diff options
author | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-08-07 18:44:52 -0700 |
---|---|---|
committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-08-07 18:44:52 -0700 |
commit | caabc26123111e111af8e6eaffbef3b80b382d6a (patch) | |
tree | 6fd2fe8b857ed3fddd93b31f1f016658b7b72e31 /templates/firewall | |
parent | f34e53cb200f48f4fcc2a2d929851c34704ac3cd (diff) | |
download | vyatta-cfg-firewall-caabc26123111e111af8e6eaffbef3b80b382d6a.tar.gz vyatta-cfg-firewall-caabc26123111e111af8e6eaffbef3b80b382d6a.zip |
* Fix Bug 3625 Firewall protocol option should have a selection for TCP and UDP
added tcp_udp as a valid protocol value to match both tcp and udp in 1 rule
Diffstat (limited to 'templates/firewall')
4 files changed, 43 insertions, 6 deletions
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def index d43ffdd..b8a0c55 100644 --- a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def +++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def @@ -7,6 +7,9 @@ syntax:expression: exec " if [ \"$param\" = \"icmpv6\" ]; then exit 0 fi + if [ \"$param\" = \"tcp_udp\" ]; then + exit 0 + fi /opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)' " ; "invalid protocol \"$VAR(@)\"" @@ -15,12 +18,13 @@ syntax:expression: exec " # values or protocol numbers allowed: protos=`cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }'` - protos="all icmpv6 $protos" + protos="all icmpv6 $protos tcp_udp" echo -n $protos comp_help:Possible completions: <text> An IPv6 protocol name (e.g. "tcp" or "udp") <1-255> An IPv6 protocol number + tcp_udp Both TCP and UDP all All IPv6 protocols !<text> All IPv6 protocols except for the specified name - !<1-255> All IPv6 protocols except for the specified number
\ No newline at end of file + !<1-255> All IPv6 protocols except for the specified number diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def index d43ffdd..b8a0c55 100644 --- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def +++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def @@ -7,6 +7,9 @@ syntax:expression: exec " if [ \"$param\" = \"icmpv6\" ]; then exit 0 fi + if [ \"$param\" = \"tcp_udp\" ]; then + exit 0 + fi /opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)' " ; "invalid protocol \"$VAR(@)\"" @@ -15,12 +18,13 @@ syntax:expression: exec " # values or protocol numbers allowed: protos=`cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }'` - protos="all icmpv6 $protos" + protos="all icmpv6 $protos tcp_udp" echo -n $protos comp_help:Possible completions: <text> An IPv6 protocol name (e.g. "tcp" or "udp") <1-255> An IPv6 protocol number + tcp_udp Both TCP and UDP all All IPv6 protocols !<text> All IPv6 protocols except for the specified name - !<1-255> All IPv6 protocols except for the specified number
\ No newline at end of file + !<1-255> All IPv6 protocols except for the specified number diff --git a/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def index 3a912fb..b739bff 100644 --- a/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def +++ b/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def @@ -1,8 +1,22 @@ type: txt help: Set protocol to match (protocol name in /etc/protocols or protocol number or "all") -syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'" ; "invalid protocol \"$VAR(@)\"" + comp_help:Possible completions: <text> An IP protocol name from /etc/protocols (e.g. "tcp" or "udp") <0-255> An IP protocol number + tcp_udp Both TCP and UDP all All IP protocols !<protocol> All IP protocols except for the specified name or number (negation) + +syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'`\" ] \ + && [ \"$VAR(@)\" != 'tcp_udp' ]; then \ + echo invalid protocol \"$VAR(@)\" ; \ + exit 1 ; \ + fi ; " + +# Provide some help for command completion. Doesn't return negated +# values or protocol numbers +allowed: + protos=`cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }' | grep -v 'v6'` + protos="all $protos tcp_udp" + echo -n $protos diff --git a/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def index 03ce8cf..21a58eb 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def @@ -1,8 +1,23 @@ type: txt + help: Set protocol to match (protocol name in /etc/protocols or protocol number or "all") -syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'" ; "invalid protocol \"$VAR(@)\"" + comp_help:Possible completions: <text> An IP protocol name from /etc/protocols (e.g. "tcp" or "udp") <1-255> An IP protocol number + tcp_udp Both TCP and UDP all All IP protocols !<protocol> All IP protocols except for the specified name or number (negation) + +syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'`\" ] \ + && [ \"$VAR(@)\" != 'tcp_udp' ]; then \ + echo invalid protocol \"$VAR(@)\" ; \ + exit 1 ; \ + fi ; " + +# Provide some help for command completion. Doesn't return negated +# values or protocol numbers +allowed: + protos=`cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }' | grep -v 'v6'` + protos="all $protos tcp_udp" + echo -n $protos |