Service Groups
You can group network services together to apply a single rule to multiple network services. This group is called a service group. Table C-1 shows the predefined service groups in SunScreen and the services each includes. Not every service is included in a service group.
You can create additional service groups using any combination of the individual network services. A useful group to define might be an "internet services" group, consisting of public services, such as FTP, email, and WWW.
State engines that you use in describing services come in distinct classes and each class has subclasses. The subclasses form an order for preference. Table 3-2shows the classes in order of preference--the greater the number, the higher the preference. The state engines that are followed by an * can conflict with another state engine because it is in the same class and has the same subclass ID. An * also follows the state engine with which it can conflict.
Table 3-2 Classes and Subclass of State Engines|
Class |
Subclass |
State Engine Name |
|---|---|---|
|
11 |
0 |
nfsro |
|
10 |
0 |
nis |
|
9 |
0 |
pmap_nis |
|
8 |
0 |
pmap_udp |
|
7 |
0 |
pmtp_tcp |
|
6 |
0 |
rpc_tcp |
|
5 |
0 |
rcp_udp |
|
4 |
1 |
realaudio* |
|
4 |
1 |
rsh* |
|
4 |
1 |
sqlnet* |
|
4 |
1 |
ftp* |
|
4 |
0 |
tcpall |
|
3 |
2 |
dns* |
|
3 |
2 |
ntp* |
|
3 |
1 |
upd_stateless* |
|
3 |
1 |
udp_datagram* |
|
3 |
1 |
udp* |
|
3 |
0 |
udpall |
|
2 |
1 |
ping |
|
2 |
0 |
icmp |
|
1 |
3 |
ipmobile |
|
1 |
2 |
iptunnel |
|
1 |
1 |
ipfwd |
|
1 |
0 |
ip |
|
0 |
0 |
ether |
A given service, defined manually to contain multiple state engines or in a service group that includes multiple services, can only contain a single state engine in a particular class or subclass for a particular port.
- © 2010, Oracle Corporation and/or its affiliates