summaryrefslogtreecommitdiff
path: root/templates/firewall
diff options
context:
space:
mode:
authorStig Thormodsrud <stig@io.vyatta.com>2009-02-15 15:51:55 -0800
committerStig Thormodsrud <stig@io.vyatta.com>2009-02-15 15:51:55 -0800
commite64e39512d6909150cb189c7d59fb72db4216ddb (patch)
tree9c19685a71c75c60aaf2de76b27827c48b8f788f /templates/firewall
parentc0e91ced01c7b87a818577245969aeedb7aa5796 (diff)
downloadvyatta-cfg-firewall-e64e39512d6909150cb189c7d59fb72db4216ddb.tar.gz
vyatta-cfg-firewall-e64e39512d6909150cb189c7d59fb72db4216ddb.zip
Add support for ranges in firewall group address & port.
Diffstat (limited to 'templates/firewall')
-rw-r--r--templates/firewall/group/address-group/node.tag/address/node.def10
-rw-r--r--templates/firewall/group/network-group/node.tag/network/node.def7
-rw-r--r--templates/firewall/group/port-group/node.tag/port/node.def9
3 files changed, 19 insertions, 7 deletions
diff --git a/templates/firewall/group/address-group/node.tag/address/node.def b/templates/firewall/group/address-group/node.tag/address/node.def
index bcaa497..4fc5336 100644
--- a/templates/firewall/group/address-group/node.tag/address/node.def
+++ b/templates/firewall/group/address-group/node.tag/address/node.def
@@ -1,5 +1,5 @@
multi:
-type: ipv4
+type: txt
help: Set a address-group member
syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \
@@ -10,8 +10,12 @@ syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \
create: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=add-member \
--set-name=$VAR(../@) \
- --member="$VAR(@) "
+ --member="$VAR(@)"
delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=delete-member \
--set-name=$VAR(../@) \
- --member="$VAR(@) "
+ --member="$VAR(@)"
+
+comp_help: Possible completions:
+ <x.x.x.x> IPv4 address to match
+ <x.x.x.x>-<x.x.x.x> IPv4 range to match (e.g. 10.0.0.1-10.0.0.200)
diff --git a/templates/firewall/group/network-group/node.tag/network/node.def b/templates/firewall/group/network-group/node.tag/network/node.def
index cd3a6a6..ad43311 100644
--- a/templates/firewall/group/network-group/node.tag/network/node.def
+++ b/templates/firewall/group/network-group/node.tag/network/node.def
@@ -13,8 +13,11 @@ syntax:expression: exec " \
create: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=add-member \
--set-name=$VAR(../@) \
- --member="$VAR(@) "
+ --member="$VAR(@)"
delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=delete-member \
--set-name=$VAR(../@) \
- --member="$VAR(@) "
+ --member="$VAR(@)"
+
+comp_help: Possible completions:
+ <x.x.x.x/x> IPv4 Subnet to match
diff --git a/templates/firewall/group/port-group/node.tag/port/node.def b/templates/firewall/group/port-group/node.tag/port/node.def
index 92bce9c..0f0981b 100644
--- a/templates/firewall/group/port-group/node.tag/port/node.def
+++ b/templates/firewall/group/port-group/node.tag/port/node.def
@@ -10,8 +10,13 @@ syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \
create: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=add-member \
--set-name=$VAR(../@) \
- --member="$VAR(@) "
+ --member="$VAR(@)"
delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=delete-member \
--set-name=$VAR(../@) \
- --member="$VAR(@) "
+ --member="$VAR(@)"
+
+comp_help: Possible completions:
+ <port name> Named port (any name in /etc/services, e.g., http)
+ <1-65535> Numbered port
+ <start>-<end> Numbered port range (e.g. 1001-1050)