summaryrefslogtreecommitdiff
path: root/templates
diff options
context:
space:
mode:
authorAn-Cheng Huang <ancheng@vyatta.com>2010-08-17 15:30:07 -0700
committerAn-Cheng Huang <ancheng@vyatta.com>2010-08-17 15:30:07 -0700
commitae652b77cfa97089baa8f86be1ebe1d08a4c9184 (patch)
tree7a8a3325c7b202fea9ee8566098dcb726a545ada /templates
parent03e79c5be0ca54c351f488708570c3c91f7f2369 (diff)
downloadvyatta-cfg-firewall-ae652b77cfa97089baa8f86be1ebe1d08a4c9184.tar.gz
vyatta-cfg-firewall-ae652b77cfa97089baa8f86be1ebe1d08a4c9184.zip
update help text to use val_help
Diffstat (limited to 'templates')
-rw-r--r--templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/address/node.def13
-rw-r--r--templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/port/node.def8
-rw-r--r--templates/firewall/ipv6-modify/node.tag/rule/node.tag/icmpv6/type/node.def51
-rw-r--r--templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def12
-rw-r--r--templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/address/node.def17
-rw-r--r--templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/port/node.def8
-rw-r--r--templates/firewall/ipv6-name/node.tag/default-action/node.def7
-rw-r--r--templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/address/node.def13
-rw-r--r--templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/port/node.def8
-rw-r--r--templates/firewall/ipv6-name/node.tag/rule/node.tag/icmpv6/type/node.def53
-rw-r--r--templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def12
-rw-r--r--templates/firewall/ipv6-name/node.tag/rule/node.tag/source/address/node.def17
-rw-r--r--templates/firewall/ipv6-name/node.tag/rule/node.tag/source/port/node.def8
-rw-r--r--templates/firewall/ipv6-receive-redirects/node.def5
-rw-r--r--templates/firewall/ipv6-src-route/node.def5
-rw-r--r--templates/firewall/log-martians/node.def5
-rw-r--r--templates/firewall/modify/node.tag/default-action/node.def5
-rw-r--r--templates/firewall/modify/node.tag/rule/node.tag/destination/address/node.def13
-rw-r--r--templates/firewall/modify/node.tag/rule/node.tag/destination/port/node.def8
-rw-r--r--templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def11
-rw-r--r--templates/firewall/modify/node.tag/rule/node.tag/source/address/node.def15
-rw-r--r--templates/firewall/modify/node.tag/rule/node.tag/source/port/node.def8
-rw-r--r--templates/firewall/name/node.tag/default-action/node.def7
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/destination/address/node.def13
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/destination/port/node.def8
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/icmp/type-name/node.def75
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/protocol/node.def11
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/source/address/node.def13
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/source/port/node.def8
-rw-r--r--templates/firewall/receive-redirects/node.def5
-rw-r--r--templates/firewall/send-redirects/node.def5
-rw-r--r--templates/firewall/source-validation/node.def7
-rw-r--r--templates/firewall/syn-cookies/node.def5
33 files changed, 216 insertions, 243 deletions
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/address/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/address/node.def
index 1adbe8d..4953885 100644
--- a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/address/node.def
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/address/node.def
@@ -2,13 +2,12 @@ type: txt
help: Destination IPv6 address, prefix or range
-comp_help: Possible completions:
- <x:x:x:x:x:x:x:x> IPv6 address to match
- <x:x:x:x:x:x:x:x>/<n> IPv6 prefix to match
- <x:x:x:x:x:x>-<x:x:x:x:x:x> Range of IPv6 addresses
- !<x:x:x:x:x:x:x:x> Everything except IPv6 address
- !<x:x:x:x:x:x:x:x>/<n> Everything except IPv6 prefix
- !<x:x:x:x:x:x>-<x:x:x:x:x:x> Everything except range
+val_help: ipv6; IPv6 address to match
+val_help: ipv6net; IPv6 prefix to match
+val_help: ipv6range; IPv6 range to match
+val_help: !ipv6; Match everything except the specified address
+val_help: !ipv6net; Match everything except the specified prefix
+val_help: !ipv6range; Match everything except the specified range
syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv6_addr_param $VAR(@)"
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/port/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/port/node.def
index 760c0e8..2b2d8c7 100644
--- a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/port/node.def
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/destination/port/node.def
@@ -2,9 +2,9 @@ type: txt
help: Destination port
-comp_help: Destination port(s) can be specified as a comma-separated list of:
- <port name> Named port (any name in /etc/services, e.g., http)
- <1-65535> Numbered port
- <start>-<end> Numbered port range (e.g., 1001-1005)
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple destination ports can be specified as a comma-separated list.
