-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00


-- (C)opyright 1991-2003 BinTec Communications AG, All Rights Reserved
-- (C)opyright 2003-2014 bintec elmeg GmbH
-- All Rights Reserved
--  $RCSfile: mibipsrv,v $ 
-- $Revision: 1.12 $ 

BIANCA-BRICK-IP-SERVICE-MIB DEFINITIONS ::= BEGIN
        IMPORTS
            IpAddress, Counter, TimeTicks, enterprises
                FROM RFC1155-SMI

            DisplayString
                FROM RFC1158-MIB
 
            OBJECT-TYPE
                FROM RFC-1212;

    bintec 	OBJECT IDENTIFIER ::= { enterprises 272 }
    bibo	OBJECT IDENTIFIER ::= { bintec 4 }
    biboip	OBJECT IDENTIFIER ::= { bibo 5 }
    biboipsrv	OBJECT IDENTIFIER
	::= { biboip 14 }

    localTcpAllowTable OBJECT-TYPE
	SYNTAX SEQUENCE OF LocalTcpAllowEntry
	ACCESS not-accessible
	STATUS mandatory
	DESCRIPTION
	    "Filter rule table for incoming TCP packets for local services.
	     This table is used to restrict access to TCP services provided
	     by the system.

	     o  active rules have at least one of 'localTcpAllowAddrMode'
		and 'localTcpAllowIfMode' set to 'verify' 

	     o  if there are active rules for a certain service,
		incoming connections of this service type (port) must
		match at least one of them.

	     o  incoming connections to a service (port) without
		an active rule are always allowed.

	     o  connections originating from 127.0.0.1 are always
		allowed
	    "
    ::= { biboipsrv 1 }

    localTcpAllowEntry OBJECT-TYPE
	SYNTAX LocalTcpAllowEntry
	ACCESS not-accessible
	STATUS mandatory
	DESCRIPTION
	    ""
	INDEX { localTcpAllowAddr, localTcpAllowService }
    ::= { localTcpAllowTable 1 }

    LocalTcpAllowEntry ::=
	SEQUENCE {
	    localTcpAllowAddrMode INTEGER,
	    localTcpAllowAddr IpAddress,
	    localTcpAllowMask IpAddress,
	    localTcpAllowIfMode INTEGER,
	    localTcpAllowIfIndex INTEGER,
	    localTcpAllowService INTEGER
	}

    localTcpAllowAddrMode OBJECT-TYPE
	SYNTAX INTEGER {
	    dont-verify(1),
	    verify(2),
	    delete(3)
	}
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "Specifies wether or not the IP source address of incoming
	     TCP packets should be checked against localTcpAllowAddr and
	     localTcpAllowMask."
	DEFVAL { dont-verify}
    ::= { localTcpAllowEntry 1 }

    localTcpAllowAddr OBJECT-TYPE
	SYNTAX IpAddress
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "Check source IP address against contents of this variable,
	     taking localTcpAllowMask into account."
    ::= { localTcpAllowEntry 2 }

    localTcpAllowMask OBJECT-TYPE
	SYNTAX IpAddress
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "Specifies address mask to use for IP source address comparisson
	     with address contained in localTcpAllowAddr."
    ::= { localTcpAllowEntry 3 }

    localTcpAllowIfMode OBJECT-TYPE
	SYNTAX INTEGER {
	    dont-verify(1),
	    verify(2)
	}
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "Specifies wether or not the source interface of incoming
	     TCP packets should be checked."
	DEFVAL { dont-verify}
    ::= { localTcpAllowEntry 4 }

    localTcpAllowIfIndex OBJECT-TYPE
	SYNTAX INTEGER
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "Specifies source interface index for interface check in case
	     localTcpAllowIfMode is set to verify."
    ::= { localTcpAllowEntry 5 }

