# $Id: ConfigRules.n3,v 1.8 2002/12/22 18:46:08 graham Exp $ # # Rules for configuration of home network. # # This file describes the rules that are used to translate policy descriptions # into RDF data for configuration files. # #--------+---------+---------+---------+---------+---------+---------+---------+ # # Copyright (c) 2002, CCLRC # # This file has been prepared for the public SWAD-Europe project. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. The name of the author may not be used to endorse or promote products # derived from this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # #--------+---------+---------+---------+---------+---------+---------+---------+ # $Source: /file/cvsweb/ninebynine.org/docs/SWAD-E/Scenario-HomeNetwork/ConfigRules.n3,v $ # $Author: graham $ # $Date: 2002/12/22 18:46:08 $ # $Id: ConfigRules.n3,v 1.8 2002/12/22 18:46:08 graham Exp $ #--------+---------+---------+---------+---------+---------+---------+---------+ # 1 2 3 4 5 6 7 8 @prefix rdf: . @prefix rdfs: . @prefix log: . @prefix string: . @prefix daml: . @prefix foaf: . @prefix dc: . @prefix ical: . @prefix icalutil: . #prefix icalutil: . @prefix user: . @prefix ndev: . @prefix dnsa: . @prefix dhcp: . @prefix homenet: . @prefix intprop: . # Map network host descriptions to DNS and DHCP configuration data # ####################################################################### ## Network parameters ## ## 86400 secs = 1 day ## 604800 secs = 1 week ## 2419200 secs = 4 weeks ## 7257600 secs = 12 weeks ## #server-identifier luggage-dhcp.atuin.ninebynine.org ; #default-lease-time 2419200 ; #max-lease-time 7257600 ; #option subnet-mask 255.255.255.192 ; #option broadcast-address 193.123.216.127 ; #option routers 193.123.216.94 ; #option domain-name-servers 212.159.11.150, # 212.159.13.150, # 206.14.4.2, # 208.184.79.7 ; #option domain-name "atuin.ninebynine.org" ; #ddns-update-style none ; ## ## Address pool ## #subnet 193.123.216.64 netmask 255.255.255.192 # { # range 193.123.216.101 193.123.216.120 ; # option netbios-name-servers octarine.atuin.ninebynine.org ; # } #: #host luggage # { # hardware ethernet 00:04:75:73:DC:30 ; # fixed-address luggage.atuin.ninebynine.org ; # } #: # ####################################################################### { ?network a user:LocalNetwork ; user:dhcpHostName ?netDHCP ; user:networkDomain ?netDomain ; # option domain-name user:networkAddr ?netIPAddr ; # subnet ... user:networkMask ?netIPMask ; # option subnet-mask user:broadcastAddr ?netBCAddr ; # option broadcast-address user:defaultGateway ?netDefaultGW ; # option routers user:defaultDNS ?netDNSList ; # option domain-name-servers user:addressPool ?netAddressPool ; # subnet ... range user:netbiosServer ?netNetbiosServer ; # option netbios-name-servers user:defaultAccess ?netDefaultAccess . ?dhcpFQDN string:concat ( ?netDHCP "." ?netDomain ) . } log:implies { ?network dhcp:dhcpHostFQDN ?dhcpFQDN ; # server-identifier dhcp:defLease "2419200" ; # default-lease-time dhcp:maxLease "7257600" ; # max-lease-time dhcp:updateStyle "none" ; # ddns-update-style } . { ?host a user:HostSystem ; rdfs:label ?hostLabel ; user:hostName ?hostName ; user:localNet ?hostNetwork ; user:hostIP ?hostIPAddr ; user:hostMAC ?hostMAC . ?hostNetwork a user:LocalNetwork ; user:networkDomain ?netDomain ; user:defaultAccess ?netDefaultAccess . ?hostFQDN string:concat ( ?hostName "." ?netDomain ) . } log:implies { ?host dnsa:hostDomainName ?hostFQDN ; dnsa:hostIPAddress ?hostIPAddr ; dhcp:hostMACAddress ?hostMAC . } . # Map user and host descriptions to Cisco access list data # ####################################################################### # #! #! Access list 106: controlled access times except selected hosts #! (Applied to ethernet interface inbound packets) #! (First, allow all local traffic without logging) #! ( alllow any Napster/P2P stuff in limited time-range) #! ( deny any Napster/P2P stuff) #! #no access-list 106 #access-list 106 permit ip 193.123.216.0 0.0.0.255 193.123.216.0 0.0.0.255 #! ...79- is Ronan's likely IP addresses #!access-list 106 deny ip host 193.123.216.79 any log #! Block DHCP pool #access-list 106 deny ip 193.123.216.96 0.0.0.31 any log #! Port 1214 is FasTrack music downloads #! Port 6346 is Gnutella #! Port 6347 is Gnutella #access-list 106 permit tcp any any eq 1214 log time-range allow-peertopeer #access-list 106 permit tcp any any eq 6346 log time-range allow-peertopeer #access-list 106 permit tcp any any eq 6347 log time-range allow-peertopeer #access-list 106 deny tcp any any eq 1214 #access-list 106 deny tcp any any eq 6346 #access-list 106 deny tcp any any eq 6347 #access-list 106 permit ip host 193.123.216.65 any log #access-list 106 permit ip host 193.123.216.70 any log #access-list 106 permit ip host 193.123.216.71 any log #access-list 106 permit ip host 193.123.216.72 any log #access-list 106 permit ip host 193.123.216.74 any log #access-list 106 permit ip host 193.123.216.76 any log #access-list 106 permit ip host 193.123.216.77 any log #access-list 106 permit ip 193.123.216.0 0.0.0.255 any log time-range control-timerange #access-list 106 deny ip any any log # ####################################################################### # Apply access policy for person to the hosts they use # { ?user a foaf:Person ; foaf:name ?userName ; user:usesHost ?userHost ; user:accessType ?userAccess . ?userHost a user:HostSystem . } log:implies { ?userHost user:usedBy ?user ; user:usedByName ?userName ; user:accessType ?userAccess . } . # Process access policy specified directly for a host # # (This rule currently disabled) # { ?userHost a user:HostSystem ; rdfs:label ?hostLabel ; user:hostName ?hostName ; user:localNet ?hostLocalNet ; user:hostIP ?hostIPAddr ; user:systemAdmin ?hostSysAdmin ; user:accessType ?userAccess ; dnsa:hostDomainName ?hostFQDN . ?userAccess a user:AccessPolicy ; user:access ?accessRule . ?accessRule a user:AccessRule ; user:accessServices ?accessServices ; user:accessTimes ?accessTimes . ?accessServices a user:ServiceGroup ; user:accessProtocol ?serviceProto . } ndev:doNothing # log:implies { ?userHost a ndev:AccessIP ; ndev:pass "permit" ; ndev:srcAddr ?hostIPAddr ; ndev:srcMask "255.255.255.255" ; ndev:dstAddr "0.0.0.0" ; ndev:dstMask "0.0.0.0" ; ndev:protocol ?serviceProto ; ndev:dstPort "0" ; ndev:logPacket "no" ; ndev:time ?accessTimes . } . # Convert VCALENDAR times to values for IOS time-range declaration # #time-range PlayTimes # periodic weekdays 08:45 to 10:15 # periodic weekdays 16:00 to 16:45 # periodic weekdays 