--
-- comIpFilter.mib
-- MIB generated by MG-SOFT Visual MIB Builder Version 3.0 Build 285
-- Monday, January 10, 2005 at 10:35:57
--

	ZHONE-COM-IP-FILTER-MIB DEFINITIONS ::= BEGIN
 
		IMPORTS
			ifIndex			
				FROM IF-MIB			
			SnmpAdminString			
				FROM SNMP-FRAMEWORK-MIB			
			IpAddress, Integer32, Unsigned32, Counter32, OBJECT-TYPE, 
			MODULE-IDENTITY, OBJECT-IDENTITY			
				FROM SNMPv2-SMI			
			zhoneIp, zhoneModules			
				FROM Zhone			
			ZhoneRowStatus, ZhoneAdminString			
				FROM Zhone-TC;
	
	
-- 
-- 
-- 
-- 
-- 
-- 
-- 
		-- 1.3.6.1.4.1.5504.6.58
		comIpFilter MODULE-IDENTITY 
			LAST-UPDATED "200501100015Z"		-- January 10, 2005 at 00:15 GMT
			ORGANIZATION 
				"Zhone Technologies, Inc."
			CONTACT-INFO 
				"  Postal: 
				           Zhone Technologies, Inc.
				           @ Zhone Way
				           7001 Oakport Street
				           Oakland, CA  94621
				           USA
				Toll-Free: +1 877-ZHONE20 (+1 877-946-6320)
				      Tel: +1-510-777-7000
				      Fax: +1-510-777-7001
				   E-mail: support@zhone.com"
			DESCRIPTION 
				"Zhone IP Filter MIB Module.
				IP Software
				Minneapolis, MN"
			REVISION "200501101016Z"		-- January 10, 2005 at 10:16 GMT
			DESCRIPTION 
				"changed portAccessArg1, portAccessArg2 to more intuitive names."
			REVISION "200501030924Z"		-- January 03, 2005 at 09:24 GMT
			DESCRIPTION 
				"changed portArg1, portArg2 to IP addresses"
			REVISION "200412210925Z"		-- December 21, 2004 at 09:25 GMT
			DESCRIPTION 
				"added Port_Access"
			REVISION "200408301100Z"		-- August 30, 2004 at 11:00 GMT
			DESCRIPTION 
				"V01.01.02 - Add type field to mcastControlList."
			REVISION "200404060017Z"		-- April 06, 2004 at 00:17 GMT
			DESCRIPTION 
				"V01.01.01 - Implementation of multicast-control-list."
			REVISION "200101170848Z"		-- January 17, 2001 at 08:48 GMT
			DESCRIPTION 
				"V01.01.00 - Added keyword markup, updated SMI,
				            Added the filterStmtRenumTable and
				            filterStatsTable"
			REVISION "200009111622Z"		-- September 11, 2000 at 16:22 GMT
			DESCRIPTION 
				"V01.00.00 - Initial Release"
			::= { zhoneModules 58 }
-- Protection code generation:
-- /vob/zhonetools/bin/pahrser.pl rfc2233.mib rfc2571.mib Zhone.mib Zhone-TC.mib comIpFilter.mib
-- 
-- ! IMPORTANT NOTE WHEN GENERATING PROTECTION LAYER !
-- You need to edit the mib and remove one set of curly
-- braces around the "DEFVAL { { deny } }" statment under
-- fltStmtAction OBJECT-TYPE definition in order to get
-- the pahrser to generate the MCast_Control_List_Entry.
-- Like this "DEFVAL { deny }".
-- After you generate code using pahrser, you need to add
-- the curly braces back.
		
