Skip to content

Instantly share code, notes, and snippets.

@radustoenescu
Created March 21, 2013 12:59
Show Gist options
  • Save radustoenescu/5212841 to your computer and use it in GitHub Desktop.
Save radustoenescu/5212841 to your computer and use it in GitHub Desktop.
firewall :: IPClassifier(dst tcp port ssh,-);
in :: FromDevice(dev0) -> cl :: Classifier(12/0800,-);
cl[0] -> stripper :: Strip(14) -> checker :: CheckIPHeader -> firewall;
cl[1] -> discarder :: Discard;
firewall[0] -> out :: ToDevice(dev1);
firewall[1] -> discarder;
-- Elements
-- Component named: firewall of type IPClassifier
firewall_in_1 = ("firewall_1", "in")
firewall_out_1 = [("firewall_1", "out")]
firewall_pattern_1 = (firewall_in_1, (Atomic ("Dest-TCP" `Bind` (CVal "22"))), firewall_out_1)
firewall_in_2 = ("firewall_2", "in")
firewall_out_2 = [("firewall_2", "out")]
firewall_pattern_2 = (firewall_in_2, (Atomic ("Dest-TCP" `Bind` (Not (CVal "22")))), firewall_out_2)
[firewall_rule_0,firewall_rule_1] = ipclassifier [firewall_pattern_1,firewall_pattern_2]
-- Component named: in of type FromDevice
in_1 = ("in_1", "out")
-- Component named: cl of type Classifier
cl_in_1 = ("cl_1", "in")
cl_out_1 = [("cl_1", "out")]
cl_pattern_1 = (cl_in_1, (Atomic ("Proto" `Bind` (CVal "IP"))), cl_out_1)
cl_in_2 = ("cl_2", "in")
cl_out_2 = [("cl_2", "out")]
cl_pattern_2 = (cl_in_2, (Atomic ("Proto" `Bind` (Not (CVal "IP")))), cl_out_2)
[cl_rule_0,cl_rule_1] = ipclassifier [cl_pattern_1,cl_pattern_2]
-- Component named: stripper of type Strip
stripper_in_1 = ("stripper_1", "in")
stripper_out_1 = [("stripper_1", "out")]
stripper = idd stripper_in_1 stripper_out_1
-- Component named: checker of type CheckIPHeader
checker_in_1 = ("checker_1", "in")
checker_out_1 = [("checker_1", "out")]
checker = idd checker_in_1 checker_out_1
-- Component named: discarder of type Discard
discarder_1 = ("discarder_1", "in")
-- Component named: out of type ToDevice
out_1 = ("out_1", "in")
-- Connecting components using Links
-- Link between element 'in', port 1 and 'cl', port 1
l1 = link_rule ("in_1", "out") [("cl_1", "in"),("cl_2", "in")]
-- Link between element 'cl', port 1 and 'stripper', port 1
l2 = link_rule ("cl_1", "out") [("stripper_1", "in")]
-- Link between element 'stripper', port 1 and 'checker', port 1
l3 = link_rule ("stripper_1", "out") [("checker_1", "in")]
-- Link between element 'checker', port 1 and 'firewall', port 1
l4 = link_rule ("checker_1", "out") [("firewall_1", "in"),("firewall_2", "in")]
-- Link between element 'cl', port 2 and 'discarder', port 1
l5 = link_rule ("cl_1", "out") [discarder_1]
-- Link between element 'firewall', port 1 and 'out', port 1
l6 = link_rule ("firewall_1", "out") [out_1]
-- Link between element 'firewall', port 2 and 'discarder', port 1
l7 = link_rule ("firewall_1", "out") [discarder_1]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment