update help text to use val_help

33 files changed, 216 insertions, 243 deletions

diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/address/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/address/node.def
index 1adbe8d..4953885 100644
--- a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/address/node.def
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/address/node.def
@@ -2,13 +2,12 @@ type: txt
 
 help: Destination IPv6 address, prefix or range
 
-comp_help: Possible completions:
-  <x:x:x:x:x:x:x:x>             IPv6 address to match
-  <x:x:x:x:x:x:x:x>/<n>         IPv6 prefix to match
-  <x:x:x:x:x:x>-<x:x:x:x:x:x>   Range of IPv6 addresses
-  !<x:x:x:x:x:x:x:x>            Everything except IPv6 address
-  !<x:x:x:x:x:x:x:x>/<n>        Everything except IPv6 prefix
-  !<x:x:x:x:x:x>-<x:x:x:x:x:x>  Everything except range
+val_help: ipv6; IPv6 address to match
+val_help: ipv6net; IPv6 prefix to match
+val_help: ipv6range; IPv6 range to match
+val_help: !ipv6; Match everything except the specified address
+val_help: !ipv6net; Match everything except the specified prefix
+val_help: !ipv6range; Match everything except the specified range
 
 syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv6_addr_param $VAR(@)"
 
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/port/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/port/node.def
index 760c0e8..2b2d8c7 100644
--- a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/port/node.def
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/port/node.def
@@ -2,9 +2,9 @@ type: txt
 
 help: Destination port
 
-comp_help: Destination port(s) can be specified as a comma-separated list of:
-  <port name>           Named port (any name in /etc/services, e.g., http)
-  <1-65535>             Numbered port
-  <start>-<end>         Numbered port range (e.g., 1001-1005)
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple destination ports can be specified as a comma-separated list.
 The whole list can also be "negated" using '!'. For example:
   '!22,telnet,http,123,1001-1005'
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/icmpv6/type/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/icmpv6/type/node.def
index a066647..d11da4e 100644
--- a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/icmpv6/type/node.def
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/icmpv6/type/node.def
@@ -2,32 +2,31 @@ type: txt
 
 help: ICMPv6 type/code
 
-comp_help: Possible completions:
-  destination-unreachable       ICMPv6 type/code name
-   no-route                     ICMPv6 type/code name
-   communication-prohibited     ICMPv6 type/code name
-   address-unreachable          ICMPv6 type/code name
-   port-unreachable             ICMPv6 type/code name
-  packet-too-big                ICMPv6 type/code name
-  time-exceeded                 ICMPv6 type/code name
-   ttl-zero-during-transit      ICMPv6 type/code name
-   ttl-zero-during-reassembly   ICMPv6 type/code name
-  parameter-problem             ICMPv6 type/code name
-   bad-header                   ICMPv6 type/code name
-   unknown-header-type          ICMPv6 type/code name
-   unknown-option               ICMPv6 type/code name
-  echo-request                  ICMPv6 type/code name
-  ping                          ICMPv6 type/code name
-  echo-reply                    ICMPv6 type/code name
-  pong                          ICMPv6 type/code name
-  router-solicitation           ICMPv6 type/code name
-  router-advertisement          ICMPv6 type/code name
-  neighbour-solicitation        ICMPv6 type/code name
-  neighbor-solicitation         ICMPv6 type/code name
-  neighbour-advertisement       ICMPv6 type/code name
-  neighbor-advertisement        ICMPv6 type/code name
-  <0 - 255>                     ICMPv6 type number
-  <0 - 255>/<0 - 255>           ICMPv6 type and code numbers
+val_help:  destination-unreachable; ICMPv6 type/code name
+val_help:  _ no-route; ICMPv6 type/code name
+val_help:  _ communication-prohibited; ICMPv6 type/code name
+val_help:  _ address-unreachable; ICMPv6 type/code name
+val_help:  _ port-unreachable; ICMPv6 type/code name
+val_help:  packet-too-big; ICMPv6 type/code name
+val_help:  time-exceeded; ICMPv6 type/code name
+val_help:  _ ttl-zero-during-transit; ICMPv6 type/code name
+val_help:  _ ttl-zero-during-reassembly; ICMPv6 type/code name
+val_help:  parameter-problem; ICMPv6 type/code name
+val_help:  _ bad-header; ICMPv6 type/code name
+val_help:  _ unknown-header-type; ICMPv6 type/code name
+val_help:  _ unknown-option; ICMPv6 type/code name
+val_help:  echo-request; ICMPv6 type/code name
+val_help:  ping; ICMPv6 type/code name
+val_help:  echo-reply; ICMPv6 type/code name
+val_help:  pong; ICMPv6 type/code name
+val_help:  router-solicitation; ICMPv6 type/code name
+val_help:  router-advertisement; ICMPv6 type/code name
+val_help:  neighbour-solicitation; ICMPv6 type/code name
+val_help:  neighbor-solicitation; ICMPv6 type/code name
+val_help:  neighbour-advertisement; ICMPv6 type/code name
+val_help:  neighbor-advertisement; ICMPv6 type/code name
+val_help:  u32:0-255; ICMPv6 type number
+val_help:  <0-255>/<0-255>; ICMPv6 type and code numbers
 
