policy' type='astring' value='none' /> 107 <propval name='custom_policy_file' type='astring' value='' /> 108 <propval name='apply_to' type='astring' value='' /> 109 <propval name='exceptions' type='astring' value='' /> 110 <propval name='open_ports' type='astring' value='' /> 111 <propval name='version' type='count' value='0' /> 112 <propval name='value_authorization' type='astring' 113 value='solaris.smf.value.firewall.config' /> 114 </property_group> 115 116 <property_group name='firewall_config_override' 117 type='com.sun,fw_configuration'> 118 <propval name='policy' type='astring' value='none' /> 119 <propval name='apply_to' type='astring' value='' /> 120 <propval name='value_authorization' type='astring' 121 value='solaris.smf.value.firewall.config' /> 122 </property_group> 123 124 <property_group name='config' type='application'> 125 <propval name='ipf6_config_file' type='astring' 126 value='/etc/ipf/ipf6.conf' /> 127 <propval name='ipnat_config_file' type='astring' 128 value='/etc/ipf/ipnat.conf' /> 129 <propval name='ippool_config_file' type='astring' 130 value='/etc/ipf/ippool.conf' /> 131 </property_group> 132 133 </instance> 134 135 <stability value='Unstable' /> 136 137 <template> 138 <common_name> 139 <loctext xml:lang='C'>IP Filter</loctext> 140 </common_name> 141 <description> 142 <loctext xml:lang='C'> 143 Solaris IP Filter - host-based firewall 144 </loctext> 145 </description> 146 <documentation> 147 <manpage title='ipfilter' section='5' 148 manpath='/usr/share/man' /> 149 </documentation> 150 151 <pg_pattern name='firewall_config_default' 152 type='com.sun,fw_configuration' target='this' 153 required='false'> 154 <common_name> 155 <loctext xml:lang='C'> 156Global Default firewall 157 </loctext> 158 </common_name> 159 <description> 160 <loctext xml:lang='C'> 161The default system-wide firewall policy. 162 </loctext> 163 </description> 164 <prop_pattern name='policy' type='astring' 165 required='true'> 166 <common_name> 167 <loctext xml:lang='C'> 168Global Default policy 169 </loctext> 170 </common_name> 171 <description> 172 <loctext xml:lang='C'> 173Firewall policy. 174 </loctext> 175 </description> 176 <visibility value='readwrite'/> 177 <cardinality min='1' max='1'/> 178 <values> 179 <value name='none'> 180 <description> 181 <loctext xml:lang='C'> 182No firewall (allow all), this is the default value. 183 </loctext> 184 185 </description> 186 </value> 187 <value name='deny'> 188 <description> 189 <loctext xml:lang='C'> 190Deny access to entities specified in 'apply_to' property. 191 </loctext> 192 </description> 193 </value> 194 <value name='allow'> 195 <description> 196 <loctext xml:lang='C'> 197Allow access to entities specified in 'apply_to' property. 198 </loctext> 199 </description> 200 </value> 201 <value name='custom'> 202 <description> 203 <loctext xml:lang='C'> 204Apply the custom ipfilter configuration stored in a custom file (custom file property must be set). 205 </loctext> 206 </description> 207 </value> 208 </values> 209 <choices> 210 <include_values type='values'/> 211 </choices> 212 </prop_pattern> 213 <prop_pattern name="apply_to" type="astring" 214 required="false"> 215 <common_name> 216 <loctext xml:lang='C'> 217Apply policy to 218 </loctext> 219 </common_name> 220 <description> 221 <loctext xml:lang="C"> 222The host and network IPs, network interfaces, and ippools to deny if the policy is set to deny, or accept if the policy is set to accept. 223 </loctext> 224 </description> 225 </prop_pattern> 226 <prop_pattern name="exceptions" type="astring" 227 required="false"> 228 <common_name> 229 <loctext xml:lang='C'> 230Make exceptions to 231 </loctext> 232 </common_name> 233 <description> 234 <loctext xml:lang="C"> 235The host and network IPs, network interfaces, and ippools which will be exempted from the set policy, accept if the policy is set to deny, or deny if the policy is set to accept. 236 </loctext> 237 </description> 238 </prop_pattern> 239 <prop_pattern name="custom_policy_file" type="astring" 240 required="false"> 241 <common_name> 242 <loctext xml:lang='C'> 243Custom policy IPfilter file 244 </loctext> 245 </common_name> 246 <description> 247 <loctext xml:lang='C'> 248The file containing a custom ipfilter configuration to use if a custom policy is enforced. 249 </loctext> 250 </description> 251 </prop_pattern> 252 <prop_pattern name="open_ports" type="astring" 253 required="false"> 254 <common_name> 255 <loctext xml:lang='C'> 256Open ports 257 </loctext> 258 </common_name> 259 <description> 260 <loctext xml:lang='C'> 261A set of ports to leave open regardless of firewall policy. 262 </loctext> 263 </description> 264 </prop_pattern> 265 <prop_pattern name="upgraded" type="boolean" 266 required="false"> 267 <visibility value='hidden'/> 268 </prop_pattern> 269 </pg_pattern> 270 271 <pg_pattern name='firewall_config_override' 272 type='com.sun,fw_configuration' target='this' 273 required='false'> 274 <common_name> 275 <loctext xml:lang='C'> 276Global Override firewall 277 </loctext> 278 </common_name> 279 <description> 280 <loctext xml:lang='C'> 281The system-wide firewall policy that overrides default system-wide and all services' policies. 282 </loctext> 283 </description> 284 <prop_pattern name='policy' type='astring' 285 required='true'> 286 <common_name> 287 <loctext xml:lang='C'> 288Global Override policy 289 </loctext> 290 </common_name> 291 <description> 292 <loctext xml:lang='C'> 293Firewall policy. 294 </loctext> 295 </description> 296 <visibility value='readwrite'/> 297 <cardinality min='1' max='1'/> 298 <values> 299 <value name='none'> 300 <description> 301 <loctext xml:lang='C'> 302No firewall (allow all), this is the default value. 303 </loctext> 304 </description> 305 </value> 306 <value name='deny'> 307 <description> 308 <loctext xml:lang='C'> 309Deny access to entities specified in 'apply_to' property. 310 </loctext> 311 </description> 312 </value> 313 <value name='allow'> 314 <description> 315 <loctext xml:lang='C'> 316Allow access to entities specified in 'apply_to' property. 317 </loctext> 318 </description> 319 </value> 320 </values> 321 <choices> 322 <include_values type='values'/> 323 </choices> 324 </prop_pattern> 325 <prop_pattern name="apply_to" type="astring" 326 required="false"> 327 <common_name> 328 <loctext xml:lang='C'> 329Apply policy to 330 </loctext> 331 </common_name> 332 <description> 333 <loctext xml:lang="C"> 334The host and network IPs, network interfaces, and ippools to deny if the 335policy is set to deny, or accept if the policy is set to accept. 336 </loctext> 337 </description> 338 </prop_pattern> 339 </pg_pattern> 340 341 </template> 342</service> 343 344</service_bundle> 345