summaryrefslogtreecommitdiff
path: root/templates/firewall
diff options
context:
space:
mode:
authorBob Gilligan <gilligan@vyatta.com>2009-04-03 14:20:20 -0700
committerBob Gilligan <gilligan@vyatta.com>2009-04-03 14:20:20 -0700
commit6a18584f4e272cd4ddad197a65e0337a2ba73ed9 (patch)
treee25c0d4c613b95aa45fced75088cc210369c8b3b /templates/firewall
parent9dc89a7776f8d14e110b3b6aeef9ab29712ebac8 (diff)
downloadvyatta-cfg-firewall-6a18584f4e272cd4ddad197a65e0337a2ba73ed9.tar.gz
vyatta-cfg-firewall-6a18584f4e272cd4ddad197a65e0337a2ba73ed9.zip
Bugfix 4261: Add support to configure "limit" for IPv6 modify rulesets.
Diffstat (limited to 'templates/firewall')
-rw-r--r--templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/burst/node.def3
-rw-r--r--templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/node.def1
-rw-r--r--templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/rate/node.def7
3 files changed, 11 insertions, 0 deletions
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/burst/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/burst/node.def
new file mode 100644
index 0000000..2739faa
--- /dev/null
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/burst/node.def
@@ -0,0 +1,3 @@
+type: u32
+help: Set maximum number of packets to allow in excess of rate
+syntax:expression: ($VAR(@) >0) ; "Burst should be a value greater then zero"
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/node.def
new file mode 100644
index 0000000..42081fe
--- /dev/null
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/node.def
@@ -0,0 +1 @@
+help: Set to match rule at a limited rate using a token bucket filter
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/rate/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/rate/node.def
new file mode 100644
index 0000000..de22a6f
--- /dev/null
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/limit/rate/node.def
@@ -0,0 +1,7 @@
+type: txt
+help: Set maximum average matching rate
+syntax:expression: pattern $VAR(@) "^[[:digit:]]+/(second|minute|hour|day)$" ; \
+"Invalid value for rate. Rate should be specified as an integer followed by
+a forward slash '/' and either of these time units - second, minute, hour or day
+eg. 1/second implies rule to be matched at an average of once per second"
+