summaryrefslogtreecommitdiff
path: root/templates/firewall
diff options
context:
space:
mode:
authorMohit Mehta <mohit@vyatta.com>2011-12-02 03:57:06 -0800
committerMohit Mehta <mohit@vyatta.com>2011-12-02 03:57:06 -0800
commit824e709f822d7c2ebda3c6ba4dade1b1b7504d24 (patch)
tree881efa57153a1ecb4362fb8781c369890e451432 /templates/firewall
parenteeebd45884c99262a21275b63e5f9f78ec905f95 (diff)
downloadvyatta-cfg-firewall-824e709f822d7c2ebda3c6ba4dade1b1b7504d24.tar.gz
vyatta-cfg-firewall-824e709f822d7c2ebda3c6ba4dade1b1b7504d24.zip
Warn users when stateful rules are set with state-policy configured
Diffstat (limited to 'templates/firewall')
-rw-r--r--templates/firewall/ipv6-name/node.tag/rule/node.tag/state/established/node.def6
-rw-r--r--templates/firewall/ipv6-name/node.tag/rule/node.tag/state/invalid/node.def6
-rw-r--r--templates/firewall/ipv6-name/node.tag/rule/node.tag/state/related/node.def6
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/state/established/node.def6
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/state/invalid/node.def6
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/state/related/node.def6
6 files changed, 36 insertions, 0 deletions
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/established/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/established/node.def
index a4f3120..0d7fbfb 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/established/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/established/node.def
@@ -1,3 +1,9 @@
type: txt
help: Established state
syntax:expression: $VAR(@) in "enable", "disable" ; "state value must be enable or disable"
+
+commit:expression:
+exec "
+if cli-shell-api existsEffective firewall state-policy; then \
+echo Warning: Use of state in rules overridden by \\'firewall state-policy\\' configuration; \
+fi"
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/invalid/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/invalid/node.def
index dc6110d..ed3c3be 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/invalid/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/invalid/node.def
@@ -1,3 +1,9 @@
type: txt
help: Invalid state
syntax:expression: $VAR(@) in "enable", "disable" ; "state value must be enable or disable"
+
+commit:expression:
+exec "
+if cli-shell-api existsEffective firewall state-policy; then \
+echo Warning: Use of state in rules overridden by \\'firewall state-policy\\' configuration; \
+fi"
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/related/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/related/node.def
index 2364c31..8e3ee1e 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/related/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/state/related/node.def
@@ -1,3 +1,9 @@
type: txt
help: Related state
syntax:expression: $VAR(@) in "enable", "disable" ; "state value must be enable or disable"
+
+commit:expression:
+exec "
+if cli-shell-api existsEffective firewall state-policy; then \
+echo Warning: Use of state in rules overridden by \\'firewall state-policy\\' configuration; \
+fi"
diff --git a/templates/firewall/name/node.tag/rule/node.tag/state/established/node.def b/templates/firewall/name/node.tag/rule/node.tag/state/established/node.def
index a4f3120..0d7fbfb 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/state/established/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/state/established/node.def
@@ -1,3 +1,9 @@
type: txt
help: Established state
syntax:expression: $VAR(@) in "enable", "disable" ; "state value must be enable or disable"
+
+commit:expression:
+exec "
+if cli-shell-api existsEffective firewall state-policy; then \
+echo Warning: Use of state in rules overridden by \\'firewall state-policy\\' configuration; \
+fi"
diff --git a/templates/firewall/name/node.tag/rule/node.tag/state/invalid/node.def b/templates/firewall/name/node.tag/rule/node.tag/state/invalid/node.def
index dc6110d..ed3c3be 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/state/invalid/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/state/invalid/node.def
@@ -1,3 +1,9 @@
type: txt
help: Invalid state
syntax:expression: $VAR(@) in "enable", "disable" ; "state value must be enable or disable"
+
+commit:expression:
+exec "
+if cli-shell-api existsEffective firewall state-policy; then \
+echo Warning: Use of state in rules overridden by \\'firewall state-policy\\' configuration; \
+fi"
diff --git a/templates/firewall/name/node.tag/rule/node.tag/state/related/node.def b/templates/firewall/name/node.tag/rule/node.tag/state/related/node.def
index 2364c31..8e3ee1e 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/state/related/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/state/related/node.def
@@ -1,3 +1,9 @@
type: txt
help: Related state
syntax:expression: $VAR(@) in "enable", "disable" ; "state value must be enable or disable"
+
+commit:expression:
+exec "
+if cli-shell-api existsEffective firewall state-policy; then \
+echo Warning: Use of state in rules overridden by \\'firewall state-policy\\' configuration; \
+fi"