 allowed:
         array=(
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def
index 0ea2382..ee3110f 100644
--- a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def
@@ -21,10 +21,8 @@ allowed:
 	protos="all icmpv6 $protos tcp_udp"
 	echo -n $protos
 
-comp_help:Possible completions:
-  <text>        An IPv6 protocol name (e.g. "tcp" or "udp")
-  <1-255>       An IPv6 protocol number
-  tcp_udp       Both TCP and UDP
-  all           All IPv6 protocols
-  !<text>       All IPv6 protocols except for the specified name
-  !<1-255>      All IPv6 protocols except for the specified number
+val_help: txt; IPv6 protocol name from /etc/protocols (e.g. "tcp" or "udp")
+val_help: u32:0-255; IPv6 protocol number
+val_help: tcp_udp; Both TCP and UDP
+val_help: all; All IPv6 protocols
+val_help: !<protocol>; All IPv6 protocols except for the specified name or number
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/address/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/address/node.def
index 01a7b99..397c686 100644
--- a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/address/node.def
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/address/node.def
@@ -3,12 +3,11 @@ type: txt
 
 help: Source IPv6 address, prefix or range
 
-comp_help: Possible completions:
-  <x:x:x:x:x:x:x:x>             IPv6 address to match
-  <x:x:x:x:x:x:x:x>/<n>         IPv6 prefix to match
-  <x:x:x:x:x:x>-<x:x:x:x:x:x>   Range of IPv6 addresses
-  !<x:x:x:x:x:x:x:x>            Everything except IPv6 address
-  !<x:x:x:x:x:x:x:x>/<n>        Everything except IPv6 prefix
-  !<x:x:x:x:x:x>-<x:x:x:x:x:x>  Everything except range
-
-syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv6_addr_param $VAR(@)"
\ No newline at end of file
+val_help: ipv6; IPv6 address to match
+val_help: ipv6net; IPv6 prefix to match
+val_help: ipv6range; IPv6 range to match
+val_help: !ipv6; Match everything except the specified address
+val_help: !ipv6net; Match everything except the specified prefix
+val_help: !ipv6range; Match everything except the specified range
+
+syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv6_addr_param $VAR(@)"
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/port/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/port/node.def
index 4cec3cf..adfae7a 100644
--- a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/port/node.def
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/port/node.def
@@ -1,8 +1,8 @@
 type: txt
 help: Source port
-comp_help: Source port(s) can be specified as a comma-separated list of:
-  <port name>           Named port (any name in /etc/services, e.g., http)
-  <1-65535>             Numbered port
-  <start>-<end>         Numbered port range (e.g., 1001-1005)
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple source ports can be specified as a comma-separated list.
 The whole list can also be "negated" using '!'. For example:
   '!22,telnet,http,123,1001-1005'
diff --git a/templates/firewall/ipv6-name/node.tag/default-action/node.def b/templates/firewall/ipv6-name/node.tag/default-action/node.def
index db160f0..bb61c41 100644
--- a/templates/firewall/ipv6-name/node.tag/default-action/node.def
+++ b/templates/firewall/ipv6-name/node.tag/default-action/node.def
@@ -7,7 +7,6 @@ default: "drop"
 syntax:expression: $VAR(@) in "drop", "accept", "reject";
                    "default-action must be drop, reject or accept"
 
