From 30945f39d6d1f0fdba34ce1c2d887a1a6823ecbe Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Mon, 5 Sep 2022 14:43:08 +0200
Subject: zone-policy: T2199: Migrate zone-policy to firewall node

---
 interface-definitions/firewall.xml.in    | 137 ++++++++++++++++++++++++++++
 interface-definitions/zone-policy.xml.in | 148 -------------------------------
 2 files changed, 137 insertions(+), 148 deletions(-)
 delete mode 100644 interface-definitions/zone-policy.xml.in

(limited to 'interface-definitions')

diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index fb24cd558..d39dddc77 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -742,6 +742,143 @@
         </properties>
         <defaultValue>disable</defaultValue>
       </leafNode>
+      <tagNode name="zone">
+        <properties>
+          <help>Zone-policy</help>
+          <valueHelp>
+            <format>txt</format>
+            <description>Zone name</description>
+          </valueHelp>
+          <constraint>
+            <regex>[a-zA-Z0-9][\w\-\.]*</regex>
+          </constraint>
+        </properties>
+        <children>
+          #include <include/generic-description.xml.i>
+          #include <include/firewall/enable-default-log.xml.i>
+          <leafNode name="default-action">
+            <properties>
+              <help>Default-action for traffic coming into this zone</help>
+              <completionHelp>
+                <list>drop reject</list>
+              </completionHelp>
+              <valueHelp>
+                <format>drop</format>
+                <description>Drop silently</description>
+              </valueHelp>
+              <valueHelp>
+                <format>reject</format>
+                <description>Drop and notify source</description>
+              </valueHelp>
+              <constraint>
+                <regex>(drop|reject)</regex>
+              </constraint>
+            </properties>
+            <defaultValue>drop</defaultValue>
+          </leafNode>
+          <tagNode name="from">
+            <properties>
+              <help>Zone from which to filter traffic</help>
+              <completionHelp>
+                <path>zone-policy zone</path>
+              </completionHelp>
+            </properties>
+            <children>
+              <node name="firewall">
+                <properties>
+                  <help>Firewall options</help>
+                </properties>
+                <children>
+                  <leafNode name="ipv6-name">
+                    <properties>
+                      <help>IPv6 firewall ruleset</help>
+                      <completionHelp>
+                        <path>firewall ipv6-name</path>
+                      </completionHelp>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="name">
+                    <properties>
+                      <help>IPv4 firewall ruleset</help>
+                      <completionHelp>
+                        <path>firewall name</path>
+                      </completionHelp>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+            </children>
+          </tagNode>
+          <leafNode name="interface">
+            <properties>
+              <help>Interface associated with zone</help>
+              <valueHelp>
+                <format>txt</format>
+                <description>Interface associated with zone</description>
+              </valueHelp>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces.py</script>
+              </completionHelp>
+              <multi/>
+            </properties>
+          </leafNode>
+          <node name="intra-zone-filtering">
+            <properties>
+              <help>Intra-zone filtering</help>
+            </properties>
+            <children>
+              <leafNode name="action">
+                <properties>
+                  <help>Action for intra-zone traffic</help>
+                  <completionHelp>
+                    <list>accept drop</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>accept</format>
+                    <description>Accept traffic</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>drop</format>
+                    <description>Drop silently</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(accept|drop)</regex>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <node name="firewall">
+                <properties>
+                  <help>Use the specified firewall chain</help>
+                </properties>
+                <children>
+                  <leafNode name="ipv6-name">
+                    <properties>
+                      <help>IPv6 firewall ruleset</help>
+                      <completionHelp>
+                        <path>firewall ipv6-name</path>
+                      </completionHelp>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="name">
+                    <properties>
+                      <help>IPv4 firewall ruleset</help>
+                      <completionHelp>
+                        <path>firewall name</path>
+                      </completionHelp>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+            </children>
+          </node>
+          <leafNode name="local-zone">
+            <properties>
+              <help>Zone to be local-zone</help>
+              <valueless/>
+            </properties>
+          </leafNode>
+        </children>
+      </tagNode>
     </children>
   </node>
