summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/arp.xml37
-rw-r--r--interface-definitions/bcast-relay.xml22
-rw-r--r--interface-definitions/dhcp-relay.xml98
-rw-r--r--interface-definitions/dhcp-server.xml462
-rw-r--r--interface-definitions/dhcpv6-relay.xml80
-rw-r--r--interface-definitions/dhcpv6-server.xml316
-rw-r--r--interface-definitions/dns-domain-name.xml115
-rw-r--r--interface-definitions/dns-forwarding.xml45
-rw-r--r--interface-definitions/dynamic-dns.xml3
-rw-r--r--interface-definitions/host-name.xml26
-rw-r--r--interface-definitions/igmp-proxy.xml100
-rw-r--r--interface-definitions/mdns-repeater.xml8
-rw-r--r--interface-definitions/ntp.xml6
-rw-r--r--interface-definitions/pppoe-server.xml580
-rw-r--r--interface-definitions/pptp-server.xml254
-rw-r--r--interface-definitions/ssh.xml37
-rw-r--r--interface-definitions/syslog.xml1338
-rw-r--r--interface-definitions/tftp-server.xml57
-rw-r--r--interface-definitions/vrrp.xml2
-rw-r--r--interface-definitions/wireguard.xml141
20 files changed, 2995 insertions, 732 deletions
diff --git a/interface-definitions/arp.xml b/interface-definitions/arp.xml
new file mode 100644
index 000000000..b72f025a8
--- /dev/null
+++ b/interface-definitions/arp.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="protocols">
+ <children>
+ <node name="static">
+ <children>
+ <tagNode name="arp" owner="${vyos_conf_scripts_dir}/arp.py">
+ <properties>
+ <help>Static ARP translation</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 destination address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="hwaddr">
+ <properties>
+ <help>mac address to translate to</help>
+ <valueHelp>
+ <format>h:h:h:h:h:h</format>
+ <description>Hardware (MAC) address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="mac-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/interface-definitions/bcast-relay.xml b/interface-definitions/bcast-relay.xml
index 0437192fa..96ce16639 100644
--- a/interface-definitions/bcast-relay.xml
+++ b/interface-definitions/bcast-relay.xml
@@ -3,24 +3,36 @@
<interfaceDefinition>
<node name="service">
<children>
- <node name="broadcast-relay">
+ <node name="broadcast-relay" owner="${vyos_conf_scripts_dir}/bcast_relay.py">
<properties>
- <help>UDP Broadcast Relay parameters</help>
+ <help>UDP broadcast relay service</help>
+ <priority>990</priority>
</properties>
<children>
- <tagNode name="id" owner="${vyos_conf_scripts_dir}/bcast_relay.py">
+ <leafNode name="disable">
+ <properties>
+ <help>Globally disable broadcast relay service</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <tagNode name="id">
<properties>
<help>Unique ID for each UDP port to forward</help>
<valueHelp>
<format>1-99</format>
<description>Numerical ID #</description>
</valueHelp>
- <priority>990</priority>
<constraint>
<validator name="numeric" argument="--range 1-99"/>
</constraint>
</properties>
<children>
+ <leafNode name="disable">
+ <properties>
+ <help>Disable broadcast relay service instance</help>
+ <valueless/>
+ </properties>
+ </leafNode>
<leafNode name="address">
<properties>
<help>Set source IP of forwarded packets, otherwise original senders address is used</help>
@@ -29,7 +41,7 @@
<description>Optional source address for forwarded packets</description>
</valueHelp>
<constraint>
- <validator name="ipv4"/>
+ <validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/dhcp-relay.xml b/interface-definitions/dhcp-relay.xml
new file mode 100644
index 000000000..b83402aa1
--- /dev/null
+++ b/interface-definitions/dhcp-relay.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0"?>
+<!-- DHCP relay configuration -->
+<interfaceDefinition>
+ <node name="service">
+ <children>
+ <node name="dhcp-relay" owner="${vyos_conf_scripts_dir}/dhcp_relay.py">
+ <properties>
+ <help>Host Configuration Protocol (DHCP) relay agent</help>
+ <priority>910</priority>
+ </properties>
+ <children>
+ <leafNode name="interface">
+ <properties>
+ <help>DHCP relay interface [REQUIRED]</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py -b</script>
+ </completionHelp>
+ <multi/>
+ </properties>
+ </leafNode>
+ <node name="relay-options">
+ <properties>
+ <help>Relay options</help>
+ </properties>
+ <children>
+ <leafNode name="hop-count">
+ <properties>
+ <help>Policy to discard packets that have reached specified hop-count</help>
+ <valueHelp>
+ <format>1-255</format>
+ <description>Hop count (default: 10)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ <constraintErrorMessage>hop-count must be a value between 1 and 255</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="max-size">
+ <properties>
+ <help>Maximum packet size to send to a DHCPv4/BOOTP server</help>
+ <valueHelp>
+ <format>64-1400</format>
+ <description>Maximum packet size (default: 576)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 64-1400"/>
+ </constraint>
+ <constraintErrorMessage>max-size must be a value between 64 and 1400</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="relay-agents-packets">
+ <properties>
+ <help>Policy to handle incoming DHCPv4 packets which already contain relay agent options (default: forward)</help>
+ <completionHelp>
+ <list>append replace forward discard</list>
+ </completionHelp>
+ <valueHelp>
+ <format>append</format>
+ <description>append own relay options to packet</description>
+ </valueHelp>
+ <valueHelp>
+ <format>replace</format>
+ <description>replace existing agent option field</description>
+ </valueHelp>
+ <valueHelp>
+ <format>forward</format>
+ <description>forward packet unchanged</description>
+ </valueHelp>
+ <valueHelp>
+ <format>discard</format>
+ <description>discard packet (default action if giaddr not set in packet)</description>
+ </valueHelp>
+ <constraint>
+ <regex>(append|replace|forward|discard)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="server">
+ <properties>
+ <help>DHCP server address</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>DHCP server IPv4 address</description>
+ </valueHelp>
+ <multi/>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/interface-definitions/dhcp-server.xml b/interface-definitions/dhcp-server.xml
new file mode 100644
index 000000000..87999f496
--- /dev/null
+++ b/interface-definitions/dhcp-server.xml
@@ -0,0 +1,462 @@
+<?xml version="1.0"?>
+<!-- DHCP server configuration -->
+<interfaceDefinition>
+ <node name="service">
+ <children>
+ <node name="dhcp-server" owner="${vyos_conf_scripts_dir}/dhcp_server.py">
+ <properties>
+ <help>Dynamic Host Configuration Protocol (DHCP) for DHCP server</help>
+ <priority>911</priority>
+ </properties>
+ <children>
+ <leafNode name="disable">
+ <properties>
+ <help>Option to disable DHCP server</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="dynamic-dns-update">
+ <properties>
+ <help>DHCP server to dynamically update the Domain Name System (DNS)</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="global-parameters">
+ <properties>
+ <help>Additional global parameters for DHCP server. You must
+ use the syntax of dhcpd.conf in this text-field. Using this
+ without proper knowledge may result in a crashed DHCP server.
+ Check system log to look for errors.</help>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="hostfile-update">
+ <properties>
+ <help>Enable DHCP server updating /etc/hosts (per client lease)</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="host-decl-name">
+ <properties>
+ <help>Instruct server to use host declaration name for forward DNS name</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <tagNode name="shared-network-name">
+ <properties>
+ <help>DHCP shared network name [REQUIRED]</help>
+ <constraint>
+ <regex>^[-_a-zA-Z0-9.]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid DHCP pool name</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="authoritative">
+ <properties>
+ <help>Option to make DHCP server authoritative for this physical network</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="description">
+ <properties>
+ <help>Shared-network-name description</help>
+ </properties>
+ </leafNode>
+ <leafNode name="disable">
+ <properties>
+ <help>Option to disable DHCP configuration for shared-network</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="shared-network-parameters">
+ <properties>
+ <help>Additional shared-network parameters for DHCP server.
+ You must use the syntax of dhcpd.conf in this text-field.
+ Using this without proper knowledge may result in a crashed
+ DHCP server. Check system log to look for errors.</help>
+ <multi/>
+ </properties>
+ </leafNode>
+ <tagNode name="subnet">
+ <properties>
+ <help>DHCP subnet for shared network</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IPv4 address and prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-prefix"/>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="bootfile-name">
+ <properties>
+ <help>Bootstrap file name</help>
+ </properties>
+ </leafNode>
+ <leafNode name="bootfile-server">
+ <properties>
+ <help>Server (IP address or domain name) from which the initial
+ boot file is to be loaded</help>
+ </properties>
+ </leafNode>
+ <leafNode name="client-prefix-length">
+ <properties>
+ <help>Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used.</help>
+ <valueHelp>
+ <format>0-32</format>
+ <description>DHCP client prefix length must be 0 to 32</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-32"/>
+ </constraint>
+ <constraintErrorMessage>DHCP client prefix length must be 0 to 32</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="default-router">
+ <properties>
+ <help>IP address of default router</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Default router IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="dns-server">
+ <properties>
+ <help>DNS server IPv4 address</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>DNS server IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="domain-name">
+ <properties>
+ <help>Client domain name</help>
+ </properties>
+ </leafNode>
+ <leafNode name="domain-search">
+ <properties>
+ <help>Client domain search</help>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="exclude">
+ <properties>
+ <help>IP address that needs to be excluded from DHCP lease range</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address to exclude from lease range</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <node name="failover">
+ <properties>
+ <help>DHCP failover parameters</help>
+ </properties>
+ <children>
+ <leafNode name="local-address">
+ <properties>
+ <help>IP address for failover peer to connect [REQUIRED]</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address to exclude from lease range</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="name">
+ <properties>
+ <help>DHCP failover peer name [REQUIRED]</help>
+ <constraint>
+ <regex>^[-_a-zA-Z0-9.]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid failover peer name</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="peer-address">
+ <properties>
+ <help>IP address of failover peer [REQUIRED]</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address to exclude from lease range</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="status">
+ <properties>
+ <help>DHCP failover peer status (primary|secondary) [REQUIRED]</help>
+ <completionHelp>
+ <list>primary secondary</list>
+ </completionHelp>
+ <constraint>
+ <regex>(primary|secondary)</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid DHCP failover peer status</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="ip-forwarding">
+ <properties>
+ <help>Enable IP forwarding on client</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="lease">
+ <properties>
+ <help>Lease timeout in seconds (default: 86400)</help>
+ <valueHelp>
+ <format>0-4294967295</format>
+ <description>DHCP lease time in seconds must be between 0 and 4294967295 (49 days)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-4294967295"/>
+ </constraint>
+ <constraintErrorMessage>DHCP lease time must be 0 to 4294967295</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="ntp-server">
+ <properties>
+ <help>IP address of NTP server</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>NTP server IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="pop-server">
+ <properties>
+ <help>IP address of POP3 server</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>POP3 server IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="server-identifier">
+ <properties>
+ <help>Address for DHCP server identifier</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>DHCP server identifier IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="smtp-server">
+ <properties>
+ <help>IP address of SMTP server</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>SMTP server IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <tagNode name="range">
+ <properties>
+ <help>DHCP lease range</help>
+ <constraint>
+ <regex>^[-_a-zA-Z0-9.]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid DHCP lease range name</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="start">
+ <properties>
+ <help>First IP address for DHCP lease range</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 start address of pool</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="stop">
+ <properties>
+ <help>Last IP address for DHCP lease range</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 end address of pool</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ <tagNode name="static-mapping">
+ <properties>
+ <help>Static mapping for specified address type</help>
+ <constraint>
+ <regex>^[-_a-zA-Z0-9.]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid static-mapping name</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="disable">
+ <properties>
+ <help>Option to disable static-mapping</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="ip-address">
+ <properties>
+ <help>Static mapping for specified IP address [REQUIRED]</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address used in static mapping</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="mac-address">
+ <properties>
+ <help>Static mapping for specified MAC address [REQUIRED]</help>
+ <valueHelp>
+ <format>h:h:h:h:h:h</format>
+ <description>MAC address used in static mapping [REQUIRED]</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="static-mapping-parameters">
+ <properties>
+ <help>Additional static-mapping parameters for DHCP server.
