TUBS-IBR-LINUX-NETFILTER-MIB
File:
TUBS-IBR-LINUX-NETFILTER-MIB.mib (20836 bytes)
Imported modules
Imported symbols
Defined Types
| LnfTarget |
|
| This data type represents an action that is about to
be applied to a packet.
none(1): No action, except increasing counters.
other(2): An unknown extension action which cannot
be described by the values specified below.
drop(3): Drop the packet on the floor.
accept(4): Let the packet through.
queue(5): Pass the packet to userspace.
return(6): Stop traversing this chain and resume at the
next rule in the previous (calling) chain.
chain(7): Jump to the user chain specified by a
related object.
|
| TEXTUAL-CONVENTION |
|
|
|
| |
INTEGER |
none(1), other(2), drop(3), accept(4), queue(5), return(6), chain(7) |
|
| LnfTableEntry |
|
| SEQUENCE |
|
|
|
| |
lnfTableAddressType |
InetAddressType |
|
| |
lnfTableName |
SnmpAdminString |
|
| |
lnfTableLastChange |
TimeStamp |
|
| LnfChainEntry |
|
| SEQUENCE |
|
|
|
| |
lnfChainName |
SnmpAdminString |
|
| |
lnfChainPackets |
Counter64 |
|
| |
lnfChainOctets |
Counter64 |
|
| |
lnfChainTarget |
LnfTarget |
|
| |
lnfChainLastChange |
TimeStamp |
|
| |
lnfChainStorage |
StorageType |
|
| |
lnfChainStatus |
RowStatus |
|
| LnfRuleEntry |
|
| SEQUENCE |
|
|
|
| |
lnfRuleIndex |
Unsigned32 |
|
| |
lnfRuleProtocol |
Unsigned32 |
|
| |
lnfRuleProtocolInv |
TruthValue |
|
| |
lnfRuleSourceAddress |
InetAddress |
|
| |
lnfRuleSourceAddressPrefixLength |
InetAddressPrefixLength |
|
| |
lnfRuleSourceAddressInv |
TruthValue |
|
| |
lnfRuleDestinationAddress |
InetAddress |
|
| |
lnfRuleDestinationAddressPrefixLength |
InetAddressPrefixLength |
|
| |
lnfRuleDestinationAddressInv |
TruthValue |
|
| |
lnfRuleInInterface |
SnmpAdminString |
|
| |
lnfRuleInInterfaceInv |
TruthValue |
|
| |
lnfRuleOutInterface |
SnmpAdminString |
|
| |
lnfRuleOutInterfaceInv |
TruthValue |
|
| |
lnfRuleFragment |
TruthValue |
|
| |
lnfRuleFragmentInv |
TruthValue |
|
| |
lnfRulePackets |
Counter64 |
|
| |
lnfRuleOctets |
Counter64 |
|
| |
lnfRuleTarget |
LnfTarget |
|
| |
lnfRuleTargetChain |
SnmpAdminString |
|
| |
lnfRuleTrapEnable |
TruthValue |
|
| |
lnfRuleLastChange |
TimeStamp |
|
| |
lnfRuleStorage |
StorageType |
|
| |
lnfRuleStatus |
RowStatus |
|
Defined Values
| lnfMIB |
1.3.6.1.4.1.1575.1.13 |
| Experimental MIB module for the Linux 2.4 netfilter
subsystem. |
| MODULE-IDENTITY |
|
|
|
| lnfObjects |
1.3.6.1.4.1.1575.1.13.1 |
| OBJECT IDENTIFIER |
|
|
|
| lnfTraps |
1.3.6.1.4.1.1575.1.13.2 |
| OBJECT IDENTIFIER |
|
|
|
| lnfLastChange |
1.3.6.1.4.1.1575.1.13.1.1 |
| The time of the last netfilter configuration change of any kind,
including any creation, deletion or modification of any table of this
MIB. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
TimeStamp |
|
|
| lnfTableTable |
1.3.6.1.4.1.1575.1.13.1.2 |
| A list of all tables installed on the netfilter subsystem. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
SEQUENCE OF |
|
|
| |
|
LnfTableEntry |
|
| lnfTableEntry |
1.3.6.1.4.1.1575.1.13.1.2.1 |
| An entry describing a particular netfilter table. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
LnfTableEntry |
|
|
| lnfTableAddressType |
1.3.6.1.4.1.1575.1.13.1.2.1.1 |
| The address type for which the netfilter table works. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
InetAddressType |
ipv4(1), ipv6(2) |
|
| lnfTableName |
1.3.6.1.4.1.1575.1.13.1.2.1.2 |
| The name of the netfilter table. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
SnmpAdminString |
Size(0..32) |
|
| lnfTableLastChange |
1.3.6.1.4.1.1575.1.13.1.2.1.3 |
| The time of the last modification of this netfilter
table, including the creation or deletion of a netfilter
chain that belongs to this table. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
TimeStamp |
|
|
| lnfChainTable |
1.3.6.1.4.1.1575.1.13.1.3 |
| A list of all chains installed on the netfilter
subsystem. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
SEQUENCE OF |
|
|
| |
|
LnfChainEntry |
|
| lnfChainEntry |
1.3.6.1.4.1.1575.1.13.1.3.1 |
| An entry describing a particular netfilter chain. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
LnfChainEntry |
|
|
| lnfChainName |
1.3.6.1.4.1.1575.1.13.1.3.1.1 |
| The netfilter chain to which the rule belongs. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
