From a59ed4772da29826915010a7c9d34b5ebd256c42 Mon Sep 17 00:00:00 2001 From: Anand B Jyoti Date: Tue, 18 Apr 2017 13:36:02 +0530 Subject: vFW: Adding Virtual Firewall VNF JIRA: SAMPLEVNF-4 vFW supports following features: - Basic packet filtering (malformed packets, IP fragments) - Connection tracking for TCP and UDP - Access Control List for rule based policy enforcement - SYN-flood protection via Synproxy* for TCP - UDP, TCP and ICMP protocol pass-through - CLI based enable/disable connection tracking, synproxy, basic packet filtering - Hardware and Software Load Balancing - L2L3 stack support for ARP/ICMP handling - Multithread support - Multiple physical port support Change-Id: I96d28858488ed8764370d161975bc1e0557c8b20 Signed-off-by: Anand B Jyoti [Push patch to gerrit] Signed-off-by: Deepak S --- .../config/VFW_SWLB_IPV6_MultiPortPair_script.tc | 68 ++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 VNFs/vFW/config/VFW_SWLB_IPV6_MultiPortPair_script.tc (limited to 'VNFs/vFW/config/VFW_SWLB_IPV6_MultiPortPair_script.tc') diff --git a/VNFs/vFW/config/VFW_SWLB_IPV6_MultiPortPair_script.tc b/VNFs/vFW/config/VFW_SWLB_IPV6_MultiPortPair_script.tc new file mode 100644 index 00000000..048ff738 --- /dev/null +++ b/VNFs/vFW/config/VFW_SWLB_IPV6_MultiPortPair_script.tc @@ -0,0 +1,68 @@ +; Copyright (c) 2017 Intel Corporation +; +; Licensed under the Apache License, Version 2.0 (the "License"); +; you may not use this file except in compliance with the License. +; You may obtain a copy of the License at +; +; http:#www.apache.org/licenses/LICENSE-2.0 +; +; Unless required by applicable law or agreed to in writing, software +; distributed under the License is distributed on an "AS IS" BASIS, +; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +; See the License for the specific language governing permissions and +; limitations under the License. + +link 0 down +link 0 config fec0:0000:0000:0000:6a05:caff:fe30:21a0 64 +link 0 up +link 1 down +link 1 config fec1:0000:0000:0000:6a05:caff:fe30:21a0 64 +link 1 up +link 2 down +link 2 config 2012:0000:0000:0000:6a05:caff:fe30:2071 64 +link 2 up +link 3 down +link 3 config 2016:0000:0000:0000:6a05:caff:fe30:2071 64 +link 3 up +;p 1 arpadd 0 fec0::6a05:caff:fe30:21b0 00:cb:10:64:14:00 +;p 1 arpadd 1 2012::6a05:caff:fe30:2081 00:ca:10:64:14:00 +;p 1 arpadd 2 fec1::6a05:caff:fe30:21b0 00:ad:10:28:14:00 +;p 1 arpadd 3 2016::6a05:caff:fe30:2081 00:ac:10:28:14:00 +p action add 0 accept +p action add 0 fwd 1 +p action add 0 count + +p action add 1 accept +p action add 1 fwd 0 +p action add 1 count + +p action add 2 accept +p action add 2 fwd 3 +p action add 2 count + +p action add 3 accept +p action add 3 fwd 2 +p action add 3 count + +p action add 4 drop +p action add 4 count + +p action add 5 drop +p action add 5 count + +p action add 0 conntrack +p action add 1 conntrack +p action add 2 conntrack +p action add 3 conntrack +p action add 4 conntrack +p action add 5 conntrack + +p vfw add 1 fec0::6a05:caff:fe30:21b0 64 2012::6a05:caff:fe30:2081 64 0 65535 67 69 0 0 4 +p vfw add 1 fec1::6a05:caff:fe30:21b0 64 2016::6a05:caff:fe30:2081 64 0 65535 67 69 0 0 5 +p vfw add 2 fec0::6a05:caff:fe30:21b0 64 2012::6a05:caff:fe30:2081 64 0 65535 0 65535 0 0 0 +p vfw add 2 2012::6a05:caff:fe30:2081 64 fec0::6a05:caff:fe30:21b0 64 0 65535 0 65535 0 0 1 +p vfw add 2 fec1::6a05:caff:fe30:21b0 64 2016::6a05:caff:fe30:2081 64 0 65535 0 65535 0 0 2 +p vfw add 2 2016::6a05:caff:fe30:2081 64 fec1::6a05:caff:fe30:21b0 64 0 65535 0 65535 0 0 3 +p vfw applyruleset + + -- cgit 1.2.3-korg