orber_acl
(orber)Orber ACL operations
This module contains functions intended for analyzing Access
Control List (ACL) filters. The filters uses a extended format of
Classless Inter Domain Routing (CIDR).
For example, "123.123.123.10"
limits
the connection to that particular host, while "123.123.123.10/17"
allows
connections to or from any host equal to the 17 most significant bits. Orber
also allow the user to specify a certain port or port range, for example,
"123.123.123.10/17#4001"
and "123.123.123.10/17#4001/5001"
respectively. IPv4 or none compressed IPv6 strings are accepted.
Functions
match(IP, Direction) -> boolean()
match(IP, Direction, GetInfo) -> Reply
IP = tuple() | [integer()]
Direction = tcp_in | ssl_in | tcp_out | ssl_out
GetInfo = boolean()
Reply = boolean() | {boolean(), [Interface], PortInfo}
Interface = string()
PortInfo = integer() | {integer(), integer()}
If GetInfo
is not supplied or set to false, this operation returns
a boolean which tells if the IPv4 or IPv6 address would pass the ACL
filter, defined by the iiop_acl
configuration parameter, or not.
When GetInfo
is set to true, a tuple which, besides the boolean
that tells if access was granted, also include the defined
interfaces and port(s). This operation requires that Orber is running and
can be used on a live node to determine if Orber has been properly configured.
verify(IP, Filter, Family) -> Reply
IP = string()
Filter = string()
Family = inet | inet6
Reply = true | {false, From, To} | {error, string()}
From = string()
To = string()
This operation returns true if the IPv4 or IPv6 address would pass the supplied ACL. If that is not the case, a tuple containing the accepted range is returned. This operation should only be used for test purposes.
range(Filter, Family) -> Reply
Filter = string()
Family = inet | inet6
Reply = {ok, From, To} | {error, string()}
From = string()
To = string()
Returns the range of accepted IP addresses based on the supplied filter. This operation should only be used for test purposes.