The whole list can also be "negated" using '!'. For example:
'!22,telnet,http,123,1001-1005'
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/icmpv6/type/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/icmpv6/type/node.def
index a066647..d11da4e 100644
--- a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/icmpv6/type/node.def
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/icmpv6/type/node.def
@@ -2,32 +2,31 @@ type: txt
help: ICMPv6 type/code
-comp_help: Possible completions:
- destination-unreachable ICMPv6 type/code name
- no-route ICMPv6 type/code name
- communication-prohibited ICMPv6 type/code name
- address-unreachable ICMPv6 type/code name
- port-unreachable ICMPv6 type/code name
- packet-too-big ICMPv6 type/code name
- time-exceeded ICMPv6 type/code name
- ttl-zero-during-transit ICMPv6 type/code name
- ttl-zero-during-reassembly ICMPv6 type/code name
- parameter-problem ICMPv6 type/code name
- bad-header ICMPv6 type/code name
- unknown-header-type ICMPv6 type/code name
- unknown-option ICMPv6 type/code name
- echo-request ICMPv6 type/code name
- ping ICMPv6 type/code name
- echo-reply ICMPv6 type/code name
- pong ICMPv6 type/code name
- router-solicitation ICMPv6 type/code name
- router-advertisement ICMPv6 type/code name
- neighbour-solicitation ICMPv6 type/code name
- neighbor-solicitation ICMPv6 type/code name
- neighbour-advertisement ICMPv6 type/code name
- neighbor-advertisement ICMPv6 type/code name
- <0 - 255> ICMPv6 type number
- <0 - 255>/<0 - 255> ICMPv6 type and code numbers
+val_help: destination-unreachable; ICMPv6 type/code name
+val_help: _ no-route; ICMPv6 type/code name
+val_help: _ communication-prohibited; ICMPv6 type/code name
+val_help: _ address-unreachable; ICMPv6 type/code name
+val_help: _ port-unreachable; ICMPv6 type/code name
+val_help: packet-too-big; ICMPv6 type/code name
+val_help: time-exceeded; ICMPv6 type/code name
+val_help: _ ttl-zero-during-transit; ICMPv6 type/code name
+val_help: _ ttl-zero-during-reassembly; ICMPv6 type/code name
+val_help: parameter-problem; ICMPv6 type/code name
+val_help: _ bad-header; ICMPv6 type/code name
+val_help: _ unknown-header-type; ICMPv6 type/code name
+val_help: _ unknown-option; ICMPv6 type/code name
+val_help: echo-request; ICMPv6 type/code name
+val_help: ping; ICMPv6 type/code name
+val_help: echo-reply; ICMPv6 type/code name
+val_help: pong; ICMPv6 type/code name
+val_help: router-solicitation; ICMPv6 type/code name
+val_help: router-advertisement; ICMPv6 type/code name
+val_help: neighbour-solicitation; ICMPv6 type/code name
+val_help: neighbor-solicitation; ICMPv6 type/code name
+val_help: neighbour-advertisement; ICMPv6 type/code name
+val_help: neighbor-advertisement; ICMPv6 type/code name
+val_help: u32:0-255; ICMPv6 type number
+val_help: <0-255>/<0-255>; ICMPv6 type and code numbers
allowed:
array=(
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def
index 0ea2382..ee3110f 100644
--- a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/protocol/node.def
@@ -21,10 +21,8 @@ allowed:
protos="all icmpv6 $protos tcp_udp"
echo -n $protos
-comp_help:Possible completions:
- <text> An IPv6 protocol name (e.g. "tcp" or "udp")
- <1-255> An IPv6 protocol number
- tcp_udp Both TCP and UDP
- all All IPv6 protocols
- !<text> All IPv6 protocols except for the specified name
- !<1-255> All IPv6 protocols except for the specified number
+val_help: txt; IPv6 protocol name from /etc/protocols (e.g. "tcp" or "udp")
+val_help: u32:0-255; IPv6 protocol number
+val_help: tcp_udp; Both TCP and UDP
+val_help: all; All IPv6 protocols
+val_help: !<protocol>; All IPv6 protocols except for the specified name or number
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/address/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/address/node.def
index 01a7b99..397c686 100644
--- a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/address/node.def
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/address/node.def
@@ -3,12 +3,11 @@ type: txt
help: Source IPv6 address, prefix or range
-comp_help: Possible completions:
- <x:x:x:x:x:x:x:x> IPv6 address to match
