FireBrick FB2500 V0.07.001 documentation
FireBrick FB2500 configuration documentation. Copyright © 2008-11 FireBrick Ltd.
The top level config element contains all of the FireBrick configuration data.
config: Attributes
Attribute | Type | Description | Default |
timestamp | dateTime | Config store time | |
patch | integer | Internal use, for s/w updates that change config syntax | |
config: Elements
Element | Type | Instances | Description |
system | system | Optional | System settings |
user | user | Optional, unlimited | Admin users |
syslog | syslog | Optional | Syslog controls |
services | services | Optional | General system services |
ethernet | ethernet | Optional, unlimited | Physical port controls |
port | portdef | Optional, up to 5 | Port grouping and naming |
interface | interface | Optional, up to 8192 | Config ethernet port/vlan and subnets |
ppp | pppoe | Optional, up to 10 | PPPoE client settings |
route | route (network-base) | Optional, unlimited | Static routes |
network | network (network-base) | Optional, unlimited | List of locally originated networks |
loopback | loopback (network-base) | Optional, unlimited | List of extra local addresses |
bgp | bgp | Optional, up to 10 | BGP config |
cqm | cqm | Optional | Constant Quality Monitoring config |
l2tp | l2tp | Optional | L2TP settings |
fb105 | fb105 | Optional, up to 256 | FB105 tunnel settings |
ping | ping | Optional, up to 100 | Base ping graph settings |
profile | profile | Optional, unlimited | Control profiles |
shaper | shaper | Optional, unlimited | Named traffic shapers |
ip-group | ip-group | Optional, unlimited | Named IP groups |
route-override | route-override | Optional, unlimited | Routing override rules |
rule-set | rule-set | Optional, unlimited | Firewall/mapping rules |
Firewall actions for load sharing
session-share: Attributes
Attribute | Type | Description | Default |
weight | positiveInteger | Weighting of load share | 1 |
set-source-ip | IPAddr | New source IP | |
set-source-port | unsignedShort | New source port | |
set-nat | boolean | Changed source IP and port to local for NAT | |
set-target-ip | IPAddr | New target IP | |
set-target-port | unsignedShort | New target port | |
set-graph | string | Graph name for shaping/logging | |
set-gateway | IPAddr | New gateway | |
set-table | routetable 0-99 | Set new routing table | |
profile | string | Profile name | |
Firewall rule
session-rule: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
source-ip | List of IPNameRange | IP ranges for source IP check | |
source-port | List of PortRange | Source port(s) | |
source-interface | List of string | Source interface(s) | |
target-ip | List of IPNameRange | IP ranges for target IP check | |
target-port | List of PortRange | Target port(s) | |
target-interface | List of string | Target interface(s) | |
protocol | List of unsignedByte | Protocol(s) | |
ip | List of IPNameRange | IP ranges for either IP check | |
interface | List of string | Source or target interface(s) | |
set-source-ip | IPAddr | New source IP | |
set-source-port | unsignedShort | New source port | |
set-nat | boolean | Changed source IP and port to local for NAT | |
set-target-ip | IPAddr | New target IP | |
set-target-port | unsignedShort | New target port | |
set-graph | string | Graph name for shaping/logging | |
set-gateway | IPAddr | New gateway | |
set-table | routetable 0-99 | Set new routing table | |
set-initial-time-out | duration | Initial time-out | |
set-ongoing-time-out | duration | Ongoing time-out | |
log | boolean | Log this session | |
action | firewall-action | If drop/reject then rule checking now and set to drop/reject Also works as drop, which is deprecated | Finish this rule-set and continue to next |
profile | string | Profile name | |
comment | string | Comment | |
session-rule: Elements
Element | Type | Instances | Description |
share | session-share | Optional, unlimited | Load shared actions |
Firewallling rule set with entry crteria and default actions
rule-set: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
table | routetable 0-99 | Applicable routing table | 0 |
source-ip | List of IPNameRange | IP ranges for source IP check | |
source-port | List of PortRange | Source port(s) | |
source-interface | List of string | Source interface(s) | |
target-ip | List of IPNameRange | IP ranges for target IP check | |
target-port | List of PortRange | Target port(s) | |
target-interface | List of string | Target interface(s) | |
protocol | List of unsignedByte | Protocol(s) | |
ip | List of IPNameRange | IP ranges for either IP check | |
interface | List of string | Source or target interface(s) | |
log | boolean | Log this session | |
no-match-action | firewall-action | Default if no rule matches Also works as drop, which is deprecated | |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
rule-set: Elements
Element | Type | Instances | Description |
rule | session-rule | Optional, unlimited | Individual rules, first match applies |
ip-group | ip-group | Optional, unlimited | Named IP groups |
Route override setting for load sharing
session-route-share: Attributes
Attribute | Type | Description | Default |
weight | positiveInteger | Weighting of load share | 1 |
set-gateway | IPAddr | New gateway | |
set-nat | boolean | Changed source IP and port to local for NAT | |
set-graph | string | Graph name for shaping/logging | |
profile | string | Profile name | |
Routing override rule
session-route-rule: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
source-ip | List of IPNameRange | IP ranges for source IP check | |
source-port | List of PortRange | Source port(s) | |
source-interface | List of string | Source interface(s) | |
target-ip | List of IPNameRange | IP ranges for target IP check | |
target-port | List of PortRange | Target port(s) | |
target-interface | List of string | Target interface(s) | |
protocol | List of unsignedByte | Protocol(s) | |
set-gateway | IPAddr | New gateway | |
set-nat | boolean | Changed source IP and port to local for NAT | |
