10 ?When can a connection from the manager’s PC be denied if it’s to port 80 (www) over TCP to any machine? Always: Int’s ACL accepts the packet via rule 4. Int’s NAT applies to the packet. Ext’s ACL denies the post-NAT packet via rule 7.
Scenario-Based Output 21 p.entry-interface = fw2_int p.ipsrc = employee p.ipdest in outIPs p.srcprt = any p.dstprt = www p.protocol = tcp p.entry-interface = fw2_int p.ipsrc = contractor p.ipdest in outIPs p.srcprt = any p.dstprt = www p.protocol = tcp
Exhaustive Answers (in Some (Useful) Cases) Bernays-Scho ̈ nfinkel-Ramsey + overloading (subtyping) and empty sorts 22
Multi-Lingual Support Datalog-based intermediate language 24
25 Margrave Supports… Most of XACML 1.0 and 2.0 Cisco IOS: –ACL: standard and extended –NAT: static; dynamic: ACL-based, map-based –routing: static and policy-based –limited: BGP announcements and VPN endpoints Amazon Access Policy Language (in SQS) Hypervisor, based on sHype (IBM)
How SDNs Change Things Global view of Configuration and State: Current networks: hard SDNs: easy (But you already know all that.) 26