	
	
--
-- Node definitions
--
	
		-- 1.3.6.1.4.1.5504.4.1.8
		filter OBJECT-IDENTITY
			STATUS current
			DESCRIPTION 
				"The MIB module representing IP filter specifications in Zhone
				Technologies products.  IP filtering is typically performed
				to enhance network security by limiting what access is allowed
				between two networks.  Filtering is also effective in
				eliminating certain denial-of-service attacks.  Packet
				filtering also provides a framework for sanity checking packet
				headers, and rejecting packets that are unlikely (or that
				should be impossible).  In this way, packet filtering can
				prevent certain unfortunate mistakes from shutting a network
				down."
			REFERENCE 
				"RFC1812, 'Requirements for IP Version 4 Routers,'
				    ftp://ftp.isi.edu/in-notes/rfc1812.txt.
				RFC2267, 'Network Ingress Filtering: Defeating Denial of
				    Service Attacks which employ IP Source Address
				    Spoofing,' ftp://ftp.isi.edu/in-notes/rfc2267.txt.
				RFC2474, 'Definition of the Differentiated Services Field
				    (DS Field) in the IPv4 and IPv6 Headers',
				    ftp://ftp.isi.edu/in-notes/rfc2474.txt.
				D. Brent Chapman, 'Network (In)Security Through IP Packet
				    Filtering,' Proceedings of the 3rd USENIX Security
				    Symposium, Sept. 1992.
				Andrew Molitor, 'An Architecture for Advanced Packet
				    Filtering,' Proceedings of the 5th USENIX Security
				    Symposium, June. 1995.
				Paul Russell, 'Linux IPCHAINS-HOWTO,'
				    http://www.rustcorp.com/linux/ipchains/HOWTO.html,
				    v1.0.7, Mar. 1999."
			::= { zhoneIp 8 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.1
		filterGlobal OBJECT-IDENTITY
			STATUS current
			DESCRIPTION 
				"Global filter provisioning information."
			::= { filter 1 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.1.1
		fltGlobalIndexNext OBJECT-TYPE
			SYNTAX Integer32 (1..2147483647)
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The next available filter spec table index (filterSpecIndex).
				A GET on this object increments the value by one.  A GETNEXT
				on this object will always return zero."
			::= { filterGlobal 1 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.1.2
		fltGlobalTimeout OBJECT-TYPE
			SYNTAX Integer32 (1..2147483647)
			UNITS "seconds"
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"Filter inconsistency timeout in seconds.  A filter spec
				is considered to be in an inconsistent state when the
				value of the objects fltSpecVersion1 and fltSpecVersion2
				are not equal.  This timeout indicates the minimum number
				of seconds a filter may be in an inconsistent state
				before the filter spec becomes invalid and the default
				action for a filter is used as the filter.  Provided 
				fltGlobalTimeout is long enough, it should ensure that 
				both an old modification is permanently stalled (ensuring 
				exclusive access) as well as enough time to repair a filter.
				Default is five seconds."
			::= { filterGlobal 2 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.2
		filterSpecTable OBJECT-TYPE
			SYNTAX SEQUENCE OF FilterSpecEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"The filter specification table contains specifications
				for the IP filtering module.  Rows are indexed by a
				single integer index (filterSpecIndex).  The fltGlobalIndexNext
				object is used to determine the next index value.  Each
				row points to a sequence of rows (statements) in the
				filterStatementTable.  When any row in that sequence
				is modified, created, or removed, the fltSpecVersion1 and 
				fltSpecVersion2 objects must be incremented.
				
				Rows are created by assigning fltSpecIndex and setting
				fltSpecRowStatus to 'createAndGo'.  All columnar objects
				in this table have default values, so no objects other
				than the index value need be set to create a row.  Rows
				are removed by setting fltSpecRowStatus to 'destroy'.
				When a row is removed, each row in filterStatementTable
				with the same fltSpecIndex is automatically removed."
			::= { filter 2 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.2.1
		filterSpecEntry OBJECT-TYPE
			SYNTAX FilterSpecEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"An entry in the filterSpecTable."
			INDEX { fltSpecIndex }
			::= { filterSpecTable 1 }

		
		FilterSpecEntry ::=
			SEQUENCE { 
				fltSpecIndex
					Integer32,
				fltSpecName
					ZhoneAdminString,
				fltSpecDesc
					SnmpAdminString,
				fltSpecVersion1
					Unsigned32,
				fltSpecVersion2
					Unsigned32,
				fltSpecLanguageVersion
					Unsigned32,
				fltSpecRowStatus
					ZhoneRowStatus
			 }