set-graph | string | Graph name for shaping/logging | |
profile | string | Profile name | |
comment | string | Comment | |
session-route-rule: Elements
Element | Type | Instances | Description |
share | session-route-share | Optional, unlimited | Load shared actions |
Routing override rules
route-override: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
table | routetable 0-99 | Applicable routing table | 0 |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
route-override: Elements
Element | Type | Instances | Description |
rule | session-route-rule | Optional, unlimited | Individual rules, first match applies |
Named IP group
ip-group: Attributes
Attribute | Type | Description | Default |
name | string | Name | Not optional |
ip | List of IPRange | One or more IP ranges or IP/len | |
users | List of string | Include IP of logged in web users | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
Settings for a named traffic shaper
shaper: Attributes
Attribute | Type | Description | Default |
name | string | Graph name | Not optional |
egress | unsignedInt | Egress rate limit/target | |
egress-min | unsignedInt | Egress rate limit min | |
egress-max | unsignedInt | Egress rate limit max | |
egress-step | unsignedInt | Egress rate adjust step | |
egress-interval | duration | Egress rate adjust interval | PT1H |
ingress | unsignedInt | Ingress rate limit | |
ingress-min | unsignedInt | Ingress rate limit min | |
ingress-max | unsignedInt | Ingress rate limit max | |
ingress-step | unsignedInt | Ingress rate adjust step | |
ingress-interval | duration | Ingress rate adjust interval | PT1H |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
Ping targets
profile-ping: Attributes
Attribute | Type | Description | Default |
ip | IPAddr | Target IP | Not optional |
ttl | unsignedByte | Time to live / Hop limit | |
flow | unsignedShort | Flow label (IPv6) | |
source-ip | IPAddr | Source IP Also works as source, which is deprecated | |
gateway | IPAddr | Ping via specific gateway | |
Time range test in profiles
profile-time: Attributes
Attribute | Type | Description | Default |
days | Set of day | Which days of week apply, default all | |
start | time | Start time | |
stop | time | End time | |
Time range test in profiles
profile-date: Attributes
Attribute | Type | Description | Default |
start | dateTime | Start date/time | |
stop | dateTime | End date/time | |
General control profile.
If 'set' is set, then profile is overridden manually, else...
If 'or' references an active profile this profile is active, else...
If all tests pass or are not specified then this profile is active.
Profile is active | |
profile: Attributes
Attribute | Type | Description | Default |
name | string | Profile name | Not optional |
log | boolean | Log state changes | true |
interval | duration | Test frequency | 1 |
timeout | duration | Time before timeout (i.e. how long test has been failing for) | 10 |
recover | duration | Time before recover (i.e. how long test has been passing for) | 1 |
vrrp | List of string | VRRP state (and of these is master) | |
fb105 | List of string | FB105 tunnel state (any of these active) | |
ppp | List of string | PPP link state (any of these are up) | |
route | List of IPAddr | IPs, all of which must be routable to pass | |
set | boolean | Manual override, ignore all tests | |
and | List of string | Test: other profiles all active | |
not | string | Test: another profile is not active | |
or | List of string | Active if any of these other profiles active | |
table | routetable 0-99 | Routing table for ping/route | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
profile: Elements
Element | Type | Instances | Description |
date | profile-date | Optional, unlimited | Specific date/time ranges |
time | profile-time | Optional, unlimited | Time ranges |
ping | profile-ping | Optional | Ping test |
Profile is active |
Base ping config - additional ping targets set via web API or other means
ping: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
graph | string | Graph name | |
ip | IPAddr | Far end IP | Not optional |
table | routetable 0-99 | Routing table number for sending syslogs | 0 |
slow | boolean | Slow polling | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
Routes for prefixes that are sent to the FB105 tunnel when up
fb105-route: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
table | routetable 0-99 | Routing table number | 0 |
localpref | unsignedInt | Localpref of network | 4294967295 |
as-path | List of up to 10 unsignedInt | Custom AS path as if network received | |
profile | string | Profile name | |
bgp | bgpmode | BGP announce mode for routes | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
ip | List of IPPrefix | One or more network prefixes | Not optional |
FB105 tunnel definition
Tunnel is up | |
fb105: Attributes
Attribute | Type | Description | Default |
local-id | unsignedByte | Unique local end tunnel ID Also works as id, which is deprecated | Not optional |
remote-id | unsignedByte | Unique remote end tunnel ID | Not optional |
set | unsignedByte | Set ID for reorder ID tagging | |
mtu | unsignedShort | MTU for wrapped packets | 1500 |
name | string | Name | |
table | routetable 0-99 | Routing table number for tunnel wrappers | 0 |
payload-table | routetable 0-99 | Routing table number for payload traffic | Same as table |
graph | string | Graph name | |
ip | IP4Addr | Far end IP | dynamic tunnel |
local-ip | IP4Addr | Force specific local end IP | |
internal-ip | IP4Addr | Internal IP for traffic originated and sent down tunnel | local-ip |
routes | List of IPPrefix | Routes when link up | |
localpref | unsignedInt | Localpref for route | 4294967295 |
bgp | bgpmode | BGP announce mode for routes | |
secret | Secret | Shared secret for tunnel | Unsigned |
sign-all | boolean | All packets must be signed, not just keepalives | false |
fast-udp | boolean | Do not re-order UDP packets | true |
keep-alive | boolean | Constantly send keep alive packets | true if ip set |
