-
Notifications
You must be signed in to change notification settings - Fork 1
/
iptables_Manifest.xml
129 lines (129 loc) · 4.94 KB
/
iptables_Manifest.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
<?xml version="1.0" encoding="UTF-8"?>
<!-- PSA Manifest instance - version 1.1 - 3 Sep 2014 -->
<PSAManifest xmlns="https://www.secured-fp7.eu/ref/PSA_manifest/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://www.secured-fp7.eu/ref/PSA_manifest/ file:PSA_manifest_v1.1.xsd">
<general_info>
<PSA_ID>myID</PSA_ID>
<name>myName</name>
<description>This is a description</description>
<web_site>https://www.secured-fp7.eu/</web_site>
<version>1.00</version>
<vendor>Polito</vendor>
<author>author</author>
<EULA>EULA text</EULA>
<licence>Freeware</licence>
</general_info>
<functionality>
<capability>
<access_control>
<traffic_filter>
<stateful>
<name>Linux firewall</name>
<implementedBy>netfilter/iptables</implementedBy>
<type>packet filter</type>
</stateful>
</traffic_filter>
</access_control>
<HSPL_capability>
<capability_list>Filtering_L4</capability_list>
</HSPL_capability>
</capability>
<M2L_translation_info>
<security_control>
<id>netfilter_iptables</id>
<name>Linux firewall</name>
<description>This plugin convers MSPL to netfilter/iptables configuration</description>
<plugin>
<id>netfilter_iptables_plugin</id>
<name>netfilter/iptables M2L plugin</name>
<URL>https://somewhere/M2L/</URL>
<command>command1</command>
<command>command2</command>
</plugin>
<configuration_file>/etc/init.d/firewall.sh</configuration_file>
</security_control>
</M2L_translation_info>
<performance>
<network_throughput unit="Mbit/s">
<value>10</value>
</network_throughput>
<simultaneous_connections unit="conn/s">
<value>100</value>
</simultaneous_connections>
<max_numer_of_operations_rules>1000</max_numer_of_operations_rules>
<max_numer_of_users>20</max_numer_of_users>
</performance>
<optimization_parameter cost="4" latency="0.2" rating="1"/>
</functionality>
<execution_model>
<infrastructure>
<hw_requirement>
<cpu_unit>1</cpu_unit>
<cpu_architecture>x86_64</cpu_architecture>
<cpu_family>Intel</cpu_family>
<RAM_size unit="GB">
<value>1</value>
</RAM_size>
<disk_size unit="GB">
<value>10</value>
</disk_size>
<bandwidth unit="Mbit/s">
<value>10</value>
</bandwidth>
<max_delay unit="ms">
<value>10</value>
</max_delay>
</hw_requirement>
<sw_requirement>
<OS_type>GNU/Linux</OS_type>
<OS_version>3.0</OS_version>
<OS_architecture>i586</OS_architecture>
</sw_requirement>
</infrastructure>
<security_availability/>
<mobility>
<migration_support>cold migration</migration_support>
<type>stateful</type>
</mobility>
<PSC_dependency/>
<additional_requirement/>
</execution_model>
<configuration>
<PSA_format>img</PSA_format>
<security_control_configuration>
<security_control_ID>netfilter_iptables</security_control_ID>
<configuration_file>/etc/init.d/firewall.sh</configuration_file>
<executable>/etc/sbin/iptables</executable>
</security_control_configuration>
<network_card_no>2</network_card_no>
<network_card_configuration>
<card_ID>eth0</card_ID>
<MAC_address>00:00:00:00:00:00</MAC_address>
<IP_address>1.1.1.1</IP_address>
<netmask>255.255.255.0</netmask>
</network_card_configuration>
<network_card_configuration>
<card_ID>eth1</card_ID>
<MAC_address>00:00:00:00:00:01</MAC_address>
<IP_address>192.168.1.1</IP_address>
<netmask>255.255.255.0</netmask>
</network_card_configuration>
<network_configuration>
<gateway_IP_address>1.1.1.250</gateway_IP_address>
<DNS_IP_address>8.8.8.8</DNS_IP_address>
</network_configuration>
<kernel_configuration/>
</configuration>
<monitoring>
<input_bandwidth unit="Kbit/s">
<value>100</value>
</input_bandwidth>
<output_bandwidth unit="Kbit/s">
<value>10</value>
</output_bandwidth>
<delay unit="ms">
<value>10</value>
</delay>
</monitoring>
</PSAManifest>