- <x:x:x:x:x:x:x:x>/<n> IPv6 prefix to match
- <x:x:x:x:x:x>-<x:x:x:x:x:x> Range of IPv6 addresses
- !<x:x:x:x:x:x:x:x> Everything except IPv6 address
- !<x:x:x:x:x:x:x:x>/<n> Everything except IPv6 prefix
- !<x:x:x:x:x:x>-<x:x:x:x:x:x> Everything except range
-
-syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv6_addr_param $VAR(@)" \ No newline at end of file
+val_help: ipv6; IPv6 address to match
+val_help: ipv6net; IPv6 prefix to match
+val_help: ipv6range; IPv6 range to match
+val_help: !ipv6; Match everything except the specified address
+val_help: !ipv6net; Match everything except the specified prefix
+val_help: !ipv6range; Match everything except the specified range
+
+syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv6_addr_param $VAR(@)"
diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/port/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/port/node.def
index 4cec3cf..adfae7a 100644
--- a/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/port/node.def
+++ b/templates/firewall/ipv6-modify/node.tag/rule/node.tag/source/port/node.def
@@ -1,8 +1,8 @@
type: txt
help: Source port
-comp_help: Source port(s) can be specified as a comma-separated list of:
- <port name> Named port (any name in /etc/services, e.g., http)
- <1-65535> Numbered port
- <start>-<end> Numbered port range (e.g., 1001-1005)
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple source ports can be specified as a comma-separated list.
The whole list can also be "negated" using '!'. For example:
'!22,telnet,http,123,1001-1005'
diff --git a/templates/firewall/ipv6-name/node.tag/default-action/node.def b/templates/firewall/ipv6-name/node.tag/default-action/node.def
index db160f0..bb61c41 100644
--- a/templates/firewall/ipv6-name/node.tag/default-action/node.def
+++ b/templates/firewall/ipv6-name/node.tag/default-action/node.def
@@ -7,7 +7,6 @@ default: "drop"
syntax:expression: $VAR(@) in "drop", "accept", "reject";
"default-action must be drop, reject or accept"
-comp_help: possible completions:
- drop Drop if no prior rules are hit (default)
- reject Drop and notify source if no prior rules are hit
- accept Accept if no prior rules are hit
+val_help: drop; Drop if no prior rules are hit (default)
+val_help: reject; Drop and notify source if no prior rules are hit
+val_help: accept; Accept if no prior rules are hit
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/address/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/address/node.def
index 1adbe8d..4953885 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/address/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/address/node.def
@@ -2,13 +2,12 @@ type: txt
help: Destination IPv6 address, prefix or range
-comp_help: Possible completions:
- <x:x:x:x:x:x:x:x> IPv6 address to match
- <x:x:x:x:x:x:x:x>/<n> IPv6 prefix to match
- <x:x:x:x:x:x>-<x:x:x:x:x:x> Range of IPv6 addresses
- !<x:x:x:x:x:x:x:x> Everything except IPv6 address
- !<x:x:x:x:x:x:x:x>/<n> Everything except IPv6 prefix
- !<x:x:x:x:x:x>-<x:x:x:x:x:x> Everything except range
+val_help: ipv6; IPv6 address to match
+val_help: ipv6net; IPv6 prefix to match
+val_help: ipv6range; IPv6 range to match
+val_help: !ipv6; Match everything except the specified address
+val_help: !ipv6net; Match everything except the specified prefix
+val_help: !ipv6range; Match everything except the specified range
syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv6_addr_param $VAR(@)"
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/port/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/port/node.def
index 760c0e8..2b2d8c7 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/port/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/destination/port/node.def
@@ -2,9 +2,9 @@ type: txt
help: Destination port
-comp_help: Destination port(s) can be specified as a comma-separated list of:
- <port name> Named port (any name in /etc/services, e.g., http)
- <1-65535> Numbered port
- <start>-<end> Numbered port range (e.g., 1001-1005)
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple destination ports can be specified as a comma-separated list.