+ You must use the syntax of dhcpd.conf in this text-field.
+ Using this without proper knowledge may result in a crashed
+ DHCP server. Check system log to look for errors.</help>
+ <multi/>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ <node name="static-route">
+ <properties>
+ <help>Classless static route</help>
+ </properties>
+ <children>
+ <leafNode name="destination-subnet">
+ <properties>
+ <help>Destination subnet [REQUIRED]</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IPv4 address and prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-prefix"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="router">
+ <properties>
+ <help>IP address of router to be used to reach the destination subnet [REQUIRED]</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address of router</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ip-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="subnet-parameters">
+ <properties>
+ <help>Additional subnet parameters for DHCP server. You must
+ use the syntax of dhcpd.conf in this text-field. Using this
+ without proper knowledge may result in a crashed DHCP server.
+ Check system log to look for errors.</help>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="tftp-server-name">
+ <properties>
+ <help>TFTP server name</help>
+ </properties>
+ </leafNode>
+ <leafNode name="time-offset">
+ <properties>
+ <help>Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)</help>
+ <constraint>
+ <regex>^-?[0-9]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid time offset valuee</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="time-server">
+ <properties>
+ <help>IP address of time server</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Time server IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="wins-server">
+ <properties>
+ <help>IP address for Windows Internet Name Service (WINS) server</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>WINS server IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="wpad-url">
+ <properties>
+ <help>Web Proxy Autodiscovery (WPAD) URL</help>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/interface-definitions/dhcpv6-relay.xml b/interface-definitions/dhcpv6-relay.xml
new file mode 100644
index 000000000..0beb09d05
--- /dev/null
+++ b/interface-definitions/dhcpv6-relay.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0"?>
+<!-- DHCPv6 relay configuration -->
+<interfaceDefinition>
+ <node name="service">
+ <children>
+ <node name="dhcpv6-relay" owner="${vyos_conf_scripts_dir}/dhcpv6_relay.py">
+ <properties>
+ <help>DHCPv6 Relay Agent parameters</help>
+ <priority>900</priority>
+ </properties>
+ <children>
+ <tagNode name="listen-interface">
+ <properties>
+ <help>Interface for DHCPv6 Relay Agent to listen for requests</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ </properties>
+ <children>
+ <leafNode name="address">
+ <properties>
+ <help>IPv6 address on listen-interface listen for requests on</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address on listen interface</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ <leafNode name="max-hop-count">
+ <properties>
+ <help>Maximum hop count for which requests will be processed</help>
+ <valueHelp>
+ <format>1-255</format>
+ <description>Hop count (default: 10)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ <constraintErrorMessage>max-hop-count must be a value between 1 and 255</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <tagNode name="upstream-interface">
+ <properties>
+ <help>Interface for DHCPv6 Relay Agent forward requests out</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ </properties>
+ <children>
+ <leafNode name="address">
+ <properties>
+ <help>IPv6 address to forward requests to</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address of the DHCP server</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ <leafNode name="use-interface-id-option">
+ <properties>
+ <help>Option to set DHCPv6 interface-ID option</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/interface-definitions/dhcpv6-server.xml b/interface-definitions/dhcpv6-server.xml
new file mode 100644
index 000000000..e63eb2242
--- /dev/null
+++ b/interface-definitions/dhcpv6-server.xml
@@ -0,0 +1,316 @@
+<?xml version="1.0"?>
+<!-- DHCPv6 server configuration -->
+<interfaceDefinition>
+ <node name="service">
+ <children>
+ <node name="dhcpv6-server" owner="${vyos_conf_scripts_dir}/dhcpv6_server.py">
+ <properties>
+ <help>DHCP for IPv6 (DHCPv6) server</help>
+ <priority>900</priority>
+ </properties>
+ <children>
+ <leafNode name="disable">
+ <properties>
+ <help>Option to disable DHCPv6 server</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="preference">
+ <properties>
+ <help>Preference of this DHCPv6 server compared with others</help>
+ <valueHelp>
+ <format>0-255</format>
+ <description>DHCPv6 server preference (0-255)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-255"/>
+ </constraint>
+ <constraintErrorMessage>Preference must be between 0 and 255</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <tagNode name="shared-network-name">
+ <properties>
+ <help>DHCPv6 shared network name [REQUIRED]</help>
+ <constraint>
+ <regex>^[-_a-zA-Z0-9.]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid DHCPv6 pool name</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="disable">
+ <properties>
+ <help>Option to disable DHCPv6 configuration for shared-network</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <tagNode name="subnet">
+ <properties>
+ <help>IPv6 DHCP subnet for this shared network [REQUIRED]</help>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>IPv6 address and prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-prefix"/>
+ </constraint>
+ </properties>
+ <children>
+ <node name="address-range">
+ <properties>
+ <help>Parameters setting ranges for assigning IPv6 addresses</help>
+ </properties>
+ <children>
+ <tagNode name="prefix">
+ <properties>
+ <help>IPv6 prefix defining range of addresses to assign</help>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>IPv6 address and prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-prefix"/>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="temporary">
+ <properties>
+ <help>Address range will be used for temporary addresses</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ <tagNode name="start">
+ <properties>
+ <help>First in range of consecutive IPv6 addresses to assign</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="stop">
+ <properties>
+ <help>Last in range of consecutive IPv6 addresses</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ <leafNode name="domain-search">
+ <properties>
+ <help>Domain name for client to search</help>
+ <constraint>
+ <regex>^[-_a-zA-Z0-9.]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid domain name syntax</constraintErrorMessage>
+ <multi/>
+ </properties>
+ </leafNode>
+ <node name="lease-time">
+ <properties>
+ <help>Parameters relating to the lease time</help>
+ </properties>
+ <children>
+ <leafNode name="default">
+ <properties>
+ <help>Default time (in seconds) that will be assigned to a lease</help>
+ </properties>
+ </leafNode>
+ <leafNode name="maximum">
+ <properties>
+ <help>Maximum time (in seconds) that will be assigned to a lease</help>
+ </properties>
+ </leafNode>
+ <leafNode name="minimum">
+ <properties>
+ <help>Minimum time (in seconds) that will be assigned to a lease</help>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="name-server">
+ <properties>
+ <help>IPv6 address of a Recursive DNS Server</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address of DNS name server</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="nis-domain">
+ <properties>
+ <help>NIS domain name for client to use</help>
+ <constraint>
+ <regex>^[-_a-zA-Z0-9.]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid NIS domain name syntax</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="nis-server">
+ <properties>
+ <help>IPv6 address of a NIS Server</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address of NIS server</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="nisplus-domain">
+ <properties>
+ <help>NIS+ domain name for client to use</help>
+ <constraint>
+ <regex>^[-_a-zA-Z0-9.]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid NIS+ domain name syntax</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="nisplus-server">
+ <properties>
+ <help>IPv6 address of a NIS+ Server</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address of NIS+ server</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <node name="prefix-delegation">
+ <properties>
+ <help>Parameters relating to IPv6 prefix delegation</help>
+ </properties>
+ <children>
+ <tagNode name="start">
+ <properties>
+ <help>First in range of IPv6 addresses to be used in prefix delegation</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address used in prefix delegation</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="prefix-length">
+ <properties>
+ <help>Length in bits of prefixes to be delegated</help>
+ <valueHelp>
+ <format>0-255</format>
+ <description>DHCPv6 server preference (0-255)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-255"/>
+ </constraint>
+ <constraintErrorMessage>Preference must be between 0 and 255</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="stop">
+ <properties>
+ <help>Last in range of IPv6 addresses to be used in prefix delegation</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address used in prefix delegation</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ <leafNode name="sip-server-address">
+ <properties>
+ <help>IPv6 address of SIP server</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address of SIP server</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="sip-server-name">
+ <properties>
+ <help>SIP server name</help>
+ <constraint>
+ <regex>^[-_a-zA-Z0-9.]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid SIP server name syntax</constraintErrorMessage>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="sntp-server">
+ <properties>
+ <help>IPv6 address of an SNTP Server for client to use</help>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <tagNode name="static-mapping">
+ <properties>
+ <help>Name of static mapping</help>
+ </properties>
+ <children>
+ <leafNode name="disable">
+ <properties>
+ <help>Option to disable static-mapping</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="identifier">
+ <properties>
+ <help>Client identifier for this static mapping</help>
+ </properties>
+ </leafNode>
+ <leafNode name="ipv6-address">
+ <properties>
+ <help>Client IPv5 address for this static mapping</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address for this tatic mapping</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </tagNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/interface-definitions/dns-domain-name.xml b/interface-definitions/dns-domain-name.xml
new file mode 100644
index 000000000..a2c66495f
--- /dev/null
+++ b/interface-definitions/dns-domain-name.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0"?>
+<!-- host-name configuration -->
+<interfaceDefinition>
+ <node name="system">
+ <children>
+ <leafNode name="name-server">
+ <properties>
+ <help>Domain Name Server (DNS)</help>
+ <priority>400</priority>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Domain Name Server (DNS) address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>Domain Name Server (DNS) address</description>
+ </valueHelp>
+ <multi/>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="host-name" owner="${vyos_conf_scripts_dir}/host_name.py">
+ <properties>
+ <help>System host name (default: vyos)</help>
+ <constraint>
