summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorNicolas Fort <nicolasfort1988@gmail.com>2024-07-31 12:42:25 +0000
committerNicolas Fort <nicolasfort1988@gmail.com>2024-08-02 12:50:26 +0000
commitc33cd6157ebc5c08dc1e3ff1aa36f2d2fbb9ca83 (patch)
tree55454c478da7bc0cf6e2e9df11f520bbcefc7d26 /interface-definitions
parentfa764927c14350104671edbb2bb3570ab267e416 (diff)
downloadvyos-1x-c33cd6157ebc5c08dc1e3ff1aa36f2d2fbb9ca83.tar.gz
vyos-1x-c33cd6157ebc5c08dc1e3ff1aa36f2d2fbb9ca83.zip
T4072: change same helpers in xml definitions; add notrack action for prerouting chain; re introduce <set vrf> in policy; change global options for passing traffic to IPvX firewall; update smoketest
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/include/firewall/bridge-custom-name.xml.i1
-rw-r--r--interface-definitions/include/firewall/bridge-hook-forward.xml.i1
-rw-r--r--interface-definitions/include/firewall/bridge-hook-input.xml.i1
-rw-r--r--interface-definitions/include/firewall/bridge-hook-output.xml.i1
-rw-r--r--interface-definitions/include/firewall/bridge-hook-prerouting.xml.i4
-rw-r--r--interface-definitions/include/firewall/common-rule-bridge.xml.i1
-rw-r--r--interface-definitions/include/firewall/global-options.xml.i2
-rw-r--r--interface-definitions/include/firewall/set-packet-modifications.xml.i32
8 files changed, 32 insertions, 11 deletions
diff --git a/interface-definitions/include/firewall/bridge-custom-name.xml.i b/interface-definitions/include/firewall/bridge-custom-name.xml.i
index 48d48949e..9a2a829d0 100644
--- a/interface-definitions/include/firewall/bridge-custom-name.xml.i
+++ b/interface-definitions/include/firewall/bridge-custom-name.xml.i
@@ -32,6 +32,7 @@
</properties>
<children>
#include <include/firewall/common-rule-bridge.xml.i>
+ #include <include/firewall/action-l2.xml.i>
#include <include/firewall/connection-mark.xml.i>
#include <include/firewall/connection-status.xml.i>
#include <include/firewall/state.xml.i>
diff --git a/interface-definitions/include/firewall/bridge-hook-forward.xml.i b/interface-definitions/include/firewall/bridge-hook-forward.xml.i
index 0bc1fc357..fcc981925 100644
--- a/interface-definitions/include/firewall/bridge-hook-forward.xml.i
+++ b/interface-definitions/include/firewall/bridge-hook-forward.xml.i
@@ -26,6 +26,7 @@
</properties>
<children>
#include <include/firewall/common-rule-bridge.xml.i>
+ #include <include/firewall/action-l2.xml.i>
#include <include/firewall/connection-mark.xml.i>
#include <include/firewall/connection-status.xml.i>
#include <include/firewall/state.xml.i>
diff --git a/interface-definitions/include/firewall/bridge-hook-input.xml.i b/interface-definitions/include/firewall/bridge-hook-input.xml.i
index 32de14d54..f6a11f8da 100644
--- a/interface-definitions/include/firewall/bridge-hook-input.xml.i
+++ b/interface-definitions/include/firewall/bridge-hook-input.xml.i
@@ -26,6 +26,7 @@
</properties>
<children>
#include <include/firewall/common-rule-bridge.xml.i>
+ #include <include/firewall/action-l2.xml.i>
#include <include/firewall/connection-mark.xml.i>
#include <include/firewall/connection-status.xml.i>
#include <include/firewall/state.xml.i>
diff --git a/interface-definitions/include/firewall/bridge-hook-output.xml.i b/interface-definitions/include/firewall/bridge-hook-output.xml.i
index da0c02470..38b8b08ca 100644
--- a/interface-definitions/include/firewall/bridge-hook-output.xml.i
+++ b/interface-definitions/include/firewall/bridge-hook-output.xml.i
@@ -26,6 +26,7 @@
</properties>
<children>
#include <include/firewall/common-rule-bridge.xml.i>
+ #include <include/firewall/action-l2.xml.i>
#include <include/firewall/connection-mark.xml.i>
#include <include/firewall/connection-status.xml.i>
#include <include/firewall/state.xml.i>
diff --git a/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i b/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i
index b6c1fe87a..ea567644f 100644
--- a/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i
+++ b/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i
