Which classes are appropriate for my device?
MUD files consist of one or more access control entries. You can have as many as you want. Each entry contains one of the classes below.
| Domain names | Use domain names when your devices want to access cloud-based services. |
| Controller | You can name a URI with "controller", and the local deployment will bind that to an IP address. The name need not exist in DNS, but should be for a domain you own. For example, if you are a printer manufacturer "example.com", you might name a print server class "http://example.com/printserver". |
| my-controller | my-controller is just like controller, except you don't name a class. This is fine to use when you have a single or small number of types of devices all talking to the same controller. |
| local-networks | Use local-networks when you want to permit a certain port access to local networks. |
| same-manufacturer | Use same-manufacturer when you want your device to talk to devices that have the same domain name in their MUD URL (e.g., devices you manufacture). |
| manufacturer | Use manufacturer when you want your devices to be able to talk to devices that have MUD URLs with a domain name of some other manufacturer. (e.g, you didn't build it). |
Example
A printer might need access to several internal and external services, as follows:
| Outbound font server access |
Internet domain name |
font.example.com |
| Inbound or outbound access to a print server |
controller |
http://example.com/controller (note this is a URI, not an accessible URL) |
| Local service of printing on TCP & UDP ports 515, and
ports 80 and 443 |
local-networks |
Just indicate local ports 515, 80, and 443 if those are
incoming services. |