Fix Bug 4261 - Features missing in various firewall sub-trees

add 'disable', 'fragment', 'ipsec', and 'recent' under 'firewall modify' tree

10 files changed, 12 insertions, 0 deletions

diff --git a/templates/firewall/modify/node.tag/rule/node.tag/disable/node.def b/templates/firewall/modify/node.tag/rule/node.tag/disable/node.def
new file mode 100644
index 0000000..d46d0c9
--- /dev/null
+++ b/templates/firewall/modify/node.tag/rule/node.tag/disable/node.def
@@ -0,0 +1 @@
+help: Set firewall rule disabled
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/fragment/match-frag/node.def b/templates/firewall/modify/node.tag/rule/node.tag/fragment/match-frag/node.def
new file mode 100644
index 0000000..75338e3
--- /dev/null
+++ b/templates/firewall/modify/node.tag/rule/node.tag/fragment/match-frag/node.def
@@ -0,0 +1 @@
+help: Match second and further fragments of fragmented packets
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/fragment/match-non-frag/node.def b/templates/firewall/modify/node.tag/rule/node.tag/fragment/match-non-frag/node.def
new file mode 100644
index 0000000..3105271
--- /dev/null
+++ b/templates/firewall/modify/node.tag/rule/node.tag/fragment/match-non-frag/node.def
@@ -0,0 +1 @@
+help: Match head fragments or unfragmented packets
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/fragment/node.def b/templates/firewall/modify/node.tag/rule/node.tag/fragment/node.def
new file mode 100644
index 0000000..c532d49
--- /dev/null
+++ b/templates/firewall/modify/node.tag/rule/node.tag/fragment/node.def
@@ -0,0 +1 @@
+help: Set IP fragment matching
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/ipsec/match-ipsec/node.def b/templates/firewall/modify/node.tag/rule/node.tag/ipsec/match-ipsec/node.def
new file mode 100644
index 0000000..8d4bf12
--- /dev/null
+++ b/templates/firewall/modify/node.tag/rule/node.tag/ipsec/match-ipsec/node.def
@@ -0,0 +1 @@
+help: Match inbound IPsec packets
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/ipsec/match-none/node.def b/templates/firewall/modify/node.tag/rule/node.tag/ipsec/match-none/node.def
new file mode 100644
index 0000000..cfcbc8a
--- /dev/null
+++ b/templates/firewall/modify/node.tag/rule/node.tag/ipsec/match-none/node.def
@@ -0,0 +1 @@
+help: Match inbound non-IPsec packets
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/ipsec/node.def b/templates/firewall/modify/node.tag/rule/node.tag/ipsec/node.def
new file mode 100644
index 0000000..c905e2d
--- /dev/null
+++ b/templates/firewall/modify/node.tag/rule/node.tag/ipsec/node.def
@@ -0,0 +1 @@
+help: Set inbound IPsec packet matching
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/recent/count/node.def b/templates/firewall/modify/node.tag/rule/node.tag/recent/count/node.def
new file mode 100644
index 0000000..a07010f
--- /dev/null
+++ b/templates/firewall/modify/node.tag/rule/node.tag/recent/count/node.def
@@ -0,0 +1,2 @@
+type: u32
+help: Set to N to only match source addresses seen more than N times
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/recent/node.def b/templates/firewall/modify/node.tag/rule/node.tag/recent/node.def
new file mode 100644
index 0000000..e1be0a3
--- /dev/null
+++ b/templates/firewall/modify/node.tag/rule/node.tag/recent/node.def
@@ -0,0 +1 @@
+help: Set parameters for matching recently seen sources
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/recent/time/node.def b/templates/firewall/modify/node.tag/rule/node.tag/recent/time/node.def
new file mode 100644
index 0000000..b84a0b7
--- /dev/null
+++ b/templates/firewall/modify/node.tag/rule/node.tag/recent/time/node.def
@@ -0,0 +1,2 @@
+type: u32
+help: Set to N to only match source addresses seen in the last N seconds