Warn users when stateful rules are set with state-policy configured

author: Mohit Mehta <mohit@vyatta.com> 2011-12-02 03:57:06 -0800
committer: Mohit Mehta <mohit@vyatta.com> 2011-12-02 03:57:06 -0800
commit: 824e709f822d7c2ebda3c6ba4dade1b1b7504d24 (patch)
tree: 881efa57153a1ecb4362fb8781c369890e451432 /templates/firewall
parent: eeebd45884c99262a21275b63e5f9f78ec905f95 (diff)
download: vyatta-cfg-firewall-824e709f822d7c2ebda3c6ba4dade1b1b7504d24.tar.gz
vyatta-cfg-firewall-824e709f822d7c2ebda3c6ba4dade1b1b7504d24.zip
6 files changed, 36 insertions, 0 deletions
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/established/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/established/node.def
index a4f3120..0d7fbfb 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/established/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/established/node.def
@@ -1,3 +1,9 @@
 type: txt
 help: Established state
 syntax:expression: $VAR(@) in "enable", "disable" ; "state value must be enable or disable"
+
+commit:expression:
+exec "
+if cli-shell-api existsEffective firewall state-policy; then                                    \
+echo Warning: Use of state in rules overridden by \\'firewall state-policy\\' configuration;          \
+fi"
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/invalid/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/invalid/node.def
index dc6110d..ed3c3be 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/invalid/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/invalid/node.def
@@ -1,3 +1,9 @@
 type: txt
 help: Invalid state
 syntax:expression: $VAR(@) in "enable", "disable" ; "state value must be enable or disable"
+
+commit:expression:
+exec "
+if cli-shell-api existsEffective firewall state-policy; then                                    \
+echo Warning: Use of state in rules overridden by \\'firewall state-policy\\' configuration;          \
+fi"
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/related/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/related/node.def
index 2364c31..8e3ee1e 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/related/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/related/node.def
@@ -1,3 +1,9 @@
 type: txt
 help: Related state
 syntax:expression: $VAR(@) in "enable", "disable" ; "state value must be enable or disable"
+
+commit:expression:
+exec "
+if cli-shell-api existsEffective firewall state-policy; then                                    \
+echo Warning: Use of state in rules overridden by \\'firewall state-policy\\' configuration;          \
+fi"
diff --git a/templates/firewall/name/node.tag/rule/node.tag/state/established/node.def b/templates/firewall/name/node.tag/rule/node.tag/state/established/node.def
index a4f3120..0d7fbfb 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/state/established/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/state/established/node.def
@@ -1,3 +1,9 @@
 type: txt
 help: Established state
 syntax:expression: $VAR(@) in "enable", "disable" ; "state value must be enable or disable"
+
+commit:expression:
+exec "
+if cli-shell-api existsEffective firewall state-policy; then                                    \
+echo Warning: Use of state in rules overridden by \\'firewall state-policy\\' configuration;          \
+fi"
diff --git a/templates/firewall/name/node.tag/rule/node.tag/state/invalid/node.def b/templates/firewall/name/node.tag/rule/node.tag/state/invalid/node.def
index dc6110d..ed3c3be 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/state/invalid/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/state/invalid/node.def
@@ -1,3 +1,9 @@
 type: txt
 help: Invalid state
 syntax:expression: $VAR(@) in "enable", "disable" ; "state value must be enable or disable"
+
+commit:expression:
+exec "
+if cli-shell-api existsEffective firewall state-policy; then                                    \
+echo Warning: Use of state in rules overridden by \\'firewall state-policy\\' configuration;          \
+fi"
diff --git a/templates/firewall/name/node.tag/rule/node.tag/state/related/node.def b/templates/firewall/name/node.tag/rule/node.tag/state/related/node.def
index 2364c31..8e3ee1e 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/state/related/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/state/related/node.def
@@ -1,3 +1,9 @@
 type: txt
 help: Related state
 syntax:expression: $VAR(@) in "enable", "disable" ; "state value must be enable or disable"
+
+commit:expression:
+exec "
+if cli-shell-api existsEffective firewall state-policy; then                                    \
+echo Warning: Use of state in rules overridden by \\'firewall state-policy\\' configuration;          \
+fi"
author	Mohit Mehta <mohit@vyatta.com>	2011-12-02 03:57:06 -0800
committer	Mohit Mehta <mohit@vyatta.com>	2011-12-02 03:57:06 -0800
commit	824e709f822d7c2ebda3c6ba4dade1b1b7504d24 (patch)
tree	881efa57153a1ecb4362fb8781c369890e451432 /templates/firewall
parent	eeebd45884c99262a21275b63e5f9f78ec905f95 (diff)
download	vyatta-cfg-firewall-824e709f822d7c2ebda3c6ba4dade1b1b7504d24.tar.gz vyatta-cfg-firewall-824e709f822d7c2ebda3c6ba4dade1b1b7504d24.zip