summaryrefslogtreecommitdiff
path: root/interface-definitions/include/firewall
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-02-01 21:41:07 +0100
committerGitHub <noreply@github.com>2024-02-01 21:41:07 +0100
commitb24e2cbef7fc5c4b2a1a4533ff75e01dea0c2b42 (patch)
treeab74c9d546390b4c5585fe740d0898374df6d1b6 /interface-definitions/include/firewall
parentcd4b03898e99b7317d2cbdf614bc14caf2e9bbce (diff)
parent3ce9583b9420ed72cf45728f439f00b1c4cf5800 (diff)
downloadvyos-1x-b24e2cbef7fc5c4b2a1a4533ff75e01dea0c2b42.tar.gz
vyos-1x-b24e2cbef7fc5c4b2a1a4533ff75e01dea0c2b42.zip
Merge pull request #2924 from vyos/mergify/bp/sagitta/pr-2756
T4839: firewall: Add dynamic address group in firewall configuration (backport #2756)
Diffstat (limited to 'interface-definitions/include/firewall')
-rw-r--r--interface-definitions/include/firewall/add-dynamic-address-groups.xml.i34
-rw-r--r--interface-definitions/include/firewall/add-dynamic-ipv6-address-groups.xml.i34
-rw-r--r--interface-definitions/include/firewall/common-rule-ipv4.xml.i25
-rw-r--r--interface-definitions/include/firewall/common-rule-ipv6.xml.i25
-rw-r--r--interface-definitions/include/firewall/source-destination-dynamic-group-ipv6.xml.i17
-rw-r--r--interface-definitions/include/firewall/source-destination-dynamic-group.xml.i17
6 files changed, 152 insertions, 0 deletions
diff --git a/interface-definitions/include/firewall/add-dynamic-address-groups.xml.i b/interface-definitions/include/firewall/add-dynamic-address-groups.xml.i
new file mode 100644
index 000000000..769761cb6
--- /dev/null
+++ b/interface-definitions/include/firewall/add-dynamic-address-groups.xml.i
@@ -0,0 +1,34 @@
+<!-- include start from firewall/add-dynamic-address-groups.xml.i -->
+<leafNode name="address-group">
+ <properties>
+ <help>Dynamic address-group</help>
+ <completionHelp>
+ <path>firewall group dynamic-group address-group</path>
+ </completionHelp>
+ </properties>
+</leafNode>
+<leafNode name="timeout">
+ <properties>
+ <help>Set timeout</help>
+ <valueHelp>
+ <format>&lt;number&gt;s</format>
+ <description>Timeout value in seconds</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;number&gt;m</format>
+ <description>Timeout value in minutes</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;number&gt;h</format>
+ <description>Timeout value in hours</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;number&gt;d</format>
+ <description>Timeout value in days</description>
+ </valueHelp>
+ <constraint>
+ <regex>\d+(s|m|h|d)</regex>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end --> \ No newline at end of file
diff --git a/interface-definitions/include/firewall/add-dynamic-ipv6-address-groups.xml.i b/interface-definitions/include/firewall/add-dynamic-ipv6-address-groups.xml.i
new file mode 100644
index 000000000..7bd91c58a
--- /dev/null
+++ b/interface-definitions/include/firewall/add-dynamic-ipv6-address-groups.xml.i
@@ -0,0 +1,34 @@
+<!-- include start from firewall/add-dynamic-ipv6-address-groups.xml.i -->
+<leafNode name="address-group">
+ <properties>
+ <help>Dynamic ipv6-address-group</help>
+ <completionHelp>
+ <path>firewall group dynamic-group ipv6-address-group</path>
+ </completionHelp>
+ </properties>
+</leafNode>
+<leafNode name="timeout">
+ <properties>
+ <help>Set timeout</help>
+ <valueHelp>
+ <format>&lt;number&gt;s</format>
+ <description>Timeout value in seconds</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;number&gt;m</format>
+ <description>Timeout value in minutes</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;number&gt;h</format>
+ <description>Timeout value in hours</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;number&gt;d</format>
+ <description>Timeout value in days</description>
+ </valueHelp>
+ <constraint>
+ <regex>\d+(s|m|h|d)</regex>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end --> \ No newline at end of file
diff --git a/interface-definitions/include/firewall/common-rule-ipv4.xml.i b/interface-definitions/include/firewall/common-rule-ipv4.xml.i
index 4ed179ae7..158c7a662 100644
--- a/interface-definitions/include/firewall/common-rule-ipv4.xml.i
+++ b/interface-definitions/include/firewall/common-rule-ipv4.xml.i
@@ -1,6 +1,29 @@
<!-- include start from firewall/common-rule-ipv4.xml.i -->
#include <include/firewall/common-rule-inet.xml.i>
#include <include/firewall/ttl.xml.i>
+<node name="add-address-to-group">
+ <properties>
+ <help>Add ip address to dynamic address-group</help>
