summaryrefslogtreecommitdiff
path: root/interface-definitions/include/firewall/global-options.xml.i
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2023-12-07 15:21:04 +0000
committerGitHub <noreply@github.com>2023-12-07 15:21:04 +0000
commitf604c177c5182719674c6540006eb10571bc81a4 (patch)
treefa9eec1af54e4117e926877aa83afcdcff32166d /interface-definitions/include/firewall/global-options.xml.i
parent264f23b95090ada20eef796525383697a06c13cb (diff)
parent4ded8814f036b921a04a54850ca6717aafe91a52 (diff)
downloadvyos-1x-f604c177c5182719674c6540006eb10571bc81a4.tar.gz
vyos-1x-f604c177c5182719674c6540006eb10571bc81a4.zip
Merge pull request #2539 from nicolas-fort/T5775
T5775: firewall: re-add state-policy to firewall. These commands are …
Diffstat (limited to 'interface-definitions/include/firewall/global-options.xml.i')
-rw-r--r--interface-definitions/include/firewall/global-options.xml.i37
1 files changed, 37 insertions, 0 deletions
diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i
index e655cd6ac..415d85f05 100644
--- a/interface-definitions/include/firewall/global-options.xml.i
+++ b/interface-definitions/include/firewall/global-options.xml.i
@@ -167,6 +167,43 @@
</properties>
<defaultValue>disable</defaultValue>
</leafNode>
+ <node name="state-policy">
+ <properties>
+ <help>Global firewall state-policy</help>
+ </properties>
+ <children>
+ <node name="established">
+ <properties>
+ <help>Global firewall policy for packets part of an established connection</help>
+ </properties>
+ <children>
+ #include <include/firewall/action-accept-drop-reject.xml.i>
+ #include <include/firewall/log.xml.i>
+ #include <include/firewall/rule-log-level.xml.i>
+ </children>
+ </node>
+ <node name="invalid">
+ <properties>
+ <help>Global firewall policy for packets part of an invalid connection</help>
+ </properties>
+ <children>
+ #include <include/firewall/action-accept-drop-reject.xml.i>
+ #include <include/firewall/log.xml.i>
+ #include <include/firewall/rule-log-level.xml.i>
+ </children>
+ </node>
+ <node name="related">
+ <properties>
+ <help>Global firewall policy for packets part of a related connection</help>
+ </properties>
+ <children>
+ #include <include/firewall/action-accept-drop-reject.xml.i>
+ #include <include/firewall/log.xml.i>
+ #include <include/firewall/rule-log-level.xml.i>
+ </children>
+ </node>
+ </children>
+ </node>
<leafNode name="syn-cookies">
<properties>
<help>Policy for using TCP SYN cookies with IPv4</help>