5.9. ip_acl

This module exposes hooks the pre-flight execution of checks and applies user-specified ACLs to possible prevent the execution of the check.

loader

C

image

ip_acl.so

5.9.1. Module Configuration

5.9.2. Check Configuration

Example 5.10. Loading the ip_acl module.

This example loads the ip_acl module and creates a "global" ACL that denies any check running against the host 4.2.2.1 and the entier 10.0.0.0 RFC1819 space.

      <noit>
        <modules>
          <generic image="ip_acl" name="ip_acl" />
        </modules>
        <checks>
          <config xmlns:ip_acl="noit://module/ip_acl">
            <ip_acl:global/>
          </config>
        </checks>
        <acls>
          <acl name="global">
            <rule type="deny">4.2.2.1/32</rule>
            <rule type="deny">10.0.0.0/8</rule>
          </acl>
        </acls>
      </noit>