Class sfclasses.Rule
All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class sfclasses.Rule

java.lang.Object
   |
   +----sfclasses.Rule

public class Rule
extends Object
implements Persistent
Filter configuration rule
Objects of this class contain the complete information about one filter rule. They are used to store the data for displaying the active configuration of a firewall and to store the global configuration data.

Variable Index

 o active
 o bytes
 o changed
 o comment
 o FW_ACCEPT
 o FW_BLOCK
 o fw_dst_cnt
 o fw_dst_idx
Address information
positive: index to address array
zero: any addresses
-1..-4: special values for dynamic rules
<=-100: address macro number
 o fw_flags
 o fw_line
 o fw_rc
 o FW_REJECT
 o fw_rip_cnt
 o fw_rip_idx
Address information
positive: index to address array
zero: any addresses
-1..-4: special values for dynamic rules
<=-100: address macro number
 o fw_src_cnt
 o fw_src_idx
Address information
positive: index to address array
zero: any addresses
-1..-4: special values for dynamic rules
<=-100: address macro number
 o GIGA
 o icmptype
 o IPPROTO_ICMP
 o IPPROTO_IGMP
 o IPPROTO_TCP
 o IPPROTO_UDP
 o KILO
 o level_num
 o MAX_PROTOCOL
 o MEGA
 o priority
 o protocol
 o protocols
 o SF_CHECK_SEQUENCE
 o SF_DESTHOST
 o SF_DESTNET
 o SF_FIRSTMACRO
 o SF_FIRSTMACRO_ABS
 o SF_FTP_DATA_LOG
 o SF_FTP_NO_ACTIVE
 o SF_FTP_NO_PASSIVE
 o SF_FW_CHECK_OPT
 o SF_FW_CHECK_PROTOCOL
 o SF_FW_CHECK_TTL
 o SF_FW_DST_NEG
 o SF_FW_LOG
 o SF_FW_OPT_LSR
 o SF_FW_OPT_RR
 o SF_FW_OPT_SATID
 o SF_FW_OPT_SEC
 o SF_FW_OPT_SSR
 o SF_FW_OPT_TS
 o SF_FW_PROT
 o SF_FW_PROT_ALL
 o SF_FW_PROT_CURRENT
 o SF_FW_PROT_RIP
 o SF_FW_SRC_NEG
 o SF_FW_TTL
 o SF_FW_TTL_EQUAL
 o SF_FW_TTL_GREATER
 o SF_FW_TTL_LESS
 o SF_FW_TTL_NOTEQUAL
 o SF_ICMP_ADDRESS
 o SF_ICMP_ADDRESSREPLY
 o SF_ICMP_ALLTYPES
 o SF_ICMP_DEST_UNREACH
 o SF_ICMP_ECHO
 o SF_ICMP_ECHOREPLY
 o SF_ICMP_INFO_REPLY
 o SF_ICMP_INFO_REQUEST
 o SF_ICMP_PARAMETERPROB
 o SF_ICMP_REDIRECT
 o SF_ICMP_SOURCE_QUENCH
 o SF_ICMP_TIME_EXCEEDED
 o SF_ICMP_TIMESTAMP
 o SF_ICMP_TIMESTAMPREPLY
 o SF_IGMP_ALLTYPES
 o SF_IGMP_HOST_LEAVE_MESSAGE
 o SF_IGMP_HOST_MEMBERSHIP_QUERY
 o SF_IGMP_HOST_MEMBERSHIP_REPORT
 o SF_RC_BEST
 o SF_RC_ECHO
 o SF_RC_OBSERVE
 o SF_RC_RNET
 o SF_RC_RPORT
 o SF_RC_RPROTO
 o SF_RC_TREJECT
 o SF_RIP_ADDR_NEG
 o SF_RULE_CONNECTION
 o SF_RULE_OVERSIZED
 o SF_RULE_SPOOFING
 o SF_RULE_STATIC
 o SF_SOURCEHOST
 o SF_SOURCENET
 o SF_TIMEOUT_VALID
 o SF_TYPE_MASK
 o subID
 o templateID
 o timeout
 o timeout_type
 o ttl
 o usage
 o validFor
 o warn

Constructor Index

 o Rule()
Initialize an empty rule object.
 o Rule(Rule, int, int)
Initialize the rule with data from a template.