    -- services MUST be in sync with those from localTcpLImitTable

    localTcpAllowService OBJECT-TYPE
	SYNTAX INTEGER {
	    telnet(1),
	    trace(2),
	    snmp(3),
	    capi(4),
	    tapi(5),
	    rfc1086(6),
	    http(7),
	    https(8),
	    ssh(9)
	}
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "TCP service"
	DEFVAL { telnet }
    ::= { localTcpAllowEntry 6 }


    localUdpAllowTable OBJECT-TYPE
	SYNTAX SEQUENCE OF LocalUdpAllowEntry
	ACCESS not-accessible
	STATUS mandatory
	DESCRIPTION
	    "Filter rule table for incoming UDP packets for local services.
	     This table is used to restrict access to UDP services provided
	     by the system.

	     o  active rules have at least one of 'localUdpAllowAddrMode'
		and 'localUdpAllowIfMode' set to 'verify'

	     o  if there are active rules for a certain service,
		incoming packets of this service type must
		match at least one of them.

	     o  incoming packets to a service (port) without
		an active rule are always allowed.

	     o  packets originating from 127.0.0.1 are always
		allowed
	    "
    ::= { biboipsrv 2 }

    localUdpAllowEntry OBJECT-TYPE
	SYNTAX LocalUdpAllowEntry
	ACCESS not-accessible
	STATUS mandatory
	DESCRIPTION
	    ""
	INDEX { localUdpAllowAddr, localUdpAllowService }
    ::= { localUdpAllowTable 1 }

    LocalUdpAllowEntry ::=
	SEQUENCE {
	    localUdpAllowAddrMode INTEGER,
	    localUdpAllowAddr IpAddress,
	    localUdpAllowMask IpAddress,
	    localUdpAllowIfMode INTEGER,
	    localUdpAllowIfIndex INTEGER,
	    localUdpAllowService INTEGER
	}

    localUdpAllowAddrMode OBJECT-TYPE
	SYNTAX INTEGER {
	    dont-verify(1),
	    verify(2),
	    delete(3)
	}
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "Specifies wether or not the IP source address of incoming
	     UDP packets should be checked against localUdpAllowAddr and
	     localUdpAllowMask."
	DEFVAL { dont-verify}
    ::= { localUdpAllowEntry 1 }

    localUdpAllowAddr OBJECT-TYPE
	SYNTAX IpAddress
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "Check source IP address against contents of this variable,
	     taking localUdpAllowMask into account."
    ::= { localUdpAllowEntry 2 }

    localUdpAllowMask OBJECT-TYPE
	SYNTAX IpAddress
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "Specifies address mask to use for IP source address comparisson
	     with address contained in localUdpAllowAddr."
    ::= { localUdpAllowEntry 3 }

    localUdpAllowIfMode OBJECT-TYPE
	SYNTAX INTEGER {
	    dont-verify(1),
	    verify(2)
	}
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "Specifies wether or not the source interface of incoming
	    UDP packets should checked"
	DEFVAL { dont-verify}
    ::= { localUdpAllowEntry 4 }

    localUdpAllowIfIndex OBJECT-TYPE
	SYNTAX INTEGER
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "Specifies source interface index for interface check in case
	     localUdpAllowIfMode is set to verify."
    ::= { localUdpAllowEntry 5 }

    -- services MUST be in sync with those from localUdpLImitTable

    localUdpAllowService OBJECT-TYPE
	SYNTAX INTEGER {
	    snmp(1),
	    rip(2),
	    bootps(3),
	    dns(4),
	    nbns(5),
	    statmon(6)
	}
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "service"
	DEFVAL { snmp }
    ::= { localUdpAllowEntry 6 }


    localIcmpAllowTable OBJECT-TYPE
	SYNTAX SEQUENCE OF LocalIcmpAllowEntry
	ACCESS not-accessible
	STATUS mandatory
	DESCRIPTION
	    "Filter rule table for incoming ICMP packets. 

