diff options
| author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2008-09-19 09:39:54 -0700 |
|---|---|---|
| committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2008-09-19 09:39:54 -0700 |
| commit | e93b9338389a4f8cf16f833ba56b7774394e3875 (patch) | |
| tree | 2aefbb05125a93eec23e75c091b565e91f22f276 /templates | |
| parent | e44302cf555a165d2683265388fce79cb8526021 (diff) | |
| download | vyatta-cfg-firewall-e93b9338389a4f8cf16f833ba56b7774394e3875.tar.gz vyatta-cfg-firewall-e93b9338389a4f8cf16f833ba56b7774394e3875.zip | |
add firewall hooks for ethernet bonding
Diffstat (limited to 'templates')
14 files changed, 114 insertions, 0 deletions
diff --git a/templates/interfaces/bonding/node.tag/firewall/in/name/node.def b/templates/interfaces/bonding/node.tag/firewall/in/name/node.def new file mode 100644 index 0000000..45ddefa --- /dev/null +++ b/templates/interfaces/bonding/node.tag/firewall/in/name/node.def @@ -0,0 +1,18 @@ +type: txt + +help: Set inbound interface filter name + +create:expression: "sh -c \"echo create eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../@) $VAR(..) $VAR(@)\" " + +update:expression: "sh -c \"echo update eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../@) $VAR(..) $VAR(@)\" " + +delete:expression: "sh -c \"echo delete eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces delete $VAR(../../../@) $VAR(..) $VAR(@)\" " diff --git a/templates/interfaces/bonding/node.tag/firewall/in/node.def b/templates/interfaces/bonding/node.tag/firewall/in/node.def new file mode 100644 index 0000000..eccc79b --- /dev/null +++ b/templates/interfaces/bonding/node.tag/firewall/in/node.def @@ -0,0 +1 @@ +help: Set filter for forwarded packets on inbound interface diff --git a/templates/interfaces/bonding/node.tag/firewall/local/name/node.def b/templates/interfaces/bonding/node.tag/firewall/local/name/node.def new file mode 100644 index 0000000..2908207 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/firewall/local/name/node.def @@ -0,0 +1,18 @@ +type: txt + +help: Set local filter name + +create:expression: "sh -c \"echo create eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../@) $VAR(..) $VAR(@)\" " + +update:expression: "sh -c \"echo update eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../@) $VAR(..) $VAR(@)\" " + +delete:expression: "sh -c \"echo delete eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces delete $VAR(../../../@) $VAR(..) $VAR(@)\" " diff --git a/templates/interfaces/bonding/node.tag/firewall/local/node.def b/templates/interfaces/bonding/node.tag/firewall/local/node.def new file mode 100644 index 0000000..2595835 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/firewall/local/node.def @@ -0,0 +1 @@ +help: Set filter for packets destined for this router diff --git a/templates/interfaces/bonding/node.tag/firewall/node.def b/templates/interfaces/bonding/node.tag/firewall/node.def new file mode 100644 index 0000000..11748d2 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/firewall/node.def @@ -0,0 +1 @@ +help: Set firewall options diff --git a/templates/interfaces/bonding/node.tag/firewall/out/name/node.def b/templates/interfaces/bonding/node.tag/firewall/out/name/node.def new file mode 100644 index 0000000..13a7c31 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/firewall/out/name/node.def @@ -0,0 +1,18 @@ +type: txt + +help: Set outbound interface filter name + +create:expression: "sh -c \"echo create eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../@) $VAR(..) $VAR(@)\" " + +update:expression: "sh -c \"echo update eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../@) $VAR(..) $VAR(@)\" " + +delete:expression: "sh -c \"echo delete eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces delete $VAR(../../../@) $VAR(..) $VAR(@)\" " diff --git a/templates/interfaces/bonding/node.tag/firewall/out/node.def b/templates/interfaces/bonding/node.tag/firewall/out/node.def new file mode 100644 index 0000000..3aec5f0 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/firewall/out/node.def @@ -0,0 +1 @@ +help: Set filter for forwarded packets on outbound interface diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/in/name/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/in/name/node.def new file mode 100644 index 0000000..f69297a --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/in/name/node.def @@ -0,0 +1,18 @@ +type: txt + +help: Set inbound interface filter name + +create:expression: "sh -c \"echo create eth=[$VAR(../../../../@)] vif=[$VAR(../../../@)] \ +dir=[$VAR(..)] name=[$VAR(@)] >> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../../@).