tcp-mss-fix | boolean | Adjust MSS option in TCP SYN to fix session MSS | true |
speed | unsignedInt | Egress rate limit used to load balance Also works as egress, which is deprecated | no shaping |
log | boolean | Log information and state changes | true |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
fb105: Elements
Element | Type | Instances | Description |
route | fb105-route (network-base) | Optional, unlimited | Routes to apply to tunnel when up |
Tunnel is up |
Server settings for RADIUS Accounting for L2TP
radius-acct: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
secret | Secret | Shared secret for RADIUS requests | Not optional |
table | routetable 0-99 | Routing table number | |
ip | List of IPAddr | One or more IPs of RADIUS servers (picked at random) | Not optional |
relay-nas-ip | boolean | Pass remote L2TP endpoint as NAS IP | |
fail-count | unsignedInt | How many failures in a row before blacklisting | 20 |
fail-time | duration | How long to blacklist before retrying (secs) | 120 |
attempts | unsignedInt | How many concurrent requests to this server before trying next | 200 |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
timeout | duration | Min retry timeout on RADIUS requests | 20 |
port | unsignedShort | Accounting UDP port | 1813 |
Server settings for RADIUS Authentication for L2TP
radius-auth: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
secret | Secret | Shared secret for RADIUS requests | Not optional |
table | routetable 0-99 | Routing table number | |
ip | List of IPAddr | One or more IPs of RADIUS servers (picked at random) | Not optional |
relay-nas-ip | boolean | Pass remote L2TP endpoint as NAS IP | |
fail-count | unsignedInt | How many failures in a row before blacklisting | 20 |
fail-time | duration | How long to blacklist before retrying (secs) | 120 |
attempts | unsignedInt | How many concurrent requests to this server before trying next | 200 |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
timeout | duration | Min retry timeout on RADIUS requests | 5 |
port | unsignedShort | Authentication UDP port | 1812 |
Rules for relaying L2TP or local authentication
l2tp-relay: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
graph | string | Graph name | |
user-name | List of string | One or more patterns to match user-name | |
password | Secret | Password check | |
calling-station-id | List of string | One or more patterns to match calling-station-id | |
called-station-id | List of string | One or more patterns to match called-station-id | |
remote-ip | IP4Addr | Remote end PPP IPv4 (local auth) | |
localpref | unsignedInt | Localpref for remote-ip/routes | 4294967295 |
routes | List of IPPrefix | Additional routes when link up (local auth) | |
relay-ip | List of IPAddr | Target IP(s) for L2TP connection Also works as target-ip, which is deprecated | |
relay-secret | Secret | Shared secret for L2TP connection Also works as target-secret, which is deprecated | |
relay-hostname | string | Hostname for L2TP connection Also works as target-hostname, which is deprecated | |
test | List of IPAddr | List of IPs that must have routing for this target to be valid (deprecated) | |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
L2TP tunnel settings for incoming L2TP connections
l2tp-incoming: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
hostname | string | Hostname quoted on incoming tunnel | |
secret | Secret | Shared secret | |
graph | string | Graph name | |
table | routetable 0-99 | Routing table number for L2TP session | |
test | List of IPAddr | List of IPs to which routing must exist else tunnel dropped (deprecated) | |
payload-table | routetable 0-99 | Routing table number for payload traffic | |
bgp | bgpmode | BGP announce mode for routes | |
allow | List of IPNameRange | List of IP ranges from which connects can be made | |
mtu | unsignedShort | Default MTU for sessions in this tunnel | |
ipv6ep | IP4Addr | Local end IPv4 for IPv6 tunnels | |
pppip | IP4Addr | Local end PPP IPv4 | |
pppdns1 | IP4Addr | PPP DNS1 IPv4 default | |
pppdns2 | IP4Addr | PPP DNS2 IPv4 default | |
dhcpv6dns | List of IP6Addr | List of IPv6 DNS servers | |
dos-limit | unsignedInt | Per second per session tx packet drop limit for DOS protection | 10000 |
speed | unsignedInt | Default egress rate limit Also works as tx-speed, which is deprecated | |
hdlc | boolean | Send HDLC header (FF03) on all PPP frames | true |
slow-poll | boolean | Reduce poll rate (deprecated) | false |
lcp-rate | unsignedByte | LCP interval (seconds) | 1 |
lcp-timeout | unsignedByte | LCP timeout (seconds) | 10 |
tcp-mss-fix | boolean | Adjust MSS option in TCP SYN to fix session MSS | false |
lcp-mru-fix | boolean | Restart LCP if RAS negotiated MRU is too high | false |
require-platform | boolean | All sessions require a platform RADIUS first | false |
icmp-ppp | boolean | Use PPP endpoint for ICMP | false |
damping | boolean | Apply damping to sessions if limiting on shaper | false |
shutdown | boolean | Refuse all new sessions or tunnels | false |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
l2tp-incoming: Elements
Element | Type | Instances | Description |
match | l2tp-relay | Optional, unlimited | Rules for relaying inbound connections to outbound |
L2TP settings list the incoming and outgoing L2TP connections allowed
l2tp: Attributes
Attribute | Type | Description | Default |
accounting-interval | duration | Periodic interim accounting interval | 3600 |
l2tp: Elements
Element | Type | Instances | Description |
incoming | l2tp-incoming | Optional, unlimited | Incoming L2TP connections |
authentication | radius-auth (radius) | Optional, unlimited | RADIUS authentication server settings |
accounting | radius-acct (radius) | Optional, unlimited | RADIUS accounting server settings |
Constant quality monitoring (graphs and data) have a number of settings. Most of the graphing settings can be overridden when a graph is collected so these define the defaults in many cases.
