summaryrefslogtreecommitdiff
path: root/templates
diff options
context:
space:
mode:
authorStig Thormodsrud <stig@io.vyatta.com>2009-02-24 18:42:00 -0800
committerStig Thormodsrud <stig@io.vyatta.com>2009-02-24 18:42:00 -0800
commit9bcaf042a85c64cae228ab1fd6c328fea7417db7 (patch)
treec1d150667c40d8eb4771889ca777f578dfa56e6a /templates
parentc5595b67948166f65c8ea2c1ce1890b9aa27fd3d (diff)
parent31dfa0fb522cb00a7354fb613f296769d347173e (diff)
downloadvyatta-cfg-firewall-9bcaf042a85c64cae228ab1fd6c328fea7417db7.tar.gz
vyatta-cfg-firewall-9bcaf042a85c64cae228ab1fd6c328fea7417db7.zip
Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jenner
Diffstat (limited to 'templates')
-rw-r--r--templates/firewall/ipv6-receive-redirects/node.def40
-rw-r--r--templates/firewall/ipv6-src-route/node.def45
2 files changed, 85 insertions, 0 deletions
diff --git a/templates/firewall/ipv6-receive-redirects/node.def b/templates/firewall/ipv6-receive-redirects/node.def
new file mode 100644
index 0000000..5ca9e49
--- /dev/null
+++ b/templates/firewall/ipv6-receive-redirects/node.def
@@ -0,0 +1,40 @@
+# accept_redirects - Accept ICMPv6 redirect messages.
+# default value - 0
+#
+
+type: txt
+
+help: Set policy for handling received ICMPv6 redirect messages
+
+comp_help:Possible completions:
+ enable\tEnable processing of received ICMPv6 redirect messages
+ disable\tDisable processing of received ICMPv6 redirect messages
+
+default: "disable"
+
+syntax:expression: $VAR(@) in "enable", "disable"; "icmpv6-receive-redirects must be enable or disable"
+
+update:
+ array=(`ls /proc/sys/net/ipv6/conf/`)
+ array_len=${#array[*]}
+ i=0
+ while [ $i -lt $array_len ]; do
+ if [ x$VAR(@) == xenable ]; then
+ sudo sh -c "echo 1 > \
+ /proc/sys/net/ipv6/conf/${array[$i]%:*}/accept_redirects"
+ else
+ sudo sh -c "echo 0 > \
+ /proc/sys/net/ipv6/conf/${array[$i]%:*}/accept_redirects"
+ fi
+ let i++
+ done
+
+delete:
+ array=(`ls /proc/sys/net/ipv6/conf/`)
+ array_len=${#array[*]}
+ i=0
+ while [ $i -lt $array_len ]; do
+ sudo sh -c "echo 0 > \
+ /proc/sys/net/ipv6/conf/${array[$i]%:*}/accept_redirects"
+ let i++
+ done
diff --git a/templates/firewall/ipv6-src-route/node.def b/templates/firewall/ipv6-src-route/node.def
new file mode 100644
index 0000000..be69afe
--- /dev/null
+++ b/templates/firewall/ipv6-src-route/node.def
@@ -0,0 +1,45 @@
+# accept_source_route - INTEGER
+# Accept source routing (routing extension header).
+#
+# >= 0: Accept only routing header type 2.
+# < 0: Do not accept routing header.
+#
+# Default: -1
+
+
+type: txt
+
+help: Set policy for handling IPv6 packets with routing extension header
+
+comp_help:Possible completions:
+ enable\tEnable processing of IPv6 packets with routing header type 2
+ disable\tDisable processing of IPv6 packets with routing header
+
+default: "disable"
+
+syntax:expression: $VAR(@) in "enable", "disable"; "ipv6-src-route must be enable or disable"
+
+update:
+ array=(`ls /proc/sys/net/ipv6/conf/`)
+ array_len=${#array[*]}
+ i=0
+ while [ $i -lt $array_len ]; do
+ if [ x$VAR(@) == xenable ]; then
+ sudo sh -c "echo 0 > \
+ /proc/sys/net/ipv6/conf/${array[$i]%:*}/accept_source_route"
+ else
+ sudo sh -c "echo -1 > \
+ /proc/sys/net/ipv6/conf/${array[$i]%:*}/accept_source_route"
+ fi
+ let i++
+ done
+
+delete:
+ array=(`ls /proc/sys/net/ipv6/conf/`)
+ array_len=${#array[*]}
+ i=0
+ while [ $i -lt $array_len ]; do
+ sudo sh -c "echo -1 > \
+ /proc/sys/net/ipv6/conf/${array[$i]%:*}/accept_source_route"
+ let i++
+ done