The declare family statement is intended for declaring a security policy family (hereinafter also referred to as "policy family" or "family).
This statement lets you enter a new security policy family into the scope of the file. All policies that are part of a family must be implemented within one interface. By using the declare family statement to declare a family, you can create and configure instances of this family, and use family policies.
By way of analogy using object-oriented programming terminology, a policy family can be compared to a class, a family instance can be likened to a class object, and the actual policies would be equivalent to class methods. To use family policies, you need to first create a family instance.
The order in which statements are listed within the declare family statement is not important.
Syntax
<declare-family-entry> ::= "declare family" <family-name> "{"
<family-interface>
<parser>
<policy>
{<policy>}
"};"
Elements
|
Name of the policy family. |
|
The A declaration of a policy family must contain only one |
|
The |
|
The |
Example
declare family flow {
interface kss.server.flow.flow;
parser flow;
call policy restart;
call policy enter;
call policy allow;
call policy deny;
attr policy state;
};