The authorization file, gateway.cf, on the A Box contains access rules for the Eagle. The gwcontrol program reads this file every time it starts or when the display program executes a configure command. Thus, it serves as a configuration as well as an authorization file. Each line of this file is a compact and powerful rule determining access criteria among various hosts on either side of the Eagle. Entries in gateway.cf determine the following:
Each rule in the authorization file has the form:
<thresholds> source deny destination [time limits]
(service limits)
<thresholds> source allow destination [time limits]
(service limits)
Only the allow/deny field is required; it must be included for any authorization rule to be recognized. Italicized fields are optional and may be omitted. The source and destination fields allow network access via the Eagle to the hosts or networks you specify. The thresholds, time limits, and service limits fields allow you to fine-tune the access you allow. In addition, if you have an Eaglet subnet partitioner, you may specify rules which apply only to the Eaglet.
The next few sections describe each of the fields in a rule.