Default rule set
The vRouter is preconfigured with a default rule set for RBAC. The following example shows the default rule set in RBAC.
super@vyatta# show system acm
create-default deny
delete-default deny
enable
exec-default allow
operational-ruleset {
rule 9988 {
action deny
command /show/configuration
group vyattaop
}
rule 9989 {
action allow
command "/clear/*"
group vyattaop
}
rule 9990 {
action allow
command "/show/*"
group vyattaop
}
rule 9991 {
action allow
command "/monitor/*"
group vyattaop
}
rule 9992 {
action allow
command "/ping/*"
group vyattaop
}
rule 9993 {
action allow
command "/reset/*"
group vyattaop
}
rule 9994 {
action allow
command "/release/*"
group vyattaop
}
rule 9995 {
action allow
command "/renew/*"
group vyattaop
}
rule 9996 {
action allow
command "/telnet/*"
group vyattaop
}
rule 9997 {
action allow
command "/traceroute/*"
group vyattaop
}
rule 9998 {
action allow
command "/update/*"
group vyatta-op
}
rule 9999 {
action deny
command "*"
group vyattaop
}
}
read-default allow
ruleset {
rule 9999 {
action allow
group vyattacfg
operation "*"
path "*"
}
}
update-default deny
}