diff options
author | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-10-25 11:59:01 +0000 |
---|---|---|
committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-11-01 10:39:10 +0000 |
commit | 2b38b45e219e363955b850d90a40564eb4b375c0 (patch) | |
tree | 095864603743dc97eac8b401832dbe299df2cdd0 /interface-definitions | |
parent | 03e5ab66610770cb58e24aa6e1309264a091d812 (diff) | |
download | vyos-1x-2b38b45e219e363955b850d90a40564eb4b375c0.tar.gz vyos-1x-2b38b45e219e363955b850d90a40564eb4b375c0.zip |
T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher firewal, nat and nat66.
(cherry picked from commit 51abbc0f1b2ccf4785cf7f29f1fe6f4af6007ee6)
Diffstat (limited to 'interface-definitions')
7 files changed, 75 insertions, 22 deletions
diff --git a/interface-definitions/include/firewall/inbound-interface-no-group.xml.i b/interface-definitions/include/firewall/inbound-interface-no-group.xml.i new file mode 100644 index 000000000..bcd4c9570 --- /dev/null +++ b/interface-definitions/include/firewall/inbound-interface-no-group.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/inbound-interface-no-group.xml.i --> +<node name="inbound-interface"> + <properties> + <help>Match inbound-interface</help> + </properties> + <children> + <leafNode name="name"> + <properties> + <help>Match interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + <path>vrf name</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <valueHelp> + <format>txt*</format> + <description>Interface name with wildcard</description> + </valueHelp> + <valueHelp> + <format>!txt</format> + <description>Inverted interface name to match</description> + </valueHelp> + <constraint> + <regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex> + <validator name="vrf-name"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/match-interface.xml.i b/interface-definitions/include/firewall/match-interface.xml.i index 7810f88ab..8be97c3ed 100644 --- a/interface-definitions/include/firewall/match-interface.xml.i +++ b/interface-definitions/include/firewall/match-interface.xml.i @@ -1,5 +1,5 @@ <!-- include start from firewall/match-interface.xml.i --> -<leafNode name="interface-name"> +<leafNode name="name"> <properties> <help>Match interface</help> <completionHelp> @@ -22,7 +22,7 @@ </constraint> </properties> </leafNode> -<leafNode name="interface-group"> +<leafNode name="group"> <properties> <help>Match interface-group</help> <completionHelp> diff --git a/interface-definitions/include/firewall/outbound-interface-no-group.xml.i b/interface-definitions/include/firewall/outbound-interface-no-group.xml.i new file mode 100644 index 000000000..e3bace42d --- /dev/null +++ b/interface-definitions/include/firewall/outbound-interface-no-group.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/outbound-interface-no-group.xml.i --> +<node name="outbound-interface"> + <properties> + <help>Match outbound-interface</help> + </properties> + <children> + <leafNode name="name"> + <properties> + <help>Match interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + <path>vrf name</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <valueHelp> + <format>txt*</format> + <description>Interface name with wildcard</description> + </valueHelp> + <valueHelp> + <format>!txt</format> + <description>Inverted interface name to match</description> + </valueHelp> + <constraint> + <regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex> + <validator name="vrf-name"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i index dd21bfaca..39f0cdcba 100644 --- a/interface-definitions/include/version/firewall-version.xml.i +++ b/interface-definitions/include/version/firewall-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/firewall-version.xml.i --> -<syntaxVersion component='firewall' version='11'></syntaxVersion> +<syntaxVersion component='firewall' version='12'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/nat-version.xml.i b/interface-definitions/include/version/nat-version.xml.i index 027216a07..656da6e14 100644 --- a/interface-definitions/include/version/nat-version.xml.i +++ b/interface-definitions/include/version/nat-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/nat-version.xml.i --> -<syntaxVersion component='nat' version='5'></syntaxVersion> +<syntaxVersion component='nat' version='7'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/nat66-version.xml.i b/interface-definitions/include/version/nat66-version.xml.i index 7b7123dcc..478ca080f 100644 --- a/interface-definitions/include/version/nat66-version.xml.i +++ b/interface-definitions/include/version/nat66-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/nat66-version.xml.i --> -<syntaxVersion component='nat66' version='1'></syntaxVersion> +<syntaxVersion component='nat66' version='2'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/nat66.xml.in b/interface-definitions/nat66.xml.in index 7a8970bdf..a657535ba 100644 --- a/interface-definitions/nat66.xml.in +++ b/interface-definitions/nat66.xml.in @@ -38,14 +38,7 @@ <valueless/> </properties> </leafNode> - <leafNode name="outbound-interface"> - <properties> - <help>Outbound interface of NAT66 traffic</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - </leafNode> + #include <include/firewall/outbound-interface-no-group.xml.i> #include <include/nat/protocol.xml.i> <node name="destination"> <properties> @@ -166,15 +159,7 @@ <valueless/> </properties> </leafNode> - <leafNode name="inbound-interface"> - <properties> - <help>Inbound interface of NAT66 traffic</help> - <completionHelp> - <list>any</list> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - </leafNode> + #include <include/firewall/inbound-interface-no-group.xml.i> #include <include/nat/protocol.xml.i> <node name="destination"> <properties> |