Subversion Repositories configs

Rev

Rev 4 | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
4 - 1
#
2
#	Configuration file for the rlm_attr_filter module.
3
#	Please see rlm_attr_filter(5) manpage for more information.
4
#
34 - 5
#	$Id: 76c644b100656f8bd45e768b13cbcf140ce5a770 $
4 - 6
#
7
#	This file contains security and configuration information
8
#	for each realm. The first field is the realm name and
9
#	can be up to 253 characters in length. This is followed (on
10
#	the next line) with the list of filter rules to be used to
11
#	decide what attributes and/or values we allow proxy servers
12
#	to pass to the NAS for this realm.
13
#
14
#	When a proxy-reply packet is received from a home server,
15
#	these attributes and values are tested. Only the first match
16
#	is used unless the "Fall-Through" variable is set to "Yes".
17
#	In that case the rules defined in the DEFAULT case are
18
#	processed as well.
19
#
20
#	A special realm named "DEFAULT" matches on all realm names.
21
#	You can have only one DEFAULT entry. All entries are processed
22
#	in the order they appear in this file. The first entry that
23
#	matches the login-request will stop processing unless you use
24
#	the Fall-Through variable.
25
#
26
#	Indented (with the tab character) lines following the first
27
#	line indicate the filter rules.
28
#
29
#	You can include another `attrs' file with `$INCLUDE attrs.other'
30
#
31
 
32
#
33
# This is a complete entry for realm "fisp". Note that there is no
34
# Fall-Through entry so that no DEFAULT entry will be used, and the
35
# server will NOT allow any other a/v pairs other than the ones
36
# listed here.
37
#
38
# These rules allow:
39
#     o  Only Framed-User Service-Types ( no telnet, rlogin, tcp-clear )
40
#     o  PPP sessions ( no SLIP, CSLIP, etc. )
41
#     o  dynamic ip assignment ( can't assign a static ip )
42
#     o  an idle timeout value set to 600 seconds (10 min) or less
43
#     o  a max session time set to 28800 seconds (8 hours) or less
44
#
45
#fisp
46
#	Service-Type == Framed-User,
47
#	Framed-Protocol == PPP,
48
#	Framed-IP-Address == 255.255.255.254,
49
#	Idle-Timeout <= 600,
50
#	Session-Timeout <= 28800
51
 
52
#
53
# This is a complete entry for realm "tisp". Note that there is no
54
# Fall-Through entry so that no DEFAULT entry will be used, and the
55
# server will NOT allow any other a/v pairs other than the ones
56
# listed here.
57
#
58
# These rules allow:
59
#       o Only Login-User Service-Type ( no framed/ppp sessions )
60
#       o Telnet sessions only ( no rlogin, tcp-clear )
61
#       o Login hosts of either 192.168.1.1 or 192.168.1.2
62
#
63
#tisp
64
#	Service-Type == Login-User,
65
#	Login-Service == Telnet,
66
#	Login-TCP-Port == 23,
67
#	Login-IP-Host == 192.168.1.1,
68
#	Login-IP-Host == 192.168.1.2
69
 
70
#
71
# The following example can be used for a home server which is only
72
# allowed to supply a Reply-Message, a Session-Timeout attribute of
73
# maximum 86400, a Idle-Timeout attribute of maximum 600 and a
74
# Acct-Interim-Interval attribute between 300 and 3600.
75
# All other attributes sent back will be filtered out.
76
#
77
#strictrealm
78
#	Reply-Message =* ANY,
79
#	Session-Timeout <= 86400,
80
#	Idle-Timeout <= 600,
81
#	Acct-Interim-Interval >= 300,
82
#	Acct-Interim-Interval <= 3600
83
 
84
#
85
# This is a complete entry for realm "spamrealm". Fall-Through is used,
86
# so that the DEFAULT filter rules are used in addition to these.
87
#
88
# These rules allow:
89
#       o Force the application of Filter-ID attribute to be returned
90
#         in the proxy reply, whether the proxy sent it or not.
91
#       o The standard DEFAULT rules as defined below
92
#
93
#spamrealm
94
#	Framed-Filter-Id := "nosmtp.in",
95
#	Fall-Through = Yes
96
 
97
#
98
# The rest of this file contains the DEFAULT entry.
99
# DEFAULT matches with all realm names. (except if the realm previously
100
# matched an entry with no Fall-Through)
101
#
102
 
103
DEFAULT
104
	Service-Type == Framed-User,
105
	Service-Type == Login-User,
106
	Login-Service == Telnet,
107
	Login-Service == Rlogin,
108
	Login-Service == TCP-Clear,
109
	Login-TCP-Port <= 65536,
110
	Framed-IP-Address == 255.255.255.254,
111
	Framed-IP-Netmask == 255.255.255.255,
112
	Framed-Protocol == PPP,
113
	Framed-Protocol == SLIP,
114
	Framed-Compression == Van-Jacobson-TCP-IP,
115
	Framed-MTU >= 576,
116
	Framed-Filter-ID =* ANY,
117
	Reply-Message =* ANY,
118
	Proxy-State =* ANY,
119
	EAP-Message =* ANY,
120
	Message-Authenticator =* ANY,
121
	MS-MPPE-Recv-Key =* ANY,
122
	MS-MPPE-Send-Key =* ANY,
123
	MS-CHAP-MPPE-Keys =* ANY,
124
	State =* ANY,
125
	Session-Timeout <= 28800,
126
	Idle-Timeout <= 600,
34 - 127
        Calling-Station-Id =* ANY,
128
        Operator-Name =* ANY,
4 - 129
	Port-Limit <= 2