Mercurial > hg > freeDiameter
annotate doc/acl_wl.conf.sample @ 1504:4dff34cd2d3d
Add 3GPP TS 29.215 V15.2.0 (2019-09)
Add AVPs:
- DRA-Deployment, Enumerated, code 2206, section 5.3.7
- Multiple-BBERF-Action, Enumerated, code 2204, section 5.3.6
- Subsession-Decision-Info, Grouped, code 2200, section 5.3.1
- Subsession-Enforcement-Info, Grouped, code 2201, section 5.3.2
- Subsession-Id, Unsigned32, code 2202, section 5.3.3
- Subsession-Operation, Enumerated, code 2203, section 5.3.4
- DRA-Binding, Enumerated, code 2208, section 5.3.x
- PCRF-Address, DiameterIdentity, code 2207, section A.7.3.1.1
- UE-Local-IPv6-Prefix, OctetString, code 2205, section A.8.3.1
| author | Luke Mewburn <luke@mewburn.net> |
|---|---|
| date | Fri, 03 Apr 2020 16:50:00 +1100 |
| parents | 0dff6a604b0a |
| children |
| rev | line source |
|---|---|
|
161
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
1 # Configuration file for the peer whitelist extension. |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
2 # |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
3 # This extension is meant to allow connection from remote peers, without actively |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
4 # maintaining this connection ourselves (as it would be the case by declaring the |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
5 # peer in a ConnectPeer directive). |
|
1354
0dff6a604b0a
acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents:
162
diff
changeset
|
6 # |
|
0dff6a604b0a
acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents:
162
diff
changeset
|
7 # This extension supports configuration reload at runtime. Send |
|
0dff6a604b0a
acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents:
162
diff
changeset
|
8 # signal SIGUSR1 to the process to cause the process to reload its |
|
0dff6a604b0a
acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents:
162
diff
changeset
|
9 # config. |
|
0dff6a604b0a
acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents:
162
diff
changeset
|
10 # |
|
161
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
11 # The format of this file is very simple. It contains a list of peer names |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
12 # separated by spaces or newlines. |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
13 # |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
14 # The peer name must be a fqdn. We allow also a special "*" character as the |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
15 # first label of the fqdn, to allow all fqdn with the same domain name. |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
16 # Example: *.example.net will allow host1.example.net and host2.example.net |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
17 # |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
18 # At the beginning of a line, the following flags are allowed (case sensitive) -- either or both can appear: |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
19 # ALLOW_OLD_TLS : we accept unprotected CER/CEA exchange with Inband-Security-Id = TLS |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
20 # ALLOW_IPSEC : we accept implicitly protected connection with with peer (Inband-Security-Id = IPSec) |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
21 # It is specified for example as: |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
22 # ALLOW_IPSEC vpn.example.net vpn2.example.net *.vpn.example.net |
|
162
79768bf7d208
Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
161
diff
changeset
|
23 # These flag take effect from their position, until the end of the line. |
|
161
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
24 |