$VAR(../../../@) $VAR(..) $VAR(@)\" " + +update:expression: "sh -c \"echo update eth=[$VAR(../../../../@)] vif=[$VAR(../../../@)] \ +dir=[$VAR(..)] name=[$VAR(@)] >> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../../@).$VAR(../../../@) $VAR(..) $VAR(@)\" " + +delete:expression: "sh -c \"echo delete eth=[$VAR(../../../../@)] vif=[$VAR(../../../@)] \ +dir=[$VAR(..)] name=[$VAR(@)] >> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces delete $VAR(../../../../@).$VAR(../../../@) $VAR(..) $VAR(@)\" " diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/in/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/in/node.def new file mode 100644 index 0000000..eccc79b --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/in/node.def @@ -0,0 +1 @@ +help: Set filter for forwarded packets on inbound interface diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/local/name/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/local/name/node.def new file mode 100644 index 0000000..7ed2aa7 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/local/name/node.def @@ -0,0 +1,17 @@ +type: txt + +help: Set local filter name + +create:expression: "sh -c \"echo create eth=[$VAR(../../../../@)] vif=[$VAR(../../../@)] \ dir=[$VAR(..)] name=[$VAR(@)] >> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../../@).$VAR(../../../@) $VAR(..) $VAR(@)\" " + +update:expression: "sh -c \"echo update eth=[$VAR(../../../../@)] vif=[$VAR(../../../@)] \ +dir=[$VAR(..)] name=[$VAR(@)] >> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../../@).$VAR(../../../@) $VAR(..) $VAR(@)\" " + +delete:expression: "sh -c \"echo delete eth=[$VAR(../../../../@)] vif=[$VAR(../../../@)] \ +dir=[$VAR(..)] name=[$VAR(@)] >> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces delete $VAR(../../../../@).$VAR(../../../@) $VAR(..) $VAR(@)\" " diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/local/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/local/node.def new file mode 100644 index 0000000..2656a94 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/local/node.def @@ -0,0 +1 @@ +help: Set filter packets destined for this router diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/node.def new file mode 100644 index 0000000..11748d2 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/node.def @@ -0,0 +1 @@ +help: Set firewall options diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/out/name/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/out/name/node.def new file mode 100644 index 0000000..82a0f0b --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/out/name/node.def @@ -0,0 +1,17 @@ +type: txt + +help: Set outbound interface filter name + +create:expression: "sh -c \"echo create eth=[$VAR(../../../../@)] vif=[$VAR(../../../@)] \ dir=[$VAR(..)] name=[$VAR(@)] >> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../../@).$VAR(../../../@) $VAR(..) $VAR(@)\" " + +update:expression: "sh -c \"echo update eth=[$VAR(../../../../@)] vif=[$VAR(../../../@)] \ +dir=[$VAR(..)] name=[$VAR(@)] >> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../../@).$VAR(../../../@) $VAR(..) $VAR(@)\" " + +delete:expression: "sh -c \"echo delete eth=[$VAR(../../../../@)] vif=[$VAR(../../../@)] \ +dir=[$VAR(..)] name=[$VAR(@)] >> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces delete $VAR(../../../../@).$VAR(../../../@) $VAR(..) $VAR(@)\" " diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/out/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/out/node.def new file mode 100644 index 0000000..a3de8f5 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/firewall/out/node.def @@ -0,0 +1 @@ +help: Set filter forwarded packets on outbound interface |