From a59ed4772da29826915010a7c9d34b5ebd256c42 Mon Sep 17 00:00:00 2001 From: Anand B Jyoti Date: Tue, 18 Apr 2017 13:36:02 +0530 Subject: vFW: Adding Virtual Firewall VNF JIRA: SAMPLEVNF-4 vFW supports following features: - Basic packet filtering (malformed packets, IP fragments) - Connection tracking for TCP and UDP - Access Control List for rule based policy enforcement - SYN-flood protection via Synproxy* for TCP - UDP, TCP and ICMP protocol pass-through - CLI based enable/disable connection tracking, synproxy, basic packet filtering - Hardware and Software Load Balancing - L2L3 stack support for ARP/ICMP handling - Multithread support - Multiple physical port support Change-Id: I96d28858488ed8764370d161975bc1e0557c8b20 Signed-off-by: Anand B Jyoti [Push patch to gerrit] Signed-off-by: Deepak S --- .../config/VFW_SWLB_IPV6_SinglePortPair_script.tc | 44 ++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 VNFs/vFW/config/VFW_SWLB_IPV6_SinglePortPair_script.tc (limited to 'VNFs/vFW/config/VFW_SWLB_IPV6_SinglePortPair_script.tc') diff --git a/VNFs/vFW/config/VFW_SWLB_IPV6_SinglePortPair_script.tc b/VNFs/vFW/config/VFW_SWLB_IPV6_SinglePortPair_script.tc new file mode 100644 index 00000000..b333d5c4 --- /dev/null +++ b/VNFs/vFW/config/VFW_SWLB_IPV6_SinglePortPair_script.tc @@ -0,0 +1,44 @@ +; Copyright (c) 2017 Intel Corporation +; +; Licensed under the Apache License, Version 2.0 (the "License"); +; you may not use this file except in compliance with the License. +; You may obtain a copy of the License at +; +; http:#www.apache.org/licenses/LICENSE-2.0 +; +; Unless required by applicable law or agreed to in writing, software +; distributed under the License is distributed on an "AS IS" BASIS, +; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +; See the License for the specific language governing permissions and +; limitations under the License. + +link 0 down +link 0 config fec0:0000:0000:0000:6a05:caff:fe30:21a0 64 +link 0 up + +link 1 down +link 1 config 2012:0000:0000:0000:6a05:caff:fe30:2071 64 +link 1 up + +;p 1 arpadd 0 fec0::6a05:caff:fe30:21b0 00:00:00:00:00:01 +;p 1 arpadd 1 2012::6a05:caff:fe30:2081 00:00:00:00:00:04 + +p action add 0 accept +p action add 0 fwd 1 +p action add 0 count + +p action add 1 accept +p action add 1 fwd 0 +p action add 1 count + +p action add 2 drop +p action add 2 count + +p action add 0 conntrack +p action add 1 conntrack +p action add 2 conntrack + +p vfw add 1 fec0::6a05:caff:fe30:21b0 64 2012::6a05:caff:fe30:2081 64 0 65535 67 69 0 0 2 +p vfw add 2 fec0::6a05:caff:fe30:21b0 64 2012::6a05:caff:fe30:2081 64 0 65535 0 65535 0 0 0 +p vfw add 2 2012::6a05:caff:fe30:2081 64 fec0::6a05:caff:fe30:21b0 64 0 65535 0 65535 0 0 1 +p vfw applyruleset -- cgit 1.2.3-korg