summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Southworth <john.southworth@vyatta.com>2012-06-02 21:05:15 -0700
committerJohn Southworth <john.southworth@vyatta.com>2012-06-02 21:05:15 -0700
commit8a08387990b286a67125317e500bc81a3838b454 (patch)
tree0b2e37d5c6f2572347a3a77c58e2942605d40523
parent892a2b9d6fb1274fbc2dd9489d154c516ffa074f (diff)
downloadvyatta-cfg-firewall-8a08387990b286a67125317e500bc81a3838b454.tar.gz
vyatta-cfg-firewall-8a08387990b286a67125317e500bc81a3838b454.zip
Make firewall syntax checks use the vyatta-util library
-rw-r--r--debian/control1
-rw-r--r--templates/firewall/group/address-group/node.tag/address/node.def6
-rw-r--r--templates/firewall/group/network-group/node.tag/network/node.def6
-rw-r--r--templates/firewall/group/port-group/node.tag/port/node.def6
-rw-r--r--templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/address/node.def2
-rw-r--r--templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def2
-rw-r--r--templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/address/node.def2
-rw-r--r--templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/mac-address/node.def2
-rw-r--r--templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/address/node.def2
-rw-r--r--templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def2
-rw-r--r--templates/firewall/ipv6-name/node.tag/rule/node.tag/source/address/node.def2
-rw-r--r--templates/firewall/ipv6-name/node.tag/rule/node.tag/source/mac-address/node.def2
-rw-r--r--templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def2
-rw-r--r--templates/firewall/modify/node.tag/rule/node.tag/source/mac-address/node.def2
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/protocol/node.def2
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/source/mac-address/node.def2
16 files changed, 16 insertions, 27 deletions
diff --git a/debian/control b/debian/control
index 48ae901..542edff 100644
--- a/debian/control
+++ b/debian/control
@@ -14,6 +14,7 @@ Depends: sed (>= 4.1.5),
vyatta-cfg (>= 0.15.33),
vyatta-cfg-system (>= 0.19.125),
vyatta-bash | bash (>= 3.1),
+ vyatta-util,
sysv-rc,
ntp,
rsyslog | system-log-daemon,
diff --git a/templates/firewall/group/address-group/node.tag/address/node.def b/templates/firewall/group/address-group/node.tag/address/node.def
index 2629b9d..b5060ea 100644
--- a/templates/firewall/group/address-group/node.tag/address/node.def
+++ b/templates/firewall/group/address-group/node.tag/address/node.def
@@ -4,9 +4,5 @@ help: Address-group member
val_help: ipv4; IPv4 address to match
val_help: ipv4range; IPv4 range to match (e.g. 10.0.0.1-10.0.0.200)
-syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \
- --action=check-member \
- --set-name=$VAR(../@) \
- --set-type=address \
- --member=\"$VAR(@)\"; "
+syntax:expression: exec "/opt/vyatta/sbin/ipset-check-member address $VAR(@)"
diff --git a/templates/firewall/group/network-group/node.tag/network/node.def b/templates/firewall/group/network-group/node.tag/network/node.def
index 7388561..b3e0c18 100644
--- a/templates/firewall/group/network-group/node.tag/network/node.def
+++ b/templates/firewall/group/network-group/node.tag/network/node.def
@@ -3,11 +3,7 @@ type: ipv4net
help: Network-group member
val_help: ipv4net; IPv4 Subnet to match
-syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \
- --action=check-member \
- --set-name=$VAR(../@) \
- --set-type=network \
- --member=\"$VAR(@)\"; "
+syntax:expression: exec "/opt/vyatta/sbin/ipset-check-member network $VAR(@)"
syntax:expression: exec " \
/opt/vyatta/sbin/check_prefix_boundary $VAR(@)" \
diff --git a/templates/firewall/group/port-group/node.tag/port/node.def b/templates/firewall/group/port-group/node.tag/port/node.def
index 7a9b867..5f310c2 100644
--- a/templates/firewall/group/port-group/node.tag/port/node.def
+++ b/templates/firewall/group/port-group/node.tag/port/node.def
@@ -6,8 +6,4 @@ val_help: <name>; Named port (any name in /etc/services, e.g., http)
val_help: u32:1-65535; Numbered port
val_help: <start>-<end>; Numbered port range (e.g. 1001-1050)
-syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \
- --action=check-member \
- --set-name=$VAR(../@) \
- --set-type=port \
- --member=\"$VAR(@)\"; "
+syntax:expression: exec "sudo /opt/vyatta/sbin/ipset-check-member port $VAR(@)"
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/address/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/address/node.def
index 4953885..2ace3b3 100644
--- a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/address/node.def
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/address/node.def
@@ -9,5 +9,5 @@ val_help: !ipv6; Match everything except the specified address
val_help: !ipv6net; Match everything except the specified prefix
val_help: !ipv6range; Match everything except the specified range
-syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv6_addr_param $VAR(@)"
+syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type ipv6_addr_param $VAR(@)"
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def
index ee3110f..5225eee 100644
--- a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def
@@ -10,7 +10,7 @@ syntax:expression: exec "
if [ \"$param\" = \"tcp_udp\" ]; then
exit 0
fi
- /opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'
+ /opt/vyatta/sbin/vyatta-validate-type protocol_negate '$VAR(@)'
" ;
"invalid protocol \"$VAR(@)\""
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/address/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/address/node.def
index 397c686..2fe8a42 100644
--- a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/address/node.def
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/address/node.def
@@ -10,4 +10,4 @@ val_help: !ipv6; Match everything except the specified address