-comp_help: possible completions:
-  drop            Drop if no prior rules are hit (default)
-  reject          Drop and notify source if no prior rules are hit
-  accept          Accept if no prior rules are hit
+val_help: drop; Drop if no prior rules are hit (default)
+val_help: reject; Drop and notify source if no prior rules are hit
+val_help: accept; Accept if no prior rules are hit
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/address/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/address/node.def
index 1adbe8d..4953885 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/address/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/address/node.def
@@ -2,13 +2,12 @@ type: txt
 
 help: Destination IPv6 address, prefix or range
 
-comp_help: Possible completions:
-  <x:x:x:x:x:x:x:x>             IPv6 address to match
-  <x:x:x:x:x:x:x:x>/<n>         IPv6 prefix to match
-  <x:x:x:x:x:x>-<x:x:x:x:x:x>   Range of IPv6 addresses
-  !<x:x:x:x:x:x:x:x>            Everything except IPv6 address
-  !<x:x:x:x:x:x:x:x>/<n>        Everything except IPv6 prefix
-  !<x:x:x:x:x:x>-<x:x:x:x:x:x>  Everything except range
+val_help: ipv6; IPv6 address to match
+val_help: ipv6net; IPv6 prefix to match
+val_help: ipv6range; IPv6 range to match
+val_help: !ipv6; Match everything except the specified address
+val_help: !ipv6net; Match everything except the specified prefix
+val_help: !ipv6range; Match everything except the specified range
 
 syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv6_addr_param $VAR(@)"
 
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/port/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/port/node.def
index 760c0e8..2b2d8c7 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/port/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/port/node.def
@@ -2,9 +2,9 @@ type: txt
 
 help: Destination port
 
-comp_help: Destination port(s) can be specified as a comma-separated list of:
-  <port name>           Named port (any name in /etc/services, e.g., http)
-  <1-65535>             Numbered port
-  <start>-<end>         Numbered port range (e.g., 1001-1005)
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple destination ports can be specified as a comma-separated list.
 The whole list can also be "negated" using '!'. For example:
   '!22,telnet,http,123,1001-1005'
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/icmpv6/type/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/icmpv6/type/node.def
index 3454ac1..540c699 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/icmpv6/type/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/icmpv6/type/node.def
@@ -2,33 +2,32 @@ type: txt
 
 help: ICMPv6 type/code
 
-comp_help: Possible completions:
-  destination-unreachable       ICMPv6 type/code name
-   no-route                     ICMPv6 type/code name
-   communication-prohibited     ICMPv6 type/code name
-   address-unreachable          ICMPv6 type/code name
-   port-unreachable             ICMPv6 type/code name
-  packet-too-big                ICMPv6 type/code name
-  time-exceeded                 ICMPv6 type/code name
-   ttl-zero-during-transit      ICMPv6 type/code name
-   ttl-zero-during-reassembly   ICMPv6 type/code name
-  parameter-problem             ICMPv6 type/code name
-   bad-header                   ICMPv6 type/code name
-   unknown-header-type          ICMPv6 type/code name
-   unknown-option               ICMPv6 type/code name
-  echo-request                  ICMPv6 type/code name
-  ping                          ICMPv6 type/code name
-  echo-reply                    ICMPv6 type/code name
-  pong                          ICMPv6 type/code name
-  router-solicitation           ICMPv6 type/code name
-  router-advertisement          ICMPv6 type/code name
-  neighbour-solicitation        ICMPv6 type/code name
-  neighbor-solicitation         ICMPv6 type/code name
-  neighbour-advertisement       ICMPv6 type/code name
-  neighbor-advertisement        ICMPv6 type/code name
-  redirect                      ICMPv6 type/code name
-  <0 - 255>                     ICMPv6 type number
-  <0 - 255>/<0 - 255>           ICMPv6 type and code numbers
+val_help:  destination-unreachable; ICMPv6 type/code name
+val_help:  _ no-route; ICMPv6 type/code name
+val_help:  _ communication-prohibited; ICMPv6 type/code name
+val_help:  _ address-unreachable; ICMPv6 type/code name
+val_help:  _ port-unreachable; ICMPv6 type/code name
+val_help:  packet-too-big; ICMPv6 type/code name
+val_help:  time-exceeded; ICMPv6 type/code name
+val_help:  _ ttl-zero-during-transit; ICMPv6 type/code name
+val_help:  _ ttl-zero-during-reassembly; ICMPv6 type/code name
+val_help:  parameter-problem; ICMPv6 type/code name
+val_help:  _ bad-header; ICMPv6 type/code name
+val_help:  _ unknown-header-type; ICMPv6 type/code name
+val_help:  _ unknown-option; ICMPv6 type/code name
+val_help:  echo-request; ICMPv6 type/code name
+val_help:  ping; ICMPv6 type/code name
+val_help:  echo-reply; ICMPv6 type/code name
+val_help:  pong; ICMPv6 type/code name
+val_help:  router-solicitation; ICMPv6 type/code name
+val_help:  router-advertisement; ICMPv6 type/code name
+val_help:  neighbour-solicitation; ICMPv6 type/code name
+val_help:  neighbor-solicitation; ICMPv6 type/code name
+val_help:  neighbour-advertisement; ICMPv6 type/code name
+val_help:  neighbor-advertisement; ICMPv6 type/code name
+val_help:  redirect; ICMPv6 type/code name
+val_help:  u32:0-255; ICMPv6 type number
+val_help:  <0-255>/<0-255>; ICMPv6 type and code numbers
 
 allowed:
         array=(
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def
index 0ea2382..ee3110f 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def
@@ -21,10 +21,8 @@ allowed:
 	protos="all icmpv6 $protos tcp_udp"
 	echo -n $protos
 