SnmpAdminString |
Size(0..32) |
|
| lnfChainPackets |
1.3.6.1.4.1.1575.1.13.1.3.1.2 |
| The number of packets that passed this chain since
the rule was installed or reset. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Counter64 |
|
|
| lnfChainOctets |
1.3.6.1.4.1.1575.1.13.1.3.1.3 |
| The number of octets that passed this chain since
the chain was installed or reset. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Counter64 |
|
|
| lnfChainTarget |
1.3.6.1.4.1.1575.1.13.1.3.1.4 |
| The action that shall be applied to a packet if no rule
within the chain matches. Note that user-defined chains
only allow return(6). |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
LnfTarget |
drop(3), accept(4), return(6) |
|
| lnfChainLastChange |
1.3.6.1.4.1.1575.1.13.1.3.1.5 |
| The time of the last modification of this netfilter
chain, including the creation or deletion of a netfilter
rule that belongs to this chain. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
TimeStamp |
|
|
| lnfChainStorage |
1.3.6.1.4.1.1575.1.13.1.3.1.6 |
| This object defines whether this row is kept in
volatile storage and lost upon reboot or whether it
is backed up by stable storage or builtin. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
StorageType |
|
|
| lnfChainStatus |
1.3.6.1.4.1.1575.1.13.1.3.1.7 |
| This object is used to create and delete rows in the
lnfChainTable. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
RowStatus |
|
|
| lnfRuleTable |
1.3.6.1.4.1.1575.1.13.1.4 |
| A list of all rules installed on the netfilter
subsystem. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
SEQUENCE OF |
|
|
| |
|
LnfRuleEntry |
|
| lnfRuleEntry |
1.3.6.1.4.1.1575.1.13.1.4.1 |
| An entry describing a particular netfilter rule. Rules
of different netfilter tables and chains are
distinguished by the corresponding index objects. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
LnfRuleEntry |
|
|
| lnfRuleIndex |
1.3.6.1.4.1.1575.1.13.1.4.1.1 |
| A unique number identifying the rule within a netfilter
chain. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
Unsigned32 |
|
|
| lnfRuleProtocol |
1.3.6.1.4.1.1575.1.13.1.4.1.2 |
| The protocol of the rule. The number zero matches all
protocols. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
Unsigned32 |
0..255 |
|
| lnfRuleProtocolInv |
1.3.6.1.4.1.1575.1.13.1.4.1.3 |
| This flag specifies whether the lnfRuleProtocol test
has to be inverted. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| lnfRuleSourceAddress |
1.3.6.1.4.1.1575.1.13.1.4.1.4 |
| The source address of a packet. The exact format depends
on the address type specified by lnfRuleAddressType.
This test is applied for an address prefix whose length
is specified by lnfRuleSourceAddressPrefixLength.
If a new row is created this object should default to
an all-zeros value with a length approrpiate for the
corresponding lnfRuleAddressType object value. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
InetAddress |
|
|
| lnfRuleSourceAddressInv |
1.3.6.1.4.1.1575.1.13.1.4.1.6 |
| This flag specifies whether the lnfRuleSourceAddress
and lnfRuleSourceAddressPrefixLength test has to
be inverted. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| lnfRuleDestinationAddress |
1.3.6.1.4.1.1575.1.13.1.4.1.7 |
| The destination address of a packet. The exact format
depends on the address type specified by
lnfRuleAddressType. This test is applied for an address
prefix whose length is specified by
lnfRuleDestinationAddressPrefixLength.
If a new row is created this object should default to
an all-zeros value with a length approrpiate for the
corresponding lnfRuleAddressType object value. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
InetAddress |
|
|
| lnfRuleDestinationAddressInv |
1.3.6.1.4.1.1575.1.13.1.4.1.9 |
| This flag specifies whether the lnfRuleDestinationAddress
and lnfRuleDestinationAddressPrefixLength test has to
be inverted. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| lnfRuleInInterface |
1.3.6.1.4.1.1575.1.13.1.4.1.10 |
| Name of an interface via which a packet is going to be
received (only for packets entering the INPUT, FORWARD and
PREROUTING chains). If the interface name ends in a '+',
then any interface which begins with this name will match.
