1<?xml version="1.0"?> 2<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> 3<!-- 4 Copyright 2009 Sun Microsystems, Inc. All rights reserved. 5 Use is subject to license terms. 6 7 CDDL HEADER START 8 9 The contents of this file are subject to the terms of the 10 Common Development and Distribution License (the "License"). 11 You may not use this file except in compliance with the License. 12 13 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 14 or http://www.opensolaris.org/os/licensing. 15 See the License for the specific language governing permissions 16 and limitations under the License. 17 18 When distributing Covered Code, include this CDDL HEADER in each 19 file and include the License file at usr/src/OPENSOLARIS.LICENSE. 20 If applicable, add the following below this CDDL HEADER, with the 21 fields enclosed by brackets "[]" replaced with your own identifying 22 information: Portions Copyright [yyyy] [name of copyright owner] 23 24 CDDL HEADER END 25 26 NOTE: This service description is not editable; its contents 27 may be overwritten by package or patch operations, including 28 operating system upgrade. Make customizations in a different 29 file. 30 31 Service manifest for the ipfilter service. 32--> 33 34<service_bundle type='manifest' name='SUNWipfr:ipfilter'> 35 36<service 37 name='network/ipfilter' 38 type='service' 39 version='1'> 40 41 <single_instance /> 42 43 <dependency 44 name='filesystem' 45 grouping='require_all' 46 restart_on='none' 47 type='service'> 48 <service_fmri value='svc:/system/filesystem/minimal' /> 49 </dependency> 50 51 <dependency 52 name='physical' 53 grouping='require_all' 54 restart_on='restart' 55 type='service'> 56 <service_fmri value='svc:/network/physical' /> 57 </dependency> 58 59 <dependency 60 name='identity' 61 grouping='require_all' 62 restart_on='restart' 63 type='service'> 64 <service_fmri value='svc:/system/identity:node' /> 65 </dependency> 66 67 <dependency 68 name='domain' 69 grouping='require_all' 70 restart_on='restart' 71 type='service'> 72 <service_fmri value='svc:/system/identity:domain' /> 73 </dependency> 74 75 <dependent 76 name='network' 77 grouping='optional_all' 78 restart_on='restart'> 79 <service_fmri value='svc:/milestone/network' /> 80 </dependent> 81 82 <exec_method 83 type='method' 84 name='stop' 85 exec='/lib/svc/method/ipfilter %m' 86 timeout_seconds='60' > 87 </exec_method> 88 89 <exec_method 90 type='method' 91 name='start' 92 exec='/lib/svc/method/ipfilter %m' 93 timeout_seconds='30' > 94 </exec_method> 95 96 <exec_method 97 type='method' 98 name='refresh' 99 exec='/lib/svc/method/ipfilter reload' 100 timeout_seconds='30' > 101 </exec_method> 102 103 <instance name='default' enabled='false'> 104 <property_group name='firewall_config_default' 105 type='com.sun,fw_configuration'> 106 <propval name='policy' type='astring' value='none' /> 107 <propval name='custom_policy_file' type='astring' value='' /> 108 <propval name='apply_to' type='astring' value='' /> 109 <propval name='exceptions' type='astring' value='' /> 110 <propval name='open_ports' type='astring' value='' /> 111 <propval name='version' type='count' value='0' /> 112 <propval name='value_authorization' type='astring' 113 value='solaris.smf.value.firewall.config' /> 114 </property_group> 115 116 <property_group name='firewall_config_override' 117 type='com.sun,fw_configuration'> 118 <propval name='policy' type='astring' value='none' /> 119 <propval name='apply_to' type='astring' value='' /> 120 <propval name='value_authorization' type='astring' 121 value='solaris.smf.value.firewall.config' /> 122 </property_group> 123 </instance> 124 125 <stability value='Unstable' /> 126 127 <template> 128 <common_name> 129 <loctext xml:lang='C'>IP Filter</loctext> 130 </common_name> 131 <description> 132 <loctext xml:lang='C'> 133 Solaris IP Filter - host-based firewall 134 </loctext> 135 </description> 136 <documentation> 137 <manpage title='ipfilter' section='5' 138 manpath='/usr/share/man' /> 139 </documentation> 140 141 <pg_pattern name='firewall_config_default' 142 type='com.sun,fw_configuration' target='this' 143 required='false'> 144 <common_name> 145 <loctext xml:lang='C'> 146Global Default firewall 147 </loctext> 148 </common_name> 149 <description> 150 <loctext xml:lang='C'> 151The default system-wide firewall policy. 152 </loctext> 153 </description> 154 <prop_pattern name='policy' type='astring' 155 required='true'> 156 <common_name> 157 <loctext xml:lang='C'> 158Global Default policy 159 </loctext> 160 </common_name> 161 <description> 162 <loctext xml:lang='C'> 163Firewall policy. 