Method Index

 o editDialog(Frame, ManageDomain, Refreshable, boolean)
Bring up a dialog box for editing the rule.
 o getString(int, Host, ManageDomain)
Return the text to be displayed for the rule in the rule panel.
 o printRule(PrintStream, ManageDomain, Host)
Print the rule in configuration file format.
 o read(PersistentInputStream)
Read object data from a persistent input stream
 o write(PersistentOutputStream)
Write object data to a persistent output stream

Variables

 o templateID
  protected int templateID
 o subID
  protected int subID
 o active
  protected boolean active
 o changed
  protected boolean changed
 o warn
  protected boolean warn
 o priority
  protected boolean priority
 o validFor
  protected boolean validFor[]
 o comment
  protected String comment
 o fw_line
  protected int fw_line
 o level_num
  protected int level_num
 o SF_TIMEOUT_VALID
  protected final static int SF_TIMEOUT_VALID
 o SF_RULE_CONNECTION
  protected final static int SF_RULE_CONNECTION
 o SF_RULE_STATIC
  protected final static int SF_RULE_STATIC
 o SF_RULE_SPOOFING
  protected final static int SF_RULE_SPOOFING
 o SF_RULE_OVERSIZED
  protected final static int SF_RULE_OVERSIZED
 o timeout_type
  protected int timeout_type
 o timeout
  protected Date timeout
 o fw_rc
  protected int fw_rc
 o SF_RC_BEST
  protected final static int SF_RC_BEST
 o SF_RC_TREJECT
  protected final static int SF_RC_TREJECT
 o SF_RC_ECHO
  protected final static int SF_RC_ECHO
 o SF_RC_OBSERVE
  protected final static int SF_RC_OBSERVE
 o FW_BLOCK
  protected final static int FW_BLOCK
 o FW_ACCEPT
  protected final static int FW_ACCEPT
 o FW_REJECT
  protected final static int FW_REJECT
 o SF_RC_RNET
  protected final static int SF_RC_RNET
 o SF_RC_RPROTO
  protected final static int SF_RC_RPROTO
 o SF_RC_RPORT
  protected final static int SF_RC_RPORT
 o fw_src_idx
  protected int fw_src_idx
Address information
positive: index to address array
zero: any addresses
-1..-4: special values for dynamic rules
<=-100: address macro number
 o fw_src_cnt
  protected int fw_src_cnt
 o fw_dst_idx
  protected int fw_dst_idx
Address information
positive: index to address array
zero: any addresses
-1..-4: special values for dynamic rules
<=-100: address macro number
 o fw_dst_cnt
  protected int fw_dst_cnt
 o SF_SOURCEHOST
  protected final static int SF_SOURCEHOST
 o SF_SOURCENET
  protected final static int SF_SOURCENET
 o SF_DESTHOST
  protected final static int SF_DESTHOST
 o SF_DESTNET
  protected final static int SF_DESTNET
 o SF_FIRSTMACRO
  protected final static int SF_FIRSTMACRO
 o SF_FIRSTMACRO_ABS
  protected final static int SF_FIRSTMACRO_ABS
 o fw_flags
  protected int fw_flags
 o ttl
  protected int ttl
 o protocol
  protected int protocol
 o IPPROTO_ICMP
  protected final static int IPPROTO_ICMP
 o IPPROTO_IGMP
  protected final static int IPPROTO_IGMP
 o IPPROTO_TCP
  protected final static int IPPROTO_TCP
 o IPPROTO_UDP
  protected final static int IPPROTO_UDP
 o fw_rip_idx
  protected int fw_rip_idx
Address information
positive: index to address array
zero: any addresses
-1..-4: special values for dynamic rules
<=-100: address macro number
 o fw_rip_cnt
  protected int fw_rip_cnt
 o usage
  protected int usage
 o bytes
  protected long bytes
 o GIGA
  protected final static long GIGA
 o MEGA
  protected final static long MEGA
 o KILO
  protected final static long KILO
 o SF_FW_LOG
  protected final static int SF_FW_LOG
 o SF_FW_CHECK_TTL
  protected final static int SF_FW_CHECK_TTL
 o SF_FW_TTL
  protected final static int SF_FW_TTL
 o SF_FW_TTL_EQUAL
  protected final static int SF_FW_TTL_EQUAL
 o SF_FW_TTL_LESS
  protected final static int SF_FW_TTL_LESS
 o SF_FW_TTL_GREATER
  protected final static int SF_FW_TTL_GREATER
 o SF_FW_TTL_NOTEQUAL
  protected final static int SF_FW_TTL_NOTEQUAL
 o SF_FW_SRC_NEG
  protected final static int SF_FW_SRC_NEG
 o SF_FW_DST_NEG
  protected final static int SF_FW_DST_NEG
 o SF_FW_CHECK_OPT
  protected final static int SF_FW_CHECK_OPT
 o SF_FW_OPT_RR
  protected final static int SF_FW_OPT_RR
 o SF_FW_OPT_TS
  protected final static int SF_FW_OPT_TS
 o SF_FW_OPT_SEC
  protected final static int SF_FW_OPT_SEC
 o SF_FW_OPT_LSR
  protected final static int SF_FW_OPT_LSR
 o SF_FW_OPT_SSR
  protected final static int SF_FW_OPT_SSR
 o SF_FW_OPT_SATID
  protected final static int SF_FW_OPT_SATID
 o SF_FW_PROT
  protected final static int SF_FW_PROT
 o SF_FW_PROT_ALL
  protected final static int SF_FW_PROT_ALL
 o SF_FW_PROT_RIP
  protected final static int SF_FW_PROT_RIP
 o SF_FW_CHECK_PROTOCOL
  protected final static int SF_FW_CHECK_PROTOCOL
 o SF_FW_PROT_CURRENT
  protected final static int SF_FW_PROT_CURRENT
 o SF_TYPE_MASK
  protected final static int SF_TYPE_MASK
 o SF_FTP_DATA_LOG
  protected final static int SF_FTP_DATA_LOG
 o SF_FTP_NO_ACTIVE
  protected final static int SF_FTP_NO_ACTIVE
 o SF_FTP_NO_PASSIVE
  protected final static int SF_FTP_NO_PASSIVE
 o SF_CHECK_SEQUENCE
  protected final static int SF_CHECK_SEQUENCE
 o SF_ICMP_ALLTYPES
  protected final static int SF_ICMP_ALLTYPES
 o SF_ICMP_ECHOREPLY
  protected final static int SF_ICMP_ECHOREPLY
 o SF_ICMP_DEST_UNREACH
  protected final static int SF_ICMP_DEST_UNREACH
 o SF_ICMP_SOURCE_QUENCH
  protected final static int SF_ICMP_SOURCE_QUENCH
 o SF_ICMP_REDIRECT
  protected final static int SF_ICMP_REDIRECT
 o SF_ICMP_ECHO
  protected final static int SF_ICMP_ECHO
 o SF_ICMP_TIME_EXCEEDED
  protected final static int SF_ICMP_TIME_EXCEEDED
 o SF_ICMP_PARAMETERPROB
  protected final static int SF_ICMP_PARAMETERPROB
 o SF_ICMP_TIMESTAMP
  protected final static int SF_ICMP_TIMESTAMP
 o SF_ICMP_TIMESTAMPREPLY
  protected final static int SF_ICMP_TIMESTAMPREPLY
 o SF_ICMP_INFO_REQUEST
  protected final static int SF_ICMP_INFO_REQUEST
 o SF_ICMP_INFO_REPLY
  protected final static int SF_ICMP_INFO_REPLY
 o SF_ICMP_ADDRESS
  protected final static int SF_ICMP_ADDRESS
 o SF_ICMP_ADDRESSREPLY
  protected final static int SF_ICMP_ADDRESSREPLY
 o SF_IGMP_ALLTYPES
  protected final static int SF_IGMP_ALLTYPES
 o SF_IGMP_HOST_MEMBERSHIP_QUERY
  protected final static int SF_IGMP_HOST_MEMBERSHIP_QUERY
 o SF_IGMP_HOST_MEMBERSHIP_REPORT
  protected final static int SF_IGMP_HOST_MEMBERSHIP_REPORT
 o SF_IGMP_HOST_LEAVE_MESSAGE
  protected final static int SF_IGMP_HOST_LEAVE_MESSAGE
 o SF_RIP_ADDR_NEG
  protected final static int SF_RIP_ADDR_NEG
 o MAX_PROTOCOL
  protected final static int MAX_PROTOCOL
 o protocols
  protected final static String protocols[]
 o icmptype
  protected final static String icmptype[]

