# $Id: configrules.n3,v 1.1 2004/07/23 14:52:17 ajm65 Exp $
#
# Rules for configuration of home network.
#
# This file describes the rules that are used to translate policy descriptions
# into RDF data for configuration files.
#
#--------+---------+---------+---------+---------+---------+---------+---------+
#
# Copyright (c) 2002, CCLRC
#
# This file has been prepared for the public SWAD-Europe project.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. The name of the author may not be used to endorse or promote products
# derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#--------+---------+---------+---------+---------+---------+---------+---------+
# $Source: /w3ccvs/WWW/2001/sw/Europe/reports/trust/11.2/configrules.n3,v $
# $Author: ajm65 $
# $Date: 2004/07/23 14:52:17 $
# $Id: configrules.n3,v 1.1 2004/07/23 14:52:17 ajm65 Exp $
#--------+---------+---------+---------+---------+---------+---------+---------+
# 1 2 3 4 5 6 7 8
@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix log: <http://www.w3.org/2000/10/swap/log#> .
@prefix string: <http://www.w3.org/2000/10/swap/string#> .
@prefix daml: <http://www.daml.org/2001/03/daml+oil#> .
@prefix foaf: <http://xmlns.com/foaf/0.1/> .
@prefix dc: <http://purl.org/dc/elements/1.1/> .
@prefix ical: <http://www.ilrt.bris.ac.uk/discovery/2001/06/schemas/ical-full/hybrid.rdf#> .
@prefix icalutil: <http://ilrt.org/discovery/2001/06/schemas/ical-util#> .
#prefix icalutil: <http://ilrt.org/discovery/2001/06/schemas/swws/index.rdf#> .
@prefix user: <http://id.ninebynine.org/wip/2002/user/> .
@prefix ndev: <http://id.ninebynine.org/wip/2002/ndev/> .
@prefix dnsa: <http://id.ninebynine.org/wip/2002/dnsa/> .
@prefix dhcp: <http://id.ninebynine.org/wip/2002/dhcp/> .
@prefix homenet: <http://id.ninebynine.org/wip/2002/homenet/> .
@prefix intprop: <http://id.ninebynine.org/wip/2002/intprop/> .
# Map network host descriptions to DNS and DHCP configuration data
#
#######################################################################
## Network parameters
##
## 86400 secs = 1 day
## 604800 secs = 1 week
## 2419200 secs = 4 weeks
## 7257600 secs = 12 weeks
##
#server-identifier luggage-dhcp.atuin.ninebynine.org ;
#default-lease-time 2419200 ;
#max-lease-time 7257600 ;
#option subnet-mask 255.255.255.192 ;
#option broadcast-address 193.123.216.127 ;
#option routers 193.123.216.94 ;
#option domain-name-servers 212.159.11.150,
# 212.159.13.150,
# 206.14.4.2,
# 208.184.79.7 ;
#option domain-name "atuin.ninebynine.org" ;
#ddns-update-style none ;
##
## Address pool
##
#subnet 193.123.216.64 netmask 255.255.255.192
# {
# range 193.123.216.101 193.123.216.120 ;
# option netbios-name-servers octarine.atuin.ninebynine.org ;
# }
#:
#host luggage
# {
# hardware ethernet 00:04:75:73:DC:30 ;
# fixed-address luggage.atuin.ninebynine.org ;
# }
#:
#
#######################################################################
{ ?network a user:LocalNetwork ;
user:dhcpHostName ?netDHCP ;
user:networkDomain ?netDomain ; # option domain-name
user:networkAddr ?netIPAddr ; # subnet ...
user:networkMask ?netIPMask ; # option subnet-mask
user:broadcastAddr ?netBCAddr ; # option broadcast-address
user:defaultGateway ?netDefaultGW ; # option routers
user:defaultDNS ?netDNSList ; # option domain-name-servers
user:addressPool ?netAddressPool ; # subnet ... range
user:netbiosServer ?netNetbiosServer ; # option netbios-name-servers
user:defaultAccess ?netDefaultAccess .
?dhcpFQDN
string:concat ( ?netDHCP "." ?netDomain ) .
}
log:implies
{ ?network
dhcp:dhcpHostFQDN ?dhcpFQDN ; # server-identifier
dhcp:defLease "2419200" ; # default-lease-time
dhcp:maxLease "7257600" ; # max-lease-time
dhcp:updateStyle "none" ; # ddns-update-style
} .
{ ?host a user:HostSystem ;
rdfs:label ?hostLabel ;
user:hostName ?hostName ;
user:localNet ?hostNetwork ;
user:hostIP ?hostIPAddr ;
user:hostMAC ?hostMAC .