+ <regex>[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="domain-name" owner="${vyos_conf_scripts_dir}/host_name.py">
+ <properties>
+ <help>System domain name</help>
+ <constraint>
+ <regex>[A-Za-z0-9][-.A-Za-z0-9]*</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ <node name="domain-search" owner="${vyos_conf_scripts_dir}/host_name.py">
+ <properties>
+ <help>Domain Name Server (DNS) domain completion order</help>
+ <priority>400</priority>
+ </properties>
+ <children>
+ <leafNode name="domain">
+ <properties>
+ <help>DNS domain completion order</help>
+ <constraint>
+ <regex>^[-a-zA-Z0-9.]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid domain name</constraintErrorMessage>
+ <multi/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="disable-dhcp-nameservers" owner="${vyos_conf_scripts_dir}/host_name.py">
+ <properties>
+ <help>Disable DHCP updates of DNS settings</help>
+ <priority>300</priority>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <node name="static-host-mapping" owner="${vyos_conf_scripts_dir}/host_name.py">
+ <properties>
+ <help>Map host names to addresses</help>
+ <priority>400</priority>
+ </properties>
+ <children>
+
+ <tagNode name="host-name">
+ <properties>
+ <help>Host name for static address mapping</help>
+ <constraint>
+ <regex>^[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]$</regex>
+ </constraint>
+ <constraintErrorMessage>invalid hostname</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="alias">
+ <properties>
+ <help>Alias for this address</help>
+ <constraint>
+ <regex>^.{1,63}$</regex>
+ </constraint>
+ <constraintErrorMessage>invalid alias hostname, needs to be between 1 and 63 charactes</constraintErrorMessage>
+ <multi />
+ </properties>
+ </leafNode>
+ <leafNode name="inet">
+ <properties>
+ <help>IP Address [REQUIRED]</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ip-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/interface-definitions/dns-forwarding.xml b/interface-definitions/dns-forwarding.xml
index 01e8ad7d3..b989434f2 100644
--- a/interface-definitions/dns-forwarding.xml
+++ b/interface-definitions/dns-forwarding.xml
@@ -35,26 +35,29 @@
<leafNode name="dnssec">
<properties>
<help>DNSSEC mode</help>
- <valueHelp>
- <format>off</format>
- <description></description>
- </valueHelp>
- <valueHelp>
- <format>process-no-validate</format>
- <description></description>
- </valueHelp>
- <valueHelp>
- <format>process</format>
- <description></description>
- </valueHelp>
- <valueHelp>
- <format>log-fail</format>
- <description></description>
- </valueHelp>
- <valueHelp>
- <format>validate</format>
- <description></description>
- </valueHelp>
+ <completionHelp>
+ <list>off process-no-validate process log-fail validate</list>
+ </completionHelp>
+ <valueHelp>
+ <format>off</format>
+ <description>No DNSSEC processing whatsoever!</description>
+ </valueHelp>
+ <valueHelp>
+ <format>process-no-validate</format>
+ <description>Respond with DNSSEC records to clients that ask for it. Don't do any validation.</description>
+ </valueHelp>
+ <valueHelp>
+ <format>process</format>
+ <description>Respond with DNSSEC records to clients that ask for it. Validation for clients that request it.</description>
+ </valueHelp>
+ <valueHelp>
+ <format>log-fail</format>
+ <description>Similar behaviour to process, but validate RRSIGs on responses and log bogus responses.</description>
+ </valueHelp>
+ <valueHelp>
+ <format>validate</format>
+ <description>Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses.</description>
+ </valueHelp>
<constraint>
<regex>(off|process-no-validate|process|log-fail|validate)</regex>
</constraint>
@@ -132,7 +135,7 @@
</leafNode>
<leafNode name="name-server">
<properties>
- <help>Domain Name Servers (DNS) addresses</help>
+ <help>Domain Name Servers (DNS) addresses [OPTIONAL]</help>
<valueHelp>
<format>ipv4</format>
<description>Domain Name Server (DNS) IPv4 address</description>
diff --git a/interface-definitions/dynamic-dns.xml b/interface-definitions/dynamic-dns.xml
index e0b2cf764..974bbcbce 100644
--- a/interface-definitions/dynamic-dns.xml
+++ b/interface-definitions/dynamic-dns.xml
@@ -66,6 +66,9 @@
<tagNode name="service">
<properties>
<help>Service being used for Dynamic DNS [REQUIRED]</help>
+ <completionHelp>
+ <list>custom afraid changeip cloudflare dnspark dslreports dyndns easydns namecheap noip sitelutions zoneedit</list>
+ </completionHelp>
<valueHelp>
<format>custom</format>
<description>Custom or predefined service</description>
diff --git a/interface-definitions/host-name.xml b/interface-definitions/host-name.xml
deleted file mode 100644
index bbe679607..000000000
--- a/interface-definitions/host-name.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<?xml version="1.0"?>
-
-<!-- host-name configuration -->
-
-<interfaceDefinition>
- <node name="system">
- <children>
- <leafNode name="host-name" owner="${vyos_conf_scripts_dir}/host_name.py">
- <properties>
- <help>System host name (default: vyos)</help>
- <constraint>
- <regex>[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]</regex>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="domain-name" owner="${vyos_conf_scripts_dir}/host_name.py">
- <properties>
- <help>System domain name</help>
- <constraint>
- <regex>[A-Za-z0-9][-.A-Za-z0-9]*</regex>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </node>
-</interfaceDefinition>
diff --git a/interface-definitions/igmp-proxy.xml b/interface-definitions/igmp-proxy.xml
new file mode 100644
index 000000000..ab56019b4
--- /dev/null
+++ b/interface-definitions/igmp-proxy.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0"?>
+<!-- IGMP Proxy configuration -->
+<interfaceDefinition>
+ <node name="protocols">
+ <children>
+ <node name="igmp-proxy" owner="${vyos_conf_scripts_dir}/igmp_proxy.py">
+ <properties>
+ <help>Internet Group Management Protocol (IGMP) proxy parameters</help>
+ <priority>740</priority>
+ </properties>
+ <children>
+ <leafNode name="disable">
+ <properties>
+ <help>Option to disable IGMP proxy</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="disable-quickleave">
+ <properties>
+ <help>Option to disable "quickleave"</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <tagNode name="interface">
+ <properties>
+ <help>Interface for IGMP proxy [REQUIRED]</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ </properties>
+ <children>
+ <leafNode name="alt-subnet">
+ <properties>
+ <help>Allowed unicast sources for multicast traffic to be proxy'ed</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IPv4 network</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-prefix"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="role">
+ <properties>
+ <help>Role of this IGMP interface</help>
+ <completionHelp>
+ <list>upstream downstream disabled</list>
+ </completionHelp>
+ <valueHelp>
+ <format>upstream</format>
+ <description>Upstream interface (only 1 allowed)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>downstream</format>
+ <description>Downstream interface(s) (default)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>disabled</format>
+ <description>Disabled interface</description>
+ </valueHelp>
+ <constraint>
+ <regex>(upstream|downstream|disabled)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="threshold">
+ <properties>
+ <help>TTL threshold</help>
+ <valueHelp>
+ <format>1-255</format>
+ <description>TTL threshold for the interfaces (default: 1)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ <constraintErrorMessage>threshold must be between 1 and 255</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="whitelist">
+ <properties>
+ <help>Group to whitelist</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IPv4 network</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-prefix"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/interface-definitions/mdns-repeater.xml b/interface-definitions/mdns-repeater.xml
index d74e203d6..a59321294 100644
--- a/interface-definitions/mdns-repeater.xml
+++ b/interface-definitions/mdns-repeater.xml
@@ -14,9 +14,15 @@
<priority>990</priority>
</properties>
<children>
+ <leafNode name="disable">
+ <properties>
+ <help>Disable mDNS repeater service</help>
+ <valueless/>
+ </properties>
+ </leafNode>
<leafNode name="interface">
<properties>
- <help>Interface to repeat mdns advertisements to [REQUIRED]</help>
+ <help>Interface to repeat mDNS advertisements [REQUIRED]</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces.py</script>
</completionHelp>
diff --git a/interface-definitions/ntp.xml b/interface-definitions/ntp.xml
index d324404da..945345898 100644
--- a/interface-definitions/ntp.xml
+++ b/interface-definitions/ntp.xml
@@ -14,12 +14,6 @@
<help>Network Time Protocol (NTP) server</help>
</properties>
<children>
- <leafNode name="dynamic">
- <properties>
- <help>Allow server to be configured even if not reachable</help>
- <valueless/>
- </properties>
- </leafNode>
<leafNode name="noselect">
<properties>
<help>Marks the server as unused</help>
diff --git a/interface-definitions/pppoe-server.xml b/interface-definitions/pppoe-server.xml
new file mode 100644
index 000000000..993ea262f
--- /dev/null
+++ b/interface-definitions/pppoe-server.xml
@@ -0,0 +1,580 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="service">
+ <children>
+ <node name="pppoe-server" owner="${vyos_conf_scripts_dir}/accel_pppoe.py">
+ <properties>
+ <help>Point to Point over Ethernet (PPPoE) Server</help>
+ <priority>900</priority>
+ </properties>
+ <children>
+ <node name="snmp">
+ <properties>
+ <help>Enable SNMP</help>
+ </properties>
+ <children>
+ <leafNode name="master-agent">
+ <properties>
+ <help>enable SNMP master agent mode</help>
+ <valueless />
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="access-concentrator">
+ <properties>
+ <help>Access concentrator name</help>
+ <constraint>
+ <regex>^[a-zA-Z0-9]{1,100}</regex>
+ </constraint>
+ <constraintErrorMessage>access-concentrator name limited to aplhanumerical characters only (max. 100)</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <node name="authentication">
+ <properties>
+ <help>Authentication for remote access PPPoE Server</help>
+ </properties>
+ <children>
+ <node name="local-users">
+ <properties>
+ <help>Local user authentication for PPPoE server</help>
+ </properties>
+ <children>
+ <tagNode name="username">
+ <properties>
+ <help>User name for authentication</help>
+ </properties>
+ <children>
+ <leafNode name="disable">
+ <properties>
+ <help>Option to disable a PPPoE Server user</help>
+ </properties>
+ </leafNode>
+ <leafNode name="password">
+ <properties>
+ <help>Password for authentication</help>
+ </properties>
+ </leafNode>
+ <leafNode name="static-ip">
+ <properties>
+ <help>Static client IP address</help>
+ </properties>
+ </leafNode>
+ <node name="rate-limit">
+ <properties>
+ <help>Upload/Download speed limits</help>
+ </properties>
+ <children>
+ <leafNode name="upload">
+ <properties>
+ <help>Upload bandwidth limit in kbits/sec</help>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="download">
+ <properties>
+ <help>Download bandwidth limit in kbits/sec</help>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ <leafNode name="mode">
+ <properties>
+ <help>Authentication mode for PPPoE Server</help>
+ <valueHelp>
+ <format>local</format>
+ <description>Use local username/password configuration</description>
+ </valueHelp>
+ <valueHelp>
+ <format>radius</format>
+ <description>Use a RADIUS server to autenticate users</description>
+ </valueHelp>
+ <constraint>
+ <regex>^(local|radius)</regex>
+ </constraint>
+ <completionHelp>
+ <list>local radius</list>
+ </completionHelp>
+ </properties>
+ </leafNode>
+ <tagNode name="radius-server">
+ <properties>
+ <help>IP address of RADIUS server</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IP address of RADIUS server</description>
