From f86041de88c3b0e0ce9ecc6d2cbc309bc8cb28e2 Mon Sep 17 00:00:00 2001 From: sarthurdev <965089+sarthurdev@users.noreply.github.com> Date: Sun, 1 Aug 2021 00:13:47 +0200 Subject: policy: T2199: Migrate policy route to XML/Python --- .../include/policy/route-common-rule.xml.i | 418 +++++++++++++++++++++ 1 file changed, 418 insertions(+) create mode 100644 interface-definitions/include/policy/route-common-rule.xml.i (limited to 'interface-definitions/include/policy/route-common-rule.xml.i') diff --git a/interface-definitions/include/policy/route-common-rule.xml.i b/interface-definitions/include/policy/route-common-rule.xml.i new file mode 100644 index 000000000..c4deefd2a --- /dev/null +++ b/interface-definitions/include/policy/route-common-rule.xml.i @@ -0,0 +1,418 @@ + +#include +#include + + + Option to disable firewall rule + + + + + + IP fragment match + + + + + Second and further fragments of fragmented packets + + + + + + Head fragments or unfragmented packets + + + + + + + + Inbound IPsec packets + + + + + Inbound IPsec packets + + + + + + Inbound non-IPsec packets + + + + + + + + Rate limit using a token bucket filter + + + + + Maximum number of packets to allow in excess of rate + + u32:0-4294967295 + Maximum number of packets to allow in excess of rate + + + + + + + + + Maximum average matching rate + + u32:0-4294967295 + Maximum average matching rate + + + + + + + + + + + Option to log packets matching rule + + enable disable + + + enable + Enable log + + + disable + Disable log + + + ^(enable|disable)$ + + + + + + Protocol to match (protocol name, number, or "all") + + + + + all + All IP protocols + + + tcp_udp + Both TCP and UDP + + + 0-255 + IP protocol number + + + !<protocol> + IP protocol number + + + + + + all + + + + Parameters for matching recently seen sources + + + + + Source addresses seen more than N times + + u32:1-255 + Source addresses seen more than N times + + + + + + + + + Source addresses seen in the last N seconds + + u32:0-4294967295 + Source addresses seen in the last N seconds + + + + + + + + + + + Packet modifications + + + + + Packet Differentiated Services Codepoint (DSCP) + + u32:0-63 + DSCP number + + + + + + + + + Packet marking + + u32:1-2147483647 + Packet marking + + + + + + + + + Routing table to forward packet with + + u32:1-200 + Table number + + + main + Main table + + + + ^(main)$ + + + + + + TCP Maximum Segment Size + + u32:500-1460 + Explicitly set TCP MSS value + + + + + + + + + + + Source parameters + + + #include + #include + + + Source MAC address + + <MAC address> + MAC address to match + + + !<MAC address> + Match everything except the specified MAC address + + + + #include + + + + + Session state + + + + + Established state + + enable disable + + + enable + Enable + + + disable + Disable + + + ^(enable|disable)$ + + + + + + Invalid state + + enable disable + + + enable + Enable + + + disable + Disable + + + ^(enable|disable)$ + + + + + + New state + + enable disable + + + enable + Enable + + + disable + Disable + + + ^(enable|disable)$ + + + + + + Related state + + enable disable + + + enable + Enable + + + disable + Disable + + + ^(enable|disable)$ + + + + + + + + TCP flags to match + + + + + TCP flags to match + + txt + TCP flags to match + + + + \n\n Allowed values for TCP flags : SYN ACK FIN RST URG PSH ALL\n When specifying more than one flag, flags should be comma-separated.\n For example : value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset + + + + + + + + Time to match rule + + + + + Monthdays to match rule on + + + + + Date to start matching rule + + + + + Time of day to start matching rule + + + + + Date to stop matching rule + + + + + Time of day to stop matching rule + + + + + Interpret times for startdate, stopdate, starttime and stoptime to be UTC + + + + + + Weekdays to match rule on + + + + + + + ICMP type and code information + + + + + ICMP code (0-255) + + u32:0-255 + ICMP code (0-255) + + + + + + + + + ICMP type (0-255) + + u32:0-255 + ICMP type (0-255) + + + + + + + #include + + + -- cgit v1.2.3