The whole list can also be "negated" using '!'. For example:
'!22,telnet,http,123,1001-1005'
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/icmpv6/type/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/icmpv6/type/node.def
index 3454ac1..540c699 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/icmpv6/type/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/icmpv6/type/node.def
@@ -2,33 +2,32 @@ type: txt
help: ICMPv6 type/code
-comp_help: Possible completions:
- destination-unreachable ICMPv6 type/code name
- no-route ICMPv6 type/code name
- communication-prohibited ICMPv6 type/code name
- address-unreachable ICMPv6 type/code name
- port-unreachable ICMPv6 type/code name
- packet-too-big ICMPv6 type/code name
- time-exceeded ICMPv6 type/code name
- ttl-zero-during-transit ICMPv6 type/code name
- ttl-zero-during-reassembly ICMPv6 type/code name
- parameter-problem ICMPv6 type/code name
- bad-header ICMPv6 type/code name
- unknown-header-type ICMPv6 type/code name
- unknown-option ICMPv6 type/code name
- echo-request ICMPv6 type/code name
- ping ICMPv6 type/code name
- echo-reply ICMPv6 type/code name
- pong ICMPv6 type/code name
- router-solicitation ICMPv6 type/code name
- router-advertisement ICMPv6 type/code name
- neighbour-solicitation ICMPv6 type/code name
- neighbor-solicitation ICMPv6 type/code name
- neighbour-advertisement ICMPv6 type/code name
- neighbor-advertisement ICMPv6 type/code name
- redirect ICMPv6 type/code name
- <0 - 255> ICMPv6 type number
- <0 - 255>/<0 - 255> ICMPv6 type and code numbers
+val_help: destination-unreachable; ICMPv6 type/code name
+val_help: _ no-route; ICMPv6 type/code name
+val_help: _ communication-prohibited; ICMPv6 type/code name
+val_help: _ address-unreachable; ICMPv6 type/code name
+val_help: _ port-unreachable; ICMPv6 type/code name
+val_help: packet-too-big; ICMPv6 type/code name
+val_help: time-exceeded; ICMPv6 type/code name
+val_help: _ ttl-zero-during-transit; ICMPv6 type/code name
+val_help: _ ttl-zero-during-reassembly; ICMPv6 type/code name
+val_help: parameter-problem; ICMPv6 type/code name
+val_help: _ bad-header; ICMPv6 type/code name
+val_help: _ unknown-header-type; ICMPv6 type/code name
+val_help: _ unknown-option; ICMPv6 type/code name
+val_help: echo-request; ICMPv6 type/code name
+val_help: ping; ICMPv6 type/code name
+val_help: echo-reply; ICMPv6 type/code name
+val_help: pong; ICMPv6 type/code name
+val_help: router-solicitation; ICMPv6 type/code name
+val_help: router-advertisement; ICMPv6 type/code name
+val_help: neighbour-solicitation; ICMPv6 type/code name
+val_help: neighbor-solicitation; ICMPv6 type/code name
+val_help: neighbour-advertisement; ICMPv6 type/code name
+val_help: neighbor-advertisement; ICMPv6 type/code name
+val_help: redirect; ICMPv6 type/code name
+val_help: u32:0-255; ICMPv6 type number
+val_help: <0-255>/<0-255>; ICMPv6 type and code numbers
allowed:
array=(
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def
index 0ea2382..ee3110f 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/protocol/node.def
@@ -21,10 +21,8 @@ allowed:
protos="all icmpv6 $protos tcp_udp"
echo -n $protos
-comp_help:Possible completions:
- <text> An IPv6 protocol name (e.g. "tcp" or "udp")
- <1-255> An IPv6 protocol number
- tcp_udp Both TCP and UDP
- all All IPv6 protocols
- !<text> All IPv6 protocols except for the specified name
- !<1-255> All IPv6 protocols except for the specified number
+val_help: txt; IPv6 protocol name from /etc/protocols (e.g. "tcp" or "udp")
+val_help: u32:0-255; IPv6 protocol number
+val_help: tcp_udp; Both TCP and UDP
+val_help: all; All IPv6 protocols
+val_help: !<protocol>; All IPv6 protocols except for the specified name or number
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/address/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/address/node.def
index 0d07f99..b7a8d66 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/address/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/address/node.def