+ </valueHelp>
+ </properties>
+ <children>
+ <leafNode name="secret">
+ <properties>
+ <help>Key for accessing the specified server</help>
+ </properties>
+ </leafNode>
+ <leafNode name="req-limit">
+ <properties>
+ <help>Maximum number of simultaneous requests to server (default: unlimited)</help>
+ </properties>
+ </leafNode>
+ <leafNode name="fail-time">
+ <properties>
+ <help>If server doesn't responds mark it as unavailable for this amount of time in seconds</help>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ <node name="radius-settings">
+ <properties>
+ <help>RADIUS settings</help>
+ </properties>
+ <children>
+ <leafNode name="timeout">
+ <properties>
+ <help>Timeout to wait response from server (seconds)</help>
+ </properties>
+ </leafNode>
+ <leafNode name="acct-timeout">
+ <properties>
+ <help>Timeout to wait reply for Interim-Update packets. (default 3 seconds)</help>
+ </properties>
+ </leafNode>
+ <leafNode name="max-try">
+ <properties>
+ <help>Maximum number of tries to send Access-Request/Accounting-Request queries</help>
+ </properties>
+ </leafNode>
+ <leafNode name="nas-identifier">
+ <properties>
+ <help>Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests.</help>
+ </properties>
+ </leafNode>
+ <leafNode name="nas-ip-address">
+ <properties>
+ <help>Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address.</help>
+ </properties>
+ </leafNode>
+ <node name="dae-server">
+ <properties>
+ <help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help>
+ </properties>
+ <children>
+ <leafNode name="ip-address">
+ <properties>
+ <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help>
+ </properties>
+ </leafNode>
+ <leafNode name="port">
+ <properties>
+ <help>Port for Dynamic Authorization Extension server (DM/CoA)</help>
+ </properties>
+ </leafNode>
+ <leafNode name="secret">
+ <properties>
+ <help>Secret for Dynamic Authorization Extension server (DM/CoA)</help>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <node name="rate-limit">
+ <properties>
+ <help>Upload/Download speed limits</help>
+ </properties>
+ <children>
+ <leafNode name="attribute">
+ <properties>
+ <help>Specifies which radius attribute contains rate information. (default is Filter-ID)</help>
+ </properties>
+ </leafNode>
+ <leafNode name="enable">
+ <properties>
+ <help>Enables Bandwidth shaping via RADIUS</help>
+ <valueless />
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+ </node>
+ <node name="client-ip-pool">
+ <properties>
+ <help>Pool of client IP addresses (must be within a /24)</help>
+ </properties>
+ <children>
+ <leafNode name="start">
+ <properties>
+ <help>First IP address in the pool</help>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="stop">
+ <properties>
+ <help>Last IP address in the pool</help>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <node name="client-ipv6-pool">
+ <properties>
+ <help>Pool of client IPv6 addresses</help>
+ </properties>
+ <children>
+ <leafNode name="prefix">
+ <properties>
+ <help>Format: ipv6prefix/mask,prefix_len (e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients)</help>
+ <multi />
+ </properties>
+ </leafNode>
+ <leafNode name="delegate-prefix">
+ <properties>
+ <help>Format: ipv6prefix/mask,prefix_len (delegate to clients through DHCPv6 prefix delegation - rfc3633)</help>
+ <multi />
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <node name="dns-servers">
+ <properties>
+ <help>IPv4 Domain Name Service (DNS) server</help>
+ </properties>
+ <children>
+ <leafNode name="server-1">
+ <properties>
+ <help>Primary DNS server</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="server-2">
+ <properties>
+ <help>Secondary DNS server</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <node name="dnsv6-servers">
+ <properties>
+ <help>IPv6 Domain Name Service (DNS) server</help>
+ </properties>
+ <children>
+ <leafNode name="server-1">
+ <properties>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address</description>
+ </valueHelp>
+ <help>Primary DNS server</help>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="server-2">
+ <properties>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address</description>
+ </valueHelp>
+ <help>Secondary DNS server</help>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="server-3">
+ <properties>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address</description>
+ </valueHelp>
+ <help>Tertiary DNS server</help>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="interface">
+ <properties>
+ <help>interface(s) to listen on</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="local-ip">
+ <properties>
+ <help>local gateway address</help>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="mtu">
+ <properties>
+ <help>Maximum Transmission Unit (MTU) - default 1492</help>
+ <constraint>
+ <validator name="numeric" argument="--range 128-16384"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <node name="limits">
+ <properties>
+ <help>Limits the connection rate from a single source</help>
+ </properties>
+ <children>
+ <leafNode name="connection-limit">
+ <properties>
+ <help>Acceptable rate of connections (e.g. 1/min, 60/sec)</help>
+ <constraint>
+ <regex>^[0-9]+\/(min|sec)$</regex>
+ </constraint>
+ <constraintErrorMessage>illegal value</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="burst">
+ <properties>
+ <help>Burst count</help>
+ </properties>
+ </leafNode>
+ <leafNode name="timeout">
+ <properties>
+ <help>Timeout in seconds</help>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="service-name">
+ <properties>
+ <help>Service name</help>
+ <constraint>
+ <regex>^[a-zA-Z0-9\-]{1,100}</regex>
+ </constraint>
+ <constraintErrorMessage>servicename can contain aplhanumerical characters and dashes only (max. 100)</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <node name="wins-servers">
+ <properties>
+ <help>Windows Internet Name Service (WINS) server settings</help>
+ </properties>
+ <children>
+ <leafNode name="server-1">
+ <properties>
+ <help>Primary WINS server</help>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="server-2">
+ <properties>
+ <help>Secondary WINS server</help>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <node name="ppp-options">
+ <properties>
+ <help>Advanced protocol options</help>
+ </properties>
+ <children>
+ <leafNode name="min-mtu">
+ <properties>
+ <help>Minimum acceptable MTU (68-65535)</help>
+ <constraint>
+ <validator name="numeric" argument="--range 68-65535"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="mru">
+ <properties>
+ <help>Preferred MRU (68-65535)</help>
+ <constraint>
+ <validator name="numeric" argument="--range 68-65535"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="ccp">
+ <properties>
+ <help>CCP negotiation (default disabled)</help>
+ <valueless />
+ </properties>
+ </leafNode>
+ <node name="mppe">
+ <properties>
+ <help>Specifies MPPE negotiation preference. (default prefer mppe)</help>
+ </properties>
+ <children>
+ <leafNode name="require">
+ <properties>
+ <help>Ask client for MPPE, if it rejects then drop the connection</help>
+ <valueless />
+ </properties>
+ </leafNode>
+ <leafNode name="prefer">
+ <properties>
+ <help>Ask client for MPPE, if it rejects don't fail</help>
+ <valueless />
+ </properties>
+ </leafNode>
+ <leafNode name="deny">
+ <properties>
+ <help>Deny MPPE</help>
+ <valueless />
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="lcp-echo-interval">
+ <properties>
+ <help>LCP echo-requests/sec</help>
+ <constraint>
+ <validator name="numeric" argument="--positive"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="lcp-echo-failure">
+ <properties>
+ <help>Maximum number of Echo-Requests may be sent without valid reply</help>
+ <constraint>
+ <validator name="numeric" argument="--positive"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="lcp-echo-timeout">
+ <properties>
+ <help>Timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and "lcp-echo-failure" is not used.</help>
+ <constraint>
+ <validator name="numeric" argument="--positive"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="ipv4">
+ <properties>
+ <help>IPv4 (IPCP) negotiation algorithm</help>
+ <constraint>
+ <regex>^(deny|allow|prefer|require)</regex>
+ </constraint>
+ <constraintErrorMessage>invalid value</constraintErrorMessage>
+ <valueHelp>
+ <format>deny</format>
+ <description>Don't negotiate IPv4</description>
+ </valueHelp>
+ <valueHelp>
+ <format>allow</format>
+ <description>Negotiate IPv4 only if client requests</description>
+ </valueHelp>
+ <valueHelp>
+ <format>prefer</format>
+ <description>Ask client for IPv4 negotiation, don't fail if it rejects</description>
+ </valueHelp>
+ <valueHelp>
+ <format>require</format>
+ <description>Require IPv4 negotiation</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="ipv6">
+ <properties>
+ <help>IPv6 (IPCP6) negotiation algorithm</help>
+ <constraint>
+ <regex>^(deny|allow|prefer|require)</regex>
+ </constraint>
+ <constraintErrorMessage>invalid value</constraintErrorMessage>
+ <valueHelp>
+ <format>deny</format>
+ <description>Don't negotiate IPv6</description>
+ </valueHelp>
+ <valueHelp>
+ <format>allow</format>
+ <description>Negotiate IPv6 only if client requests</description>
+ </valueHelp>
+ <valueHelp>
+ <format>prefer</format>
+ <description>Ask client for IPv6 negotiation, don't fail if it rejects</description>
+ </valueHelp>
+ <valueHelp>
+ <format>require</format>
+ <description>Require IPv6 negotiation</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="ipv6-intf-id">
+ <properties>
+ <help>Fixed or random interface identifier for IPv6</help>
+ <valueHelp>
+ <format>random</format>
+ <description>Random interface identifier for IPv6</description>
+ </valueHelp>
+ <valueHelp>
+ <format>x:x:x:x</format>
+ <description>specify interface identifier for IPv6</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="ipv6-peer-intf-id">
+ <properties>
+ <help>Peer interface identifier for IPv6</help>
+ <valueHelp>
+ <format>x:x:x:x</format>
+ <description>Interface identifier for IPv6</description>
+ </valueHelp>
+ <valueHelp>
+ <format>random</format>
+ <description>Use a random interface identifier for IPv6</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Calculate interface identifier from IPv4 address, for example 192:168:0:1</description>
+ </valueHelp>
+ <valueHelp>
+ <format>calling-sid</format>
+ <description>Calculate interface identifier from calling-station-id</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="ipv6-accept-peer-intf-id">
+ <properties>
+ <help>Accept peer's interface identifier</help>
+ <valueless />
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/interface-definitions/pptp-server.xml b/interface-definitions/pptp-server.xml
new file mode 100644
index 000000000..5d16f8b9f
--- /dev/null
+++ b/interface-definitions/pptp-server.xml
@@ -0,0 +1,254 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="vpn">
+ <children>
+ <node name="pptp" owner="${vyos_conf_scripts_dir}/accel_pptp.py">
+ <properties>
+ <help>Point to Point Tunneling Protocol (PPTP) Virtual Private Network (VPN)</help>
+ </properties>
+ <children>
+ <node name="remote-access">
+ <properties>
+ <help>Remote access PPTP VPN</help>
+ </properties>
+ <children>
+ <leafNode name="mtu">
+ <properties>
+ <help>Maximum Transmission Unit (MTU)</help>
+ <constraint>
+ <validator name="numeric" argument="--range 128-16384"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="outside-address">
+ <properties>
+ <help>External IP address to which VPN clients will connect</help>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <node name="dns-servers">
+ <properties>
+ <help>IPv4 Domain Name Service (DNS) server</help>
+ </properties>