-comp_help:Possible completions:
-  <text>        An IPv6 protocol name (e.g. "tcp" or "udp")
-  <1-255>       An IPv6 protocol number
-  tcp_udp       Both TCP and UDP
-  all           All IPv6 protocols
-  !<text>       All IPv6 protocols except for the specified name
-  !<1-255>      All IPv6 protocols except for the specified number
+val_help: txt; IPv6 protocol name from /etc/protocols (e.g. "tcp" or "udp")
+val_help: u32:0-255; IPv6 protocol number
+val_help: tcp_udp; Both TCP and UDP
+val_help: all; All IPv6 protocols
+val_help: !<protocol>; All IPv6 protocols except for the specified name or number
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/address/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/address/node.def
index 0d07f99..b7a8d66 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/address/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/address/node.def
@@ -3,12 +3,11 @@ type: txt
 
 help: Source IPv6 address, prefix or range to match
 
-comp_help: Possible completions:
-  <x:x:x:x:x:x:x:x>             IPv6 address to match
-  <x:x:x:x:x:x:x:x>/<n>         IPv6 prefix to match
-  <x:x:x:x:x:x>-<x:x:x:x:x:x>   Range of IPv6 addresses
-  !<x:x:x:x:x:x:x:x>            Everything except IPv6 address
-  !<x:x:x:x:x:x:x:x>/<n>        Everything except IPv6 prefix
-  !<x:x:x:x:x:x>-<x:x:x:x:x:x>  Everything except range
-
-syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv6_addr_param $VAR(@)"
\ No newline at end of file
+val_help: ipv6; IPv6 address to match
+val_help: ipv6net; IPv6 prefix to match
+val_help: ipv6range; IPv6 range to match
+val_help: !ipv6; Match everything except the specified address
+val_help: !ipv6net; Match everything except the specified prefix
+val_help: !ipv6range; Match everything except the specified range
+
+syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv6_addr_param $VAR(@)"
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/port/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/port/node.def
index 4cec3cf..adfae7a 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/port/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/port/node.def
@@ -1,8 +1,8 @@
 type: txt
 help: Source port
-comp_help: Source port(s) can be specified as a comma-separated list of:
-  <port name>           Named port (any name in /etc/services, e.g., http)
-  <1-65535>             Numbered port
-  <start>-<end>         Numbered port range (e.g., 1001-1005)
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple source ports can be specified as a comma-separated list.
 The whole list can also be "negated" using '!'. For example:
   '!22,telnet,http,123,1001-1005'
diff --git a/templates/firewall/ipv6-receive-redirects/node.def b/templates/firewall/ipv6-receive-redirects/node.def
index f837322..969838c 100644
--- a/templates/firewall/ipv6-receive-redirects/node.def
+++ b/templates/firewall/ipv6-receive-redirects/node.def
@@ -6,9 +6,8 @@ type: txt
 
 help: Policy for handling received ICMPv6 redirect messages
 
-comp_help:Possible completions:
-  enable\tEnable processing of received ICMPv6 redirect messages
-  disable\tDisable processing of received ICMPv6 redirect messages
+val_help: enable; Enable processing of received ICMPv6 redirect messages
+val_help: disable; Disable processing of received ICMPv6 redirect messages
 
 default: "disable"
 
diff --git a/templates/firewall/ipv6-src-route/node.def b/templates/firewall/ipv6-src-route/node.def
index ce182e4..38fb4f9 100644
--- a/templates/firewall/ipv6-src-route/node.def
+++ b/templates/firewall/ipv6-src-route/node.def
@@ -11,9 +11,8 @@ type: txt
 
 help: Policy for handling IPv6 packets with routing extension header
 
-comp_help:Possible completions:
-  enable\tEnable processing of IPv6 packets with routing header type 2
-  disable\tDisable processing of IPv6 packets with routing header
+val_help: enable; Enable processing of IPv6 packets with routing header type 2
+val_help: disable; Disable processing of IPv6 packets with routing header
 