		-- 1.3.6.1.4.1.5504.4.1.8.2.1.1
		fltSpecIndex OBJECT-TYPE
			SYNTAX Integer32 (1..2147483647)
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"The index that identifies an entry in the filterSpecTable.
				The fltGlobalIndexNext object is used to determine the
				next value of this object."
			::= { filterSpecEntry 1 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.2.1.2
		fltSpecName OBJECT-TYPE
			SYNTAX ZhoneAdminString
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"The filter name associated with this filter specification.
				This name should indicate the nature of the filter.
				The default value is an empty string."
			::= { filterSpecEntry 2 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.2.1.3
		fltSpecDesc OBJECT-TYPE
			SYNTAX SnmpAdminString
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"Textual description of the filter specification.
				This should briefly describe the nature of the
				filter defined by the associated filter statements.
				The default value is an empty string."
			::= { filterSpecEntry 3 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.2.1.4
		fltSpecVersion1 OBJECT-TYPE
			SYNTAX Unsigned32
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"The version number of the filter specification.  This is
				used to flag any changes in the statements that comprise
				a filter.  Each time a modification occurs to an object in
				a filter spec (including the the list of filter statements
				of the same fltSpecIndex in filterStatementTable), the
				value of this object, and fltSpecVersion2 must be incremented.
				The manager adding, deleting, or modifying a filter statement
				or statements must increment this version number in the
				following manner.
				
				A read of fltSpecVersion1 returns its current value.  A
				write to fltSpecVersion1 must be one greater than its current
				value.  A successful write of this object transfers ownership 
				to the manager, where the manager must subsequently perform 
				any desired modifications to the filter spec and then write 
				the new value of fltSpecVersion1 to the fltSpecVersion2 object 
				to release ownership.
				
				When fltSpecVersion1 does not equal to fltSpecVersion2, the
				filter spec is in an inconsistent state.  If the filter spec
				remains in an inconsistent state longer than the time
				specified in fltGlobalTimeout, the filter spec is declared
				invalid and the filter spec does not become active.  The
				previously provisioned filter spec will remain active.
				If no previous filter spec was provisioned for this interface,
				a default action is used.  It is up to the manager to fix 
				the invalid filter spec and bring it into a consistent state."
			DEFVAL { 0 }
			::= { filterSpecEntry 4 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.2.1.5
		fltSpecVersion2 OBJECT-TYPE
			SYNTAX Unsigned32
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"The version number of the filter specification.  The
				value of this object must be equal to fltSpecVersion1,
				otherwise the filter spec is inconsistent.  See
				fltSpecVersion1 for details."
			DEFVAL { 0 }
			::= { filterSpecEntry 5 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.2.1.6
		fltSpecLanguageVersion OBJECT-TYPE
			SYNTAX Unsigned32
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"The language version of the filter.  The language version
				further details the meaning and use of the objects in
				filterStatmentTable.  The definitions of the filter
				languages is beyond the scope of this description."
			DEFVAL { 0 }
			::= { filterSpecEntry 6 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.2.1.7
		fltSpecRowStatus OBJECT-TYPE
			SYNTAX ZhoneRowStatus
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"Zhone convention to support row creation and deletion.
				This is the only object required to create or destroy
				a row in this table."
			::= { filterSpecEntry 7 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3
		filterStatementTable OBJECT-TYPE
			SYNTAX SEQUENCE OF FilterStatementEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"This table contains the filter specification statements for
				the IP filtering module.  A complete filter specification is
				comprised of all the linked statements (rows) that are
				pointed to by an entry in the filterSpecTable.  Filter
				statements are linked together by fltSpecIndex, and are
				ordered within the comprised filter using fltStmtIndex.
				A statement can only be owned by one filter spec.
				
				Rows are created by assigning fltSpecIndex and fltStmtIndex,
				and setting fltStmtRowStatus to 'createAndGo'.  All columnar
				objects in this table have default values, so no objects other
				than the index values need be set to create a row.  Rows are
				destroyed by setting fltStmtRowStatus to 'delete'.  When rows
				are created or destroyed, the version of the corresponding
				filter spec row is incremented."
			::= { filter 3 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3.1
		filterStatementEntry OBJECT-TYPE
			SYNTAX FilterStatementEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"An entry in the filterStatement table.  Each entry
				represents one of a sequence of statements that comprise
				a filter.  Each filter statement consists of an index,
				specific packet header fields, and arbitrary packet
				offsets and values.
				
