Appendix M. Configuration Objects

Table of Contents

M.1. Top level
M.1.1. config: Top level config
M.2. Objects
M.2.1. system: System settings
M.2.2. link: Web links
M.2.3. routing-table: Default source IP for services using a given table
M.2.4. user: Admin users
M.2.5. eap: User access controlled by EAP
M.2.6. log: Log target controls
M.2.7. log-syslog: Syslog logger settings
M.2.8. log-email: Email logger settings
M.2.9. services: System services
M.2.10. http-service: Web service settings
M.2.11. dns-service: DNS service settings
M.2.12. dns-host: Fixed local DNS host settings
M.2.13. dns-block: Fixed local DNS blocks
M.2.14. radius-service: RADIUS service definition
M.2.15. radius-service-match: Matching rules for RADIUS service
M.2.16. radius-server: RADIUS server settings
M.2.17. mqtt-service: MQTT
M.2.18. mqtts-config: Secure MQTTS service
M.2.19. mqtt-config: Insecure MQTT service
M.2.20. mqtt-external: External MQTT/MQTTS connection
M.2.21. mqtt-map: MQTT message mapping
M.2.22. telnet-service: Telnet service settings
M.2.23. snmp-service: SNMP service settings
M.2.24. time-service: System time server settings
M.2.25. ethernet: Physical port controls
M.2.26. sampling: Packet sampling configuration
M.2.27. portdef: Port grouping and naming
M.2.28. interface: Port-group/VLAN interface settings
M.2.29. subnet: Subnet settings
M.2.30. subnet-template: Subnet option templates for RA
M.2.31. dhcp6-client: DHCPv6 Client
M.2.32. vrrp: VRRP settings
M.2.33. dhcps: DHCP server settings
M.2.34. dhcp-attr-hex: DHCP server attributes (hex)
M.2.35. dhcp-attr-string: DHCP server attributes (string)
M.2.36. dhcp-attr-number: DHCP server attributes (numeric)
M.2.37. dhcp-attr-ip: DHCP server attributes (IP)
M.2.38. pppoe: PPPoE settings
M.2.39. ppp-route: PPP routes
M.2.40. usb: USB 3G/dongle settings
M.2.41. dongle: 3G/dongle settings
M.2.42. route: Static routes
M.2.43. network: Locally originated networks
M.2.44. blackhole: Dead end networks
M.2.45. loopback: Locally originated networks
M.2.46. ospf: Overall OSPF settings
M.2.47. namedbgpmap: Mapping and filtering rules of BGP prefixes
M.2.48. bgprule: Individual mapping/filtering rule
M.2.49. bgp: Overall BGP settings
M.2.50. bgppeer: BGP peer definitions
M.2.51. bgpmap: Mapping and filtering rules of BGP prefixes
M.2.52. cqm: Constant Quality Monitoring settings
M.2.53. l2tp: L2TP settings
M.2.54. l2tp-outgoing: L2TP settings for outgoing L2TP connections
M.2.55. l2tp-incoming: L2TP settings for incoming L2TP connections
M.2.56. l2tp-relay: Relay and local authentication rules for L2TP
M.2.57. fb105: FB105 tunnel definition
M.2.58. fb105-route: FB105 routes
M.2.59. ipsec-ike: IPsec configuration (IKEv2)
M.2.60. ike-connection: connection configuration
M.2.61. ipsec-route: IPsec tunnel routes
M.2.62. ike-roaming: IKE roaming IP pools
M.2.63. ike-proposal: IKE security proposal
M.2.64. ipsec-proposal: IPsec AH/ESP proposal
M.2.65. ipsec-manual: peer configuration
M.2.66. ping: Ping/graph definition
M.2.67. profile: Control profile
M.2.68. profile-date: Test passes if within any of the time ranges specified
M.2.69. profile-time: Test passes if within any of the date/time ranges specified
M.2.70. profile-ping: Test passes if any addresses are pingable
M.2.71. shaper: Traffic shaper
M.2.72. shaper-override: Traffic shaper override based on profile
M.2.73. ip-group: IP Group
M.2.74. route-override: Routing override rules
M.2.75. session-route-rule: Routing override rule
M.2.76. session-route-share: Route override load sharing
M.2.77. rule-set: Firewall/mapping rule set
M.2.78. session-rule: Firewall rules
M.2.79. session-share: Firewall load sharing
M.2.80. voip: Voice over IP config
M.2.81. carrier: VoIP carrier details
M.2.82. telephone: VoIP telephone authentication user details
M.2.83. tone: Tone definitions
M.2.84. ringgroup: Ring groups
M.2.85. directory: Directory entry
M.2.86. etun: Ether tunnel
M.2.87. dhcp-relay: DHCP server settings for remote / relayed requests
M.3. Data types
M.3.1. user-level: User login level
M.3.2. ppp-dump: PPP dump format
M.3.3. autoloadtype: Type of s/w auto load
M.3.4. lacp-hot-standby: LACP hot standby mode
M.3.5. config-access: Type of access user has to config
M.3.6. eap-subsystem: Subsystem with EAP access control
M.3.7. eap-method: EAP access method
M.3.8. syslog-severity: Syslog severity
M.3.9. syslog-facility: Syslog facility
M.3.10. http-mode: HTTP/HTTPS security mode
M.3.11. radiuspriority: Options for controlling platform RADIUS response priority tagging
M.3.12. radiustype: Type of RADIUS server
M.3.13. mqtt-brokers: Select MQTT brokers
M.3.14. month: Month name (3 letter)
M.3.15. day: Day name (3 letter)
M.3.16. port: Physical port
M.3.17. Crossover: Crossover configuration
M.3.18. LinkSpeed: Physical port speed
M.3.19. LinkDuplex: Physical port duplex setting
M.3.20. LinkFlow: Physical port flow control setting
M.3.21. LinkClock: Physical port Gigabit clock master/slave setting
M.3.22. LinkLED: LED settings
M.3.23. LinkPower: PHY power saving options
M.3.24. LinkFault: Link fault type to send
M.3.25. sampling-protocol: Sampling protocol
M.3.26. trunk-mode: Trunk port mode
M.3.27. ramode: IPv6 route announce level
M.3.28. bgpmode: BGP announcement mode
M.3.29. sampling-mode: Sampling mode
M.3.30. sfoption: Source filter option
M.3.31. pppoe-mode: Type of PPPoE connection
M.3.32. pppoe-calling: Additional prefix on PPPoE calling ID
M.3.33. pppoe-calling-suffix: Main calling ID
M.3.34. pdp-context-type: Type of IP connection
M.3.35. ipsec-type: IPsec encapsulation type
M.3.36. ipsec-auth-algorithm: IPsec authentication algorithm
M.3.37. ipsec-crypt-algorithm: IPsec encryption algorithm
M.3.38. peertype: BGP peer type
M.3.39. radius-nas: NAS IP to report
M.3.40. ike-authmethod: authentication method
M.3.41. ike-mode: connection setup mode
M.3.42. ike-PRF: IKE Pseudo-Random Function
M.3.43. ike-DH: IKE Diffie-Hellman group
M.3.44. ike-ESN: IKE Sequence Number support
M.3.45. ipsec-encapsulation: Manually keyed IPsec encapsulation mode
M.3.46. switch: Profile manual setting
M.3.47. chksum-action: Handling of TCP/UDP packet checksum
M.3.48. dynamic-graph: Type of dynamic graph
M.3.49. firewall-action: Firewall action
M.3.50. privacy-type: Privacy tag to use for withheld
M.3.51. voip-format: Number presentation format
M.3.52. uknumberformat: Number formatting option
M.3.53. recordoption: Recording option
M.3.54. voip-screen: Call screen setting
M.3.55. ring-group-order: Order of ring
M.3.56. ring-group-type: Type of ring when one call in queue
M.3.57. voip-screen-set: Directory screen setting
M.3.58. record-beep-option: Record beep option
M.4. Basic types