cqm: Attributes
Attribute | Type | Description | Default |
secret | Secret | Secret for MD5 coded URLs | |
heading | string | Heading of graph | |
subheading | string | Subheading of graph | |
text1 | string | Text line 1 | |
text2 | string | Text line 2 | |
text3 | string | Text line 3 | |
text4 | string | Text line 4 | |
background | Colour | Background colour | white |
graticule | Colour | Graticule colour | grey |
axis | Colour | Axis colour | black |
label-fail | string | Label for seconds (%) failed | Fail |
label-damp | string | Label for % shaper damping | Damp% |
fail | Colour | Colour for failed (dropped) seconds | red |
label-sent | string | Label for seconds polled | Sent |
sent | Colour | Colour for polled seconds | #ff8 |
label-off | string | Label for off line seconds | Off |
off | Colour | Colour for off line seconds | #c8f |
label-min | string | Label for minimum latency | Min |
min | Colour | Colour for minimum latency | blue |
label-ave | string | Label for average latency | Ave |
ave | Colour | Colour for average latency | #0cc |
label-max | string | Label for maximum latency | Max |
max | Colour | Colour for maximum latency | green |
label-tx | string | Label for Tx traffic level Also works as label-down, which is deprecated | Tx |
tx | Colour | Colour for Tx traffic level Also works as down, which is deprecated | #080 |
label-rx | string | Label for Rx traffic level Also works as label-up, which is deprecated | Rx |
rx | Colour | Colour for Rx traffic level Also works as up, which is deprecated | #800 |
text | Colour | Colour for text | black |
outside | Colour | Colour for outer border | transparent |
fblogo | Colour | Colour for logo | #c00 |
label-latency | string | Label for latency | Latency |
label-shaper | string | Label for shaper | Shaper |
label-poll | string | Label for polls | Polls |
label-traffic | string | Label for traffic level | Traffic (bit/s) |
label-time | string | Label for time | Time |
label-score | string | Label for score | Score |
label-period | string | Label for period | Period |
timeformat | string | Time format | %Y-%m-%d %H:%M:%S |
hourformat | string | Hour format | %H |
dateformat | string | Date format | %Y-%m-%d |
dayformat | string | Day format | %a |
key | unsignedByte | Pixels space for key | 90 |
left | unsignedByte | Pixels space left of main graph | 0 |
right | unsignedByte | Pixels space right of main graph | 50 |
top | unsignedByte | Pixels space at top of graph | 4 |
bottom | unsignedByte | Pixels space at bottom of graph | 11 |
fail-level1 | unsignedByte | Loss level 1 | 3 |
fail-score1 | unsignedByte | Score for on/above level 1 | 100 |
fail-level2 | unsignedByte | Loss level 2 | 50 |
fail-score2 | unsignedByte | Score for on/above level 2 | 200 |
latency-level1 | unsignedInt | Latency level 1 (ns) | 100000000 |
latency-score1 | unsignedByte | Score for on/above level 1 | 10 |
latency-level2 | unsignedInt | Latency level 2 (ns) | 500000000 |
latency-score2 | unsignedByte | Score for on/above level 2 | 20 |
latency-usage | unsignedInt | Usage below which latency is not expected | 128000 |
latency-level | unsignedInt | Latency level not expected on low usage | 100000000 |
latency-score | unsignedByte | Score for high latency and low usage | 200 |
fail-usage | unsignedInt | Usage below which fail is not expected | 128000 |
fail-level | unsignedInt | Fail level not expected on low usage | 1 |
fail-score | unsignedByte | Score for fail and low usage | 200 |
An individual rule for BGP mapping/filtering
bgprule: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
drop | boolean | Do not import/export this prefix | false |
detag | List of Community | List of community tags to remove | |
tag | List of Community | List of community tags to add | |
localpref | unsignedInt | Set localpref | 100 |
med | unsignedInt | Set MED | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
prefix | List of IPFilter | Prefixes that this rule applies to | |
This defines the rules for mapping and filtering of prefixes to/from a BGP peer.
bgpmap: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
drop | boolean | Do not import/export this prefix | false |
detag | List of Community | List of community tags to remove | |
tag | List of Community | List of community tags to add | |
localpref | unsignedInt | Set localpref | 100 |
med | unsignedInt | Set MED | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
prefix | List of IPFilter | Drop all that are not in this prefix list | |
bgpmap: Elements
Element | Type | Instances | Description |
match | bgprule (bgpruleaction) | Optional, unlimited | List rules, in order of checking |
The peer definition specifies the attributes of an individual peer. Multiple IP addresses can be specified, typically for IPv4 and IPv6 addresses for the same peer, but this can be used for a group of similar peers.
bgppeer: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
type | peertype | Type of neighbour (affects some defaults) | normal |
ip | List of IPAddr | One or more IPs of neighbours (omit to allow incoming) | |
as | unsignedInt | Peer AS | |
md5 | Secret | MD5 signing secret | |
ttl-security | unsignedByte | Enable RFC5082 TTL security for specified number of hops (set to 1 for adjacent router) and set both ends | |
holdtime | unsignedInt | Hold time | 30 |
timer-openwait | unsignedInt | Time to wait for OPEN on connection | 10 |
timer-retry | unsignedInt | Time to retry the neighbour | 10 |
timer-idle | unsignedInt | Idle time after error | 60 |
capability-mpe-ipv4 | boolean | If supporting MPE for IPv4 | true |
capability-mpe-ipv6 | boolean | If supporting MPE for IPv6 | true |
capability-as4 | boolean | If supporting AS4 | true |
capability-graceful-restart | boolean | If supporting Graceful Restart | true |
capability-route-refresh | boolean | If supporting Route Refresh | true |
same-ip-type | boolean | Only accept/send IPv4 routes to IPv4 peers and IPv6 routes to IPv6 peers | true |
next-hop-self | boolean | Force us as next hop outbound | false |
allow-own-as | boolean | Allow our AS inbound | |
add-own-as | boolean | Add our AS on exported routes | |
in-soft | boolean | Mark received routes as soft | |
no-fib | boolean | Don't include received routes in packet forwarding | |
allow-only-their-as | boolean | Only accept routes that are solely the peers AS | |
allow-export | boolean | Ignore no-export community and export anyway | |
drop-default | boolean | Ignore default route received | false |
ignore-bad-optional-partial | boolean | Ignore routes with a regognised badly formed optional that is flagged partial | true |
shutdown | boolean | Shutdown this neighbour | |
log | boolean | Log inbound route updates | |
pad | unsignedByte | Pad our AS by this many | |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
max-prefix | bgp-prefix-limit 1-1000 | Limit prefixes (IPv4+IPv6) | 10000 |
bgppeer: Elements
Element | Type | Instances | Description |
import | bgpmap (bgpruleaction) | Optional, unlimited | Mapping and filtering rules of accepting prefixes from peer |
export | bgpmap (bgpruleaction) | Optional, unlimited | Mapping and filtering rules of announcing prefixes to peer |
The BGP element defines general BGP settings and a list of peer definitions for the individual BGP peers.