				Some objects in this entry define ranges for specific packet
				header fields.  These objects define comparison operations
				on the field they share in the following manner:
				
				  Low  High  Compare Method for field f
				  ---  ----  -------------------------------------------
				  0    0     no comparison on the field
				  0    H     less than or equal to High    (f <= H)
				  L    0     exact match                   (L == f)
				  L    H     inclusive between comparison  (L <= f <= H)
				"
			INDEX { fltSpecIndex, fltStmtIndex }
			::= { filterStatementTable 1 }

		
		FilterStatementEntry ::=
			SEQUENCE { 
				fltStmtIndex
					Integer32,
				fltStmtIpSrcAddrLow
					IpAddress,
				fltStmtIpSrcAddrHigh
					IpAddress,
				fltStmtSrcPortLow
					Integer32,
				fltStmtSrcPortHigh
					Integer32,
				fltStmtIpDstAddrLow
					IpAddress,
				fltStmtIpDstAddrHigh
					IpAddress,
				fltStmtDstPortLow
					Integer32,
				fltStmtDstPortHigh
					Integer32,
				fltStmtIpProtocol
					INTEGER,
				fltStmtArbValueBase
					INTEGER,
				fltStmtArbOffset
					Integer32,
				fltStmtArbMask
					Unsigned32,
				fltStmtArbValueLow
					Unsigned32,
				fltStmtArbValueHigh
					Unsigned32,
				fltStmtModifier
					BITS,
				fltStmtAction
					BITS,
				fltStmtActionArg
					Integer32,
				fltStmtRowStatus
					ZhoneRowStatus
			 }

		-- 1.3.6.1.4.1.5504.4.1.8.3.1.1
		fltStmtIndex OBJECT-TYPE
			SYNTAX Integer32 (1..2147483647)
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"The table index that identifies a filter statement.  These
				indicies should be sparse to allow for insertion into the
				list."
			::= { filterStatementEntry 1 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3.1.2
		fltStmtIpSrcAddrLow OBJECT-TYPE
			SYNTAX IpAddress
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"The inclusive lower bound for the source IP address range.
				See the filterStatementEntry description for details."
			DEFVAL { '00000000'h }
			::= { filterStatementEntry 2 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3.1.3
		fltStmtIpSrcAddrHigh OBJECT-TYPE
			SYNTAX IpAddress
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"The inclusive upper bound for the source IP address range.
				See the filterStatementEntry description for details."
			DEFVAL { '00000000'h }
			::= { filterStatementEntry 3 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3.1.4
		fltStmtSrcPortLow OBJECT-TYPE
			SYNTAX Integer32 (0..65535)
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"The inclusive lower bound for the transport layer source
				port range.  See the filterStatementEntry description for
				details."
			DEFVAL { 0 }
			::= { filterStatementEntry 4 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3.1.5
		fltStmtSrcPortHigh OBJECT-TYPE
			SYNTAX Integer32 (0..65535)
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"The inclusive upper bound for the transport layer source
				port range.  See the filterStatementEntry description for
				details."
			DEFVAL { 0 }
			::= { filterStatementEntry 5 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3.1.6
		fltStmtIpDstAddrLow OBJECT-TYPE
			SYNTAX IpAddress
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"The inclusive lower bound for the destination IP address
				range.  See the filterStatementEntry description for
				details."
			DEFVAL { '00000000'h }
			::= { filterStatementEntry 6 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3.1.7
		fltStmtIpDstAddrHigh OBJECT-TYPE
			SYNTAX IpAddress
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"The inclusive upper bound for the destination IP address
				range.  See the filterStatementEntry description for
				details."
			DEFVAL { '00000000'h }
			::= { filterStatementEntry 7 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3.1.8
		fltStmtDstPortLow OBJECT-TYPE
			SYNTAX Integer32 (0..65535)
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"The inclusive lower bound for the transport layer destination
				port range.  See the filterStatementEntry description for
				details."
			DEFVAL { 0 }
			::= { filterStatementEntry 8 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3.1.9
		fltStmtDstPortHigh OBJECT-TYPE
			SYNTAX Integer32 (0..65535)
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"The inclusive upper bound for the transport layer destination
				port range.  See the filterStatementEntry description for
				details."
			DEFVAL { 0 }
			::= { filterStatementEntry 9 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3.1.10
		fltStmtIpProtocol OBJECT-TYPE
			SYNTAX INTEGER
				{
				any(1),
				ip(2),
				tcp(3),
				udp(4),
				icmp(5)
				}
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"The IP protocol value that is to be matched.  The enum
				values are as follows:
				