+ <children>
+ <leafNode name="server-1">
+ <properties>
+ <help>Primary DNS server</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="server-2">
+ <properties>
+ <help>Secondary DNS server</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <node name="wins-servers">
+ <properties>
+ <help>Windows Internet Name Service (WINS) server settings</help>
+ </properties>
+ <children>
+ <leafNode name="server-1">
+ <properties>
+ <help>Primary WINS server</help>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="server-2">
+ <properties>
+ <help>Secondary WINS server</help>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <node name="client-ip-pool">
+ <properties>
+ <help>Pool of client IP addresses (must be within a /24)</help>
+ </properties>
+ <children>
+ <leafNode name="start">
+ <properties>
+ <help>First IP address in the pool (will be used as gateway address)</help>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="stop">
+ <properties>
+ <help>Last IP address in the pool</help>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="gateway-address">
+ <properties>
+ <help>Gatway address uses as client tunnel termination point</help>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <node name="authentication">
+ <properties>
+ <help>Authentication for remote access PPTP VPN</help>
+ </properties>
+ <children>
+ <leafNode name="require">
+ <properties>
+ <help>Authentication protocol for remote access peer PPTP VPN</help>
+ <valueHelp>
+ <format>pap</format>
+ <description>Require the peer to authenticate itself using PAP [Password Authentication Protocol].</description>
+ </valueHelp>
+ <valueHelp>
+ <format>chap</format>
+ <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mschap</format>
+ <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mschap-v2</format>
+ <description>Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2].</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="mppe">
+ <properties>
+ <help>Specifies mppe negotioation preference. (default require mppe 128-bit stateless</help>
+ <valueHelp>
+ <format>deny</format>
+ <description>deny mppe</description>
+ </valueHelp>
+ <valueHelp>
+ <format>prefer</format>
+ <description>ask client for mppe, if it rejects don't fail</description>
+ </valueHelp>
+ <valueHelp>
+ <format>require</format>
+ <description>ask client for mppe, if it rejects drop connection</description>
+ </valueHelp>
+ <constraint>
+ <regex>^(deny|prefer|require)</regex>
+ </constraint>
+ <completionHelp>
+ <list>deny prefer require</list>
+ </completionHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="mode">
+ <properties>
+ <help>Authentication mode for remote access PPTP VPN</help>
+ <valueHelp>
+ <format>local</format>
+ <description>Use local username/password configuration</description>
+ </valueHelp>
+ <valueHelp>
+ <format>radius</format>
+ <description>Use a RADIUS server to autenticate users</description>
+ </valueHelp>
+ <constraint>
+ <regex>^(local|radius)</regex>
+ </constraint>
+ <completionHelp>
+ <list>local radius</list>
+ </completionHelp>
+ </properties>
+ </leafNode>
+ <node name="local-users">
+ <properties>
+ <help>Local user authentication for remote access PPTP VPN</help>
+ </properties>
+ <children>
+ <tagNode name="username">
+ <properties>
+ <help>User name for authentication</help>
+ </properties>
+ <children>
+ <leafNode name="disable">
+ <properties>
+ <help>Option to disable a PPTP Server user</help>
+ </properties>
+ </leafNode>
+ <leafNode name="password">
+ <properties>
+ <help>Password for authentication</help>
+ </properties>
+ </leafNode>
+ <leafNode name="static-ip">
+ <properties>
+ <help>Static client IP address</help>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ <node name="radius">
+ <properties>
+ <help>RADIUS specific configuration</help>
+ </properties>
+ <children>
+ <tagNode name="server">
+ <properties>
+ <help>IP address of radius server</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IP address of RADIUS server</description>
+ </valueHelp>
+ </properties>
+ <children>
+ <leafNode name="key">
+ <properties>
+ <help>Key for accessing the specified server</help>
+ </properties>
+ </leafNode>
+ <leafNode name="req-limit">
+ <properties>
+ <help>Maximum number of simultaneous requests to server (default: unlimited)</help>
+ </properties>
+ </leafNode>
+ <leafNode name="fail-time">
+ <properties>
+ <help>If server doesn't responds mark it as unavailable for this amount of time in seconds</help>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/interface-definitions/ssh.xml b/interface-definitions/ssh.xml
index e8786d202..c0ce976d6 100644
--- a/interface-definitions/ssh.xml
+++ b/interface-definitions/ssh.xml
@@ -1,7 +1,5 @@
<?xml version="1.0"?>
-
<!--SSH configuration -->
-
<interfaceDefinition>
<node name="service">
<children>
@@ -13,18 +11,23 @@
<children>
<node name="access-control">
<properties>
- <help>SSH user/group access controls. Directives are processed in this order: deny-users, allow-users, deny-groups and allow-groups</help>
+ <help>SSH user/group access controls. Directives are processed
+ in the following order: deny-users, allow-users, deny-groups and
+ allow-groups.</help>
</properties>
<children>
<node name="allow">
+ <properties>
+ <help>Allow user/group SSH access</help>
+ </properties>
<children>
<leafNode name="group">
<properties>
<help>Allow members of a group to login</help>
- <constraint>
- <regex>^[a-z_][a-z0-9_-]{1,31}[$]?</regex>
- </constraint>
- <constraintErrorMessage>illegal characters or more than 32 characters</constraintErrorMessage>
+ <constraint>
+ <regex>^[a-z_][a-z0-9_-]{1,31}[$]?</regex>
+ </constraint>
+ <constraintErrorMessage>illegal characters or more than 32 characters</constraintErrorMessage>
<multi/>
</properties>
</leafNode>
@@ -41,6 +44,9 @@
</children>
</node>
<node name="deny">
+ <properties>
+ <help>Deny user/group SSH access</help>
+ </properties>
<children>
<leafNode name="group">
<properties>
@@ -66,12 +72,6 @@
</node>
</children>
</node>
- <leafNode name="allow-root">
- <properties>
- <help>Allow the root user to login</help>
- <valueless/>
- </properties>
- </leafNode>
<leafNode name="ciphers">
<properties>
<help>Allowed ciphers</help>
@@ -147,7 +147,7 @@
</leafNode>
<leafNode name="mac">
<properties>
- <help>Allowed message authentication code (MAC) algorithms</help>
+ <help>Allowed message authentication code (MAC) algorithms</help>
<completionHelp>
<script>ssh -Q mac | tr '\n' ' '</script>
</completionHelp>
@@ -161,11 +161,20 @@
<format>1-65535</format>
<description>Numeric IP port</description>
</valueHelp>
+ <multi/>
<constraint>
<validator name="numeric" argument="--range 1-65535"/>
</constraint>
</properties>
</leafNode>
+ <leafNode name="client-keepalive-interval">
+ <properties>
+ <help>how often send keep alives in seconds</help>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+ </leafNode>
</children>
</node>
</children>
diff --git a/interface-definitions/syslog.xml b/interface-definitions/syslog.xml
index 0776fff56..3c8d2ebe2 100644
--- a/interface-definitions/syslog.xml
+++ b/interface-definitions/syslog.xml
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-
<interfaceDefinition>
<node name="system">
<children>
@@ -9,660 +8,683 @@
<priority>400</priority>
</properties>
<children>
- <tagNode name="user">
- <properties>
- <help>Logging to specific user's terminal</help>
- <constraint>
- <regex>^[a-z_][a-z0-9_-]{1,31}[$]?</regex>
- </constraint>
- <constraintErrorMessage>illegal characters in user</constraintErrorMessage>
- <valueHelp>
- <format>username</format>
- <description>user login name</description>
- </valueHelp>
- </properties>
- <children>
- <tagNode name="facility">
- <properties>
- <help>Facility for logging</help>
- <completionHelp>
- <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list>
- </completionHelp>
- <valueHelp>
- <format>all</format>
- <description>All facilities excluding "mark"</description>
- </valueHelp>
- <valueHelp>
- <format>auth</format>
- <description>Authentication and authorization</description>
- </valueHelp>
- <valueHelp>
- <format>authpriv</format>
- <description>Non-system authorization</description>
- </valueHelp>
- <valueHelp>
- <format>cron</format>
- <description>Cron daemon</description>
- </valueHelp>
- <valueHelp>
- <format>daemon</format>
- <description>System daemons</description>
- </valueHelp>
- <valueHelp>
- <format>kern</format>
- <description>Kernel</description>
- </valueHelp>
- <valueHelp>
- <format>lpr</format>
- <description>Line printer spooler</description>
- </valueHelp>
- <valueHelp>
- <format>mail</format>
- <description>Mail subsystem</description>
- </valueHelp>
- <valueHelp>
- <format>mark</format>
- <description>Timestamp</description>
- </valueHelp>
- <valueHelp>
- <format>news</format>
- <description>USENET subsystem</description>
- </valueHelp>
- <valueHelp>
- <format>protocols</format>
- <description>depricated will be set to local7</description>
- </valueHelp>
- <valueHelp>
- <format>security</format>
- <description>depricated will be set to auth</description>
- </valueHelp>
- <valueHelp>
- <format>syslog</format>
- <description>Authentication and authorization</description>
- </valueHelp>
- <valueHelp>
- <format>user</format>
- <description>Application processes</description>
- </valueHelp>
- <valueHelp>
- <format>uucp</format>
- <description>UUCP subsystem</description>
- </valueHelp>
- <valueHelp>
- <format>local0</format>
- <description>Local facility 0</description>
- </valueHelp>
- <valueHelp>
- <format>local1</format>
- <description>Local facility 1</description>
- </valueHelp>
- <valueHelp>
- <format>local2</format>
- <description>Local facility 2</description>
- </valueHelp>
- <valueHelp>
- <format>local3</format>
- <description>Local facility 3</description>
- </valueHelp>
- <valueHelp>
- <format>local4</format>
- <description>Local facility 4</description>
- </valueHelp>
- <valueHelp>
- <format>local5</format>
- <description>Local facility 5</description>
- </valueHelp>
- <valueHelp>
- <format>local6</format>
- <description>Local facility 6</description>
- </valueHelp>
- <valueHelp>
- <format>local7</format>
- <description>Local facility 7</description>
- </valueHelp>
- </properties>
- <children>
- <leafNode name="level">
- <properties>
- <help>Logging level</help>
- <completionHelp>
- <list>emerg alert crit err warning notice info debug all</list>
- </completionHelp>
- <valueHelp>
- <format>emerg</format>
- <description>Emergency messages</description>
- </valueHelp>
- <valueHelp>
- <format>alert</format>
- <description>Urgent messages</description>
- </valueHelp>
- <valueHelp>
- <format>crit</format>
- <description>Critical messages</description>
- </valueHelp>
- <valueHelp>
- <format>err</format>
- <description>Error messages</description>
- </valueHelp>
- <valueHelp>
- <format>warning</format>
- <description>Warning messages</description>
- </valueHelp>
- <valueHelp>
- <format>notice</format>
- <description>Messages for further investigation</description>
- </valueHelp>
- <valueHelp>
- <format>info</format>
- <description>Informational messages</description>
- </valueHelp>
- <valueHelp>
- <format>debug</format>
- <description>Debug messages</description>
- </valueHelp>
- <valueHelp>
- <format>all</format>
- <description>Log everything</description>
- </valueHelp>
- </properties>
- </leafNode>
- </children>
- </tagNode>
- </children>
- </tagNode>
- <tagNode name="host">
- <properties>
- <help>Logging to a remote host</help>
- <constraint>
- <!-- at least let's make sure whitespace isn't allowed, ideally it should be checked for IPv4/IPv6 address or fqdn/hostname -->
- <regex>[^ ]{1,63}</regex>
- </constraint>
- <constraintErrorMessage>illegal characters in user</constraintErrorMessage>
- <valueHelp>
- <format>x.x.x.x or host.domain.tld</format>
