The Policy.py file has a strict structure that must be obeyed when modifying the configuration manually. It consists of the following code modules:

These modules are of varying length, depending on the complexity of the policy configuration.

These blocks, the zone definition, proxy class definition, instance definition, service definitions, and rule definitions make up the policy.py file. The provided example is simple, yet it provides a lot of information on the correct syntax and on the possible contents of the policy.py file.

The other configuration file, instances.conf is much more simple: it lists the instances to be run, and supplies some runtime arguments for them such as log level. The only compulsory argument for running an instance is the name of the Python file containing the corresponding instance definition. Although the example uses a single policy file ( policy.py) to store all definitions, it is possible to separate the policy to different .py files if it makes maintenance or archiving easier.

In the following example instance definitions are separated into two files, policy-http.py and policy-plug.py:

#instance arguments
#PNS_http --verbose=5 --policy /etc/PNS/policy-http.py
#PNS_plug --policy /etc/PNS/policy-plug.py

For more information on the configuration files, see the manual pages for instances.conf and Application-level Gateway. The manual pages can be accessed by using the man instances.conf and man PNS commands, installed by default on PNS. Also see the Appendix C, PNS manual pages in Proxedo Network Security Suite 2 Reference Guide for further details.