				    any(1)   : any protocol type is a match (wildcard)
				    ip(2)    : raw IP packet
				    tcp(3)   : TCP packet
				    udp(4)   : UDP packet
				    icmp(5)  : ICMP packet
				
				The default value is any(1)."
			DEFVAL { any }
			::= { filterStatementEntry 10 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3.1.11
		fltStmtArbValueBase OBJECT-TYPE
			SYNTAX INTEGER
				{
				none(1),
				ip(2),
				udp(3),
				tcp(4),
				icmp(5),
				ipOptions(6),
				tcpOptions(7)
				}
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"This field identifies the protocol header to which the
				arbitrary value comparison applies.  The enum values are
				as follows:
				
				    none(1)       : no arbitrary value comparison
				    ip(2)         : base is IP header
				    udp(3)        : base is UDP header
				    tcp(4)        : base is TCP header
				    icmp(5)       : base is ICMP header
				    ipOptions(6)  : base is IP options header
				    tcpOptions(7) : base is TCP options header
				
				The default value is none(1)."
			DEFVAL { none }
			::= { filterStatementEntry 11 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3.1.12
		fltStmtArbOffset OBJECT-TYPE
			SYNTAX Integer32 (0..64)
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"The offset, in octets, from the beginning of the header
				to the most significant octet for the arbitrary value
				comparison."
			DEFVAL { 0 }
			::= { filterStatementEntry 12 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3.1.13
		fltStmtArbMask OBJECT-TYPE
			SYNTAX Unsigned32
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"This object is mask for for arbitrary value comparisons.
				The non-zero bits in this field determine the size of the
				arbitrary field."
			DEFVAL { 0 }
			::= { filterStatementEntry 13 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3.1.14
		fltStmtArbValueLow OBJECT-TYPE
			SYNTAX Unsigned32
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"This object is the inclusive lower bound for arbitrary value
				comparison.  See the filterStatementEntry description for
				details."
			DEFVAL { 0 }
			::= { filterStatementEntry 14 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3.1.15
		fltStmtArbValueHigh OBJECT-TYPE
			SYNTAX Unsigned32
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"This object is the inclusive upper bound for arbitrary value
				comparison.  See the filterStatementEntry description for
				details."
			DEFVAL { 0 }
			::= { filterStatementEntry 15 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3.1.16
		fltStmtModifier OBJECT-TYPE
			SYNTAX BITS
				{
				notIpSrc(0),
				notSrcPort(1),
				notDstIp(2),
				notPortDst(3),
				notProtocol(4),
				notArbitrary(5),
				notStatement(6)
				}
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"Filter statement modifier.  The bits set in this object
				logically negate the results of the comparisons made on
				their respecive fields as shown :
				
				    notIpSrcAddr(1)  : fltStmtIpSrcAddrLow, fltStmtIpSrcAddrHigh
				    notSrcPort(2)    : fltStmtSrcPortLow, fltStmtSrcPortHigh
				    notIpDstAddr(3)  : fltStmtIpDstAddrLow, fltStmtIpDstAddrHigh
				    notDstPort(4)    : fltStmtDstPortLow, fltStmtDstPortHigh
				    notIpProtocol(5) : fltStmtIpProtocol
				    notArbitrary(6)  : fltStmtArbValueLow, fltStmtArbValueHigh
				    notStatement(7)  : negate outcome of the entire statement
				