Constructors

 o Rule
  public Rule()
Initialize an empty rule object. This constructor is used by the persistence methods.
 o Rule
  public Rule(Rule oldrule,
              int tID,
              int sID)
Initialize the rule with data from a template. This is used for autoconfiguration.
Parameters:
oldrule - Previously generated rule from same template or null.
If oldrule is not null, the active, changed, and warn fields of the new rule are initialized according to the old rule.
tID - template ID
sID - sub ID. More than one rule can be generated from a server template. The sub ID is either 0 (for non-server templates) or 2 * hierarchy level - 1 for server templates.

Methods

 o editDialog
  public void editDialog(Frame parent,
                         ManageDomain mgDomain,
                         Refreshable rp,
                         boolean newRule)
Bring up a dialog box for editing the rule.
Parameters:
parent - Parent frame
mgDomain - Manage domain object holding the global configuration data.
rp - Calling frame that will be notified when the dialog closes
newRule - If true the rule will be deleted from the rule vector when the user selects cancel.
 o getString
  public String[] getString(int column,
                            Host firewall,
                            ManageDomain mgDomain)
Return the text to be displayed for the rule in the rule panel.
Parameters:
column - Number of the rule panel column.
firewall - When displaying the active rules of a firewall, this parameter contains the corresponding firewall, otherwise null.
mgDomain - Manage domain object holding the global configuration data.
Returns:
Array of strings for each line to display.
 o printRule
  public void printRule(PrintStream ps,
                        ManageDomain mgDomain,
                        Host host)
Print the rule in configuration file format. This method is called when generating a configuration file for a firewall.
Parameters:
ps - Stream to write the output to
mgDomain - Manage domain object holding the global configuration data.
host - Firewall the configuration file is generated for
 o write
  public void write(PersistentOutputStream ps)
Write object data to a persistent output stream
Parameters:
ps - Stream
See Also:
PersistentOutputStream
 o read
  public void read(PersistentInputStream ps) throws IOException
Read object data from a persistent input stream
Parameters:
ps - Stream
See Also:
PersistentInputStream

All Packages  Class Hierarchy  This Package  Previous  Next  Index