 default: "disable"
 
diff --git a/templates/firewall/log-martians/node.def b/templates/firewall/log-martians/node.def
index bb3234b..7e8d145 100644
--- a/templates/firewall/log-martians/node.def
+++ b/templates/firewall/log-martians/node.def
@@ -8,9 +8,8 @@ type: txt
 
 help: Policy for logging IPv4 packets with invalid addresses
 
-comp_help:Possible completions:
-  enable\tEnable logging of IPv4 packets with invalid addresses
-  disable\tDisable logging of Ipv4 packets with invalid addresses
+val_help: enable; Enable logging of IPv4 packets with invalid addresses
+val_help: disable; Disable logging of Ipv4 packets with invalid addresses
 
 default: "enable"
 
diff --git a/templates/firewall/modify/node.tag/default-action/node.def b/templates/firewall/modify/node.tag/default-action/node.def
index 34ed318..c4e73f6 100644
--- a/templates/firewall/modify/node.tag/default-action/node.def
+++ b/templates/firewall/modify/node.tag/default-action/node.def
@@ -7,6 +7,5 @@ default: "drop"
 syntax:expression: $VAR(@) in "drop", "accept";
                    "default-action must be either drop or accept"
 
-comp_help: possible completions:
-  drop            Drop if no prior rules are hit (default)
-  accept          Accept if no prior rules are hit
+val_help: drop; Drop if no prior rules are hit (default)
+val_help: accept; Accept if no prior rules are hit
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/destination/address/node.def b/templates/firewall/modify/node.tag/rule/node.tag/destination/address/node.def
index 1bb5321..f142aba 100644
--- a/templates/firewall/modify/node.tag/rule/node.tag/destination/address/node.def
+++ b/templates/firewall/modify/node.tag/rule/node.tag/destination/address/node.def
@@ -1,9 +1,8 @@
 type: txt
 help: Destination IP address, subnet, or range
-comp_help: Possible completions:
-  <x.x.x.x>                 IP address to match
-  <x.x.x.x/x>               Subnet to match
-  <x.x.x.x>-<x.x.x.x>       IP range to match
-  !<x.x.x.x>                Match everything except the specified address
-  !<x.x.x.x/x>              Match everything except the specified subnet
-  !<x.x.x.x>-<x.x.x.x>      Match everything except the specified range 
+val_help: ipv4; IP address to match
+val_help: ipv4net; Subnet to match
+val_help: ipv4range; IP range to match
+val_help: !ipv4; Match everything except the specified address
+val_help: !ipv4net; Match everything except the specified subnet
+val_help: !ipv4range; Match everything except the specified range
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/destination/port/node.def b/templates/firewall/modify/node.tag/rule/node.tag/destination/port/node.def
index 8989f99..3299c9a 100644
--- a/templates/firewall/modify/node.tag/rule/node.tag/destination/port/node.def
+++ b/templates/firewall/modify/node.tag/rule/node.tag/destination/port/node.def
@@ -1,8 +1,8 @@
 type: txt
 help: Destination port
-comp_help: Destination port(s) can be specified as a comma-separated list of:
-  <port name>           Named port (any name in /etc/services, e.g., http)
-  <1-65535>             Numbered port
-  <start>-<end>         Numbered port range (e.g., 1001-1005)
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple destination ports can be specified as a comma-separated list.
 The whole list can also be "negated" using '!'. For example:
   '!22,telnet,http,123,1001-1005'
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def
index 66a5634..5491708 100644
--- a/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def
+++ b/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def
@@ -1,12 +1,11 @@
 type: txt
 help: Protocol to match (protocol name in /etc/protocols or protocol number or "all")
 
-comp_help:Possible completions:
-  <text>        An IP protocol name from /etc/protocols (e.g. "tcp" or "udp")
-  <0-255>       An IP protocol number
-  tcp_udp       Both TCP and UDP
-  all           All IP protocols
-  !<protocol>   All IP protocols except for the specified name or number (negation)
+val_help: txt; IP protocol name from /etc/protocols (e.g. "tcp" or "udp")
+val_help: u32:0-255; IP protocol number
+val_help: tcp_udp; Both TCP and UDP
+val_help: all; All IP protocols
+val_help: !<protocol>; All IP protocols except for the specified name or number
 
 syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'`\" ] \
                         && [ \"$VAR(@)\" != 'tcp_udp' ]; then \
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/source/address/node.def b/templates/firewall/modify/node.tag/rule/node.tag/source/address/node.def
index 2bee1b7..72d6a17 100644
--- a/templates/firewall/modify/node.tag/rule/node.tag/source/address/node.def
+++ b/templates/firewall/modify/node.tag/rule/node.tag/source/address/node.def
@@ -1,9 +1,8 @@
 type: txt
-help: Source IP address, subnet, or range\
-comp_help: Possible completions:
-  <x.x.x.x>                  IP address to match
-  <x.x.x.x/x>                Subnet to match
-  <x.x.x.x>-<x.x.x.x>        IP range to match
-  !<x.x.x.x>                 Match everything except the specified address
-  !<x.x.x.x/x>               Match everything except the specified subnet
-  !<x.x.x.x>-<x.x.x.x>       Match everything except the specified range
+help: Source IP address, subnet, or range
+val_help: ipv4; IP address to match
+val_help: ipv4net; Subnet to match
+val_help: ipv4range; IP range to match
+val_help: !ipv4; Match everything except the specified address
+val_help: !ipv4net; Match everything except the specified subnet
+val_help: !ipv4range; Match everything except the specified range
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/source/port/node.def b/templates/firewall/modify/node.tag/rule/node.tag/source/port/node.def
index 4cec3cf..adfae7a 100644
--- a/templates/firewall/modify/node.tag/rule/node.tag/source/port/node.def
+++ b/templates/firewall/modify/node.tag/rule/node.tag/source/port/node.def
@@ -1,8 +1,8 @@
 type: txt
 help: Source port
-comp_help: Source port(s) can be specified as a comma-separated list of:
-  <port name>           Named port (any name in /etc/services, e.g., http)
-  <1-65535>             Numbered port
-  <start>-<end>         Numbered port range (e.g., 1001-1005)
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple source ports can be specified as a comma-separated list.
 The whole list can also be "negated" using '!'. For example:
   '!22,telnet,http,123,1001-1005'
diff --git a/templates/firewall/name/node.tag/default-action/node.def b/templates/firewall/name/node.tag/default-action/node.def
index db160f0..bb61c41 100644
--- a/templates/firewall/name/node.tag/default-action/node.def
+++ b/templates/firewall/name/node.tag/default-action/node.def
@@ -7,7 +7,6 @@ default: "drop"
 syntax:expression: $VAR(@) in "drop", "accept", "reject";
                    "default-action must be drop, reject or accept"
 
-comp_help: possible completions:
-  drop            Drop if no prior rules are hit (default)
-  reject          Drop and notify source if no prior rules are hit
-  accept          Accept if no prior rules are hit
+val_help: drop; Drop if no prior rules are hit (default)
+val_help: reject; Drop and notify source if no prior rules are hit
+val_help: accept; Accept if no prior rules are hit
diff --git a/templates/firewall/name/node.tag/rule/node.tag/destination/address/node.def b/templates/firewall/name/node.tag/rule/node.tag/destination/address/node.def
index 99d7b8a..83d7514 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/destination/address/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/destination/address/node.def
@@ -2,10 +2,9 @@ type: txt
 
 help: Destination IP address, subnet, or range
 
-comp_help: Possible completions:
-  <x.x.x.x>                 IPv4 address to match
-  <x.x.x.x/x>               IPv4 Subnet to match
-  <x.x.x.x>-<x.x.x.x>       IPv4 range to match
-  !<x.x.x.x>                Match everything except the specified address
-  !<x.x.x.x/x>              Match everything except the specified subnet
-  !<x.x.x.x>-<x.x.x.x>      Match everything except the specified range 
+val_help: ipv4; IP address to match
+val_help: ipv4net; Subnet to match
+val_help: ipv4range; IP range to match
+val_help: !ipv4; Match everything except the specified address
+val_help: !ipv4net; Match everything except the specified subnet
+val_help: !ipv4range; Match everything except the specified range
diff --git a/templates/firewall/name/node.tag/rule/node.tag/destination/port/node.def b/templates/firewall/name/node.tag/rule/node.tag/destination/port/node.def
index 760c0e8..2b2d8c7 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/destination/port/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/destination/port/node.def
@@ -2,9 +2,9 @@ type: txt
 
 help: Destination port
 
-comp_help: Destination port(s) can be specified as a comma-separated list of:
-  <port name>           Named port (any name in /etc/services, e.g., http)
-  <1-65535>             Numbered port
-  <start>-<end>         Numbered port range (e.g., 1001-1005)
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple destination ports can be specified as a comma-separated list.
 The whole list can also be "negated" using '!'. For example:
   '!22,telnet,http,123,1001-1005'
diff --git a/templates/firewall/name/node.tag/rule/node.tag/icmp/type-name/node.def b/templates/firewall/name/node.tag/rule/node.tag/icmp/type-name/node.def
index c3d4420..669df14 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/icmp/type-name/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/icmp/type-name/node.def
@@ -37,41 +37,40 @@ done
 echo Invalid ICMP type-name [$VAR(@)]
 exit 1 "
 