164 </loctext> 165 </description> 166 <visibility value='readwrite'/> 167 <cardinality min='1' max='1'/> 168 <values> 169 <value name='none'> 170 <description> 171 <loctext xml:lang='C'> 172No firewall (allow all), this is the default value. 173 </loctext> 174 175 </description> 176 </value> 177 <value name='deny'> 178 <description> 179 <loctext xml:lang='C'> 180Deny access to entities specified in 'apply_to' property. 181 </loctext> 182 </description> 183 </value> 184 <value name='allow'> 185 <description> 186 <loctext xml:lang='C'> 187Allow access to entities specified in 'apply_to' property. 188 </loctext> 189 </description> 190 </value> 191 <value name='custom'> 192 <description> 193 <loctext xml:lang='C'> 194Apply the custom ipfilter configuration stored in a custom file (custom file property must be set). 195 </loctext> 196 </description> 197 </value> 198 </values> 199 <choices> 200 <include_values type='values'/> 201 </choices> 202 </prop_pattern> 203 <prop_pattern name="apply_to" type="astring" 204 required="false"> 205 <common_name> 206 <loctext xml:lang='C'> 207Apply policy to 208 </loctext> 209 </common_name> 210 <description> 211 <loctext xml:lang="C"> 212The host and network IPs, network interfaces, and ippools to deny if the policy is set to deny, or accept if the policy is set to accept. 213 </loctext> 214 </description> 215 </prop_pattern> 216 <prop_pattern name="exceptions" type="astring" 217 required="false"> 218 <common_name> 219 <loctext xml:lang='C'> 220Make exceptions to 221 </loctext> 222 </common_name> 223 <description> 224 <loctext xml:lang="C"> 225The host and network IPs, network interfaces, and ippools which will be exempted from the set policy, accept if the policy is set to deny, or deny if the policy is set to accept. 226 </loctext> 227 </description> 228 </prop_pattern> 229 <prop_pattern name="custom_policy_file" type="astring" 230 required="false"> 231 <common_name> 232 <loctext xml:lang='C'> 233Custom policy IPfilter file 234 </loctext> 235 </common_name> 236 <description> 237 <loctext xml:lang='C'> 238The file containing a custom ipfilter configuration to use if a custom policy is enforced. 239 </loctext> 240 </description> 241 </prop_pattern> 242 <prop_pattern name="open_ports" type="astring" 243 required="false"> 244 <common_name> 245 <loctext xml:lang='C'> 246Open ports 247 </loctext> 248 </common_name> 249 <description> 250 <loctext xml:lang='C'> 251A set of ports to leave open regardless of firewall policy. 252 </loctext> 253 </description> 254 </prop_pattern> 255 <prop_pattern name="upgraded" type="boolean" 256 required="false"> 257 <visibility value='hidden'/> 258 </prop_pattern> 259 </pg_pattern> 260 261 <pg_pattern name='firewall_config_override' 262 type='com.sun,fw_configuration' target='this' 263 required='false'> 264 <common_name> 265 <loctext xml:lang='C'> 266Global Override firewall 267 </loctext> 268 </common_name> 269 <description> 270 <loctext xml:lang='C'> 271The system-wide firewall policy that overrides default system-wide and all services' policies. 272 </loctext> 273 </description> 274 <prop_pattern name='policy' type='astring' 275 required='true'> 276 <common_name> 277 <loctext xml:lang='C'> 278Global Override policy 279 </loctext> 280 </common_name> 281 <description> 282 <loctext xml:lang='C'> 283Firewall policy. 284 </loctext> 285 </description> 286 <visibility value='readwrite'/> 287 <cardinality min='1' max='1'/> 288 <values> 289 <value name='none'> 290 <description> 291 <loctext xml:lang='C'> 292No firewall (allow all), this is the default value. 293 </loctext> 294 </description> 295 </value> 296 <value name='deny'> 297 <description> 298 <loctext xml:lang='C'> 299Deny access to entities specified in 'apply_to' property. 300 </loctext> 301 </description> 302 </value> 303 <value name='allow'> 304 <description> 305 <loctext xml:lang='C'> 306Allow access to entities specified in 'apply_to' property. 307 </loctext> 308 </description> 309 </value> 310 </values> 311 <choices> 312 <include_values type='values'/> 313 </choices> 314 </prop_pattern> 315 <prop_pattern name="apply_to" type="astring" 316 required="false"> 317 <common_name> 318 <loctext xml:lang='C'> 319Apply policy to 320 </loctext> 321 </common_name> 322 <description> 323 <loctext xml:lang="C"> 324The host and network IPs, network interfaces, and ippools to deny if the 325policy is set to deny, or accept if the policy is set to accept. 326 </loctext> 327 </description> 328 </prop_pattern> 329 </pg_pattern> 330 331 </template> 332</service> 333 334</service_bundle> 335