diff options
| author | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-02-24 18:34:57 -0800 |
|---|---|---|
| committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-02-24 18:34:57 -0800 |
| commit | 31dfa0fb522cb00a7354fb613f296769d347173e (patch) | |
| tree | e01db2deb64484d62714044f23716ac76438114b /templates | |
| parent | d3353e7f9b2f703e2fd559497b7a7fb190f20835 (diff) | |
| download | vyatta-cfg-firewall-31dfa0fb522cb00a7354fb613f296769d347173e.tar.gz vyatta-cfg-firewall-31dfa0fb522cb00a7354fb613f296769d347173e.zip | |
add ipv6 accept_redirects and accept_source_route under firewall
Diffstat (limited to 'templates')
| -rw-r--r-- | templates/firewall/ipv6-receive-redirects/node.def | 40 | ||||
| -rw-r--r-- | templates/firewall/ipv6-src-route/node.def | 45 |
2 files changed, 85 insertions, 0 deletions
diff --git a/templates/firewall/ipv6-receive-redirects/node.def b/templates/firewall/ipv6-receive-redirects/node.def new file mode 100644 index 0000000..5ca9e49 --- /dev/null +++ b/templates/firewall/ipv6-receive-redirects/node.def @@ -0,0 +1,40 @@ +# accept_redirects - Accept ICMPv6 redirect messages. +# default value - 0 +# + +type: txt + +help: Set policy for handling received ICMPv6 redirect messages + +comp_help:Possible completions: + enable\tEnable processing of received ICMPv6 redirect messages + disable\tDisable processing of received ICMPv6 redirect messages + +default: "disable" + +syntax:expression: $VAR(@) in "enable", "disable"; "icmpv6-receive-redirects must be enable or disable" + +update: + array=(`ls /proc/sys/net/ipv6/conf/`) + array_len=${#array[*]} + i=0 + while [ $i -lt $array_len ]; do + if [ x$VAR(@) == xenable ]; then + sudo sh -c "echo 1 > \ + /proc/sys/net/ipv6/conf/${array[$i]%:*}/accept_redirects" + else + sudo sh -c "echo 0 > \ + /proc/sys/net/ipv6/conf/${array[$i]%:*}/accept_redirects" + fi + let i++ + done + +delete: + array=(`ls /proc/sys/net/ipv6/conf/`) + array_len=${#array[*]} + i=0 + while [ $i -lt $array_len ]; do + sudo sh -c "echo 0 > \ + /proc/sys/net/ipv6/conf/${array[$i]%:*}/accept_redirects" + let i++ + done diff --git a/templates/firewall/ipv6-src-route/node.def b/templates/firewall/ipv6-src-route/node.def new file mode 100644 index 0000000..be69afe --- /dev/null +++ b/templates/firewall/ipv6-src-route/node.def @@ -0,0 +1,45 @@ +# accept_source_route - INTEGER +# Accept source routing (routing extension header). +# +# >= 0: Accept only routing header type 2. +# < 0: Do not accept routing header. +# +# Default: -1 + + +type: txt + +help: Set policy for handling IPv6 packets with routing extension header + +comp_help:Possible completions: + enable\tEnable processing of IPv6 packets with routing header type 2 + disable\tDisable processing of IPv6 packets with routing header + +default: "disable" + +syntax:expression: $VAR(@) in "enable", "disable"; "ipv6-src-route must be enable or disable" + +update: + array=(`ls /proc/sys/net/ipv6/conf/`) + array_len=${#array[*]} + i=0 + while [ $i -lt $array_len ]; do + if [ x$VAR(@) == xenable ]; then + sudo sh -c "echo 0 > \ + /proc/sys/net/ipv6/conf/${array[$i]%:*}/accept_source_route" + else + sudo sh -c "echo -1 > \ + /proc/sys/net/ipv6/conf/${array[$i]%:*}/accept_source_route" + fi + let i++ + done + +delete: + array=(`ls /proc/sys/net/ipv6/conf/`) + array_len=${#array[*]} + i=0 + while [ $i -lt $array_len ]; do + sudo sh -c "echo -1 > \ + /proc/sys/net/ipv6/conf/${array[$i]%:*}/accept_source_route" + let i++ + done |