xsd.firewall.xsd Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of model Show documentation
Support an hardware description language to automatically configure bindings.
The newest version!
??<?xml version="1.0" encoding="UTF-16"?>

<!-- edited with XMLSpy v2005 rel. 3 U (http://www.altova.com) by Ermida (nasone s.p.a.) -->

<schema xmlns:netml="http://www.xmlnetwork.org" xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.xmlnetwork.org" elementFormDefault="qualified">

	<!--include schemaLocation="network_types.xsd"/-->

	<include schemaLocation="list.xsd"/>

	<include schemaLocation="static.xsd"/>

	<annotation>

		<documentation>XML Schema to define the firewalling rules and ACL.

	          author Daniele Cerra

	          version 0.1</documentation>

	</annotation>

	<element name="FwallConf">

		<complexType>

			<sequence>

				<element name="fw_id" type="string"/>

				<element name="link" type="string" minOccurs="0" maxOccurs="unbounded"/>

				<element name="acl" type="netml:acl_type"/>

				<element name="nat" type="netml:nat_type" minOccurs="0"/>

			</sequence>

		</complexType>

	</element>

	<complexType name="acl_type">

		<sequence>

			<element name="name" type="normalizedString"/>

			<element name="effect" type="token" minOccurs="0"/>

			<element name="policy" type="netml:default_policy_type" minOccurs="0"/>

				<!--complexType>

					<sequence>

						<element name="in" type="netml:default_policy_type" minOccurs="0"/>

						<element name="out" type="netml:default_policy_type" minOccurs="0"/>

					</sequence>

				</complexType>

			</element-->

			<element name="construct" type="netml:construct_type" maxOccurs="unbounded"/>

		</sequence>

	</complexType>

	<complexType name="construct_type">

		<sequence>

			<element name="rule" type="netml:rule_type" maxOccurs="unbounded"/>

		</sequence>

		<attribute name="name" type="normalizedString"/>

		<attribute name="description" type="normalizedString"/>

	</complexType>

	<!--simpleType name="direction_type">

		<restriction base="string">

			<enumeration value="in"/>

			<enumeration value="out"/>

		</restriction>

	</simpleType-->

	<simpleType name="default_policy_type">

		<restriction base="string">

			<enumeration value="accept"/>

			<enumeration value="deny"/>

		</restriction>

	</simpleType>

	<complexType name="rule_type">

		<all>

			<element name="action" type="netml:action_type"/>

			<element name="protocol" type="netml:protocol_type" minOccurs="0"/>

			<element name="source" type="netml:ipPref" minOccurs="0"/>

			<!--element name="sourcemask" type="ipPref" minOccurs="0"/-->

			<element name="destination" type="netml:ipPref" minOccurs="0"/>

			<!--element name="destmask" type="ipPref" minOccurs="0"/-->

			<element name="interface" type="netml:interf_type" minOccurs="0"/>

			<element name="log" type="netml:log_type" minOccurs="0"/>

			<element name="options" type="netml:option_type" minOccurs="0"/>

		</all>

		<attribute name="id" type="string" use="optional"/>

	</complexType>

	<simpleType name="protocol_type">

		<restriction base="string">

			<enumeration value="tcp"/>

			<enumeration value="icmp"/>

			<enumeration value="udp"/>

			<enumeration value="all"/>

		</restriction>

	</simpleType>

	<simpleType name="action_type">

		<restriction base="token">

			<enumeration value="permit"/>

			<enumeration value="deny"/>

			<enumeration value="reject"/>

		</restriction>

	</simpleType>

	<complexType name="interf_type">

		<sequence>

			<element name="direction" type="token" minOccurs="0"/>

			<element name="via" minOccurs="0">

				<simpleType>

					<union memberTypes="netml:ipPre_type netml:loopback"/>

				</simpleType>

			</element>

		</sequence>

	</complexType>

	<simpleType name="loopback">

		<restriction base="token">

			<pattern value="lo0|eth[0123456789]+"/>

		</restriction>

	</simpleType>

	<complexType name="option_type">

		<sequence>

			<element name="TcpFlag" type="netml:tcpflag" minOccurs="0" maxOccurs="7"/>

			<!--element name="TcpOption" type="integer" minOccurs="0"/-->

			<element name="IcmpType" type="netml:icmptype" minOccurs="0"/>

			<!--maxOccurs="15"/-->

			<element name="sourceport" type="netml:port" minOccurs="0" maxOccurs="15"/>

			<element name="sourceports" type="netml:portrange" minOccurs="0"/>

			<!--element name="sourcemulti" type="multiport" minOccurs="0"/-->

			<element name="destport" type="netml:port" minOccurs="0" maxOccurs="15"/>

			<element name="destports" type="netml:portrange" minOccurs="0"/>

			<!--element name="destmulti" type="multiport" minOccurs="0"/>

			<element name="mac_source" type="string" minOccurs="0"/-->

			<element name="state" type="netml:state_type" minOccurs="0"/>

			<element name="fragmented" minOccurs="0"/>

