Route Permission Table
Use
The route permission table contains the host names and port numbers of the predecessor and successor points on the route (from the SAProuter's point of view), as well as the passwords required to set up the connection (corresponds to a substring). It is used to specify which connections are allowed and which prohibited by SAProuter. It also specifies whether SNC connections are set up and if so, which ones.
Syntax of Entries in a Route Permission Table
|
Entry |
Syntax |
|---|---|
|
Standard entries |
P/S/D <source-host> <dest-host> <dest-server> <password> |
|
SNC entries for inbound requests |
KT <SNC name src-host> <src-host> <src-serv> |
|
SNC entries for outbound requests |
KT <SNC name dest-host> <dest-host> <dest-serv> |
|
KD, KP, and KS entries |
K<D/P/S> <SNC name source-host> <dest-host> <dest-serv> <password> |
Row Starts of the Route Permission Table
The beginning of the line can be as follows:
| Entry | Meaning |
|---|---|
|
P (Permit) |
Triggers the SAProuter to open the connection. P (permit) entries can contain a password. SAProuter checks whether this password corresponds to that sent by the client. Directly after the P, you can specify the maximum number of SAProuters permitted before and after this SAProuter on the route for the connection to be allowed: Pv,n. v is the maximum number of preceding SAProuters on this route, and n is the maximum number of following SAProuters. |
|
S (Secure) |
Only permits connections with the NI protocol. Connections with other protocols, for example TCP, are not permitted. With Sv,n you can determime the number of preceding and succeeding SAProuters on the route, the same as you can with P. |
|
D (Deny) |
Prevents the connection from being set up. |
|
KT (Key Target) |
This defines which connections should be SNC connections. This can be defined for both incoming and outgoing connections (from the point of view of this SAProuter). |
| K<D/P/S> |
The (encrypted) SNC connection is set up if the route string contains the correct <password>. |
|
# |
With # you can insert comment lines. |
Specifying Outbound Hosts, Destination Host and Port of Destination Host
| Element | |
|---|---|
| <source-host> |
This element describes the host from where the connection comes (from the view point of the SAProuter). Here you can specify a host name, an IP address, or an IP subnetwork. <source-host> can be a SAProuter. |
| <dest-host> |
With the <dest-host> element you can specify the host to which the connection is to go (from the view point of the SAProuter). Here you can specify a host name, an IP address, or an IP subnetwork. <dest-host> can be a SAProuter. |
| <dest-serv> |
With the <dest-serv> element you can specify the port of the destination host. Here you can also specify port ranges by separating the two ports that enclose the port range with a point. If <dest-serv> has value 3200.3298, this means connections to the target server on all ports between 3200 and 3298. |
Evaluation of the Route Permission Table
The following rules apply when the SAProuter evaluates the route permission table.
-
First Match:
The lines in the route permission table are evaluated from top to bottom. The first entry in the route permission table for which the source address, destination address, and destination port match determines whether a connection is permitted or denied.
- No Match
If there is no matching entry in the table for a route, the connection is denied. It behaves as though the last line were a
D * * *.