- <description>Remote host name or IP address</description>
- </valueHelp>
- </properties>
- <children>
- <tagNode name="facility">
- <properties>
- <help>Facility for logging</help>
- <completionHelp>
- <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list>
- </completionHelp>
- <valueHelp>
- <format>all</format>
- <description>All facilities excluding "mark"</description>
- </valueHelp>
- <valueHelp>
- <format>auth</format>
- <description>Authentication and authorization</description>
- </valueHelp>
- <valueHelp>
- <format>authpriv</format>
- <description>Non-system authorization</description>
- </valueHelp>
- <valueHelp>
- <format>cron</format>
- <description>Cron daemon</description>
- </valueHelp>
- <valueHelp>
- <format>daemon</format>
- <description>System daemons</description>
- </valueHelp>
- <valueHelp>
- <format>kern</format>
- <description>Kernel</description>
- </valueHelp>
- <valueHelp>
- <format>lpr</format>
- <description>Line printer spooler</description>
- </valueHelp>
- <valueHelp>
- <format>mail</format>
- <description>Mail subsystem</description>
- </valueHelp>
- <valueHelp>
- <format>mark</format>
- <description>Timestamp</description>
- </valueHelp>
- <valueHelp>
- <format>news</format>
- <description>USENET subsystem</description>
- </valueHelp>
- <valueHelp>
- <format>protocols</format>
- <description>depricated will be set to local7</description>
- </valueHelp>
- <valueHelp>
- <format>security</format>
- <description>depricated will be set to auth</description>
- </valueHelp>
- <valueHelp>
- <format>syslog</format>
- <description>Authentication and authorization</description>
- </valueHelp>
- <valueHelp>
- <format>user</format>
- <description>Application processes</description>
- </valueHelp>
- <valueHelp>
- <format>uucp</format>
- <description>UUCP subsystem</description>
- </valueHelp>
- <valueHelp>
- <format>local0</format>
- <description>Local facility 0</description>
- </valueHelp>
- <valueHelp>
- <format>local1</format>
- <description>Local facility 1</description>
- </valueHelp>
- <valueHelp>
- <format>local2</format>
- <description>Local facility 2</description>
- </valueHelp>
- <valueHelp>
- <format>local3</format>
- <description>Local facility 3</description>
- </valueHelp>
- <valueHelp>
- <format>local4</format>
- <description>Local facility 4</description>
- </valueHelp>
- <valueHelp>
- <format>local5</format>
- <description>Local facility 5</description>
- </valueHelp>
- <valueHelp>
- <format>local6</format>
- <description>Local facility 6</description>
- </valueHelp>
- <valueHelp>
- <format>local7</format>
- <description>Local facility 7</description>
- </valueHelp>
- </properties>
- <children>
- <leafNode name="protocol">
- <properties>
- <help>syslog communication protocol</help>
- <valueHelp>
- <format>udp</format>
- <description>send log messages to remote syslog server over udp</description>
- </valueHelp>
- <valueHelp>
- <format>tcp</format>
- <description>send log messages to remote syslog server over tdp</description>
- </valueHelp>
- </properties>
- </leafNode>
-
- <leafNode name="level">
- <properties>
- <help>Logging level</help>
- <completionHelp>
- <list>emerg alert crit err warning notice info debug all</list>
- </completionHelp>
- <valueHelp>
- <format>emerg</format>
- <description>Emergency messages</description>
- </valueHelp>
- <valueHelp>
- <format>alert</format>
- <description>Urgent messages</description>
- </valueHelp>
- <valueHelp>
- <format>crit</format>
- <description>Critical messages</description>
- </valueHelp>
- <valueHelp>
- <format>err</format>
- <description>Error messages</description>
- </valueHelp>
- <valueHelp>
- <format>warning</format>
- <description>Warning messages</description>
- </valueHelp>
- <valueHelp>
- <format>notice</format>
- <description>Messages for further investigation</description>
- </valueHelp>
- <valueHelp>
- <format>info</format>
- <description>Informational messages</description>
- </valueHelp>
- <valueHelp>
- <format>debug</format>
- <description>Debug messages</description>
- </valueHelp>
- <valueHelp>
- <format>all</format>
- <description>Log everything</description>
- </valueHelp>
- </properties>
- </leafNode>
- </children>
- </tagNode>
- </children>
- </tagNode>
- <node name="global">
- <children>
- <node name="archive">
- <properties>
- <help>Log file size and rotation characteristics</help>
- </properties>
- <children>
- <leafNode name="file">
- <properties>
- <help>Number of saved files (default is 5)</help>
- <constraint>
- <regex>^[0-9]+</regex>
- </constraint>
- <constraintErrorMessage>illegal characters in number of files</constraintErrorMessage>
- </properties>
- </leafNode>
- <leafNode name="size">
- <properties>
- <help>Size of log files (in kbytes, default is 256)</help>
- <constraint>
- <regex>^[0-9]+</regex>
- </constraint>
- <constraintErrorMessage>illegal characters in size</constraintErrorMessage>
- </properties>
- </leafNode>
- </children>
- </node>
- <tagNode name="facility">
- <properties>
- <help>Facility for logging</help>
- <completionHelp>
- <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list>
- </completionHelp>
- <valueHelp>
- <format>all</format>
- <description>All facilities excluding "mark"</description>
- </valueHelp>
- <valueHelp>
- <format>auth</format>
- <description>Authentication and authorization</description>
- </valueHelp>
- <valueHelp>
- <format>authpriv</format>
- <description>Non-system authorization</description>
- </valueHelp>
- <valueHelp>
- <format>cron</format>
- <description>Cron daemon</description>
- </valueHelp>
- <valueHelp>
- <format>daemon</format>
- <description>System daemons</description>
- </valueHelp>
- <valueHelp>
- <format>kern</format>
- <description>Kernel</description>
- </valueHelp>
- <valueHelp>
- <format>lpr</format>
- <description>Line printer spooler</description>
- </valueHelp>
- <valueHelp>
- <format>mail</format>
- <description>Mail subsystem</description>
- </valueHelp>
- <valueHelp>
- <format>mark</format>
- <description>Timestamp</description>
- </valueHelp>
- <valueHelp>
- <format>news</format>
- <description>USENET subsystem</description>
- </valueHelp>
- <valueHelp>
- <format>protocols</format>
- <description>depricated will be set to local7</description>
- </valueHelp>
- <valueHelp>
- <format>security</format>
- <description>depricated will be set to auth</description>
- </valueHelp>
- <valueHelp>
- <format>syslog</format>
- <description>Authentication and authorization</description>
- </valueHelp>
- <valueHelp>
- <format>user</format>
- <description>Application processes</description>
- </valueHelp>
- <valueHelp>
- <format>uucp</format>
- <description>UUCP subsystem</description>
- </valueHelp>
- <valueHelp>
- <format>local0</format>
- <description>Local facility 0</description>
- </valueHelp>
- <valueHelp>
- <format>local1</format>
- <description>Local facility 1</description>
- </valueHelp>
- <valueHelp>
- <format>local2</format>
- <description>Local facility 2</description>
- </valueHelp>
- <valueHelp>
- <format>local3</format>
- <description>Local facility 3</description>
- </valueHelp>
- <valueHelp>
- <format>local4</format>
- <description>Local facility 4</description>
- </valueHelp>
- <valueHelp>
- <format>local5</format>
- <description>Local facility 5</description>
- </valueHelp>
- <valueHelp>
- <format>local6</format>
- <description>Local facility 6</description>
- </valueHelp>
- <valueHelp>
- <format>local7</format>
- <description>Local facility 7</description>
- </valueHelp>
- </properties>
- <children>
- <leafNode name="level">
- <properties>
- <help>Logging level</help>
- <completionHelp>
- <list>emerg alert crit err warning notice info debug all</list>
- </completionHelp>
- <valueHelp>
- <format>emerg</format>
- <description>Emergency messages</description>
- </valueHelp>
- <valueHelp>
- <format>alert</format>
- <description>Urgent messages</description>
- </valueHelp>
- <valueHelp>
- <format>crit</format>
- <description>Critical messages</description>
- </valueHelp>
- <valueHelp>
- <format>err</format>
- <description>Error messages</description>
- </valueHelp>
- <valueHelp>
- <format>warning</format>
- <description>Warning messages</description>
- </valueHelp>
- <valueHelp>
- <format>notice</format>
- <description>Messages for further investigation</description>
- </valueHelp>
- <valueHelp>
- <format>info</format>
- <description>Informational messages</description>
- </valueHelp>
- <valueHelp>
- <format>debug</format>
- <description>Debug messages</description>
- </valueHelp>
- <valueHelp>
- <format>all</format>
- <description>Log everything</description>
- </valueHelp>
- </properties>
- </leafNode>
- </children>
- </tagNode>
- </children>
- </node>
- <tagNode name="file">
- <properties>
- <help>Logging to a file</help>
- <constraint>
- <regex>^[a-zA-Z0-9\-_.]{1,255}</regex>
+ <tagNode name="user">
+ <properties>
+ <help>Logging to specific user's terminal</help>
+ <constraint>
+ <regex>^[a-z_][a-z0-9_-]{1,31}[$]?</regex>
+ </constraint>
+ <constraintErrorMessage>illegal characters in user</constraintErrorMessage>
+ <valueHelp>
+ <format>username</format>
+ <description>user login name</description>
+ </valueHelp>
+ </properties>
+ <children>
+ <tagNode name="facility">
+ <properties>
+ <help>Facility for logging</help>
+ <completionHelp>
+ <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list>
+ </completionHelp>
+ <valueHelp>
+ <format>all</format>
+ <description>All facilities excluding "mark"</description>
+ </valueHelp>
+ <valueHelp>
+ <format>auth</format>
+ <description>Authentication and authorization</description>
+ </valueHelp>
+ <valueHelp>
+ <format>authpriv</format>
+ <description>Non-system authorization</description>
+ </valueHelp>
+ <valueHelp>
+ <format>cron</format>
+ <description>Cron daemon</description>
+ </valueHelp>
+ <valueHelp>
+ <format>daemon</format>
+ <description>System daemons</description>
+ </valueHelp>
+ <valueHelp>
+ <format>kern</format>
+ <description>Kernel</description>
+ </valueHelp>
+ <valueHelp>
+ <format>lpr</format>
+ <description>Line printer spooler</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mail</format>
+ <description>Mail subsystem</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mark</format>
+ <description>Timestamp</description>
+ </valueHelp>
+ <valueHelp>
+ <format>news</format>
+ <description>USENET subsystem</description>
+ </valueHelp>
+ <valueHelp>
+ <format>protocols</format>
+ <description>depricated will be set to local7</description>
+ </valueHelp>
+ <valueHelp>
+ <format>security</format>
+ <description>depricated will be set to auth</description>
+ </valueHelp>
+ <valueHelp>
+ <format>syslog</format>
+ <description>Authentication and authorization</description>
+ </valueHelp>
+ <valueHelp>
+ <format>user</format>
+ <description>Application processes</description>
+ </valueHelp>
+ <valueHelp>
+ <format>uucp</format>
+ <description>UUCP subsystem</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local0</format>
+ <description>Local facility 0</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local1</format>
+ <description>Local facility 1</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local2</format>
+ <description>Local facility 2</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local3</format>
+ <description>Local facility 3</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local4</format>
+ <description>Local facility 4</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local5</format>
+ <description>Local facility 5</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local6</format>
+ <description>Local facility 6</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local7</format>
+ <description>Local facility 7</description>
+ </valueHelp>
+ </properties>
+ <children>
+ <leafNode name="level">