bgp: Elements
Element | Type | Instances | Description |
peer | bgppeer (bgppeer-base) | Optional, up to 50 | List of peers/neighbours |
Loopback addresses define local IP addresses
loopback: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
table | routetable 0-99 | Routing table number | 0 |
localpref | unsignedInt | Localpref of network | 4294967295 |
as-path | List of up to 10 unsignedInt | Custom AS path as if network received | |
profile | string | Profile name | |
bgp | bgpmode | BGP announce mode for routes | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
ip | List of IPAddr | One or more local network addresses | Not optional |
Network settings define prefixes which are to be announced by some routing protocol but do not actually have a routing entry.
network: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
table | routetable 0-99 | Routing table number | 0 |
localpref | unsignedInt | Localpref of network | 4294967295 |
as-path | List of up to 10 unsignedInt | Custom AS path as if network received | |
profile | string | Profile name | |
bgp | bgpmode | BGP announce mode for routes | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
ip | List of IPPrefix | One or more local network prefixes | Not optional |
Static routes define prefixes which are permanently in the routing table, and whether these should be announced by routing protocols or not.
route: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
table | routetable 0-99 | Routing table number | 0 |
localpref | unsignedInt | Localpref of network | 4294967295 |
as-path | List of up to 10 unsignedInt | Custom AS path as if network received | |
profile | string | Profile name | |
bgp | bgpmode | BGP announce mode for routes | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
speed | unsignedInt | Egress rate limit | |
graph | string | Graph name | |
ip | List of IPPrefix | One or more local network prefixes | Not optional |
gateway | List of IPAddr | One or more target gateway IPs | |
Routes that apply when link is up
ppp-route: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
table | routetable 0-99 | Routing table number | 0 |
localpref | unsignedInt | Localpref of network | 4294967295 |
as-path | List of up to 10 unsignedInt | Custom AS path as if network received | |
profile | string | Profile name | |
bgp | bgpmode | BGP announce mode for routes | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
ip | List of IPPrefix | One or more local network prefixes | Not optional |
PPPoE client endpoint settings
PPP is up | |
pppoe: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
port | string | Physical port number, or port group name Also works as ports, which is deprecated | 0 |
Internal port group ID | |
Our MAC offset | |
vlan | vlan 0-4095 | VLAN ID (0=untagged) | 0 |
service | string | Service name | Any service |
ac-name | string | Access concentrator name | Any a/c name |
username | string | User name | |
password | Secret | User password | |
mtu | unsignedShort | MTU for link | 1492 |
speed | unsignedInt | Default egress rate limit | |
tcp-mss-fix | boolean | Adjust MSS option in TCP SYN to fix session MSS | true |
slow-poll | boolean | Reduce LCP poll rate and timeout by factor of 16 (deprecated) | false |
lcp-rate | unsignedByte | LCP interval (seconds) | 10 |
lcp-timeout | unsignedByte | LCP timeout (seconds) | 61 |
routes | List of IPPrefix | Routes when link up | Default gateway |
localpref | unsignedInt | Localpref for route | 4294967295 |
bgp | bgpmode | BGP announce mode for routes | |
table | routetable 0-99 | Routing table number for payload | From interface |
local | IP4Addr | Local IPv4 address | |
remote | IP4Addr | Remote IPv4 address | |
graph | string | Graph name | |
log | boolean | Log PPP negotiation and state change | |
mode | pppoe-mode | PPPoE server/client mode | client |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
pppoe: Elements
Element | Type | Instances | Description |
route | ppp-route (network-base) | Optional, unlimited | Routes to apply when ppp link is up |
PPP is up |
Internal port group ID |
Our MAC offset |
Additional DHCP server attributes (IP)
dhcp-attr-ip: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
id | unsignedByte | Attribute type code | Not optional |
value | IP4Addr | Value | Not optional |
force | boolean | Send even if not requested | |
comment | string | Comment | |
Additional DHCP server attributes (number)
dhcp-attr-number: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
id | unsignedByte | Attribute type code | Not optional |
value | unsignedInt | Value | Not optional |
force | boolean | Send even if not requested | |
comment | string | Comment | |
Additional DHCP server attributes (string)
dhcp-attr-string: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
id | unsignedByte | Attribute type code | Not optional |
value | string | Value | Not optional |
force | boolean | Send even if not requested | |
comment | string | Comment | |
Additional DHCP server attributes (hex)
dhcp-attr-hex: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
id | unsignedByte | Attribute type code | Not optional |
value | hexBinary | Value | Not optional |
force | boolean | Send even if not requested | |
comment | string | Comment | |
Settings for DHCP server
dhcps: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
ip | List of IP4Range | Address pool | 0.0.0.0/0 |
mac | List of up to 12 macprefix (hexBinary) | Partial or full MAC addresses | |
client-name | string | Client name match | |
class | string | CLass match | |
gateway | List of IP4Addr | Gateway | Our IP |
dns | List of IP4Addr | DNS resolvers | Our IP |
time | List of IP4Addr | Time server | Our IP |
ntp | List of IP4Addr | NTP server | From system settings |
syslog | List of IP4Addr | Syslog server | From system settings |
domain | string | DNS domain | From system settings |
boot | IP4Addr | Next/boot server | |
boot-file | string | Boot filename | |
lease | duration | Lease length | PT2H |
force | boolean | Send all options ever if not requested | |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
dhcps: Elements
Element | Type | Instances | Description |
send | dhcp-attr-hex | Optional, unlimited | Additional attributes to send |
send-string | dhcp-attr-string | Optional, unlimited | Additional string attributes to send |
send-number | dhcp-attr-number | Optional, unlimited | Additional numeric attributes to send |
send-ip | dhcp-attr-ip | Optional, unlimited | Additional IP attributes to send |
VRRP settings provide virtual router redundancy for the FireBrick.
Profile inactive does not disable vrrp but forces vrrp low priority.