	     o  active rules have at least one of 'localIcmpAllowAddrMode'
		and 'localIcmpAllowIfMode' set to 'verify'

	     o  if there are active rules for a certain ICMP packet type,
		incoming packets of this type must
		match at least one of them.

	     o  incoming ICMP packets with a packet type not listed in
		any active rule are always allowed.

	     o  packets originating from 127.0.0.1 are always
		allowed
	    "
    ::= { biboipsrv 5 }

    localIcmpAllowEntry OBJECT-TYPE
	SYNTAX LocalIcmpAllowEntry
	ACCESS not-accessible
	STATUS mandatory
	DESCRIPTION
	    ""
	INDEX { localIcmpAllowAddr, localIcmpAllowType }
    ::= { localIcmpAllowTable 1 }

    LocalIcmpAllowEntry ::=
	SEQUENCE {
	    localIcmpAllowAddrMode	INTEGER,
	    localIcmpAllowAddr		IpAddress,
	    localIcmpAllowMask		IpAddress,
	    localIcmpAllowIfMode	INTEGER,
	    localIcmpAllowIfIndex	INTEGER,
	    localIcmpAllowType		INTEGER
	}

    localIcmpAllowAddrMode OBJECT-TYPE
	SYNTAX INTEGER {
	    dont-verify(1),
	    verify(2),
	    delete(3)
	}
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "Specifies wether or not the IP source address of incoming
	     ICMP packets should checked"
	DEFVAL { dont-verify}
    ::= { localIcmpAllowEntry 1 }

    localIcmpAllowAddr OBJECT-TYPE
	SYNTAX IpAddress
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "source IP address"
    ::= { localIcmpAllowEntry 2 }

    localIcmpAllowMask OBJECT-TYPE
	SYNTAX IpAddress
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "source IP address mask"
    ::= { localIcmpAllowEntry 3 }

    localIcmpAllowIfMode OBJECT-TYPE
	SYNTAX INTEGER {
	    dont-verify(1),
	    verify(2)
	}
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "Specifies wether or not the source interface of incoming
	     ICMP packets should checked"
	DEFVAL { dont-verify}
    ::= { localIcmpAllowEntry 4 }

    localIcmpAllowIfIndex OBJECT-TYPE
	SYNTAX INTEGER
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "source interface index"
    ::= { localIcmpAllowEntry 5 }

    localIcmpAllowType OBJECT-TYPE
	SYNTAX INTEGER {
	    echoRep(1),
	    destUnreach(4),
	    srcQuench(5),
	    redirect(6),
	    echo(9),
	    timeExcds(12),
	    parmProb(13),
	    timestamp(14),
	    timestampRep(15),
	    addrMask(18),
	    addrMaskRep(19)
	}
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "ICMP packet type"
	DEFVAL { echo }
    ::= { localIcmpAllowEntry 6 }



    localTcpLimitTable OBJECT-TYPE
	SYNTAX SEQUENCE OF LocalTcpLimitEntry
	ACCESS not-accessible
	STATUS mandatory
	DESCRIPTION
	    "Table to be used to limit access to local TCP services."
    ::= { biboipsrv 3 }

    localTcpLimitEntry OBJECT-TYPE
	SYNTAX LocalTcpLimitEntry
	ACCESS not-accessible
	STATUS mandatory
	DESCRIPTION
	    ""
	INDEX { localTcpLimitService }
    ::= { localTcpLimitTable 1 }

    LocalTcpLimitEntry ::=
	SEQUENCE {
	    localTcpLimitAdminState    INTEGER,
	    localTcpLimitService       INTEGER,
	    localTcpLimitMaxSessions   INTEGER,
	    localTcpLimitCurSessions   INTEGER,
	    localTcpLimitState         INTEGER
	}


