Which classes are appropriate for my device?

MUD files consist of one or more access control entries.  You can have as many as you want.  Each entry contains one of the classes below.

Domain names Use domain names when your devices want to access cloud-based services.
Controller You can name a URI with "controller", and the local deployment will bind that to an IP address.  The name need not exist in DNS, but should be for a domain you own.  For example, if you are a printer manufacturer "example.com", you might name a print server class "http://example.com/printserver".
my-controller my-controller is just like controller, except you don't name a class.  This is fine to use when you have a single or small number of types of devices all talking to the same controller.
local-networks Use local-networks when you want to permit a certain port access to local networks.
same-manufacturer Use same-manufacturer when you  want your device to talk to devices that have the same domain name in their MUD URL (e.g., devices you manufacture).
manufacturer Use manufacturer when you want your devices to be able to talk to devices that have MUD URLs with a domain name of some other manufacturer. (e.g, you didn't build it).


A printer might need access to several internal and external services, as follows:

Outbound font server access
Internet domain name
Inbound or outbound access to a print server
(note this is a URI, not an accessible URL)
Local service of printing on TCP & UDP ports 515, and ports 80 and 443
Just indicate local ports 515, 80, and 443 if those are incoming services.

Got All that?