Mercurial > hg > freeDiameter
diff doc/acl_wl.conf.sample @ 161:645ff1487c23
Draft for ACL white-list extension
author | Sebastien Decugis <sdecugis@nict.go.jp> |
---|---|
date | Mon, 25 Jan 2010 19:07:29 +0900 |
parents | |
children | 79768bf7d208 |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/doc/acl_wl.conf.sample Mon Jan 25 19:07:29 2010 +0900 @@ -0,0 +1,18 @@ +# Configuration file for the peer whitelist extension. +# +# This extension is meant to allow connection from remote peers, without actively +# maintaining this connection ourselves (as it would be the case by declaring the +# peer in a ConnectPeer directive). +# The format of this file is very simple. It contains a list of peer names +# separated by spaces or newlines. +# +# The peer name must be a fqdn. We allow also a special "*" character as the +# first label of the fqdn, to allow all fqdn with the same domain name. +# Example: *.example.net will allow host1.example.net and host2.example.net +# +# At the beginning of a line, the following flags are allowed (case sensitive) -- either or both can appear: +# ALLOW_OLD_TLS : we accept unprotected CER/CEA exchange with Inband-Security-Id = TLS +# ALLOW_IPSEC : we accept implicitly protected connection with with peer (Inband-Security-Id = IPSec) +# It is specified for example as: +# ALLOW_IPSEC vpn.example.net vpn2.example.net *.vpn.example.net +