+ <properties>
+ <help>Logging level</help>
+ <completionHelp>
+ <list>emerg alert crit err warning notice info debug all</list>
+ </completionHelp>
+ <valueHelp>
+ <format>emerg</format>
+ <description>Emergency messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>alert</format>
+ <description>Urgent messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>crit</format>
+ <description>Critical messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>err</format>
+ <description>Error messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>warning</format>
+ <description>Warning messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>notice</format>
+ <description>Messages for further investigation</description>
+ </valueHelp>
+ <valueHelp>
+ <format>info</format>
+ <description>Informational messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>debug</format>
+ <description>Debug messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>all</format>
+ <description>Log everything</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </tagNode>
+ <tagNode name="host">
+ <properties>
+ <help>Logging to a remote host</help>
+ <constraint>
+ <!-- at least let's make sure whitespace isn't allowed, ideally it should be checked for IPv4/IPv6 address or fqdn/hostname -->
+ <regex>[^ ]{1,63}</regex>
+ </constraint>
+ <constraintErrorMessage>illegal characters in user</constraintErrorMessage>
+ <valueHelp>
+ <format>x.x.x.x or host.domain.tld</format>
+ <description>Remote host name or IP address</description>
+ </valueHelp>
+ </properties>
+ <children>
+ <tagNode name="facility">
+ <properties>
+ <help>Facility for logging</help>
+ <completionHelp>
+ <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list>
+ </completionHelp>
+ <valueHelp>
+ <format>all</format>
+ <description>All facilities excluding "mark"</description>
+ </valueHelp>
+ <valueHelp>
+ <format>auth</format>
+ <description>Authentication and authorization</description>
+ </valueHelp>
+ <valueHelp>
+ <format>authpriv</format>
+ <description>Non-system authorization</description>
+ </valueHelp>
+ <valueHelp>
+ <format>cron</format>
+ <description>Cron daemon</description>
+ </valueHelp>
+ <valueHelp>
+ <format>daemon</format>
+ <description>System daemons</description>
+ </valueHelp>
+ <valueHelp>
+ <format>kern</format>
+ <description>Kernel</description>
+ </valueHelp>
+ <valueHelp>
+ <format>lpr</format>
+ <description>Line printer spooler</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mail</format>
+ <description>Mail subsystem</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mark</format>
+ <description>Timestamp</description>
+ </valueHelp>
+ <valueHelp>
+ <format>news</format>
+ <description>USENET subsystem</description>
+ </valueHelp>
+ <valueHelp>
+ <format>protocols</format>
+ <description>depricated will be set to local7</description>
+ </valueHelp>
+ <valueHelp>
+ <format>security</format>
+ <description>depricated will be set to auth</description>
+ </valueHelp>
+ <valueHelp>
+ <format>syslog</format>
+ <description>Authentication and authorization</description>
+ </valueHelp>
+ <valueHelp>
+ <format>user</format>
+ <description>Application processes</description>
+ </valueHelp>
+ <valueHelp>
+ <format>uucp</format>
+ <description>UUCP subsystem</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local0</format>
+ <description>Local facility 0</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local1</format>
+ <description>Local facility 1</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local2</format>
+ <description>Local facility 2</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local3</format>
+ <description>Local facility 3</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local4</format>
+ <description>Local facility 4</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local5</format>
+ <description>Local facility 5</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local6</format>
+ <description>Local facility 6</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local7</format>
+ <description>Local facility 7</description>
+ </valueHelp>
+ </properties>
+ <children>
+ <leafNode name="protocol">
+ <properties>
+ <help>syslog communication protocol</help>
+ <valueHelp>
+ <format>udp</format>
+ <description>send log messages to remote syslog server over udp</description>
+ </valueHelp>
+ <valueHelp>
+ <format>tcp</format>
+ <description>send log messages to remote syslog server over tdp</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="level">
+ <properties>
+ <help>Logging level</help>
+ <completionHelp>
+ <list>emerg alert crit err warning notice info debug all</list>
+ </completionHelp>
+ <valueHelp>
+ <format>emerg</format>
+ <description>Emergency messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>alert</format>
+ <description>Urgent messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>crit</format>
+ <description>Critical messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>err</format>
+ <description>Error messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>warning</format>
+ <description>Warning messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>notice</format>
+ <description>Messages for further investigation</description>
+ </valueHelp>
+ <valueHelp>
+ <format>info</format>
+ <description>Informational messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>debug</format>
+ <description>Debug messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>all</format>
+ <description>Log everything</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </tagNode>
+ <node name="global">
+ <properties>
+ <help>Logging to system standard location</help>
+ </properties>
+ <children>
+ <node name="archive">
+ <properties>
+ <help>Log file size and rotation characteristics</help>
+ </properties>
+ <children>
+ <leafNode name="file">
+ <properties>
+ <help>Number of saved files (default is 5)</help>
+ <constraint>
+ <regex>^[0-9]+</regex>
+ </constraint>
+ <constraintErrorMessage>illegal characters in number of files</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="size">
+ <properties>
+ <help>Size of log files (in kbytes, default is 256)</help>
+ <constraint>
+ <regex>^[0-9]+</regex>
+ </constraint>
+ <constraintErrorMessage>illegal characters in size</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <tagNode name="facility">
+ <properties>
+ <help>Facility for logging</help>
+ <completionHelp>
+ <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list>
+ </completionHelp>
+ <valueHelp>
+ <format>all</format>
+ <description>All facilities excluding "mark"</description>
+ </valueHelp>
+ <valueHelp>
+ <format>auth</format>
+ <description>Authentication and authorization</description>
+ </valueHelp>
+ <valueHelp>
+ <format>authpriv</format>
+ <description>Non-system authorization</description>
+ </valueHelp>
+ <valueHelp>
+ <format>cron</format>
+ <description>Cron daemon</description>
+ </valueHelp>
+ <valueHelp>
+ <format>daemon</format>
+ <description>System daemons</description>
+ </valueHelp>
+ <valueHelp>
+ <format>kern</format>
+ <description>Kernel</description>
+ </valueHelp>
+ <valueHelp>
+ <format>lpr</format>
+ <description>Line printer spooler</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mail</format>
+ <description>Mail subsystem</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mark</format>
+ <description>Timestamp</description>
+ </valueHelp>
+ <valueHelp>
+ <format>news</format>
+ <description>USENET subsystem</description>
+ </valueHelp>
+ <valueHelp>
+ <format>protocols</format>
+ <description>depricated will be set to local7</description>
+ </valueHelp>
+ <valueHelp>
+ <format>security</format>
+ <description>depricated will be set to auth</description>
+ </valueHelp>
+ <valueHelp>
+ <format>syslog</format>
+ <description>Authentication and authorization</description>
+ </valueHelp>
+ <valueHelp>
+ <format>user</format>
+ <description>Application processes</description>
+ </valueHelp>
+ <valueHelp>
+ <format>uucp</format>
+ <description>UUCP subsystem</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local0</format>
+ <description>Local facility 0</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local1</format>
+ <description>Local facility 1</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local2</format>
+ <description>Local facility 2</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local3</format>
+ <description>Local facility 3</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local4</format>
+ <description>Local facility 4</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local5</format>
+ <description>Local facility 5</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local6</format>
+ <description>Local facility 6</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local7</format>
+ <description>Local facility 7</description>
+ </valueHelp>
+ </properties>
+ <children>
+ <leafNode name="level">
+ <properties>
+ <help>Logging level</help>
+ <completionHelp>
+ <list>emerg alert crit err warning notice info debug all</list>
+ </completionHelp>
+ <valueHelp>
+ <format>emerg</format>
+ <description>Emergency messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>alert</format>
+ <description>Urgent messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>crit</format>
+ <description>Critical messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>err</format>
+ <description>Error messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>warning</format>
+ <description>Warning messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>notice</format>
+ <description>Messages for further investigation</description>
+ </valueHelp>
+ <valueHelp>
+ <format>info</format>
+ <description>Informational messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>debug</format>
+ <description>Debug messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>all</format>
+ <description>Log everything</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ <node name="marker">
+ <properties>
+ <help>mark messages sent to syslog</help>
+ </properties>
+ <children>
+ <leafNode name="interval">
+ <properties>
+ <help>time interval how often a mark message is being sent in seconds (default: 1200)</help>
+ <constraint>
+ <validator name="numeric" argument="--positive"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name ="preserve-fqdn">
+ <properties>
+ <help>uses FQDN for logging</help>
+ <valueless />
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <tagNode name="file">
+ <properties>
+ <help>Logging to a file</help>
+ <constraint>
+ <regex>^[a-zA-Z0-9\-_.]{1,255}</regex>
</constraint>
<constraintErrorMessage>illegal characters in filename or filename longer than 255 characters</constraintErrorMessage>
- </properties>
- <children>
- <node name="archive">
- <properties>
- <help>Log file size and rotation characteristics</help>
- </properties>
- <children>
- <leafNode name="file">
- <properties>
- <help>Number of saved files (default is 5)</help>
- <constraint>
- <regex>^[0-9]+</regex>
- </constraint>
- <constraintErrorMessage>illegal characters in number of files</constraintErrorMessage>
- </properties>
- </leafNode>
- <leafNode name="size">
- <properties>
- <help>Size of log files (in kbytes, default is 256)</help>
- <constraint>
- <regex>^[0-9]+</regex>
- </constraint>
- <constraintErrorMessage>illegal characters in size</constraintErrorMessage>
- </properties>
- </leafNode>
- </children>
- </node>
- <tagNode name="facility">
- <properties>
- <help>Facility for logging</help>
- <completionHelp>
- <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list>
- </completionHelp>
- <valueHelp>
- <format>all</format>
- <description>All facilities excluding "mark"</description>
- </valueHelp>
