man orber_acl () - Orber ACL operations

NAME

orber_acl - Orber ACL operations

DESCRIPTION

This module contains functions intended for analyzing Access Control List (ACL) filters. The filters uses a extended format of Classless Inter Domain Routing (CIDR). For example, "123.123.123.10" limits the connection to that particular host, while "123.123.123.10/17" allows connections to or from any host equal to the 17 most significant bits. Orber also allow the user to specify a certain port or port range, for example, "123.123.123.10/17#4001" and "123.123.123.10/17#4001/5001" respectively. IPv4 or none compressed IPv6 strings are accepted.

EXPORTS

match(IP, Direction) -> boolean()

match(IP, Direction, GetInfo) -> Reply

Types
IP = tuple() | [integer()]

Direction = tcp_in | ssl_in | tcp_out | ssl_out

GetInfo = boolean()

Reply = boolean() | {boolean(), [Interface], PortInfo}

Interface = string()

PortInfo = integer() | {integer(), integer()}

If GetInfo is not supplied or set to false, this operation returns a boolean which tells if the IPv4 or IPv6 address would pass the ACL filter, defined by the iiop_acl configuration parameter, or not. When GetInfo is set to true, a tuple which, besides the boolean that tells if access was granted, also include the defined interfaces and port(s). This operation requires that Orber is running and can be used on a live node to determine if Orber has been properly configured.

verify(IP, Filter, Family) -> Reply

Types
IP = string()

Filter = string()

Family = inet | inet6

Reply = true | {false, From, To} | {error, string()}

From = string()

To = string()

This operation returns true if the IPv4 or IPv6 address would pass the supplied ACL. If that is not the case, a tuple containing the accepted range is returned. This operation should only be used for test purposes.

range(Filter, Family) -> Reply

Types
Filter = string()

Family = inet | inet6

Reply = {ok, From, To} | {error, string()}

From = string()

To = string()

Returns the range of accepted IP addresses based on the supplied filter. This operation should only be used for test purposes.

AUTHOR

Support - support@erlang.ericsson.se