    -- services MUST be in sync with those from localTcpAllowTable

    localTcpLimitAdminState OBJECT-TYPE
	SYNTAX INTEGER {
            active(1),
            inactive(2),
	    delete(3)
        }
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "The administrative state of this limit entry."
	DEFVAL { active }
    ::= { localTcpLimitEntry 1 }

    localTcpLimitService OBJECT-TYPE
	SYNTAX INTEGER {
	    telnet(1),
	    trace(2),
	    snmp(3),
	    capi(4),
	    tapi(5),
	    rfc1086(6),
	    http(7),
	    https(8),
	    ssh(9)
	}
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "The corresponding TCP service."
	DEFVAL { telnet }
    ::= { localTcpLimitEntry 2 }

    localTcpLimitMaxSessions OBJECT-TYPE
	SYNTAX INTEGER (0..65536)
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "Maximum number of allowed sessions for this TCP service."
	DEFVAL { 128 }
    ::= { localTcpLimitEntry 3 }

    localTcpLimitCurSessions OBJECT-TYPE
	SYNTAX Counter
	ACCESS read-only
	STATUS mandatory
	DESCRIPTION
	    "The current number of sessions for this TCP service."
	DEFVAL { 0 }
    ::= { localTcpLimitEntry 4 }

    localTcpLimitState OBJECT-TYPE
	SYNTAX INTEGER {
	    below(1),
	    exceeded(2)
	}
	ACCESS read-only
	STATUS mandatory
	DESCRIPTION
	    "The current state for this TCP service."
        DEFVAL { below }
    ::= { localTcpLimitEntry 5 }



    localUdpLimitTable OBJECT-TYPE
	SYNTAX SEQUENCE OF LocalUdpLimitEntry
	ACCESS not-accessible
	STATUS mandatory
	DESCRIPTION
	    "Table to be used to limit access to local UDP services."
    ::= { biboipsrv 4 }

    localUdpLimitEntry OBJECT-TYPE
	SYNTAX LocalUdpLimitEntry
	ACCESS not-accessible
	STATUS mandatory
	DESCRIPTION
	    ""
	INDEX { localUdpLimitService }
    ::= { localUdpLimitTable 1 }

    LocalUdpLimitEntry ::=
	SEQUENCE {
	    localUdpLimitAdminState  INTEGER,
	    localUdpLimitService     INTEGER,
	    localUdpLimitMaxRate     INTEGER,
	    localUdpLimitCurRate     INTEGER,
	    localUdpLimitState       INTEGER
	}

    localUdpLimitAdminState OBJECT-TYPE
	SYNTAX INTEGER {
            active(1),
            inactive(2),
	    delete(3)
        }
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "The administrative state of this limit entry."
	DEFVAL { active }
    ::= { localUdpLimitEntry 1 }

    -- services MUST be in sync with those from localUdpAllowTable

    localUdpLimitService OBJECT-TYPE
	SYNTAX INTEGER {
	    snmp(1),
	    rip(2),
	    bootps(3),
	    dns(4),
	    nbns(5),
	    statmon(6)
	}
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "The corresponding UDP service."
	DEFVAL { snmp }
    ::= { localUdpLimitEntry 2 }

    localUdpLimitMaxRate OBJECT-TYPE
	SYNTAX INTEGER (0..65536)
	ACCESS read-write
	STATUS mandatory
	DESCRIPTION
	    "Maximum number of packets per second for this UDP service."
	DEFVAL { 1000 }
    ::= { localUdpLimitEntry 3 }

    localUdpLimitCurRate OBJECT-TYPE
	SYNTAX Counter
	ACCESS read-only
	STATUS mandatory
	DESCRIPTION
	    "The current number of packets per second for this UDP service."
	DEFVAL { 0 }
    ::= { localUdpLimitEntry 4 }

    localUdpLimitState OBJECT-TYPE
	SYNTAX INTEGER {
	    below(1),
	    exceeded(2)
	}
	ACCESS read-only
	STATUS mandatory
	DESCRIPTION
	    "The current state for this UDP service."
        DEFVAL { below }
    ::= { localUdpLimitEntry 5 }

END