If this is an empty string, any interface name will match. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
SnmpAdminString |
Size(0..16) |
|
| lnfRuleInInterfaceInv |
1.3.6.1.4.1.1575.1.13.1.4.1.11 |
| This flag specifies whether the lnfRuleInInterface test
has to be inverted. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| lnfRuleOutInterface |
1.3.6.1.4.1.1575.1.13.1.4.1.12 |
| Name of an interface via which a packet is going to be
sent (for packets entering the FORWARD, OUTPUT and
POSTROUTING chains). If the interface name ends in a '+',
then any interface which begins with this name will match.
If this is an empty string, any interface name will match. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
SnmpAdminString |
Size(0..16) |
|
| lnfRuleOutInterfaceInv |
1.3.6.1.4.1.1575.1.13.1.4.1.13 |
| This flag specifies whether the lnfRuleOutInterface test
has to be inverted. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| lnfRuleFragment |
1.3.6.1.4.1.1575.1.13.1.4.1.14 |
| If this flag is true, the rule only refers to second and
further fragments of fragmented packets. Since there is
no way to tell the source or destination ports of such a
packet (or ICMP type), such a packet will not match any
rules which specify them. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| lnfRuleFragmentInv |
1.3.6.1.4.1.1575.1.13.1.4.1.15 |
| This flag specifies whether the lnfRuleFragmentInv test,
if true, has to be inverted. An inverted rule will only
match head fragments, or unfragmented packets. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| lnfRulePackets |
1.3.6.1.4.1.1575.1.13.1.4.1.16 |
| The number of packets that matched this rule since
the rule was installed or reset. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Counter64 |
|
|
| lnfRuleOctets |
1.3.6.1.4.1.1575.1.13.1.4.1.17 |
| The number of octets that matched this rule since the
rule was installed or reset. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Counter64 |
|
|
| lnfRuleTarget |
1.3.6.1.4.1.1575.1.13.1.4.1.18 |
| The action that shall be applied to a packet if the
rule matches. If the value is chain(7), then jump to
the user chain specified by lnfRuleTargetChain. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
LnfTarget |
|
|
| lnfRuleTargetChain |
1.3.6.1.4.1.1575.1.13.1.4.1.19 |
| The name of the target chain if the value of
lnfRuleTarget is chain(7). |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
SnmpAdminString |
Size(0..32) |
|
| lnfRuleTrapEnable |
1.3.6.1.4.1.1575.1.13.1.4.1.20 |
| Indicates whether lnfRuleMatch traps should be
generated for packets matching this rule. Note
that it's up to the implementation to delay and
accumulate mutliple traps in order to reduce the
number of emitted traps. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| lnfRuleLastChange |
1.3.6.1.4.1.1575.1.13.1.4.1.21 |
| The time of the last modification of this netfilter rule.
If it has been unchanged since the last re-initialization
of the local network management subsystem, then this
object contains a zero value. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
TimeStamp |
|
|
| lnfRuleStorage |
1.3.6.1.4.1.1575.1.13.1.4.1.22 |
| This object defines whether this row is kept in
volatile storage and lost upon reboot or whether it
is backed up by stable storage or builtin. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
StorageType |
|
|
| lnfRuleStatus |
1.3.6.1.4.1.1575.1.13.1.4.1.23 |
| This object is used to create and delete rows in the
lnfRuleTable. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
RowStatus |
|
|
| lnfRuleMatch |
1.3.6.1.4.1.1575.1.13.2.0.1 |
| A lnfRuleMatch trap signifies that the rule to which
the lnfRulePackets and lnfRuleOctets objects belong
was matched by at least one packets since the last
trap for the same rule was emitted.
The agent may delay and accumulate mutliple traps in order
to reduce the number of emitted traps, but the time for
accumulation should be no more than 60 seconds.
Note that detailed information on the packet(s) that
triggered a trap is not available from the trap's
objects. This would cause problems with the accumulation
of matches and/or increased trap traffic. |
| Status: current |
Access: read-create |
| NOTIFICATION-TYPE |
|
|
|
| lnfGroups |
1.3.6.1.4.1.1575.1.13.3.2 |
| OBJECT IDENTIFIER |
|
|
|
| lnfCompliance |
1.3.6.1.4.1.1575.1.13.3.1.1 |
| The compliance statement for an SNMP entity which
implements the Linux Netfilter MIB. |
| Status: current |
Access: read-create |
| MODULE-COMPLIANCE |
|
|
|
| lnfGeneralGroup |
1.3.6.1.4.1.1575.1.13.3.2.1 |
| A collection of all Linux Netfilter objects of
the core table. |
| Status: current |
Access: read-create |
| OBJECT-GROUP |
|
|
|
| lnfNotificationGroup |
1.3.6.1.4.1.1575.1.13.3.2.2 |
| A collection of all Linux Netfilter notifications. |
| Status: current |
Access: read-create |
| NOTIFICATION-GROUP |
|
|
|