This appendix defines the object definitions used in the FireBrick FB2700 configuration. Copyright © 2008-2023 FireBrick Ltd.

M.1. Top level

M.1.1. config: Top level config

The top level config element contains all of the FireBrick configuration data.

Table M.1. config: Attributes

AttributeTypeDefaultDescription
ip IPAddr -Config store IP address
patch integer -Internal use, for s/w updates that change config syntax
serial string -Serial number
timestamp dateTime -Config store time, set automatically when config is saved
version string -Code version
who string -Config store username

Table M.2. config: Elements

ElementTypeInstancesDescription
bgp bgp Optional, up to 100BGP config
bgp-filter namedbgpmap Optional, unlimitedMapping and filtering rules for use with BGP peers
blackhole blackhole Optional, unlimitedBlack hole (dropped packets) networks
cqm cqm OptionalConstant Quality Monitoring config
dhcp-relay dhcp-relay Optional, unlimitedDHCP server settings for remote / relayed requests
eap eap Optional, unlimitedUser access control via EAP
ethernet ethernet Optional, unlimitedEthernet port settings
etun etun Optional, unlimitedEther tunnel (RFC3378)
fb105 fb105 Optional, up to 255FB105 tunnel settings
interface interface Optional, up to 8192Ethernet interface (port-group/vlan) and subnets
ip-group ip-group Optional, unlimitedNamed IP groups
ipsec-ike ipsec-ike OptionalIPsec connection settings
l2tp l2tp OptionalL2TP settings
log log Optional, up to 63Log target controls
loopback loopback Optional, unlimitedExtra local addresses
network network Optional, unlimitedLocally originated networks
nowhere blackhole Optional, unlimitedDead end (icmp error) networks
ospf ospf Optional, unlimitedOSPF config (experimental)
ping ping Optional, up to 500Base ping graph settings
port portdef Optional, up to 8Port grouping and naming
ppp pppoe Optional, up to 50PPPoE settings
profile profile Optional, unlimitedControl profiles
route route Optional, unlimitedStatic routes
route-override route-override Optional, unlimitedRouting override rules
routing-tables routing-table Optional, unlimitedRouting table settings
rule-set rule-set Optional, unlimitedFirewall/mapping rules
sampling sampling OptionalSampling parameters
services services OptionalGeneral system services
shaper shaper Optional, unlimitedNamed traffic shapers
system system OptionalSystem settings
usb usb OptionalUSB and 3G/dongle settings
user user Optional, unlimitedAdmin users
voip voip OptionalVoIP config