Defining Firewall Rules for Your Application with sockets.xml

If your application requires custom ports to be opened in the firewall, you can define these ports by adding extra firewall rules in a sockets.xml file under the app-info folder of your application. See examples of sockets.xml in the EarContent/META-INF/app-info folders of the reference applications that accompany the Junos Space SDK. If your application does not open custom firewall ports, a sockets.xml file is not needed.

Use the following syntax for your sockets.xml:

<SOCKETS>
    <INBOUND>
      <PROTOCOL>[tcp|udp]</PROTOCOL>
      <DEST>
          <ADDR>[ip address|@ANY|@CLUSTER]</ADDR>
          <PORT>[port number|@ANY]</PORT>
      </DEST>
            
      <SOURCE>
          <ADDR>[ip address|@ANY|@CLUSTER]</ADDR>
          <PORT>[port number|@ANY]</PORT>
      </SOURCE>
    </INBOUND>
            
    <OUTBOUND>
            
          [same as INBOUND]
            
    </OUTBOUND>
</SOCKETS>
            

An INBOUND or OUTBOUND element must define at least one DEST or one SOURCE or one of each, but not multiple DESTs or SOURCEs. Define multiple DESTs or SOURCEs by defining mutliple INBOUND or OUTBOUND containers.

Specify the PROTOCOL type for the inbound or outbound connection as tcp or udp.

Allow traffic from SOURCE or to DEST addresses by specifying one of the following values for ADDR:

• A specific IP address by specifying the IP address
• Any IP address by specifying the @ANY constant
• Any IP address within the Space cluster fabric by specifying the @CLUSTER constant

Allow traffic from SOURCE or to DEST ports by specifying one of the following values for PORT:

• A specific port by specifying the port number
• Any port by specifying the @ANY constant

Valid syntax for an OUTBOUND connection is identical to the syntax described for INBOUND.