summaryrefslogtreecommitdiff
path: root/templates/firewall
diff options
context:
space:
mode:
authorMohit Mehta <mohit.mehta@vyatta.com>2009-08-07 18:44:52 -0700
committerMohit Mehta <mohit.mehta@vyatta.com>2009-08-07 18:44:52 -0700
commitcaabc26123111e111af8e6eaffbef3b80b382d6a (patch)
tree6fd2fe8b857ed3fddd93b31f1f016658b7b72e31 /templates/firewall
parentf34e53cb200f48f4fcc2a2d929851c34704ac3cd (diff)
downloadvyatta-cfg-firewall-caabc26123111e111af8e6eaffbef3b80b382d6a.tar.gz
vyatta-cfg-firewall-caabc26123111e111af8e6eaffbef3b80b382d6a.zip
* Fix Bug 3625 Firewall protocol option should have a selection for TCP and UDP
added tcp_udp as a valid protocol value to match both tcp and udp in 1 rule
Diffstat (limited to 'templates/firewall')
-rw-r--r--templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def8
-rw-r--r--templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def8
-rw-r--r--templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def16
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/protocol/node.def17
4 files changed, 43 insertions, 6 deletions
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def
index d43ffdd..b8a0c55 100644
--- a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def
@@ -7,6 +7,9 @@ syntax:expression: exec "
if [ \"$param\" = \"icmpv6\" ]; then
exit 0
fi
+ if [ \"$param\" = \"tcp_udp\" ]; then
+ exit 0
+ fi
/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'
" ;
"invalid protocol \"$VAR(@)\""
@@ -15,12 +18,13 @@ syntax:expression: exec "
# values or protocol numbers
allowed:
protos=`cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }'`
- protos="all icmpv6 $protos"
+ protos="all icmpv6 $protos tcp_udp"
echo -n $protos
comp_help:Possible completions:
<text> An IPv6 protocol name (e.g. "tcp" or "udp")
<1-255> An IPv6 protocol number
+ tcp_udp Both TCP and UDP
all All IPv6 protocols
!<text> All IPv6 protocols except for the specified name
- !<1-255> All IPv6 protocols except for the specified number \ No newline at end of file
+ !<1-255> All IPv6 protocols except for the specified number
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def
index d43ffdd..b8a0c55 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def
@@ -7,6 +7,9 @@ syntax:expression: exec "
if [ \"$param\" = \"icmpv6\" ]; then
exit 0
fi
+ if [ \"$param\" = \"tcp_udp\" ]; then
+ exit 0
+ fi
/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'
" ;
"invalid protocol \"$VAR(@)\""
@@ -15,12 +18,13 @@ syntax:expression: exec "
# values or protocol numbers
allowed:
protos=`cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }'`
- protos="all icmpv6 $protos"
+ protos="all icmpv6 $protos tcp_udp"
echo -n $protos
comp_help:Possible completions:
<text> An IPv6 protocol name (e.g. "tcp" or "udp")
<1-255> An IPv6 protocol number
+ tcp_udp Both TCP and UDP
all All IPv6 protocols
!<text> All IPv6 protocols except for the specified name
- !<1-255> All IPv6 protocols except for the specified number \ No newline at end of file
+ !<1-255> All IPv6 protocols except for the specified number
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def
index 3a912fb..b739bff 100644
--- a/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def
+++ b/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def
@@ -1,8 +1,22 @@
type: txt
help: Set protocol to match (protocol name in /etc/protocols or protocol number or "all")
-syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'" ; "invalid protocol \"$VAR(@)\""
+
comp_help:Possible completions:
<text> An IP protocol name from /etc/protocols (e.g. "tcp" or "udp")
<0-255> An IP protocol number
+ tcp_udp Both TCP and UDP
all All IP protocols
!<protocol> All IP protocols except for the specified name or number (negation)
+
+syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'`\" ] \
+ && [ \"$VAR(@)\" != 'tcp_udp' ]; then \
+ echo invalid protocol \"$VAR(@)\" ; \
+ exit 1 ; \
+ fi ; "
+
+# Provide some help for command completion. Doesn't return negated
+# values or protocol numbers
+allowed:
+ protos=`cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }' | grep -v 'v6'`
+ protos="all $protos tcp_udp"
+ echo -n $protos
diff --git a/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def
index 03ce8cf..21a58eb 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def
@@ -1,8 +1,23 @@
type: txt
+
help: Set protocol to match (protocol name in /etc/protocols or protocol number or "all")
-syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'" ; "invalid protocol \"$VAR(@)\""
+
comp_help:Possible completions:
<text> An IP protocol name from /etc/protocols (e.g. "tcp" or "udp")
<1-255> An IP protocol number
+ tcp_udp Both TCP and UDP
all All IP protocols
!<protocol> All IP protocols except for the specified name or number (negation)
+
+syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'`\" ] \
+ && [ \"$VAR(@)\" != 'tcp_udp' ]; then \
+ echo invalid protocol \"$VAR(@)\" ; \
+ exit 1 ; \
+ fi ; "
+
+# Provide some help for command completion. Doesn't return negated
+# values or protocol numbers
+allowed:
+ protos=`cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }' | grep -v 'v6'`
+ protos="all $protos tcp_udp"
+ echo -n $protos