module cira-shg-mud {
yang-version 1.1;
namespace
"urn:ietf:params:xml:ns:yang:ietf-shg-mud";
prefix "shg";
import ietf-mud {
prefix m;
description "This module defines the format for a MUD description";
reference "RFC YYYY: MUD YANG";
}
organization "CIRALabs Secure Home Gateway project.";
contact
"WG Web:
WG List:
Author: Michael Richardson
";
description
"This module extends the RFC8520 MUD format to two
facilities: definition of an Access Control List appropriate
to enable device upgrade only, and provide for a history of
modifications by third-parties to the MUD file";
revision "2019-07-08" {
description
"Initial version";
reference
"RFC XXXX: MUD profile for Secure Home Gateway Project";
}
augment "/m:mud" {
description
"Adds leaf nodes appropriate MUD usage in the
Secure Home Gateway";
container quaranteed-device-policy {
description
"The policies that should be enforced on traffic
coming from the device when it is under quaranteen.
These policies are usually a subset of operational policies
and are intended to permit firmware updates only.
They are intended to keep the device safe (and the network safe
from the device) when the device is suspected of being
out-of-date, but still considered sufficiently intact to be
able to do a firmware update";
list enabled-ace-names {
key ace-name;
leaf ace-name {
type leafref {
path "/acl:acls/acl:acl/acl:aces/acl:ace/acl:name";
}
}
}
}
}
}