Mercurial > hg > freeDiameter
annotate doc/acl_wl.conf.sample @ 1327:82b386714795
Set callback data also when only setting expire callback (and not answer callback as well).
It is used when calling the expire callback, so not setting it makes no sense.
| author | Thomas Klausner <tk@giga.or.at> |
|---|---|
| date | Mon, 27 Nov 2017 15:21:20 +0100 |
| parents | 79768bf7d208 |
| children | 0dff6a604b0a |
| rev | line source |
|---|---|
|
161
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
1 # Configuration file for the peer whitelist extension. |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
2 # |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
3 # This extension is meant to allow connection from remote peers, without actively |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
4 # maintaining this connection ourselves (as it would be the case by declaring the |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
5 # peer in a ConnectPeer directive). |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
6 # The format of this file is very simple. It contains a list of peer names |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
7 # separated by spaces or newlines. |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
8 # |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
9 # The peer name must be a fqdn. We allow also a special "*" character as the |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
10 # first label of the fqdn, to allow all fqdn with the same domain name. |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
11 # Example: *.example.net will allow host1.example.net and host2.example.net |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
12 # |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
13 # At the beginning of a line, the following flags are allowed (case sensitive) -- either or both can appear: |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
14 # ALLOW_OLD_TLS : we accept unprotected CER/CEA exchange with Inband-Security-Id = TLS |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
15 # ALLOW_IPSEC : we accept implicitly protected connection with with peer (Inband-Security-Id = IPSec) |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
16 # It is specified for example as: |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
17 # ALLOW_IPSEC vpn.example.net vpn2.example.net *.vpn.example.net |
|
162
79768bf7d208
Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
161
diff
changeset
|
18 # These flag take effect from their position, until the end of the line. |
|
161
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
19 |