val_help: !ipv6net; Match everything except the specified prefix
val_help: !ipv6range; Match everything except the specified range
-syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv6_addr_param $VAR(@)"
+syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type ipv6_addr_param $VAR(@)"
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/mac-address/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/mac-address/node.def
index ad07881..5519871 100644
--- a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/mac-address/node.def
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/mac-address/node.def
@@ -1,3 +1,3 @@
type: txt
help: Source MAC address
-syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl macaddr_negate '$VAR(@)'" ; "invalid MAC address \"$VAR(@)\""
+syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type macaddr_negate '$VAR(@)'" ; "invalid MAC address \"$VAR(@)\""
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/address/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/address/node.def
index 4953885..2ace3b3 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/address/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/address/node.def
@@ -9,5 +9,5 @@ val_help: !ipv6; Match everything except the specified address
val_help: !ipv6net; Match everything except the specified prefix
val_help: !ipv6range; Match everything except the specified range
-syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv6_addr_param $VAR(@)"
+syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type ipv6_addr_param $VAR(@)"
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def
index ee3110f..5225eee 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def
@@ -10,7 +10,7 @@ syntax:expression: exec "
if [ \"$param\" = \"tcp_udp\" ]; then
exit 0
fi
- /opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'
+ /opt/vyatta/sbin/vyatta-validate-type protocol_negate '$VAR(@)'
" ;
"invalid protocol \"$VAR(@)\""
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/address/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/address/node.def
index b7a8d66..23ebb83 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/address/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/address/node.def
@@ -10,4 +10,4 @@ val_help: !ipv6; Match everything except the specified address
val_help: !ipv6net; Match everything except the specified prefix
val_help: !ipv6range; Match everything except the specified range
-syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv6_addr_param $VAR(@)"
+syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type ipv6_addr_param $VAR(@)"
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/mac-address/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/mac-address/node.def
index ad07881..5519871 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/mac-address/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/mac-address/node.def
@@ -1,3 +1,3 @@
type: txt
help: Source MAC address
-syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl macaddr_negate '$VAR(@)'" ; "invalid MAC address \"$VAR(@)\""
+syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type macaddr_negate '$VAR(@)'" ; "invalid MAC address \"$VAR(@)\""
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def
index 5491708..c456f95 100644
--- a/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def
+++ b/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def
@@ -7,7 +7,7 @@ val_help: tcp_udp; Both TCP and UDP
val_help: all; All IP protocols
val_help: !<protocol>; All IP protocols except for the specified name or number
-syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'`\" ] \
+syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type protocol_negate '$VAR(@)'`\" ] \
&& [ \"$VAR(@)\" != 'tcp_udp' ]; then \
echo invalid protocol \"$VAR(@)\" ; \
exit 1 ; \
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/source/mac-address/node.def b/templates/firewall/modify/node.tag/rule/node.tag/source/mac-address/node.def
index ad07881..5519871 100644
--- a/templates/firewall/modify/node.tag/rule/node.tag/source/mac-address/node.def
+++ b/templates/firewall/modify/node.tag/rule/node.tag/source/mac-address/node.def
@@ -1,3 +1,3 @@
type: txt
help: Source MAC address
-syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl macaddr_negate '$VAR(@)'" ; "invalid MAC address \"$VAR(@)\""
+syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type macaddr_negate '$VAR(@)'" ; "invalid MAC address \"$VAR(@)\""
diff --git a/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def
index 1f235f7..6e0e9a6 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def
@@ -8,7 +8,7 @@ val_help: tcp_udp; Both TCP and UDP
val_help: all; All IP protocols
val_help: !<protocol>; All IP protocols except for the specified name or number
-syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'`\" ] \
+syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type protocol_negate '$VAR(@)'`\" ] \
&& [ \"$VAR(@)\" != 'tcp_udp' ]; then \
echo invalid protocol \"$VAR(@)\" ; \
exit 1 ; \
diff --git a/templates/firewall/name/node.tag/rule/node.tag/source/mac-address/node.def b/templates/firewall/name/node.tag/rule/node.tag/source/mac-address/node.def
index ad07881..5519871 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/source/mac-address/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/source/mac-address/node.def
@@ -1,3 +1,3 @@
type: txt
help: Source MAC address
-syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl macaddr_negate '$VAR(@)'" ; "invalid MAC address \"$VAR(@)\""
+syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type macaddr_negate '$VAR(@)'" ; "invalid MAC address \"$VAR(@)\""