diff options
Diffstat (limited to 'interface-definitions/firewall.xml.in')
| -rw-r--r-- | interface-definitions/firewall.xml.in | 132 |
1 files changed, 129 insertions, 3 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index ff8d92a24..2e9452dfd 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -97,6 +97,40 @@ <multi/> </properties> </leafNode> + <leafNode name="include"> + <properties> + <help>Include another address-group</help> + <completionHelp> + <path>firewall group address-group</path> + </completionHelp> + <multi/> + </properties> + </leafNode> + #include <include/generic-description.xml.i> + </children> + </tagNode> + <tagNode name="domain-group"> + <properties> + <help>Firewall domain-group</help> + <constraint> + <regex>[a-zA-Z_][a-zA-Z0-9][\w\-\.]*</regex> + </constraint> + <constraintErrorMessage>Name of domain-group can only contain alpha-numeric letters, hyphen, underscores and not start with numeric</constraintErrorMessage> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>Domain-group member</help> + <valueHelp> + <format>txt</format> + <description>Domain address to match</description> + </valueHelp> + <constraint> + <regex>[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,99}?(\/.*)?</regex> + </constraint> + <multi/> + </properties> + </leafNode> #include <include/generic-description.xml.i> </children> </tagNode> @@ -126,6 +160,15 @@ <multi/> </properties> </leafNode> + <leafNode name="include"> + <properties> + <help>Include another ipv6-address-group</help> + <completionHelp> + <path>firewall group ipv6-address-group</path> + </completionHelp> + <multi/> + </properties> + </leafNode> #include <include/generic-description.xml.i> </children> </tagNode> @@ -151,6 +194,15 @@ <multi/> </properties> </leafNode> + <leafNode name="include"> + <properties> + <help>Include another ipv6-network-group</help> + <completionHelp> + <path>firewall group ipv6-network-group</path> + </completionHelp> + <multi/> + </properties> + </leafNode> </children> </tagNode> <tagNode name="mac-group"> @@ -175,6 +227,15 @@ <multi/> </properties> </leafNode> + <leafNode name="include"> + <properties> + <help>Include another mac-group</help> + <completionHelp> + <path>firewall group mac-group</path> + </completionHelp> + <multi/> + </properties> + </leafNode> </children> </tagNode> <tagNode name="network-group"> @@ -199,6 +260,15 @@ <multi/> </properties> </leafNode> + <leafNode name="include"> + <properties> + <help>Include another network-group</help> + <completionHelp> + <path>firewall group network-group</path> + </completionHelp> + <multi/> + </properties> + </leafNode> </children> </tagNode> <tagNode name="port-group"> @@ -231,6 +301,15 @@ </constraint> </properties> </leafNode> + <leafNode name="include"> + <properties> + <help>Include another port-group</help> + <completionHelp> + <path>firewall group port-group</path> + </completionHelp> + <multi/> + </properties> + </leafNode> </children> </tagNode> </children> @@ -287,6 +366,7 @@ </properties> <children> #include <include/firewall/address-ipv6.xml.i> + #include <include/firewall/geoip.xml.i> #include <include/firewall/source-destination-group-ipv6.xml.i> #include <include/firewall/port.xml.i> </children> @@ -297,6 +377,7 @@ </properties> <children> #include <include/firewall/address-ipv6.xml.i> + #include <include/firewall/geoip.xml.i> #include <include/firewall/source-destination-group-ipv6.xml.i> #include <include/firewall/port.xml.i> </children> @@ -473,6 +554,7 @@ </properties> <children> #include <include/firewall/address.xml.i> + #include <include/firewall/geoip.xml.i> #include <include/firewall/source-destination-group.xml.i> #include <include/firewall/port.xml.i> </children> @@ -483,6 +565,7 @@ </properties> <children> #include <include/firewall/address.xml.i> + #include <include/firewall/geoip.xml.i> #include <include/firewall/source-destination-group.xml.i> #include <include/firewall/port.xml.i> </children> @@ -520,6 +603,49 @@ #include <include/firewall/icmp-type-name.xml.i> </children> </node> + <node name="ttl"> + <properties> + <help>Time to live limit</help> + </properties> + <children> + <leafNode name="eq"> + <properties> + <help>Value to match a ttl equal to it</help> + <valueHelp> + <format>u32:0-255</format> + <description>ttl equal to value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="gt"> + <properties> + <help>Value to match a ttl greater than or equal to it</help> + <valueHelp> + <format>u32:0-255</format> + <description>ttl greater than value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="lt"> + <properties> + <help>Value to match a ttl less than or equal to it</help> + <valueHelp> + <format>u32:0-255</format> + <description>ttl less than value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + </children> + </node> </children> </tagNode> </children> @@ -599,7 +725,7 @@ </properties> <children> #include <include/firewall/action-accept-drop-reject.xml.i> - #include <include/firewall/log.xml.i> + #include <include/firewall/rule-log-level.xml.i> </children> </node> <node name="invalid"> @@ -608,7 +734,7 @@ </properties> <children> #include <include/firewall/action-accept-drop-reject.xml.i> - #include <include/firewall/log.xml.i> + #include <include/firewall/rule-log-level.xml.i> </children> </node> <node name="related"> @@ -617,7 +743,7 @@ </properties> <children> #include <include/firewall/action-accept-drop-reject.xml.i> - #include <include/firewall/log.xml.i> + #include <include/firewall/rule-log-level.xml.i> </children> </node> </children> |