- <valueHelp>
- <format>auth</format>
- <description>Authentication and authorization</description>
- </valueHelp>
- <valueHelp>
- <format>authpriv</format>
- <description>Non-system authorization</description>
- </valueHelp>
- <valueHelp>
- <format>cron</format>
- <description>Cron daemon</description>
- </valueHelp>
- <valueHelp>
- <format>daemon</format>
- <description>System daemons</description>
- </valueHelp>
- <valueHelp>
- <format>kern</format>
- <description>Kernel</description>
- </valueHelp>
- <valueHelp>
- <format>lpr</format>
- <description>Line printer spooler</description>
- </valueHelp>
- <valueHelp>
- <format>mail</format>
- <description>Mail subsystem</description>
- </valueHelp>
- <valueHelp>
- <format>mark</format>
- <description>Timestamp</description>
- </valueHelp>
- <valueHelp>
- <format>news</format>
- <description>USENET subsystem</description>
- </valueHelp>
- <valueHelp>
- <format>protocols</format>
- <description>depricated will be set to local7</description>
- </valueHelp>
- <valueHelp>
- <format>security</format>
- <description>depricated will be set to auth</description>
- </valueHelp>
- <valueHelp>
- <format>syslog</format>
+ </properties>
+ <children>
+ <node name="archive">
+ <properties>
+ <help>Log file size and rotation characteristics</help>
+ </properties>
+ <children>
+ <leafNode name="file">
+ <properties>
+ <help>Number of saved files (default is 5)</help>
+ <constraint>
+ <regex>^[0-9]+</regex>
+ </constraint>
+ <constraintErrorMessage>illegal characters in number of files</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="size">
+ <properties>
+ <help>Size of log files (in kbytes, default is 256)</help>
+ <constraint>
+ <regex>^[0-9]+</regex>
+ </constraint>
+ <constraintErrorMessage>illegal characters in size</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <tagNode name="facility">
+ <properties>
+ <help>Facility for logging</help>
+ <completionHelp>
+ <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list>
+ </completionHelp>
+ <valueHelp>
+ <format>all</format>
+ <description>All facilities excluding "mark"</description>
+ </valueHelp>
+ <valueHelp>
+ <format>auth</format>
<description>Authentication and authorization</description>
</valueHelp>
- <valueHelp>
- <format>user</format>
- <description>Application processes</description>
- </valueHelp>
- <valueHelp>
- <format>uucp</format>
- <description>UUCP subsystem</description>
- </valueHelp>
- <valueHelp>
- <format>local0</format>
- <description>Local facility 0</description>
- </valueHelp>
- <valueHelp>
- <format>local1</format>
- <description>Local facility 1</description>
- </valueHelp>
- <valueHelp>
- <format>local2</format>
- <description>Local facility 2</description>
- </valueHelp>
- <valueHelp>
- <format>local3</format>
- <description>Local facility 3</description>
- </valueHelp>
- <valueHelp>
- <format>local4</format>
- <description>Local facility 4</description>
- </valueHelp>
- <valueHelp>
- <format>local5</format>
- <description>Local facility 5</description>
- </valueHelp>
- <valueHelp>
- <format>local6</format>
- <description>Local facility 6</description>
- </valueHelp>
- <valueHelp>
- <format>local7</format>
- <description>Local facility 7</description>
- </valueHelp>
- </properties>
- <children>
- <leafNode name="level">
- <properties>
- <help>Logging level</help>
- <completionHelp>
- <list>emerg alert crit err warning notice info debug all</list>
- </completionHelp>
- <valueHelp>
- <format>emerg</format>
+ <valueHelp>
+ <format>authpriv</format>
+ <description>Non-system authorization</description>
+ </valueHelp>
+ <valueHelp>
+ <format>cron</format>
+ <description>Cron daemon</description>
+ </valueHelp>
+ <valueHelp>
+ <format>daemon</format>
+ <description>System daemons</description>
+ </valueHelp>
+ <valueHelp>
+ <format>kern</format>
+ <description>Kernel</description>
+ </valueHelp>
+ <valueHelp>
+ <format>lpr</format>
+ <description>Line printer spooler</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mail</format>
+ <description>Mail subsystem</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mark</format>
+ <description>Timestamp</description>
+ </valueHelp>
+ <valueHelp>
+ <format>news</format>
+ <description>USENET subsystem</description>
+ </valueHelp>
+ <valueHelp>
+ <format>protocols</format>
+ <description>depricated will be set to local7</description>
+ </valueHelp>
+ <valueHelp>
+ <format>security</format>
+ <description>depricated will be set to auth</description>
+ </valueHelp>
+ <valueHelp>
+ <format>syslog</format>
+ <description>Authentication and authorization</description>
+ </valueHelp>
+ <valueHelp>
+ <format>user</format>
+ <description>Application processes</description>
+ </valueHelp>
+ <valueHelp>
+ <format>uucp</format>
+ <description>UUCP subsystem</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local0</format>
+ <description>Local facility 0</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local1</format>
+ <description>Local facility 1</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local2</format>
+ <description>Local facility 2</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local3</format>
+ <description>Local facility 3</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local4</format>
+ <description>Local facility 4</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local5</format>
+ <description>Local facility 5</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local6</format>
+ <description>Local facility 6</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local7</format>
+ <description>Local facility 7</description>
+ </valueHelp>
+ </properties>
+ <children>
+ <leafNode name="level">
+ <properties>
+ <help>Logging level</help>
+ <completionHelp>
+ <list>emerg alert crit err warning notice info debug all</list>
+ </completionHelp>
+ <valueHelp>
+ <format>emerg</format>
<description>Emergency messages</description>
</valueHelp>
<valueHelp>
@@ -697,12 +719,12 @@
<format>all</format>
<description>Log everything</description>
</valueHelp>
- </properties>
- </leafNode>
- </children>
- </tagNode>
- </children>
- </tagNode>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </tagNode>
<node name="console">
<properties>
<help>logging to serial console</help>
@@ -757,7 +779,7 @@
<valueHelp>
<format>protocols</format>
<description>depricated will be set to local7</description>
- </valueHelp>
+ </valueHelp>
<valueHelp>
<format>security</format>
<description>depricated will be set to auth</description>
diff --git a/interface-definitions/tftp-server.xml b/interface-definitions/tftp-server.xml
new file mode 100644
index 000000000..2874b034c
--- /dev/null
+++ b/interface-definitions/tftp-server.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0"?>
+<!-- TFTP configuration -->
+<interfaceDefinition>
+ <node name="service">
+ <children>
+ <node name="tftp-server" owner="${vyos_conf_scripts_dir}/tftp_server.py">
+ <properties>
+ <help>Trivial File Transfer Protocol (TFTP) server</help>
+ <priority>990</priority>
+ </properties>
+ <children>
+ <leafNode name="directory">
+ <properties>
+ <help>Folder containing files served by TFTP [REQUIRED]</help>
+ </properties>
+ </leafNode>
+ <leafNode name="allow-upload">
+ <properties>
+ <help>Allow TFTP file uploads</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="port">
+ <properties>
+ <help>Port for TFTP service</help>
+ <valueHelp>
+ <format>1-65535</format>
+ <description>Numeric IP port (default: 69)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="listen-address">
+ <properties>
+ <help>Addresses for TFTP server to listen [REQUIRED]</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>TFTP IPv4 listen address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>TFTP IPv6 listen address</description>
+ </valueHelp>
+ <multi/>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/interface-definitions/vrrp.xml b/interface-definitions/vrrp.xml
index 72419efe9..2884ef613 100644
--- a/interface-definitions/vrrp.xml
+++ b/interface-definitions/vrrp.xml
@@ -146,7 +146,7 @@
<properties>
<help>Preempt delay (in seconds)</help>
<constraint>
- <validator name="numeric" argument="--positive"/>
+ <validator name="numeric" argument="--range 0-1000"/>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/wireguard.xml b/interface-definitions/wireguard.xml
new file mode 100644
index 000000000..cc86855a5
--- /dev/null
+++ b/interface-definitions/wireguard.xml
@@ -0,0 +1,141 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="interfaces">
+ <children>
+ <tagNode name="wireguard" owner="${vyos_conf_scripts_dir}/wireguard.py">
+ <properties>
+ <help>WireGuard interface name</help>
+ <priority>459</priority> <!-- subsequent ones may be removed, just make sure ethernet ifs are present -->
+ <constraint>
+ <regex>^wg[0-9]{1,4}</regex>
+ </constraint>
+ <constraintErrorMessage>illegal interface name</constraintErrorMessage>
+ <valueHelp>
+ <format>wgN</format>
+ <description>WireGuard interface name</description>
+ </valueHelp>
+ </properties>
+ <children>
+ <leafNode name="address">
+ <properties>
+ <help>IP address</help>
+ <constraint>
+ <validator name="ip-host"/>
+ </constraint>
+ <valueHelp>
+ <format>ipv4-address</format>
+ <description>IPv4 address and prefix length</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>IPv6 address and prefix length</description>
+ </valueHelp>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="description">
+ <properties>
+ <help>description</help>
+ <constraint>
+ <regex>^.{1,100}$</regex>
+ </constraint>
+ <constraintErrorMessage>interface description is too long (limit 100 characters)</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="disable">
+ <properties>
+ <help>disables interface</help>
+ <valueless />
+ </properties>
+ </leafNode>
+ <leafNode name="port">
+ <properties>
+ <help>Local port number to accept connections</help>
+ <constraint>
+ <validator name="numeric" argument="--range 1024-65535"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="mtu">
+ <properties>
+ <help>interface mtu size(default: 1420)</help>
+ <constraint>
+ <validator name="numeric" argument="--range 68-9000"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="fwmark">
+ <properties>
+ <help>A 32-bit fwmark value set on all outgoing packets</help>
+ <valueHelp>
+ <format>number</format>
+ <description>value which marks the packet for QoS/shaper</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <tagNode name="peer">
+ <properties>
+ <help>peer alias</help>
+ <constraint>
+ <regex>[^ ]{1,100}$</regex>
+ </constraint>
+ <constraintErrorMessage>peer alias too long (limit 100 characters)</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="disable">
+ <properties>
+ <help>disables peer</help>
+ <valueless />
+ </properties>
+ </leafNode>
+ <leafNode name="pubkey">
+ <properties>
+ <help>base64 encoded public key</help>
+ <constraint>
+ <regex>^[0-9a-zA-Z\+/]{43}=$</regex>
+ </constraint>
+ <constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="preshared-key">
+ <properties>
+ <help>base64 encoded preshared key</help>
+ <constraint>
+ <regex>^[0-9a-zA-Z\+/]{43}=$</regex>
+ </constraint>
+ <constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="allowed-ips">
+ <properties>
+ <help>IP addresses allowed to traverse the peer</help>
+ <constraint>
+ <validator name="ip-prefix"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <!-- eventually check format IP:port -->
+ <leafNode name="endpoint">
+ <properties>
+ <help>Remote endpoint (IP:port)</help>
+ </properties>
+ </leafNode>
+ <leafNode name="persistent-keepalive">
+ <properties>
+ <help>how often send keep alives in seconds</help>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+</interfaceDefinition>
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-02 19:19:20 +0000