				No bits set (the default) specifies to use all outcomes as is."
			::= { filterStatementEntry 16 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3.1.17
		fltStmtAction OBJECT-TYPE
			SYNTAX BITS
				{
				reset(0),
				permit(1),
				deny(2),
				forward(3),
				reject(4),
				log(5)
				}
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"Filter statement action.  The bits set in this object specify
				actions to take on packets matching this statement.  Supported
				actions are:
				
				    reset(0)   : Return a TCP reset packet to the packet sender
				                 and drop the packet.  This cannot be specified
				                 with permit.
				    permit(1)  : Stop filtering the packet and allow it to be
				                 sent on the associated interface.  This cannot
				                 be specified with deny.
				    deny(2)    : Stop filtering the packet and discard it.  This
				                 cannot be specified with permit.
				    forward(3) : Forward the packet the IP address specified in
				                 fltStmtActionArg.
				    reject(4)  : Return an ICMP destination unreachable packet
				                 (type 3) to the packet sender with code 13
				                 (communication administratively prohibited).
				                 This cannot be specified permit.
				    log(5)     : Write the packet to the log stream.
				
				There are some mutually exclusive bits: reset(0) and permit(1),
				permit(1) and deny(2), permit(1) and reject(4).  No bits set
				implies to continue filtering on the packet."
			DEFVAL { { deny } }
			::= { filterStatementEntry 17 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3.1.18
		fltStmtActionArg OBJECT-TYPE
			SYNTAX Integer32
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"Filter statement action argument.  The meaning of this object
				depends on the value of fltStmtAction:
				
				    forward(3)  : An IP address to forward the packet to.  The
				                  value of this object must be non-zero.
				
				All other values of fltStmtAction have no relation to this
				object.  The default is zero."
			DEFVAL { 0 }
			::= { filterStatementEntry 18 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.3.1.19
		fltStmtRowStatus OBJECT-TYPE
			SYNTAX ZhoneRowStatus
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"Zhone convention to support row creation and deletion.
				This is the only object required to create or destroy
				a row in this table."
			::= { filterStatementEntry 19 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.4
		filterStmtRenumTable OBJECT-TYPE
			SYNTAX SEQUENCE OF FilterStmtRenumEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"This table provides a mechanism for renumbering individual
				filter statments within their particular filter spec."
			::= { filter 4 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.4.1
		filterStmtRenumEntry OBJECT-TYPE
			SYNTAX FilterStmtRenumEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"An entry in the filterStmtRenumTable."
			AUGMENTS { filterStatementEntry }
			::= { filterStmtRenumTable 1 }

		
		FilterStmtRenumEntry ::=
			SEQUENCE { 
				fltStmtIndexNew
					Integer32
			 }

		-- 1.3.6.1.4.1.5504.4.1.8.4.1.1
		fltStmtIndexNew OBJECT-TYPE
			SYNTAX Integer32 (1..2147483647)
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"The new statement index for the filter statement.
				Reading this object will return the same value as
				the 'fltStmtIndex' portion of its index.  Writing to 
				this object will cause the corresponding filter statement 
				to be relocated to the position identified by the value 
				written here.  If no statement exists at the current 
				index, 'no such instance' will be returned.  If a
				statement already exists at the new index then 
				'inconsistent value' is returned.
				
				For example, to move the second statement of filter #4
				to the third position  (e.g. to make room for a new
				statement #2), the following SNMP set-request would
				be issued:
				
				            fltStmtIndexNew.4.2 = 3
				
				There is no default value for this object as it is
				derived from the fltStmtIndex."
			::= { filterStmtRenumEntry 1 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.5
		filterStatsTable OBJECT-TYPE
			SYNTAX SEQUENCE OF FilterStatsEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"This table provides ingress and egress IP filter statistics
				for each interface.  This table is indexed by the ifIndex
				of the interface and the direction (ingress or egress) of
				traffic being filtered.  This is a read-only table."
			::= { filter 5 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.5.1
		filterStatsEntry OBJECT-TYPE
			SYNTAX FilterStatsEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"An entry in the filterStatsTable.  There will
				be an entry for each filter provisioned on an 
				interface.  There can be, at most, two filters
				provisioned per interface; one for ingress 
				filtering and the other for egress filtering."
			INDEX { ifIndex, fltStatDirection }
			::= { filterStatsTable 1 }

