From 450ca9a9b46d69036af432ddad316d4ddb126085 Mon Sep 17 00:00:00 2001 From: sarthurdev <965089+sarthurdev@users.noreply.github.com> Date: Tue, 30 Aug 2022 11:46:16 +0200 Subject: firewall: T2199: Refactor firewall + zone-policy, move interfaces under firewall node * Refactor firewall and zone-policy rule creation and cleanup * Migrate interface firewall values to `firewall interfaces name/ipv6-name ` * Remove `firewall-interface.py` conf script --- interface-definitions/include/firewall/name.xml.i | 18 +++++ .../interface/interface-firewall-vif-c.xml.i | 79 ---------------------- .../include/interface/interface-firewall-vif.xml.i | 79 ---------------------- .../include/interface/interface-firewall.xml.i | 79 ---------------------- .../include/interface/vif-s.xml.i | 2 - interface-definitions/include/interface/vif.xml.i | 1 - .../include/version/firewall-version.xml.i | 2 +- 7 files changed, 19 insertions(+), 241 deletions(-) create mode 100644 interface-definitions/include/firewall/name.xml.i delete mode 100644 interface-definitions/include/interface/interface-firewall-vif-c.xml.i delete mode 100644 interface-definitions/include/interface/interface-firewall-vif.xml.i delete mode 100644 interface-definitions/include/interface/interface-firewall.xml.i (limited to 'interface-definitions/include') diff --git a/interface-definitions/include/firewall/name.xml.i b/interface-definitions/include/firewall/name.xml.i new file mode 100644 index 000000000..231b9b144 --- /dev/null +++ b/interface-definitions/include/firewall/name.xml.i @@ -0,0 +1,18 @@ + + + + Local IPv4 firewall ruleset name for interface + + firewall name + + + + + + Local IPv6 firewall ruleset name for interface + + firewall ipv6-name + + + + \ No newline at end of file diff --git a/interface-definitions/include/interface/interface-firewall-vif-c.xml.i b/interface-definitions/include/interface/interface-firewall-vif-c.xml.i deleted file mode 100644 index 1bc235fcb..000000000 --- a/interface-definitions/include/interface/interface-firewall-vif-c.xml.i +++ /dev/null @@ -1,79 +0,0 @@ - - - - 615 - Firewall options - - - - - forwarded packets on inbound interface - - - - - Inbound IPv4 firewall ruleset name for interface - - firewall name - - - - - - Inbound IPv6 firewall ruleset name for interface - - firewall ipv6-name - - - - - - - - forwarded packets on outbound interface - - - - - Outbound IPv4 firewall ruleset name for interface - - firewall name - - - - - - Outbound IPv6 firewall ruleset name for interface - - firewall ipv6-name - - - - - - - - packets destined for this router - - - - - Local IPv4 firewall ruleset name for interface - - firewall name - - - - - - Local IPv6 firewall ruleset name for interface - - firewall ipv6-name - - - - - - - - diff --git a/interface-definitions/include/interface/interface-firewall-vif.xml.i b/interface-definitions/include/interface/interface-firewall-vif.xml.i deleted file mode 100644 index a37ac5c4a..000000000 --- a/interface-definitions/include/interface/interface-firewall-vif.xml.i +++ /dev/null @@ -1,79 +0,0 @@ - - - - 615 - Firewall options - - - - - forwarded packets on inbound interface - - - - - Inbound IPv4 firewall ruleset name for interface - - firewall name - - - - - - Inbound IPv6 firewall ruleset name for interface - - firewall ipv6-name - - - - - - - - forwarded packets on outbound interface - - - - - Outbound IPv4 firewall ruleset name for interface - - firewall name - - - - - - Outbound IPv6 firewall ruleset name for interface - - firewall ipv6-name - - - - - - - - packets destined for this router - - - - - Local IPv4 firewall ruleset name for interface - - firewall name - - - - - - Local IPv6 firewall ruleset name for interface - - firewall ipv6-name - - - - - - - - diff --git a/interface-definitions/include/interface/interface-firewall.xml.i b/interface-definitions/include/interface/interface-firewall.xml.i deleted file mode 100644 index b3f20c3bf..000000000 --- a/interface-definitions/include/interface/interface-firewall.xml.i +++ /dev/null @@ -1,79 +0,0 @@ - - - - 615 - Firewall options - - - - - forwarded packets on inbound interface - - - - - Inbound IPv4 firewall ruleset name for interface - - firewall name - - - - - - Inbound IPv6 firewall ruleset name for interface - - firewall ipv6-name - - - - - - - - forwarded packets on outbound interface - - - - - Outbound IPv4 firewall ruleset name for interface - - firewall name - - - - - - Outbound IPv6 firewall ruleset name for interface - - firewall ipv6-name - - - - - - - - packets destined for this router - - - - - Local IPv4 firewall ruleset name for interface - - firewall name - - - - - - Local IPv6 firewall ruleset name for interface - - firewall ipv6-name - - - - - - - - diff --git a/interface-definitions/include/interface/vif-s.xml.i b/interface-definitions/include/interface/vif-s.xml.i index c1af9f9e3..916349ade 100644 --- a/interface-definitions/include/interface/vif-s.xml.i +++ b/interface-definitions/include/interface/vif-s.xml.i @@ -18,7 +18,6 @@ #include #include #include - #include #include @@ -68,7 +67,6 @@ #include #include #include - #include #include diff --git a/interface-definitions/include/interface/vif.xml.i b/interface-definitions/include/interface/vif.xml.i index 57ef8d64c..73a8c98ff 100644 --- a/interface-definitions/include/interface/vif.xml.i +++ b/interface-definitions/include/interface/vif.xml.i @@ -18,7 +18,6 @@ #include #include #include - #include #include diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i index 059a89f24..065925319 100644 --- a/interface-definitions/include/version/firewall-version.xml.i +++ b/interface-definitions/include/version/firewall-version.xml.i @@ -1,3 +1,3 @@ - + -- cgit v1.2.3