1 marek 1.1 // Copyright (c) 2005 DMTF. All rights reserved.
2 [Version ( "2.8.0" ),
3 UMLPackagePath ( "CIM::Policy" ),
4 Description (
5 "PacketFilterCondition specifies packet selection criteria (via "
6 "association to FilterLists) for firewall policies, IPsec "
7 "policies and similar uses. It is used as an anchor point to "
8 "associate various types of filters with policy rules via the "
9 "FilterOfPacketCondition association. By definition, policy "
10 "rules that aggregate PacketFilterCondition are assumed to "
11 "operate against every packet received and/or transmitted from "
12 "an ingress and/or egress point. (Whether policy condition "
13 "evaluation occurs at ingress or egress is specified by the "
14 "Direction property in the associated FilterList.) "
15 "PacketFilterCondition MAY also be used to define the specific "
16 "CredentialManagementService that validates the credentials "
17 "carried in a packet. This is accomplished using the "
18 "association, AcceptCredentialFrom. \n"
19 "\n"
20 "Associated objects (such as FilterListsor Credential "
21 "ManagementServices) represent components of the condition that "
22 marek 1.1 "MAY or MAY NOT apply at a given rule evaluation. For example, "
23 "an AcceptCredentialFrom evaluation is only performed when a "
24 "credential is available to be evaluated and compared against "
25 "the list of trusted credential management services. Similarly, "
26 "a PeerIDPayloadFilterEntry MAY only be evaluated when an ID "
27 "payload is available for checking. Condition components that "
28 "do not have applicability at rule evaluation time, MUST be "
29 "evaluated to TRUE." ),
30 MappingStrings { "IPSP Policy Model.IETF|SACondition" }]
31 class CIM_PacketFilterCondition : CIM_PolicyCondition {
32
33
34 };
|