From fdeba8da3e99256fe449e331d0b833a941315226 Mon Sep 17 00:00:00 2001 From: sarthurdev <965089+sarthurdev@users.noreply.github.com> Date: Wed, 28 Jul 2021 12:03:21 +0200 Subject: firewall: T2199: Migrate firewall to XML/Python --- .../include/firewall/action.xml.i | 16 ++++--- .../include/firewall/common-rule.xml.i | 54 ++++++++++++++++------ .../firewall/source-destination-group-ipv6.xml.i | 33 +++++++++++++ .../firewall/source-destination-group.xml.i | 9 ++++ 4 files changed, 91 insertions(+), 21 deletions(-) create mode 100644 interface-definitions/include/firewall/source-destination-group-ipv6.xml.i (limited to 'interface-definitions/include/firewall') diff --git a/interface-definitions/include/firewall/action.xml.i b/interface-definitions/include/firewall/action.xml.i index 230f590cb..4ba93e3aa 100644 --- a/interface-definitions/include/firewall/action.xml.i +++ b/interface-definitions/include/firewall/action.xml.i @@ -3,18 +3,22 @@ Rule action [REQUIRED] - permit deny + accept reject drop - permit - Permit matching entries + accept + Accept matching entries - deny - Deny matching entries + reject + Reject matching entries + + + drop + Drop matching entries - ^(permit|deny)$ + ^(accept|reject|drop)$ diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i index a59c0b390..415b6bf00 100644 --- a/interface-definitions/include/firewall/common-rule.xml.i +++ b/interface-definitions/include/firewall/common-rule.xml.i @@ -55,7 +55,7 @@ Maximum number of packets to allow in excess of rate u32:0-4294967295 - burst__change_me + Maximum number of packets to allow in excess of rate @@ -67,7 +67,7 @@ Maximum average matching rate u32:0-4294967295 - rate__change_me + Maximum average matching rate @@ -121,7 +121,6 @@ - all @@ -285,40 +284,65 @@ Time to match rule - - - Monthdays to match rule on - - Date to start matching rule + + txt + Enter date using following notation - YYYY-MM-DD + + + ^(\d{4}\-\d{2}\-\d{2})$ + Time of day to start matching rule + + txt + Enter time using using 24 hour notation - hh:mm:ss + + + ^([0-2][0-9](\:[0-5][0-9]){1,2})$ + Date to stop matching rule + + txt + Enter date using following notation - YYYY-MM-DD + + + ^(\d{4}\-\d{2}\-\d{2})$ + Time of day to stop matching rule - - - - - Interpret times for startdate, stopdate, starttime and stoptime to be UTC - + + txt + Enter time using using 24 hour notation - hh:mm:ss + + + ^([0-2][0-9](\:[0-5][0-9]){1,2})$ + - Weekdays to match rule on + Comma separated weekdays to match rule on + + txt + Name of day (Monday, Tuesday, Wednesday, Thursdays, Friday, Saturday, Sunday) + + + u32:0-6 + Day number (0 = Sunday ... 6 = Saturday) + diff --git a/interface-definitions/include/firewall/source-destination-group-ipv6.xml.i b/interface-definitions/include/firewall/source-destination-group-ipv6.xml.i new file mode 100644 index 000000000..7815b78d4 --- /dev/null +++ b/interface-definitions/include/firewall/source-destination-group-ipv6.xml.i @@ -0,0 +1,33 @@ + + + + Group + + + + + Group of addresses + + firewall group ipv6-address-group + + + + + + Group of networks + + firewall group ipv6-network-group + + + + + + Group of ports + + firewall group port-group + + + + + + diff --git a/interface-definitions/include/firewall/source-destination-group.xml.i b/interface-definitions/include/firewall/source-destination-group.xml.i index 30226b0d8..9a9bed0fe 100644 --- a/interface-definitions/include/firewall/source-destination-group.xml.i +++ b/interface-definitions/include/firewall/source-destination-group.xml.i @@ -7,16 +7,25 @@ Group of addresses + + firewall group address-group + Group of networks + + firewall group network-group + Group of ports + + firewall group port-group + -- cgit v1.2.3