 </interfaceDefinition>
diff --git a/interface-definitions/zone-policy.xml.in b/interface-definitions/zone-policy.xml.in
deleted file mode 100644
index cf53e2bc8..000000000
--- a/interface-definitions/zone-policy.xml.in
+++ /dev/null
@@ -1,148 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="zone-policy" owner="${vyos_conf_scripts_dir}/zone_policy.py">
-    <properties>
-      <help>Configure zone-policy</help>
-      <priority>198</priority>
-    </properties>
-    <children>
-      <tagNode name="zone">
-        <properties>
-          <help>Zone name</help>
-          <valueHelp>
-            <format>txt</format>
-            <description>Zone name</description>
-          </valueHelp>
-          <constraint>
-            <regex>[a-zA-Z0-9][\w\-\.]*</regex>
-          </constraint>
-        </properties>
-        <children>
-          #include <include/generic-description.xml.i>
-          #include <include/firewall/enable-default-log.xml.i>
-          <leafNode name="default-action">
-            <properties>
-              <help>Default-action for traffic coming into this zone</help>
-              <completionHelp>
-                <list>drop reject</list>
-              </completionHelp>
-              <valueHelp>
-                <format>drop</format>
-                <description>Drop silently</description>
-              </valueHelp>
-              <valueHelp>
-                <format>reject</format>
-                <description>Drop and notify source</description>
-              </valueHelp>
-              <constraint>
-                <regex>(drop|reject)</regex>
-              </constraint>
-            </properties>
-            <defaultValue>drop</defaultValue>
-          </leafNode>
-          <tagNode name="from">
-            <properties>
-              <help>Zone from which to filter traffic</help>
-              <completionHelp>
-                <path>zone-policy zone</path>
-              </completionHelp>
-            </properties>
-            <children>
-              <node name="firewall">
-                <properties>
-                  <help>Firewall options</help>
-                </properties>
-                <children>
-                  <leafNode name="ipv6-name">
-                    <properties>
-                      <help>IPv6 firewall ruleset</help>
-                      <completionHelp>
-                        <path>firewall ipv6-name</path>
-                      </completionHelp>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="name">
-                    <properties>
-                      <help>IPv4 firewall ruleset</help>
-                      <completionHelp>
-                        <path>firewall name</path>
-                      </completionHelp>
-                    </properties>
-                  </leafNode>
-                </children>
-              </node>
-            </children>
-          </tagNode>
-          <leafNode name="interface">
-            <properties>
-              <help>Interface associated with zone</help>
-              <valueHelp>
-                <format>txt</format>
-                <description>Interface associated with zone</description>
-              </valueHelp>
-              <completionHelp>
-                <script>${vyos_completion_dir}/list_interfaces.py</script>
-              </completionHelp>
-              <multi/>
-            </properties>
-          </leafNode>
-          <node name="intra-zone-filtering">
-            <properties>
-              <help>Intra-zone filtering</help>
-            </properties>
-            <children>
-              <leafNode name="action">
-                <properties>
-                  <help>Action for intra-zone traffic</help>
-                  <completionHelp>
-                    <list>accept drop</list>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>accept</format>
-                    <description>Accept traffic</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>drop</format>
-                    <description>Drop silently</description>
-                  </valueHelp>
-                  <constraint>
-                    <regex>(accept|drop)</regex>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <node name="firewall">
-                <properties>
-                  <help>Use the specified firewall chain</help>
-                </properties>
-                <children>
-                  <leafNode name="ipv6-name">
-                    <properties>
-                      <help>IPv6 firewall ruleset</help>
-                      <completionHelp>
-                        <path>firewall ipv6-name</path>
-                      </completionHelp>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="name">
-                    <properties>
-                      <help>IPv4 firewall ruleset</help>
-                      <completionHelp>
-                        <path>firewall name</path>
-                      </completionHelp>
-                    </properties>
-                  </leafNode>
-                </children>
-              </node>
-            </children>
-          </node>
-          <leafNode name="local-zone">
-            <properties>
-              <help>Zone to be local-zone</help>
-              <valueless/>
-            </properties>
-          </leafNode>
-        </children>
-      </tagNode>
-    </children>
-  </node>
-</interfaceDefinition>
-- 
cgit v1.2.3