s6-networking
Software
skarnet.org

The s6-accessrules-cdb-from-fs program

s6-accessrules-cdb-from-fs compiles a directory containing a ruleset suitable for s6-ipcserver-access or s6-tcpserver-access into a CDB file.

Interface

     s6-accessrules-cdb-from-fs cdbfile dir

Ruleset directory format

To be understood by s6-accessrules-cdb-from-fs, s6-ipcserver-access, or s6-tcpserver-access, dir must have a specific format.

dir contains a series of directories:

Depending on the application, other directories can appear in dir and be compiled into cdbfile, but s6-tcpserver-access only uses the first three, and s6-ipcserver-access only uses the last two.

Each of those directories contains a set of rules. A rule is a subdirectory named after the set of keys it matches, and containing actions that will be executed if the rule is the first matching rule for the tested key.

The syntax for the rule name is dependent on the nature of keys, and fully documented on the accessrules library page. For instance, a subdirectory named 192.168.0.0_27 in the ip4 directory will match every IPv4 address in the 192.168.0.0/27 network that does not match a more precise rule.

The syntax for the actions, however, is the same for every type of key. A rule subdirectory can contain the following elements:

Notes