		
		FilterStatsEntry ::=
			SEQUENCE { 
				fltStatDirection
					INTEGER,
				fltStatResetPkts
					Counter32,
				fltStatPermitPkts
					Counter32,
				fltStatDenyPkts
					Counter32,
				fltStatForwardPkts
					Counter32,
				fltStatRejectPkts
					Counter32,
				fltStatLogPkts
					Counter32,
				fltStatDefaultPkts
					Counter32,
				fltStatSpecVersion
					Unsigned32,
				fltStatSpecIndex
					Integer32
			 }

		-- 1.3.6.1.4.1.5504.4.1.8.5.1.1
		fltStatDirection OBJECT-TYPE
			SYNTAX INTEGER
				{
				ingress(1),
				egress(2)
				}
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"The direction for which this set of statistics
				is kept:  ingress or egress."
			::= { filterStatsEntry 1 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.5.1.2
		fltStatResetPkts OBJECT-TYPE
			SYNTAX Counter32
			UNITS "packets"
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of discarded packets for which a TCP 
				reset packet was sent."
			::= { filterStatsEntry 2 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.5.1.3
		fltStatPermitPkts OBJECT-TYPE
			SYNTAX Counter32
			UNITS "packets"
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of permitted packets."
			::= { filterStatsEntry 3 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.5.1.4
		fltStatDenyPkts OBJECT-TYPE
			SYNTAX Counter32
			UNITS "packets"
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of discarded packets."
			::= { filterStatsEntry 4 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.5.1.5
		fltStatForwardPkts OBJECT-TYPE
			SYNTAX Counter32
			UNITS "packets"
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of packets forwarded to the
				IP address specified in the filter."
			::= { filterStatsEntry 5 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.5.1.6
		fltStatRejectPkts OBJECT-TYPE
			SYNTAX Counter32
			UNITS "packets"
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of discarded packets for which an
				ICMP destination unreachable packet with
				code 13 was sent."
			::= { filterStatsEntry 6 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.5.1.7
		fltStatLogPkts OBJECT-TYPE
			SYNTAX Counter32
			UNITS "packets"
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of logged packets."
			::= { filterStatsEntry 7 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.5.1.8
		fltStatDefaultPkts OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of packets that pass through the filter
				without matching upon which the default action is
				used."
			::= { filterStatsEntry 8 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.5.1.9
		fltStatSpecVersion OBJECT-TYPE
			SYNTAX Unsigned32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The version of the filter being used on this interface."
			::= { filterStatsEntry 9 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.5.1.10
		fltStatSpecIndex OBJECT-TYPE
			SYNTAX Integer32 (1..2147483647)
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The index of the filter specification being used on 
				this interface.  If there is no filter configured
				for an interface, the entry will not exist in this
				table."
			::= { filterStatsEntry 10 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.6
		mcastControl OBJECT-IDENTITY
			STATUS current
			DESCRIPTION 
				"The MIB module representing Multicast control list specifications
				in Zhone Technologies products.  The First application of
				multicast control list is to accept of deny a IGMP request
				to join or leave a IGMP group.  Any IGMP request to join a group
				is accepted only if the group address is available in the Multicast
				Control list pointed by a field in the ip-interface-record."
			::= { filter 6 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.6.1
		mcastControlListTable OBJECT-TYPE
			SYNTAX SEQUENCE OF McastControlListEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"Multicast control list table conatins the one of 
				the IP Address that can be allowed to join to by
				a IGMP join request from IP interface that has the
				the multicast control list in its ip-interfce-profile.
				The address to the table is the multicast control list
				ID and the precedence.  The Row status in the table
				contains indication of whether the row is being created
				or destroyed.
				"
			::= { mcastControl 1 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.6.1.1
		mcastControlListEntry OBJECT-TYPE
			SYNTAX McastControlListEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"An entry in the Multicast Control List."
			INDEX { mcastControlListControlId, mcastControlListControlPrecedence }
			::= { mcastControlListTable 1 }

