gk-proxy — format of gk-proxy component configuration
General syntax rules of Kernun Firewall configuration files are described in configuration(7). This man page describes types, sections and items specific for the gk-proxy component configuration.
Repeatable sections/items are marked by
the '*' before section/item name.
Configuration directives have attributes of several value-types. For the basic types description, see configuration(7).
Enumeration is a list of words (names) representing integer values. Some enumerations accept both names and direct integer values; in this case, enumeration description contains values for every name (in parenthesis next to name). For other enumerations, using of names is obligatory.
The following enumerations are used in gk-proxy configuration directives:
yes-no (see common(5))direction (see common(5))ip-version (see common(5))osi4-proto (see common(5))time-cond (see common(5))zip-mode (see common(5))obligation (see common(5))week-day (see time(5))month (see time(5))auth-method (see auth(5))source-address-mode (see source-address(5))source-port-mode (see source-address(5))transparency (see acl(5))user-auth-spec (see acl(5))doctype-ident-method (see acl(5))dbglev (see log(5))logfail-mode (see log(5))listen-on-sock (see listen-on(5))Configuration of gk-proxy library component consists of following prototypes:
* gk-proxy name { ... }
gk-proxy name {
phase ... ;
* tag ... ;
log-debug { ... }
log-stats { ... }
use-resolver ... ;
cfg-resolution ... ;
monitoring { ... }
stats-daily { ... }
stats-weekly { ... }
stats-monthly { ... }
nodaemon ... ;
singleproc ... ;
app-user ... ;
idle-timeout ... ;
run-block-sigalrm ... ;
listen-on { ... }
udpserver { ... }
source-address ... ;
doctype-identification { ... }
map-file ... ;
* session-acl name { ... }
}
H.323 GateKeeper Proxy configuration.
gk-proxy section is derived from
proxy section prototype.
For detail description of it, see application(5).
gk-proxy section:Section tcpserver is not valid.
Section UDPSERVER required.
RAS Yellow Pages File name must be specified.
At least one SESSION-ACL must be specified (proxy must be named in some SYSTEM.ACL.SERVICES).
monitoring (see monitoring(5))Monitoring is not functional in H.323 proxies in this version.
listen-on.non-transparent (see listen-on(5))Element port is optional, default: 1719.
Element proto is optional, default: udp.
GK proxy cannot bind address [0.0.0.0].
listen-on.transparent (see listen-on(5))Element port is optional, default: 1719.
Element proto is optional, default: udp.
map-file name;RAS Yellow Pages File.
This file name must be identical with one defined in H.323 Proxy.
name (type: str)session-acl name {
* from ... ;
* to ... ;
* time ... ;
time-period-set { ... }
deny ... ;
accept ... ;
* doctype-ident-order ... ;
rule ... ;
idle-timeout ... ;
idle-timeout-peer ... ;
source-address ... ;
plug-to ... ;
session-timeout ... ;
register ... ;
h323-address ... ;
client-altq ... ;
server-altq ... ;
}
session-acl section is derived from
acl-1 section prototype.
For detail description of it, see acl(5).
session-acl section:Item user is not valid.
Item auth is not valid.
Item H323-ADDRESS required.
Item REGISTER required.
idle-timeout (see acl(5))Element seconds is optional, default: 120.
session-timeout [seconds];Maximum duration of session.
seconds (type: uint31, optional, default: 0)Duration in seconds (0 = unlimited).
register client;register [force] addr;Address to be registered on gatekeeper.
source-port-mode, optional, default: force)addr (type: sock)Use specified address.
h323-address addr;Listening Address of H.323 Proxy
addr (type: sock)client-altq altq;ALTQ queue for data sent to client.
altq (type: name of pf-queue, see pf-queue(5))queue name
server-altq altq;ALTQ queue for data sent to server.
altq (type: name of pf-queue, see pf-queue(5))queue name
[End of section gk-proxy.session-acl description.]
[End of section gk-proxy description.]