@@ -14,7 +14,7 @@
#include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
- <help>Bridge Firewall prerouting filter rule number</help>
+ <help>Bridge firewall prerouting filter rule number</help>
<valueHelp>
<format>u32:1-999999</format>
<description>Number for this firewall rule</description>
@@ -26,7 +26,7 @@
</properties>
<children>
#include <include/firewall/common-rule-bridge.xml.i>
- #include <include/firewall/set-packet-modifications.xml.i>
+ #include <include/firewall/action-and-notrack.xml.i>
#include <include/firewall/inbound-interface.xml.i>
</children>
</tagNode>
diff --git a/interface-definitions/include/firewall/common-rule-bridge.xml.i b/interface-definitions/include/firewall/common-rule-bridge.xml.i
index b47408aa8..9ae28f7be 100644
--- a/interface-definitions/include/firewall/common-rule-bridge.xml.i
+++ b/interface-definitions/include/firewall/common-rule-bridge.xml.i
@@ -1,7 +1,6 @@
<!-- include start from firewall/common-rule-bridge.xml.i -->
#include <include/generic-description.xml.i>
#include <include/generic-disable-node.xml.i>
-#include <include/firewall/action-l2.xml.i>
#include <include/firewall/dscp.xml.i>
#include <include/firewall/firewall-mark.xml.i>
#include <include/firewall/fragment.xml.i>
diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i
index 1f2899672..cee8f1854 100644
--- a/interface-definitions/include/firewall/global-options.xml.i
+++ b/interface-definitions/include/firewall/global-options.xml.i
@@ -44,7 +44,7 @@
</properties>
<defaultValue>disable</defaultValue>
</leafNode>
- <node name="apply-for-bridge">
+ <node name="apply-to-bridged-traffic">
<properties>
<help>Apply configured firewall rules to traffic switched by bridges</help>
</properties>
diff --git a/interface-definitions/include/firewall/set-packet-modifications.xml.i b/interface-definitions/include/firewall/set-packet-modifications.xml.i
index eda568a0e..ee019b64e 100644
--- a/interface-definitions/include/firewall/set-packet-modifications.xml.i
+++ b/interface-definitions/include/firewall/set-packet-modifications.xml.i
@@ -6,10 +6,10 @@
<children>
<leafNode name="connection-mark">
<properties>
- <help>Connection marking</help>
+ <help>Set connection mark</help>
<valueHelp>
<format>u32:0-2147483647</format>
- <description>Connection marking</description>
+ <description>Connection mark</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-2147483647"/>
@@ -18,7 +18,7 @@
</leafNode>
<leafNode name="dscp">
<properties>
- <help>Packet Differentiated Services Codepoint (DSCP)</help>
+ <help>Set DSCP (Packet Differentiated Services Codepoint) bits</help>
<valueHelp>
<format>u32:0-63</format>
<description>DSCP number</description>
@@ -30,10 +30,10 @@
</leafNode>
<leafNode name="mark">
<properties>
- <help>Packet marking</help>
+ <help>Set packet mark</help>
<valueHelp>
<format>u32:1-2147483647</format>
- <description>Packet marking</description>
+ <description>Packet mark</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-2147483647"/>
@@ -42,7 +42,7 @@
</leafNode>
<leafNode name="table">
<properties>
- <help>Routing table to forward packet with</help>
+ <help>Set the routing table for matched packets</help>
<valueHelp>
<format>u32:1-200</format>
<description>Table number</description>
@@ -61,9 +61,27 @@
</completionHelp>
</properties>
</leafNode>
+ <leafNode name="vrf">
+ <properties>
+ <help>VRF to forward packet with</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>VRF instance name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>default</format>
+ <description>Forward into default global VRF</description>
+ </valueHelp>
+ <completionHelp>
+ <list>default</list>
+ <path>vrf name</path>
+ </completionHelp>
+ #include <include/constraint/vrf.xml.i>
+ </properties>
+ </leafNode>
<leafNode name="tcp-mss">
<properties>
- <help>TCP Maximum Segment Size</help>
+ <help>Set TCP Maximum Segment Size</help>
<valueHelp>
<format>u32:500-1460</format>
<description>Explicitly set TCP MSS value</description>