?hostNetwork a user:LocalNetwork ;
user:networkDomain ?netDomain ;
user:defaultAccess ?netDefaultAccess .
?hostFQDN
string:concat ( ?hostName "." ?netDomain ) . }
log:implies
{ ?host
dnsa:hostDomainName ?hostFQDN ;
dnsa:hostIPAddress ?hostIPAddr ;
dhcp:hostMACAddress ?hostMAC . } .
# Map user and host descriptions to Cisco access list data
#
#######################################################################
#
#!
#! Access list 106: controlled access times except selected hosts
#! (Applied to ethernet interface inbound packets)
#! (First, allow all local traffic without logging)
#! ( alllow any Napster/P2P stuff in limited time-range)
#! ( deny any Napster/P2P stuff)
#!
#no access-list 106
#access-list 106 permit ip 193.123.216.0 0.0.0.255 193.123.216.0 0.0.0.255
#! ...79- is Ronan's likely IP addresses
#!access-list 106 deny ip host 193.123.216.79 any log
#! Block DHCP pool
#access-list 106 deny ip 193.123.216.96 0.0.0.31 any log
#! Port 1214 is FasTrack music downloads
#! Port 6346 is Gnutella
#! Port 6347 is Gnutella
#access-list 106 permit tcp any any eq 1214 log time-range allow-peertopeer
#access-list 106 permit tcp any any eq 6346 log time-range allow-peertopeer
#access-list 106 permit tcp any any eq 6347 log time-range allow-peertopeer
#access-list 106 deny tcp any any eq 1214
#access-list 106 deny tcp any any eq 6346
#access-list 106 deny tcp any any eq 6347
#access-list 106 permit ip host 193.123.216.65 any log
#access-list 106 permit ip host 193.123.216.70 any log
#access-list 106 permit ip host 193.123.216.71 any log
#access-list 106 permit ip host 193.123.216.72 any log
#access-list 106 permit ip host 193.123.216.74 any log
#access-list 106 permit ip host 193.123.216.76 any log
#access-list 106 permit ip host 193.123.216.77 any log
#access-list 106 permit ip 193.123.216.0 0.0.0.255 any log time-range control-timerange
#access-list 106 deny ip any any log
#
#######################################################################
# Apply access policy for person to the hosts they use
#
{ ?user a foaf:Person ;
foaf:name ?userName ;
user:usesHost ?userHost ;
user:accessType ?userAccess .
?userHost a user:HostSystem .
}
log:implies
{ ?userHost
user:usedBy ?user ;
user:usedByName ?userName ;
user:accessType ?userAccess . } .
# Process access policy specified directly for a host
#
# (This rule currently disabled)
#
{ ?userHost a user:HostSystem ;
rdfs:label ?hostLabel ;
user:hostName ?hostName ;
user:localNet ?hostLocalNet ;
user:hostIP ?hostIPAddr ;
user:systemAdmin ?hostSysAdmin ;
user:accessType ?userAccess ;
dnsa:hostDomainName ?hostFQDN .
?userAccess a user:AccessPolicy ;
user:access ?accessRule .
?accessRule a user:AccessRule ;
user:accessServices ?accessServices ;
user:accessTimes ?accessTimes .
?accessServices a user:ServiceGroup ;
user:accessProtocol ?serviceProto .
}
ndev:doNothing # log:implies
{ ?userHost a ndev:AccessIP ;
ndev:pass "permit" ;
ndev:srcAddr ?hostIPAddr ;
ndev:srcMask "255.255.255.255" ;
ndev:dstAddr "0.0.0.0" ;
ndev:dstMask "0.0.0.0" ;
ndev:protocol ?serviceProto ;
ndev:dstPort "0" ;
ndev:logPacket "no" ;
ndev:time ?accessTimes .
} .
# Convert VCALENDAR times to values for IOS time-range declaration
#
#time-range PlayTimes
# periodic weekdays 08:45 to 10:15
# periodic weekdays 16:00 to 16:45
# periodic weekdays 20:00 to 22:00
# periodic weekend 08:45 to 11:15
# periodic weekend 16:00 to 22:00
#
#time-range DownloadTimes
# periodic Saturday 20:00 to 22:00
# periodic Sunday 04:00 to 08:00
#
{ ?accessTime a ical:VCALENDAR ;
user:rangeName ?rangeName ;
ical:VEVENT__PROP ?vevent .
?vevent a ical:REC__VEVENT ;
ical:DTSTART
[ a ical:TIME ;
icalutil:hour ?sth ;
icalutil:minute ?stm ] ;
ical:DTEND
[ a ical:TIME ;
icalutil:hour ?enh ;
icalutil:minute ?enm ] ;
intprop:dayName ?dayName .