-comp_help: Possible completions:
-any
-echo-reply (pong)
-destination-unreachable
-   network-unreachable
-   host-unreachable
-   protocol-unreachable
-   port-unreachable
-   fragmentation-needed
-   source-route-failed
-   network-unknown
-   host-unknown
-   network-prohibited
-   host-prohibited
-   TOS-network-unreachable
-   TOS-host-unreachable
-   communication-prohibited
-   host-precedence-violation
-   precedence-cutoff
-source-quench
-redirect
-   network-redirect
-   host-redirect
-   TOS-network-redirect
-   TOS-host-redirect
-echo-request (ping)
-router-advertisement
-router-solicitation
-time-exceeded (ttl-exceeded)
-   ttl-zero-during-transit
-   ttl-zero-during-reassembly
-parameter-problem
-   ip-header-bad
-   required-option-missing
-timestamp-request
-timestamp-reply
-address-mask-request
-address-mask-reply
+val_help: any; Any ICMP type/code
+val_help: echo-reply (pong); ICMP type/code name
+val_help: destination-unreachable; ICMP type/code name
+val_help: _ network-unreachable; ICMP type/code name
+val_help: _ host-unreachable; ICMP type/code name
+val_help: _ protocol-unreachable; ICMP type/code name
+val_help: _ port-unreachable; ICMP type/code name
+val_help: _ fragmentation-needed; ICMP type/code name
+val_help: _ source-route-failed; ICMP type/code name
+val_help: _ network-unknown; ICMP type/code name
+val_help: _ host-unknown; ICMP type/code name
+val_help: _ network-prohibited; ICMP type/code name
+val_help: _ host-prohibited; ICMP type/code name
+val_help: _ TOS-network-unreachable; ICMP type/code name
+val_help: _ TOS-host-unreachable; ICMP type/code name
+val_help: _ communication-prohibited; ICMP type/code name
+val_help: _ host-precedence-violation; ICMP type/code name
+val_help: _ precedence-cutoff; ICMP type/code name
+val_help: source-quench; ICMP type/code name
+val_help: redirect; ICMP type/code name
+val_help: _ network-redirect; ICMP type/code name
+val_help: _ host-redirect; ICMP type/code name
+val_help: _ TOS-network-redirect; ICMP type/code name
+val_help: _ TOS-host-redirect; ICMP type/code name
+val_help: echo-request (ping); ICMP type/code name
+val_help: router-advertisement; ICMP type/code name
+val_help: router-solicitation; ICMP type/code name
+val_help: time-exceeded (ttl-exceeded); ICMP type/code name
+val_help: _ ttl-zero-during-transit; ICMP type/code name
+val_help: _ ttl-zero-during-reassembly; ICMP type/code name
+val_help: parameter-problem; ICMP type/code name
+val_help: _ ip-header-bad; ICMP type/code name
+val_help: _ required-option-missing; ICMP type/code name
+val_help: timestamp-request; ICMP type/code name
+val_help: timestamp-reply; ICMP type/code name
+val_help: address-mask-request; ICMP type/code name
+val_help: address-mask-reply; ICMP type/code name
diff --git a/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def
index 1e9bf89..1f235f7 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def
@@ -2,12 +2,11 @@ type: txt
 
 help: Protocol to match (protocol name in /etc/protocols or protocol number or "all")
 
-comp_help:Possible completions:
-  <text>        An IP protocol name from /etc/protocols (e.g. "tcp" or "udp")
-  <1-255>       An IP protocol number
-  tcp_udp       Both TCP and UDP
-  all           All IP protocols
-  !<protocol>   All IP protocols except for the specified name or number (negation)
+val_help: txt; IP protocol name from /etc/protocols (e.g. "tcp" or "udp")
+val_help: u32:0-255; IP protocol number
+val_help: tcp_udp; Both TCP and UDP
+val_help: all; All IP protocols
+val_help: !<protocol>; All IP protocols except for the specified name or number
 
 syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'`\" ] \
                         && [ \"$VAR(@)\" != 'tcp_udp' ]; then \
diff --git a/templates/firewall/name/node.tag/rule/node.tag/source/address/node.def b/templates/firewall/name/node.tag/rule/node.tag/source/address/node.def
index eab1cb8..72d6a17 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/source/address/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/source/address/node.def
@@ -1,9 +1,8 @@
 type: txt
 help: Source IP address, subnet, or range
-comp_help: Possible completions:
-  <x.x.x.x>                  IP address to match
-  <x.x.x.x/x>                Subnet to match
-  <x.x.x.x>-<x.x.x.x>        IP range to match
-  !<x.x.x.x>                 Match everything except the specified address
-  !<x.x.x.x/x>               Match everything except the specified subnet
-  !<x.x.x.x>-<x.x.x.x>       Match everything except the specified range
+val_help: ipv4; IP address to match
+val_help: ipv4net; Subnet to match
+val_help: ipv4range; IP range to match
+val_help: !ipv4; Match everything except the specified address
+val_help: !ipv4net; Match everything except the specified subnet
+val_help: !ipv4range; Match everything except the specified range
diff --git a/templates/firewall/name/node.tag/rule/node.tag/source/port/node.def b/templates/firewall/name/node.tag/rule/node.tag/source/port/node.def
index 4cec3cf..adfae7a 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/source/port/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/source/port/node.def
@@ -1,8 +1,8 @@
 type: txt
 help: Source port
-comp_help: Source port(s) can be specified as a comma-separated list of:
-  <port name>           Named port (any name in /etc/services, e.g., http)
-  <1-65535>             Numbered port
-  <start>-<end>         Numbered port range (e.g., 1001-1005)
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple source ports can be specified as a comma-separated list.
 The whole list can also be "negated" using '!'. For example:
   '!22,telnet,http,123,1001-1005'
diff --git a/templates/firewall/receive-redirects/node.def b/templates/firewall/receive-redirects/node.def
index ffc1649..d45b16a 100644
--- a/templates/firewall/receive-redirects/node.def
+++ b/templates/firewall/receive-redirects/node.def
@@ -16,9 +16,8 @@ type: txt
 
 help: Policy for handling received IPv4 ICMP redirect messages
 
-comp_help:Possible completions:
-  enable\tEnable processing of received IPv4 ICMP redirect messages
-  disable\tDisable processing of received IPv4 ICMP redirect messages
+val_help: enable; Enable processing of received IPv4 ICMP redirect messages
+val_help: disable; Disable processing of received IPv4 ICMP redirect messages
 
 default: "disable"
 
diff --git a/templates/firewall/send-redirects/node.def b/templates/firewall/send-redirects/node.def
index 8acd4bf..e3dca03 100644
--- a/templates/firewall/send-redirects/node.def
+++ b/templates/firewall/send-redirects/node.def
@@ -8,9 +8,8 @@ type: txt
 
 help: Policy for sending IPv4 ICMP redirect messages
 
-comp_help:Possible completions:
-  enable\tEnable sending IPv4 ICMP redirect messages
-  disable\tDisable sending IPv4 ICMP redirect messages
+val_help: enable; Enable sending IPv4 ICMP redirect messages
+val_help: disable; Disable sending IPv4 ICMP redirect messages
 
 default: "enable"
 
diff --git a/templates/firewall/source-validation/node.def b/templates/firewall/source-validation/node.def
index 7853bec..bbd44e4 100644
--- a/templates/firewall/source-validation/node.def
+++ b/templates/firewall/source-validation/node.def
@@ -8,10 +8,9 @@ type: txt
 
 help: Policy for source validation by reversed path, as specified in RFC3704
 
-comp_help:Possible completions:
-  strict\tEnable Strict Reverse Path Forwarding as defined in RFC3704
-  loose\t\tEnable Loose Reverse Path Forwarding as defined in RFC3704
-  disable\tNo source validation
+val_help: strict; Enable Strict Reverse Path Forwarding as defined in RFC3704
+val_help: loose; Enable Loose Reverse Path Forwarding as defined in RFC3704
+val_help: disable; No source validation
 
 default: "disable"
 
diff --git a/templates/firewall/syn-cookies/node.def b/templates/firewall/syn-cookies/node.def
index 282a350..903d63d 100644
--- a/templates/firewall/syn-cookies/node.def
+++ b/templates/firewall/syn-cookies/node.def
@@ -7,9 +7,8 @@ type: txt
 
 help: Policy for using TCP SYN cookies with IPv4
 
-comp_help:Possible completions:
-  enable\tEnable use of TCP SYN cookies with IPv4
-  disable\tDisable use of TCP SYN cookies with IPv4
+val_help: enable; Enable use of TCP SYN cookies with IPv4
+val_help: disable; Disable use of TCP SYN cookies with IPv4
 
 default: "enable"