From a59ed4772da29826915010a7c9d34b5ebd256c42 Mon Sep 17 00:00:00 2001 From: Anand B Jyoti Date: Tue, 18 Apr 2017 13:36:02 +0530 Subject: vFW: Adding Virtual Firewall VNF JIRA: SAMPLEVNF-4 vFW supports following features: - Basic packet filtering (malformed packets, IP fragments) - Connection tracking for TCP and UDP - Access Control List for rule based policy enforcement - SYN-flood protection via Synproxy* for TCP - UDP, TCP and ICMP protocol pass-through - CLI based enable/disable connection tracking, synproxy, basic packet filtering - Hardware and Software Load Balancing - L2L3 stack support for ARP/ICMP handling - Multithread support - Multiple physical port support Change-Id: I96d28858488ed8764370d161975bc1e0557c8b20 Signed-off-by: Anand B Jyoti [Push patch to gerrit] Signed-off-by: Deepak S --- .../config/VFW_HWLB_IPV4_SinglePortPair_script.tc | 60 ++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 VNFs/vFW/config/VFW_HWLB_IPV4_SinglePortPair_script.tc (limited to 'VNFs/vFW/config/VFW_HWLB_IPV4_SinglePortPair_script.tc') diff --git a/VNFs/vFW/config/VFW_HWLB_IPV4_SinglePortPair_script.tc b/VNFs/vFW/config/VFW_HWLB_IPV4_SinglePortPair_script.tc new file mode 100644 index 00000000..ef585d72 --- /dev/null +++ b/VNFs/vFW/config/VFW_HWLB_IPV4_SinglePortPair_script.tc @@ -0,0 +1,60 @@ +; Copyright (c) 2017 Intel Corporation +; +; Licensed under the Apache License, Version 2.0 (the "License"); +; you may not use this file except in compliance with the License. +; You may obtain a copy of the License at +; +; http:#www.apache.org/licenses/LICENSE-2.0 +; +; Unless required by applicable law or agreed to in writing, software +; distributed under the License is distributed on an "AS IS" BASIS, +; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +; See the License for the specific language governing permissions and +; limitations under the License. + +link 0 down +link 0 config 202.16.100.10 8 +link 0 up +link 1 down +link 1 config 172.16.40.10 8 +link 1 up + +;p 1 arpadd 1 172.16.40.20 00:00:00:00:00:04 +;p 1 arpadd 0 202.16.100.20 00:00:00:00:00:01 + +p action add 0 accept +p action add 0 fwd 0 +p action add 0 count +p action add 1 accept +p action add 1 fwd 1 +p action add 1 count + +p action add 2 drop +p action add 2 count + +p action add 0 conntrack +p action add 1 conntrack +p action add 2 conntrack +p action add 3 conntrack +p action add 4 conntrack +p action add 5 conntrack +p action add 6 conntrack +p action add 7 conntrack + +p vfw add 1 202.16.100.20 8 172.16.40.20 8 0 65535 67 69 0 0 2 +p vfw add 2 202.16.100.20 8 172.16.40.20 8 0 65535 0 65535 0 0 1 +p vfw add 2 172.16.40.20 8 202.16.100.20 8 0 65535 0 65535 0 0 0 + +p vfw applyruleset + +set fwd rxonly +set_sym_hash_ena_per_port 0 enable +set_hash_global_config 0 simple_xor ipv4-udp enable +set_sym_hash_ena_per_port 1 enable +set_hash_global_config 1 simple_xor ipv4-udp enable + +set_hash_input_set 0 ipv4-udp src-ipv4 dst-ipv4 udp-src-port udp-dst-port add +set_hash_input_set 1 ipv4-udp src-ipv4 dst-ipv4 udp-src-port udp-dst-port add + +p 1 arpls + -- cgit 1.2.3-korg