Profile is active | |
vrrp: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
ip | List of IP4Addr | One or more IP addresses to annouce | Not optional |
vrid | unsignedByte | VRID | Not optional |
priority | unsignedByte | Normal priority | 100 |
interval | unsignedByte | Transit interval (sec) | 1 |
preempt | boolean | Whether pre-empt allowed | true |
test | List of IPAddr | List of IPs to which routing must exist else low priority (deprecated) | |
low-priority | unsignedByte | Lower priority applicable until routing established | 1 |
delay | unsignedInt | Delay after routing established before priority returns to normal | 10 |
use-vmac | boolean | Whether to use the special VMAC or use normal MAC | false |
answer-ping | boolean | Whether to answer PING to VRRP IPs when master | true |
log-errors | boolean | Log errors | false |
log | boolean | Log state changes | true |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
Profile is active |
Subnet settings define the IP address(es) of the FireBrick, and also allow default routes to be set.
subnet: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
ip | List of IPSubnet | One or more IP/len | Automatic by DHCP |
gateway | List of IPAddr | One or more gateways to install | |
ra | ramode | If to announce IPv6 RA for this subnet | false |
ra-max | ra-max 4-1800 | Max RA send interval | 600 |
ra-min | ra-min 3-1350 | Min RA send interval | |
ra-managed | dhcpv6control | RA 'M' (managed) flag | |
ra-other | dhcpv6control | RA 'O' (other) flag | |
ra-profile | string | Profile, if inactive then forces low priority RA | |
ra-mtu | unsignedShort | MTU to use on RA | As subnet |
ra-dns | List of IP6Addr | List of recursive DNS servers in route announcements Also works as rdnss, which is deprecated | |
localpref | unsignedInt | Localpref for subnet | 4294967295 |
bgp | bgpmode | BGP announce mode for routes | |
mtu | unsignedShort | MTU for subnet | |
ttl | unsignedByte | TTL for originating traffic via subnet | 64 |
arp-timeout | unsignedShort | Max lifetime on ARP and ND | 60 |
broadcast | boolean | If broadcast address allowed | false |
proxy-arp | boolean | Answer ARP/ND by proxy if we have routing | false |
nat | boolean | Short cut to set nat default mode on all IPv4 traffic from subnet (can be overridden by firewall rules) | false |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
The interface definition relates to a specific physical port and VLAN. It includes subnets and VRRP that apply to that interface.
interface: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
port | string | Physical port number, or port group name Also works as ports, which is deprecated | 1 |
Internal port group ID | |
vlan | vlan 0-4095 | VLAN ID (0=untagged) | 0 |
graph | string | Graph name | |
mtu | unsignedShort | MTU for this interface | 1500 |
ra-client | boolean | Accept IPv6 RA and create auto config subnets and routes Also works as ra, which is deprecated | true |
table | routetable 0-99 | Routing table applicable | 0 |
ping | IPAddr | Ping address to add loss/latency to graph for interface | |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
interface: Elements
Element | Type | Instances | Description |
subnet | subnet | Optional, unlimited | Define subnet |
vrrp | vrrp | Optional, unlimited | Define VRRP settings |
dhcp | dhcps | Optional, unlimited | DHCP server settings |
Internal port group ID |
Port grouping and naming
portdef: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
ports | Set of port | Physical port(s) Also works as port, which is deprecated | Not optional |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
Physical port attributes
ethernet: Attributes
Attribute | Type | Description | Default |
port | port | Physical port | Not optional |
autoneg | boolean | Perform link auto-negotiation | true |
shutdown | boolean | Power down this port | false |
crossover | Crossover | Port crossover configuration | auto |
speed | LinkSpeed | Speed setting for this port | auto |
duplex | LinkDuplex | Duplex setting for this port | auto |
flow | LinkFlow | Flow control setting | none |
clocking | LinkClock | Gigabit clock setting | prefer-master |
yellow | LinkLED | Yellow LED setting | Tx |
green | LinkLED | Green LED setting | Link/Activity |
Rules for matching RADIUS requests
platform-radius-match: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
target-ip | List of IPAddr | Target IP(s) for L2TP connection | |
target-secret | Secret | Shared secret for L2TP connection | |
target-hostname | string | Hostname for L2TP connection | |
relay-ip | List of IPAddr | Address to copy RADIUS request | |
relay-port | unsignedShort | Authentication UDP port for copy RADIUS request | 1812 |
relay-table | routetable 0-99 | Routing table number for copy of RADIUS request | |
nsn-conditional | boolean | Only send NSN settings if username is not same as calling station id | |
nsn-tunnel-user-auth-method | unsignedInt | Additional response for GGSN usage | |
nsn-tunnel-override-username | unsignedByte | Additional response for GGSN usage | |
tunnel-client-return | boolean | Return tunnel client as radius IP | |
tunnel-assignment-id | string | Tunnel Assignment ID to send | |
class | string | Class field to send | |
dummy-ip | boolean | Send dummy framed IP response | true |
tagged | boolean | Tag all attributes that can be | |
test | List of IPAddr | List of IPs that must have routing for this target to be valid (deprecated) | |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
user-name | List of string | One or more patterns to match user-name | |
calling-station-id | List of string | One or more patterns to match calling-station-id | |
called-station-id | List of string | One or more patterns to match called-station-id | |
Platform RADIUS server and proxy definitions
platform-radius: Attributes
Attribute | Type | Description | Default |
name | string | Name | |
target-ip | List of IPAddr | Target IP(s) for L2TP connection | |
target-secret | Secret | Shared secret for L2TP connection | |
target-hostname | string | Hostname for L2TP connection | |
relay-ip | List of IPAddr | Address to copy RADIUS request | |
relay-port | unsignedShort | Authentication UDP port for copy RADIUS request | 1812 |
relay-table | routetable 0-99 | Routing table number for copy of RADIUS request | |
nsn-conditional | boolean | Only send NSN settings if username is not same as calling station id | |
nsn-tunnel-user-auth-method | unsignedInt | Additional response for GGSN usage | |
nsn-tunnel-override-username | unsignedByte | Additional response for GGSN usage | |
tunnel-client-return | boolean | Return tunnel client as radius IP | |
tunnel-assignment-id | string | Tunnel Assignment ID to send | |
class | string | Class field to send | |
dummy-ip | boolean | Send dummy framed IP response | true |