?sttim string:concat ( ?sth ":" ?stm ) .
?entim string:concat ( ?enh ":" ?enm ) .
}
log:implies
{ ?vevent
ndev:timeStart ?sttim ;
ndev:timeEnd ?entim ;
ndev:dayName ?dayName .
} .
# Rules to map day-of-week names in recurrence rules
#
{ ?vevent a ical:REC__VEVENT ;
ical:RRULE
[ a ical:RECUR ;
ical:FREQ "DAILY" ;
ical:INTERVAL "1" ] .
}
log:implies
{ ?vevent
intprop:dayName "daily" .
} .
{ ?vevent a ical:REC__VEVENT ;
ical:RRULE
[ a ical:RECUR ;
ical:FREQ "WEEKLY" ;
ical:INTERVAL "1" ;
ical:BYDAY "MO,TU,WE,TH,FR" ] .
}
log:implies
{ ?vevent
intprop:dayName "weekday" .
} .
{ ?vevent a ical:REC__VEVENT ;
ical:RRULE
[ a ical:RECUR ;
ical:FREQ "WEEKLY" ;
ical:INTERVAL "1" ;
ical:BYDAY "SA,SU" ] .
}
log:implies
{ ?vevent
intprop:dayName "weekend" .
} .
{ ?vevent a ical:REC__VEVENT ;
ical:RRULE
[ a ical:RECUR ;
ical:FREQ "WEEKLY" ;
ical:INTERVAL "1" ;
ical:BYDAY "MO" ] .
}
log:implies
{ ?vevent
intprop:dayName "Monday" .
} .
{ ?vevent a ical:REC__VEVENT ;
ical:RRULE
[ a ical:RECUR ;
ical:FREQ "WEEKLY" ;
ical:INTERVAL "1" ;
ical:BYDAY "TU" ] .
}
log:implies
{ ?vevent
intprop:dayName "Tuesday" .
} .
{ ?vevent a ical:REC__VEVENT ;
ical:RRULE
[ a ical:RECUR ;
ical:FREQ "WEEKLY" ;
ical:INTERVAL "1" ;
ical:BYDAY "WE" ] .
}
log:implies
{ ?vevent
intprop:dayName "Wednesday" .
} .
{ ?vevent a ical:REC__VEVENT ;
ical:RRULE
[ a ical:RECUR ;
ical:FREQ "WEEKLY" ;
ical:INTERVAL "1" ;
ical:BYDAY "TH" ] .
}
log:implies
{ ?vevent
intprop:dayName "Thursday" .
} .
{ ?vevent a ical:REC__VEVENT ;
ical:RRULE
[ a ical:RECUR ;
ical:FREQ "WEEKLY" ;
ical:INTERVAL "1" ;
ical:BYDAY "FR" ] .
}
log:implies
{ ?vevent
intprop:dayName "Friday" .
} .
{ ?vevent a ical:REC__VEVENT ;
ical:RRULE
[ a ical:RECUR ;
ical:FREQ "WEEKLY" ;
ical:INTERVAL "1" ;
ical:BYDAY "SA" ] .
}
log:implies
{ ?vevent
intprop:dayName "Saturday" .
} .
{ ?vevent a ical:REC__VEVENT ;
ical:RRULE
[ a ical:RECUR ;
ical:FREQ "WEEKLY" ;
ical:INTERVAL "1" ;
ical:BYDAY "SU" ] .
}
log:implies
{ ?vevent
intprop:dayName "Sunday" .
} .
#
# End of network user details
#
#--------+---------+---------+---------+---------+---------+---------+---------+
# $Log: configrules.n3,v $
# Revision 1.1 2004/07/23 14:52:17 ajm65
# Moved here from RAL W3C site
#
# Revision 1.8 2002/12/22 18:46:08 graham
# Updated copyright notice
#
# Revision 1.7 2002/12/16 17:28:39 graham
# Fix up inconsistencies with RDF semantics
#
# Revision 1.6 2002/12/12 22:24:04 graham
# Initial documentation done, redundant rules disabled
#
# Revision 1.5 2002/12/12 01:09:23 graham
# Most rules working.
# Generation of time-ranges remains.
#
# Revision 1.4 2002/12/11 12:02:14 graham
# Rules all appear to work
#
# Revision 1.3 2002/12/10 23:52:39 graham
# Some rules working
#
# Revision 1.2 2002/12/10 21:18:11 graham
# N3 syntax OK, but rules don't work yet
#
# Revision 1.1 2002/12/10 20:24:25 graham
# First cut of configuration data and rules
#