		
		McastControlListEntry ::=
			SEQUENCE { 
				mcastControlListControlId
					Integer32,
				mcastControlListControlPrecedence
					Integer32,
				mcastControlListRowStatus
					ZhoneRowStatus,
				mcastControlListIpAddress
					IpAddress,
				mcastControlListType
					INTEGER
			 }

		-- 1.3.6.1.4.1.5504.4.1.8.6.1.1.1
		mcastControlListControlId OBJECT-TYPE
			SYNTAX Integer32 (1..2147483647)
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"Description."
			::= { mcastControlListEntry 1 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.6.1.1.2
		mcastControlListControlPrecedence OBJECT-TYPE
			SYNTAX Integer32 (1..2147483647)
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"Description."
			::= { mcastControlListEntry 2 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.6.1.1.3
		mcastControlListRowStatus OBJECT-TYPE
			SYNTAX ZhoneRowStatus
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"Description."
			::= { mcastControlListEntry 3 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.6.1.1.4
		mcastControlListIpAddress OBJECT-TYPE
			SYNTAX IpAddress
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"multicast ip address."
			::= { mcastControlListEntry 4 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.6.1.1.5
		mcastControlListType OBJECT-TYPE
			SYNTAX INTEGER
				{
				normal(1),
				always-on(2),
				periodic(3)
				}
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"Defines the video stream type.
				
				normal - join and leave when desired. Used for video.
				always-on - always joined.  Meant for EBS, not video.
				periodic - will join and leave after task complete.
				           Not meant for video.  Used to download
				           the tv guide."
			DEFVAL { normal }
			::= { mcastControlListEntry 5 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.7
		portAccessControl OBJECT-IDENTITY
			STATUS current
			DESCRIPTION 
				"This MIB represents the port access control list in Zhone 
				products. It is used to control access to internal ports.
				Initially it is used just for TELNET (23) , but in theory 
				could be used for other ports as well."
			::= { filter 7 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.7.1
		portAccessNextIndex OBJECT-TYPE
			SYNTAX Integer32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"Description: A hint for the next free index should the manager
				    want to create a new entry."
			::= { portAccessControl 1 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.7.2
		portAccessTable OBJECT-TYPE
			SYNTAX SEQUENCE OF PortAccessEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"Contains the list of entries that control port access
				on this device."
			::= { portAccessControl 2 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.7.2.1
		portAccessEntry OBJECT-TYPE
			SYNTAX PortAccessEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"This contains the entry that is to be accepted. 
				Currently only used to control access to port 23.
				arg1, arg2 provide IP Address/mask to allow in."
			INDEX { portAccessIndex }
			::= { portAccessTable 1 }

		
		PortAccessEntry ::=
			SEQUENCE { 
				portAccessIndex
					Integer32,
				portAccessRowStatus
					ZhoneRowStatus,
				portAccessNumber
					Integer32,
				portAccessSrcAddr
					IpAddress,
				portAccessNetMask
					IpAddress
			 }

		-- 1.3.6.1.4.1.5504.4.1.8.7.2.1.1
		portAccessIndex OBJECT-TYPE
			SYNTAX Integer32 (1..100)
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"The index of this entry in table. 100 entries should be more
				than enough."
			::= { portAccessEntry 1 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.7.2.1.2
		portAccessRowStatus OBJECT-TYPE
			SYNTAX ZhoneRowStatus
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"Description.: used to create/delete entries in the table."
			::= { portAccessEntry 2 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.7.2.1.3
		portAccessNumber OBJECT-TYPE
			SYNTAX Integer32 (1..1023)
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"PortNumber that this applies to, 1..1023 supported."
			::= { portAccessEntry 3 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.7.2.1.4
		portAccessSrcAddr OBJECT-TYPE
			SYNTAX IpAddress
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"The IP address that we will accept packets from."
			::= { portAccessEntry 4 }

		
		-- 1.3.6.1.4.1.5504.4.1.8.7.2.1.5
		portAccessNetMask OBJECT-TYPE
			SYNTAX IpAddress
			MAX-ACCESS read-create
			STATUS current
			DESCRIPTION
				"portAccessNetMask - used to pass the range that we will accept with regards
				       to portAccessSrcAddr."
			::= { portAccessEntry 5 }

		
	
	END

--
-- comIpFilter.mib
--