tagged | boolean | Tag all attributes that can be | |
test | List of IPAddr | List of IPs that must have routing for this target to be valid (deprecated) | |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
port | unsignedShort | Authentication UDP port | 1812 |
acct-port | unsignedShort | Accounting UDP port | 1813 |
secret | Secret | Shared secret for RADIUS requests (needed for replies) | |
platform-radius: Elements
Element | Type | Instances | Description |
match | platform-radius-match (platform-radius-target) | Optional, unlimited | Matching rules for specific responses |
Web management pages
dns-service: Attributes
Attribute | Type | Description | Default |
table | routetable 0-99 | Routing table number | 0 |
allow | List of IPNameRange | List of IP ranges from which service can be accessed | |
log | boolean | Log | true |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
domain | string | Our domain | |
resolvers | List of IPAddr | Recursive DNS resolvers to use | |
Web management pages
http-service: Attributes
Attribute | Type | Description | Default |
table | routetable 0-99 | Routing table number | 0 |
allow | List of IPNameRange | List of IP ranges from which service can be accessed | |
log | boolean | Log | true |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
port | unsignedShort | Service port | 80 |
trusted | List of IPNameRange | List of IP ranges from which trusted access is allowed | |
Telnet control interface
telnet-service: Attributes
Attribute | Type | Description | Default |
table | routetable 0-99 | Routing table number | 0 |
allow | List of IPNameRange | List of IP ranges from which service can be accessed | |
log | boolean | Log | true |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
port | unsignedShort | Service port | 23 |
The NTP settings define how the system clock is set, from what servers, and controls for dalylight saving (summer time).
The defaults are those that apply to the EU
ntp-service: Attributes
Attribute | Type | Description | Default |
table | routetable 0-99 | Routing table number | 0 |
allow | List of IPNameRange | List of IP ranges from which service can be accessed | |
log | boolean | Log | true |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
timeserver | List of IPNameAddr | List of time servers (IP or hostname) from which time may be set by ntp | |
tz1-name | string | Timezone 1 name | GMT |
tz1-offset | duration | Timezone 1 offset from UTC | 00:00:00 |
tz12-month | month | Timezone 1 to 2 month | Mar |
tz12-date | datenum 1-31 | Timezone 1 to 2 earliest date in month | 25 |
tz12-day | day | Timezone 1 to 2 day of week of change | Sun |
tz12-time | duration | Timezone 1 to 2 local time of change | 01:00:00 |
tz2-name | string | Timezone 2 name | BST |
tz2-offset | duration | Timezone 2 offset from UTC | 01:00:00 |
tz21-month | month | Timezone 2 to 1 month | Oct |
tz21-date | datenum 1-31 | Timezone 2 to 1 earliest date in month | 25 |
tz21-day | day | Timezone 2 to 1 day of week of change | Sun |
tz21-time | duration | Timezone 2 to 1 local time of change | 02:00:00 |
The SNMP service has general service settings and also specific attributes for SNMP such as community
snmp-service: Attributes
Attribute | Type | Description | Default |
table | routetable 0-99 | Routing table number | 0 |
allow | List of IPNameRange | List of IP ranges from which service can be accessed | |
log | boolean | Log | true |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
port | unsignedShort | Service port | 161 |
community | string | Community string | public |
System services are various generic services that the system provides, and allows access controls and settings for these to be specified.
The service is only active if the corresponding element is included in services, otherwise it is disabled.
services: Elements
Element | Type | Instances | Description |
snmp | snmp-service (service) | Optional | SNMP server settings |
ntp | ntp-service (service) | Optional | NTP client settings (server not implimented yet) |
telnet | telnet-service (service) | Optional | Telnet server settings |
http | http-service (service) | Optional | HTTP server settings |
dns | dns-service (service) | Optional | DNS service settings |
platform-radius | platform-radius (platform-radius-target) | Optional | Platform RADIUS server/proxy settings |
Syslog settings specify where logging is to be sent using syslog.
syslog: Attributes
Attribute | Type | Description | Default |
server | IPAddr | Server IP address | Not optional |
port | unsignedShort | Server port | 514 |
severity | syslog-severity | Log events that are this severe or more | NOTICE |
facility | syslog-facility | Facility for log | LOCAL0 |
table | routetable 0-99 | Routing table number for sending syslogs | 0 |
log | boolean | Log one second debug stats | true |
User names, passwords and abilities for admin users
user: Attributes
Attribute | Type | Description | Default |
name | username (string) | User name | Not optional |
Last IP used (starts 0 for IP4) | |
Login expiry | |
full-name | string | Full name | |
password | Password | User password | |
timeout | duration | Login idle timeout | PT5M |
config | config-access | Config access level | full |
level | user-level | Login level | ADMIN |
otp | string | OTP serial number | |
allow | List of IPNameRange | Restrict logins to be from specific IP addresses | |
profile | string | Profile name | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
Last IP used (starts 0 for IP4) |
Login expiry |
The system settings are the top level attributes of the system which apply globally.
system: Attributes
Attribute | Type | Description | Default |
name | string | System hostname | |
sw-update-profile | string | Profile name for when to load new s/w | |
contact | string | Contact name | |
location | string | Location description | |
intro | string | Home page text | |
fast-reboot | boolean | Debug - causes fast reboot on new code load | |
dos-limit | unsignedInt | Interrupt DoS packet limit, leave at default | 1000 |
dos-delay | unsignedInt | Interrupt DoS restoration counter, leave at default | 2 |
sw-update | autoloadtype | Load new software automatically | factory |
nat64 | IP6Prefix | IPv6 NAT6/4 mapping prefix | |
nat64-source | IP4Addr | IPv6 NAT6/4 return IPv4 | |
source | string | Source of data, used in automated config management | |
comment | string | Comment | |
Tag | Description |
continue | Continue rule-set checking |
accept | Allow but no more rule-set checking |
reject | End all rule checking now and set to send ICMP reject |
drop | End all rule checking now and set to drop |
true | Same as drop, deprecated (deprecated) |
Peer type controls many of the defaults for a peer setting. It allows typical settings to be defined with one attribute that reflects the type of peer.