			<element name="TOS" type="string" minOccurs="0"/>

			<element name="TTL" type="integer" minOccurs="0"/>

			<!--element name="interval" type="integer" minOccurs="0"/-->

		</sequence>

	</complexType>

	<simpleType name="icmptype">

		<union memberTypes="netml:icmptype_n netml:icmptype_string"/>

	</simpleType>

	<simpleType name="icmptype_string">

		<restriction base="string">

			<enumeration value="echo-reply"/>

			<enumeration value="dst-unreach"/>

			<enumeration value="source-quench"/>

			<enumeration value="redirect"/>

			<enumeration value="echo-request"/>

			<enumeration value="router-ad"/>

			<enumeration value="router-sol"/>

			<enumeration value="ttl-exceed"/>

			<enumeration value="header-bad"/>

			<enumeration value="ts-request"/>

			<enumeration value="ts-reply"/>

			<enumeration value="info-request"/>

			<enumeration value="info-reply"/>

			<enumeration value="add-mask-request"/>

			<enumeration value="add-mask-reply"/>

		</restriction>

	</simpleType>

	<simpleType name="icmptype_n">

		<restriction base="integer">

			<minInclusive value="0"/>

			<maxInclusive value="41"/>

		</restriction>

	</simpleType>

	<simpleType name="tcpflag">

		<restriction base="token">

			<enumeration value="SYN"/>

			<enumeration value="ACK"/>

			<enumeration value="FIN"/>

			<enumeration value="RST"/>

			<enumeration value="PSH"/>

			<enumeration value="URG"/>

			<!--enumeration value="ALL"/-->

		</restriction>

	</simpleType>

	<complexType name="log_type">

		<sequence/>

		<attribute name="level" type="netml:lognumber"/>

	</complexType>

	<simpleType name="lognumber">

		<restriction base="int">

			<minInclusive value="0"/>

			<maxInclusive value="7"/>

		</restriction>

	</simpleType>

	<complexType name="port">

		<simpleContent>

			<extension base="netml:port_type">

				<attribute name="negate" type="boolean" default="false"/>

			</extension>

		</simpleContent>

	</complexType>

	<simpleType name="port_type">

		<union memberTypes="netml:simpleport string"/>

	</simpleType>

	<simpleType name="simpleport">

		<restriction base="integer">

			<minInclusive value="0"/>

			<maxInclusive value="65535"/>

		</restriction>

	</simpleType>

	<complexType name="portrange">

		<sequence>

			<element name="from" type="netml:port_type"/>

			<element name="to" type="netml:port_type"/>

		</sequence>

		<attribute name="negate" type="boolean" default="false"/>

	</complexType>

	<!--simpleType name="multiport">

	<restriction base="string">

	<pattern value="(([1-6]?[0-9]?[0-9]?[0-9]?[0-9]),)+([1-6]?[0-9]?[0-9]?[0-9]?[0-9])"/>

	</restriction>

	</simpleType-->

	<complexType name="multiport">

		<sequence>

			<element name="port" type="netml:port" maxOccurs="15"/>

		</sequence>

	</complexType>

	<simpleType name="ipPre_type">

		<restriction base="string">

			<pattern value="(([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(/([1-2]?[0-9]|3[0-2]))?|any"/>

		</restriction>

	</simpleType>

	<simpleType name="ipPrefMask">

		<restriction base="string">

			<pattern value="(([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"/>

		</restriction>

	</simpleType>

	<complexType name="ipPref">

		<simpleContent>

			<extension base="netml:ipPre_type">

				<attribute name="mask" type="netml:ipPrefMask"/>

			</extension>

		</simpleContent>

	</complexType>

	<simpleType name="state_type">

		<restriction base="string">

			<enumeration value="established"/>

			<enumeration value="new"/>

		</restriction>

	</simpleType>

	<complexType name="nat_type">

	<sequence>

	<element name="translate" type="netml:masquerade_type" minOccurs="0" nillable="true"/>

	<element name="redirect" type="netml:nat_redirect" minOccurs="0" maxOccurs="unbounded"/>

	</sequence>

	</complexType>

	<complexType name="masquerade_type">

	<simpleContent>

	<extension base="netml:ipPre_type_NAT">

	<attribute name="interface" type="string" use="required"/>

	</extension>

	</simpleContent>

	</complexType>



	<simpleType name="ipPre_type_NAT">

	<union memberTypes="netml:ipPre_type netml:blank_line"/>

	</simpleType>



	<simpleType name="blank_line">

	<restriction base="string">

	<enumeration value=""/>

	</restriction>

	</simpleType>

	 

	<complexType name="nat_redirect">

	<sequence>

	<element name="protocol" type="netml:redirect_protocol" minOccurs="0"/>

	<element name="hostport" type="netml:simpleport"/>

	<element name="target" type="netml:ipPre_type"/>

	<element name="targetport" type="netml:simpleport"/>

	</sequence>

	<attribute name="interface" type="string" use="required"/>

	</complexType>

	<simpleType name="redirect_protocol">

	<restriction base="string">

	<enumeration value="tcp"/>

	<enumeration value="udp"/>

	</restriction>

	</simpleType>

</schema>