From 1d65ce9558b7c814295474a7cdf648866b612ff6 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Tue, 25 Jan 2022 19:09:08 +0000
Subject: nat: T4138: Add port-range validation for NAT

Add port-validators for NAT rules that prevent to set incorrect
port-ranges (21-5) and incorrect ports (70000)
---
 interface-definitions/include/nat-port.xml.i | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'interface-definitions/include/nat-port.xml.i')

diff --git a/interface-definitions/include/nat-port.xml.i b/interface-definitions/include/nat-port.xml.i
index 7aabc33c3..5f762cfb3 100644
--- a/interface-definitions/include/nat-port.xml.i
+++ b/interface-definitions/include/nat-port.xml.i
@@ -2,6 +2,10 @@
 <leafNode name="port">
   <properties>
     <help>Port number</help>
+    <valueHelp>
+     <format>txt</format>
+     <description>Named port (any name in /etc/services, e.g., http)</description>
+    </valueHelp>
     <valueHelp>
       <format>u32:1-65535</format>
       <description>Numeric IP port</description>
@@ -14,6 +18,9 @@
       <format/>
       <description>\n\nMultiple destination ports can be specified as a comma-separated list.\nThe whole list can also be negated using '!'.\nFor example: '!22,telnet,http,123,1001-1005'</description>
     </valueHelp>
+    <constraint>
+     <validator name="port-multi"/>
+    </constraint>
   </properties>
 </leafNode>
 <!-- include end -->
-- 
cgit v1.2.3