1orber_acl(3) Erlang Module Definition orber_acl(3)
2
3
4
6 orber_acl - Orber ACL operations
7
9 This module contains functions intended for analyzing Access Control
10 List (ACL) filters. The filters uses a extended format of Classless In‐
11 ter Domain Routing (CIDR). For example, "123.123.123.10" limits the
12 connection to that particular host, while "123.123.123.10/17" allows
13 connections to or from any host equal to the 17 most significant bits.
14 Orber also allow the user to specify a certain port or port range, for
15 example, "123.123.123.10/17#4001" and "123.123.123.10/17#4001/5001" re‐
16 spectively. IPv4 or none compressed IPv6 strings are accepted.
17
19 match(IP, Direction) -> boolean()
20 match(IP, Direction, GetInfo) -> Reply
21
22 Types:
23
24 IP = tuple() | [integer()]
25 Direction = tcp_in | ssl_in | tcp_out | ssl_out
26 GetInfo = boolean()
27 Reply = boolean() | {boolean(), [Interface], PortInfo}
28 Interface = string()
29 PortInfo = integer() | {integer(), integer()}
30
31 If GetInfo is not supplied or set to false, this operation re‐
32 turns a boolean which tells if the IPv4 or IPv6 address would
33 pass the ACL filter, defined by the iiop_acl configuration pa‐
34 rameter, or not. When GetInfo is set to true, a tuple which, be‐
35 sides the boolean that tells if access was granted, also include
36 the defined interfaces and port(s). This operation requires that
37 Orber is running and can be used on a live node to determine if
38 Orber has been properly configured.
39
40 verify(IP, Filter, Family) -> Reply
41
42 Types:
43
44 IP = string()
45 Filter = string()
46 Family = inet | inet6
47 Reply = true | {false, From, To} | {error, string()}
48 From = string()
49 To = string()
50
51 This operation returns true if the IPv4 or IPv6 address would
52 pass the supplied ACL. If that is not the case, a tuple contain‐
53 ing the accepted range is returned. This operation should only
54 be used for test purposes.
55
56 range(Filter, Family) -> Reply
57
58 Types:
59
60 Filter = string()
61 Family = inet | inet6
62 Reply = {ok, From, To} | {error, string()}
63 From = string()
64 To = string()
65
66 Returns the range of accepted IP addresses based on the supplied
67 filter. This operation should only be used for test purposes.
68
69
70
71Ericsson AB orber 5.0.2 orber_acl(3)