Tag | Description |
normal | Normal BGP operation |
transit | EBGP Mark received as no-export |
peer | EBGP Mark received as no-export, only accept peer AS |
customer | EBGP Allow export as if confederate, only accept peer AS |
internal | IBGP allowing own AS |
reflector | IBGP allowing own AS and working in route reflector mode |
confederate | EBGP confederate |
ixp | Internet exchange point peer on route server |
Tag | Description |
client | Normal PPPoE client connects to access controller |
bras-l2tp | PPPoE server mode linked to L2TP operation |
BGP mode defines the default advertisement mode for prefixes, based on well-known community tags
Tag | Description |
false | Not included in BGP at all |
no-advertise | Not included in BGP, not advertised at all |
no-export | Not normally exported from local AS/confederation |
local-as | Not exported from local AS |
no-peer | Exported with no-peer community tag |
true | Exported as normal with no special tags added |
Tag | Description |
false | Don't set bit or answer on DHCPv6 |
true | Set bit but do not answer on DHCPv6 |
dhcpv6 | Set bit and do answer on DHCPv6 |
IPv6 route announcement mode and level
Tag | Description |
false | Do not announce |
low | Announce as low priority |
medium | Announce as medium priority |
high | Announce as high priority |
true | Announce as default (medium) priority |
Tag | Description |
Link/Activity | On when link up; blink when Tx or Rx activity |
Link1000/Activity | On when link up at 1G; blink when Tx or Rx activity |
Link100/Activity | On when link up at 100M; blink when Tx or Rx activity |
Link10/Activity | On when link up at 10M; blink when Tx or Rx activity |
Link100-1000/Activity | On when link up at 100M or 1G; blink when Tx or Rx activity |
Link10-1000/Activity | On when link up at 10M or 1G; blink when Tx or Rx activity |
Link10-100/Activity | On when link up at 10M or 100M; blink when Tx or Rx activity |
Duplex/Collision | On when full-duplex; blink when half-duplex and collisions detected |
Collision | Blink when collisions detected |
Tx | Blink when Tx activity |
Rx | Blink when Rx activity |
Off | Permanently off |
On | Permanently on |
Link | On when link up |
Link1000 | On when link up at 1G |
Link100 | On when link up at 100M |
Link10 | On when link up at 10M |
Link100-1000 | On when link up at 100M or 1G |
Link10-1000 | On when link up at 10M or 1G |
Link10-100 | On when link up at 10M or 100M |
Duplex | On when full-duplex |
Tag | Description |
prefer-master | Master status negotiated; preference for master |
prefer-slave | Master status negotiated; preference for slave |
force-master | Master status forced |
force-slave | Slave status forced |
Tag | Description |
none | No flow control |
symmetric | Can support two-way flow control |
send-pauses | Can send pauses but does not support pause reception |
any | Can receive pauses and may send pauses if required |
Tag | Description |
half | Half-duplex |
full | Full-duplex |
auto | Duplex determined by autonegotiation |
Tag | Description |
10M | 10Mbit/sec |
100M | 100Mbit/sec |
1G | 1Gbit/sec |
auto | Speed determined by autonegotiation |
Physical port crossover configuration.
Tag | Description |
auto | Crossover is determined automatically |
MDI | Force no crossover |
Tag | Description |
1 | Port 1 |
2 | Port 2 |
3 | Port 3 |
4 | Port 4 |
Tag | Description |
Sun | Sunday |
Mon | Monday |
Tue | Tuesday |
Wed | Wednesday |
Thu | Thursday |
Fri | Friday |
Sat | Saturday |
Tag | Description |
Jan | January |
Feb | February |
Mar | March |
Apr | April |
May | May |
Jun | June |
Jul | July |
Aug | August |
Sep | September |
Oct | October |
Nov | November |
Dec | December |
Syslog facility, usually used to control which log file the syslog is written to.
Tag | Description |
KERN | Kernel messages |
USER | User level messges |
MAIL | Mail system |
DAEMON | System Daemons |
AUTH | Security/auth |
SYSLOG | Internal to syslogd |
LPR | Printer |
NEWS | News |
UUCP | UUCP |
CRON | Cron deamon |
AUTHPRIV | private security/auth |
FTP | File transfer |
12 | Unused |
13 | Unused |
14 | Unused |
15 | Unused |
LOCAL0 | Local 0 |
LOCAL1 | Local 1 |
LOCAL2 | Local 2 |
LOCAL3 | Local 3 |
LOCAL4 | Local 4 |
LOCAL5 | Local 5 |
LOCAL6 | Local 6 |
LOCAL7 | Local 7 |
Log severity - different loggable events log at different levels.
Tag | Description |
EMERG | System is unstable |
ALERT | Action must be taken immediately |
CRIT | Critical conditions |
ERR | Error conditions |
WARNING | Warning conditions |
NOTICE | Normal but significant events |
INFO | Informational |
DEBUG | Debug level messages |
NO-LOGGING | No logging |
User login level - commands available are restricted according to assigned level.
Tag | Description |
NOBODY | Unknown or not logged in user |
GUEST | Guest user |
USER | Normal unprivileged user |
ADMIN | System administrator |
DEBUG | System debugger |
Tag | Description |
none | No access unless explicitly listed |
view | View only access (no passwords) |
read | Read only access (with passwords) |
full | Full view and edit access |
Tag | Description |
false | Do no auto load |
factory | Load factory releases |
beta | Load beta test releases |
alpha | Load test releases |
Basic types