+ </properties>
+ <children>
+ <node name="source-address">
+ <properties>
+ <help>Add source ip addresses to dynamic address-group</help>
+ </properties>
+ <children>
+ #include <include/firewall/add-dynamic-address-groups.xml.i>
+ </children>
+ </node>
+ <node name="destination-address">
+ <properties>
+ <help>Add destination ip addresses to dynamic address-group</help>
+ </properties>
+ <children>
+ #include <include/firewall/add-dynamic-address-groups.xml.i>
+ </children>
+ </node>
+ </children>
+</node>
<node name="destination">
<properties>
<help>Destination parameters</help>
@@ -13,6 +36,7 @@
#include <include/firewall/mac-address.xml.i>
#include <include/firewall/port.xml.i>
#include <include/firewall/source-destination-group.xml.i>
+ #include <include/firewall/source-destination-dynamic-group.xml.i>
</children>
</node>
<node name="icmp">
@@ -67,6 +91,7 @@
#include <include/firewall/mac-address.xml.i>
#include <include/firewall/port.xml.i>
#include <include/firewall/source-destination-group.xml.i>
+ #include <include/firewall/source-destination-dynamic-group.xml.i>
</children>
</node>
<!-- include end --> \ No newline at end of file
diff --git a/interface-definitions/include/firewall/common-rule-ipv6.xml.i b/interface-definitions/include/firewall/common-rule-ipv6.xml.i
index 6219557db..78eeb361e 100644
--- a/interface-definitions/include/firewall/common-rule-ipv6.xml.i
+++ b/interface-definitions/include/firewall/common-rule-ipv6.xml.i
@@ -1,6 +1,29 @@
<!-- include start from firewall/common-rule-ipv6.xml.i -->
#include <include/firewall/common-rule-inet.xml.i>
#include <include/firewall/hop-limit.xml.i>
+<node name="add-address-to-group">
+ <properties>
+ <help>Add ipv6 address to dynamic ipv6-address-group</help>
+ </properties>
+ <children>
+ <node name="source-address">
+ <properties>
+ <help>Add source ipv6 addresses to dynamic ipv6-address-group</help>
+ </properties>
+ <children>
+ #include <include/firewall/add-dynamic-ipv6-address-groups.xml.i>
+ </children>
+ </node>
+ <node name="destination-address">
+ <properties>
+ <help>Add destination ipv6 addresses to dynamic ipv6-address-group</help>
+ </properties>
+ <children>
+ #include <include/firewall/add-dynamic-ipv6-address-groups.xml.i>
+ </children>
+ </node>
+ </children>
+</node>
<node name="destination">
<properties>
<help>Destination parameters</help>
@@ -13,6 +36,7 @@
#include <include/firewall/mac-address.xml.i>
#include <include/firewall/port.xml.i>
#include <include/firewall/source-destination-group-ipv6.xml.i>
+ #include <include/firewall/source-destination-dynamic-group-ipv6.xml.i>
</children>
</node>
<node name="icmpv6">
@@ -67,6 +91,7 @@
#include <include/firewall/mac-address.xml.i>
#include <include/firewall/port.xml.i>
#include <include/firewall/source-destination-group-ipv6.xml.i>
+ #include <include/firewall/source-destination-dynamic-group-ipv6.xml.i>
</children>
</node>
<!-- include end --> \ No newline at end of file
diff --git a/interface-definitions/include/firewall/source-destination-dynamic-group-ipv6.xml.i b/interface-definitions/include/firewall/source-destination-dynamic-group-ipv6.xml.i
new file mode 100644
index 000000000..845f8fe7c
--- /dev/null
+++ b/interface-definitions/include/firewall/source-destination-dynamic-group-ipv6.xml.i
@@ -0,0 +1,17 @@
+<!-- include start from firewall/source-destination-dynamic-group-ipv6.xml.i -->
+<node name="group">
+ <properties>
+ <help>Group</help>
+ </properties>
+ <children>
+ <leafNode name="dynamic-address-group">
+ <properties>
+ <help>Group of dynamic ipv6 addresses</help>
+ <completionHelp>
+ <path>firewall group dynamic-group ipv6-address-group</path>
+ </completionHelp>
+ </properties>
+ </leafNode>
+ </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/source-destination-dynamic-group.xml.i b/interface-definitions/include/firewall/source-destination-dynamic-group.xml.i
new file mode 100644
index 000000000..29ab98c68
--- /dev/null
+++ b/interface-definitions/include/firewall/source-destination-dynamic-group.xml.i
@@ -0,0 +1,17 @@
+<!-- include start from firewall/source-destination-dynamic-group.xml.i -->
+<node name="group">
+ <properties>
+ <help>Group</help>
+ </properties>
+ <children>
+ <leafNode name="dynamic-address-group">
+ <properties>
+ <help>Group of dynamic addresses</help>
+ <completionHelp>
+ <path>firewall group dynamic-group address-group</path>
+ </completionHelp>
+ </properties>
+ </leafNode>
+ </children>
+</node>
+<!-- include end -->