ip-array ruleblocks — Configure ip-array ruleblocks
/etc/ip-array/{stable|test}/conf.d/ruleblocks.d/file
A ruleblock is a group (stack) of rules, containing only the values of each option, to be read in order of occurence. The structure of the ruleblock is defined in a template. Each rule entry in a ruleblock is interpreted column-wise. How the values in each column are interpreted, is defined in the template called with the ruleblock.
A ruleblock definition file must contain the following:
First a root tag including the describing name attribule and the syntax version:
<ip_array_root name="ruleblocks"
syntax_version="1.0">
The name attribute tells us it is a ruleblocks definition.
The syntax_version attribute defines the syntax version (only 1.0 is available by now).
The actual ruleblock tag including the name attribute defining the name of the ruleblock:
<ruleblock name="RULEBLOCK_EXAMPLE">
The ruleblock name must begin with one of the following prefixes: RB_, RULEBLOCK_.
It's a good idea to write down the structure of the template you want to call the ruleblock with as a comment below the ruleblock opening tag. This way you will easily remember what each column has to contain.
Newline separates rules inside a ruleblock.
You can use your shell variables inside ruleblock rules.
XML style comments (<!-- comment -->) are valid inside ruleblocks.
If you want to leave a value in a column undefined use the character defined with
RULE_PLACEHOLDER
(default = `_') as a placeholder.
To use spaces inside a column value, use either escaped double quotes (\"value with space\") or single quotes ('value with space').
If the structure of a ruleblock does not fit your needs, it is possible to use the inline functions inside it to add a rule with a different structure.
Inline functions are used inside ruleblocks. Sometimes the structure of a ruleblock does not fit the current need. Using inline functions is a way around this, or allow to modify the behaviour of the rule processing.
The following functions are available inline: add_rule, insert_ipt_rule and create_chain.
For a description on how to use them run: ip-array show -sc public_functions[:name[,...]].