From 9a5dfb4b7ec9e065a73511a38e1713aec03eee0e Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Fri, 28 Oct 2022 18:19:47 +0000
Subject: T4780: Firewall: add firewall groups in firewall. Extend matching
 criteria so this new group can be used in inbound and outbound matcher

---
 interface-definitions/firewall.xml.in              | 29 ++++++++++++++++++++++
 .../include/firewall/common-rule.xml.i             | 26 +++++++++----------
 .../include/firewall/match-interface.xml.i         | 18 ++++++++++++++
 .../include/version/firewall-version.xml.i         |  2 +-
 4 files changed, 61 insertions(+), 14 deletions(-)
 create mode 100644 interface-definitions/include/firewall/match-interface.xml.i

(limited to 'interface-definitions')
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 673461036..12584276c 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -134,6 +134,35 @@
               #include <include/generic-description.xml.i>
             </children>
           </tagNode>
+          <tagNode name="interface-group">
+            <properties>
+              <help>Firewall interface-group</help>
+              <constraint>
+                <regex>[a-zA-Z0-9][\w\-\.]*</regex>
+              </constraint>
+            </properties>
+            <children>
+              <leafNode name="interface">
+                <properties>
+                  <help>Interface-group member</help>
+                  <completionHelp>
+                    <script>${vyos_completion_dir}/list_interfaces.py</script>
+                  </completionHelp>
+                  <multi/>
+                </properties>
+              </leafNode>
+              <leafNode name="include">
+                <properties>
+                  <help>Include another interface-group</help>
+                  <completionHelp>
+                    <path>firewall group interface-group</path>
+                  </completionHelp>
+                  <multi/>
+                </properties>
+              </leafNode>
+              #include <include/generic-description.xml.i>
+            </children>
+          </tagNode>
           <tagNode name="ipv6-address-group">
             <properties>
               <help>Firewall ipv6-address-group</help>
diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i
index a4f66f5cb..297e6fc1a 100644
--- a/interface-definitions/include/firewall/common-rule.xml.i
+++ b/interface-definitions/include/firewall/common-rule.xml.i
@@ -26,14 +26,22 @@
     </leafNode>
   </children>
 </node>
-<leafNode name="inbound-interface">
+<node name="inbound-interface">
   <properties>
     <help>Match inbound-interface</help>
-    <completionHelp>
-      <script>${vyos_completion_dir}/list_interfaces.py</script>
-    </completionHelp>
   </properties>
-</leafNode>
+  <children>
+    #include <include/firewall/match-interface.xml.i>
+  </children>
+</node>
+<node name="outbound-interface">
+  <properties>
+    <help>Match outbound-interface</help>
+  </properties>
+  <children>
+    #include <include/firewall/match-interface.xml.i>
+  </children>
+</node>
 <node name="ipsec">
   <properties>
     <help>Inbound IPsec packets</help>
@@ -130,14 +138,6 @@
     </leafNode>
   </children>
 </node>
-<leafNode name="outbound-interface">
-  <properties>
-    <help>Match outbound-interface</help>
-    <completionHelp>
-      <script>${vyos_completion_dir}/list_interfaces.py</script>
-    </completionHelp>
-  </properties>
-</leafNode>
 <leafNode name="protocol">
   <properties>
     <help>Protocol to match (protocol name, number, or "all")</help>
diff --git a/interface-definitions/include/firewall/match-interface.xml.i b/interface-definitions/include/firewall/match-interface.xml.i
new file mode 100644
index 000000000..675a87574
--- /dev/null
+++ b/interface-definitions/include/firewall/match-interface.xml.i
@@ -0,0 +1,18 @@
+<!-- include start from firewall/match-interface.xml.i -->
+<leafNode name="interface-name">
+  <properties>
+    <help>Match interface</help>
+    <completionHelp>
+      <script>${vyos_completion_dir}/list_interfaces.py</script>
+    </completionHelp>
+  </properties>
+</leafNode>
+<leafNode name="interface-group">
+  <properties>
+    <help>Match interface-group</help>
+    <completionHelp>
+      <path>firewall group interface-group</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
\ No newline at end of file
diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i
index 065925319..bc04f8d51 100644
--- a/interface-definitions/include/version/firewall-version.xml.i
+++ b/interface-definitions/include/version/firewall-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/firewall-version.xml.i -->
-<syntaxVersion component='firewall' version='8'></syntaxVersion>
+<syntaxVersion component='firewall' version='9'></syntaxVersion>
 <!-- include end -->
-- 
cgit v1.2.3

