Home  Prev  cOS Stream 4.00.03 Administration Guide  Next

Chapter 8: Services

8.1. Overview

A Service object type provides a means to reference a specific IP protocol. Such an object is most often used as a filter by assigning it to the Service property of a rule, such as an IPRule.

The available Service object types have the following names:

  • ServiceTCPUDP

    This can be used for either the TCP or UDP protocol.

  • ServiceICMP

    This is used for IPv4 ICMP messages. This type is described further in Section 8.3, ICMP.

  • ServiceICMPv6

    This is used for IPv6 ICMP messages.

  • ServiceSCTP

    This is used for the SCTP protocol. STCP validation can be performed for both stateless or stateful flows. Dealing with SCTP flows is discussed further in Section 8.2, SCTP.

  • ServiceIPProto

    This is used for an IP protocol which can be specified using the IP protocol number. This type is described further in Section 8.4, ServiceIPProto Services.

In addition, a ServiceGroup object can be defined which can group a number of separate Service objects as a single object. Groups are described further in Section 8.5, Service Groups.

A Service is Passive

Service objects are passive objects in that they do not normally themselves carry out any action. Instead, they usually form part of the filtering criteria of rules, allowing a rule to trigger on a particular protocol. To do this they are assigned to the Service property of the rule.

For examples of how service objects are used with IP rules, see Chapter 7, IP Rules.

Predefined Services

A large number of service objects are predefined in cOS Stream. These include common services such as HTTP.

Predefined services can be used and also modified just like custom, user defined services. However, it is recommended to not make any changes to predefined services and instead create custom service objects with the desired characteristics.

Specifying All Protocols

An important predefined service has the name all_services. This service covers all possible protocols and it is used in the filtering criteria of a rule when the protocol is not relevant. This is an example of a ServiceGroup object which is discussed later in Section 8.5, Service Groups.

Other predefined services, such as all_icmp, also provide a means to describe a large number of related protocol types.

Example 8.1. Listing the Available Services

To produce a listing of the available services in the system:

Command-Line Interface

System:/> show Service
The output will look similar to the following listing with the services grouped by type with the service groups appearing first: 
ServiceGroup

ServiceGroup

   Name            Comments
   --------------  ------------------------------
   all_tcpudpicmp  All ICMP, TCP and UDP services

ServiceICMP

   Name               Comments
   -----------------  -----------------------------------------------
   all_icmp           All ICMP services
   ping-inbound       Inbound ping (does not allow tracerouting)
       "
       "

Example 8.2. Viewing a Specific Service

To view a specific service in the system:

Command-Line Interface

System:/> show Service ServiceTCPUDP http
The output will look similar to the following listing: 
          Property  Value                Remarks
 -----------------  -------------------  ---------
             Name:  http                 Read-only
 DestinationPorts:  80
             Type:  TCP
      SourcePorts:  0-65535
         SYNRelay:  No
   PassICMPReturn:  No
              ALG:  <empty>
         Comments:  World Wide Web HTTP
Home  Prev   Next