20:00 to 22:00 # periodic weekend 08:45 to 11:15 # periodic weekend 16:00 to 22:00 # #time-range DownloadTimes # periodic Saturday 20:00 to 22:00 # periodic Sunday 04:00 to 08:00 # { ?accessTime a ical:VCALENDAR ; user:rangeName ?rangeName ; ical:VEVENT__PROP ?vevent . ?vevent a ical:REC__VEVENT ; ical:DTSTART [ a ical:TIME ; icalutil:hour ?sth ; icalutil:minute ?stm ] ; ical:DTEND [ a ical:TIME ; icalutil:hour ?enh ; icalutil:minute ?enm ] ; intprop:dayName ?dayName . ?sttim string:concat ( ?sth ":" ?stm ) . ?entim string:concat ( ?enh ":" ?enm ) . } log:implies { ?vevent ndev:timeStart ?sttim ; ndev:timeEnd ?entim ; ndev:dayName ?dayName . } . # Rules to map day-of-week names in recurrence rules # { ?vevent a ical:REC__VEVENT ; ical:RRULE [ a ical:RECUR ; ical:FREQ "DAILY" ; ical:INTERVAL "1" ] . } log:implies { ?vevent intprop:dayName "daily" . } . { ?vevent a ical:REC__VEVENT ; ical:RRULE [ a ical:RECUR ; ical:FREQ "WEEKLY" ; ical:INTERVAL "1" ; ical:BYDAY "MO,TU,WE,TH,FR" ] . } log:implies { ?vevent intprop:dayName "weekday" . } . { ?vevent a ical:REC__VEVENT ; ical:RRULE [ a ical:RECUR ; ical:FREQ "WEEKLY" ; ical:INTERVAL "1" ; ical:BYDAY "SA,SU" ] . } log:implies { ?vevent intprop:dayName "weekend" . } . { ?vevent a ical:REC__VEVENT ; ical:RRULE [ a ical:RECUR ; ical:FREQ "WEEKLY" ; ical:INTERVAL "1" ; ical:BYDAY "MO" ] . } log:implies { ?vevent intprop:dayName "Monday" . } . { ?vevent a ical:REC__VEVENT ; ical:RRULE [ a ical:RECUR ; ical:FREQ "WEEKLY" ; ical:INTERVAL "1" ; ical:BYDAY "TU" ] . } log:implies { ?vevent intprop:dayName "Tuesday" . } . { ?vevent a ical:REC__VEVENT ; ical:RRULE [ a ical:RECUR ; ical:FREQ "WEEKLY" ; ical:INTERVAL "1" ; ical:BYDAY "WE" ] . } log:implies { ?vevent intprop:dayName "Wednesday" . } . { ?vevent a ical:REC__VEVENT ; ical:RRULE [ a ical:RECUR ; ical:FREQ "WEEKLY" ; ical:INTERVAL "1" ; ical:BYDAY "TH" ] . } log:implies { ?vevent intprop:dayName "Thursday" . } . { ?vevent a ical:REC__VEVENT ; ical:RRULE [ a ical:RECUR ; ical:FREQ "WEEKLY" ; ical:INTERVAL "1" ; ical:BYDAY "FR" ] . } log:implies { ?vevent intprop:dayName "Friday" . } . { ?vevent a ical:REC__VEVENT ; ical:RRULE [ a ical:RECUR ; ical:FREQ "WEEKLY" ; ical:INTERVAL "1" ; ical:BYDAY "SA" ] . } log:implies { ?vevent intprop:dayName "Saturday" . } . { ?vevent a ical:REC__VEVENT ; ical:RRULE [ a ical:RECUR ; ical:FREQ "WEEKLY" ; ical:INTERVAL "1" ; ical:BYDAY "SU" ] . } log:implies { ?vevent intprop:dayName "Sunday" . } . # # End of network user details # #--------+---------+---------+---------+---------+---------+---------+---------+ # $Log: ConfigRules.n3,v $ # Revision 1.8 2002/12/22 18:46:08 graham # Updated copyright notice # # Revision 1.7 2002/12/16 17:28:39 graham # Fix up inconsistencies with RDF semantics # # Revision 1.6 2002/12/12 22:24:04 graham # Initial documentation done, redundant rules disabled # # Revision 1.5 2002/12/12 01:09:23 graham # Most rules working. # Generation of time-ranges remains. # # Revision 1.4 2002/12/11 12:02:14 graham # Rules all appear to work # # Revision 1.3 2002/12/10 23:52:39 graham # Some rules working # # Revision 1.2 2002/12/10 21:18:11 graham # N3 syntax OK, but rules don't work yet # # Revision 1.1 2002/12/10 20:24:25 graham # First cut of configuration data and rules #