@@ -3,12 +3,11 @@ type: txt
help: Source IPv6 address, prefix or range to match
-comp_help: Possible completions:
- <x:x:x:x:x:x:x:x> IPv6 address to match
- <x:x:x:x:x:x:x:x>/<n> IPv6 prefix to match
- <x:x:x:x:x:x>-<x:x:x:x:x:x> Range of IPv6 addresses
- !<x:x:x:x:x:x:x:x> Everything except IPv6 address
- !<x:x:x:x:x:x:x:x>/<n> Everything except IPv6 prefix
- !<x:x:x:x:x:x>-<x:x:x:x:x:x> Everything except range
-
-syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv6_addr_param $VAR(@)" \ No newline at end of file
+val_help: ipv6; IPv6 address to match
+val_help: ipv6net; IPv6 prefix to match
+val_help: ipv6range; IPv6 range to match
+val_help: !ipv6; Match everything except the specified address
+val_help: !ipv6net; Match everything except the specified prefix
+val_help: !ipv6range; Match everything except the specified range
+
+syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv6_addr_param $VAR(@)"
diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/port/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/port/node.def
index 4cec3cf..adfae7a 100644
--- a/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/port/node.def
+++ b/templates/firewall/ipv6-name/node.tag/rule/node.tag/source/port/node.def
@@ -1,8 +1,8 @@
type: txt
help: Source port
-comp_help: Source port(s) can be specified as a comma-separated list of:
- <port name> Named port (any name in /etc/services, e.g., http)
- <1-65535> Numbered port
- <start>-<end> Numbered port range (e.g., 1001-1005)
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple source ports can be specified as a comma-separated list.
The whole list can also be "negated" using '!'. For example:
'!22,telnet,http,123,1001-1005'
diff --git a/templates/firewall/ipv6-receive-redirects/node.def b/templates/firewall/ipv6-receive-redirects/node.def
index f837322..969838c 100644
--- a/templates/firewall/ipv6-receive-redirects/node.def
+++ b/templates/firewall/ipv6-receive-redirects/node.def
@@ -6,9 +6,8 @@ type: txt
help: Policy for handling received ICMPv6 redirect messages
-comp_help:Possible completions:
- enable\tEnable processing of received ICMPv6 redirect messages
- disable\tDisable processing of received ICMPv6 redirect messages
+val_help: enable; Enable processing of received ICMPv6 redirect messages
+val_help: disable; Disable processing of received ICMPv6 redirect messages
default: "disable"
diff --git a/templates/firewall/ipv6-src-route/node.def b/templates/firewall/ipv6-src-route/node.def
index ce182e4..38fb4f9 100644
--- a/templates/firewall/ipv6-src-route/node.def
+++ b/templates/firewall/ipv6-src-route/node.def
@@ -11,9 +11,8 @@ type: txt
help: Policy for handling IPv6 packets with routing extension header
-comp_help:Possible completions:
- enable\tEnable processing of IPv6 packets with routing header type 2
- disable\tDisable processing of IPv6 packets with routing header
+val_help: enable; Enable processing of IPv6 packets with routing header type 2
+val_help: disable; Disable processing of IPv6 packets with routing header
default: "disable"
diff --git a/templates/firewall/log-martians/node.def b/templates/firewall/log-martians/node.def
index bb3234b..7e8d145 100644
--- a/templates/firewall/log-martians/node.def
+++ b/templates/firewall/log-martians/node.def
@@ -8,9 +8,8 @@ type: txt
help: Policy for logging IPv4 packets with invalid addresses
-comp_help:Possible completions:
- enable\tEnable logging of IPv4 packets with invalid addresses
- disable\tDisable logging of Ipv4 packets with invalid addresses
+val_help: enable; Enable logging of IPv4 packets with invalid addresses
+val_help: disable; Disable logging of Ipv4 packets with invalid addresses
default: "enable"
diff --git a/templates/firewall/modify/node.tag/default-action/node.def b/templates/firewall/modify/node.tag/default-action/node.def
index 34ed318..c4e73f6 100644
--- a/templates/firewall/modify/node.tag/default-action/node.def
+++ b/templates/firewall/modify/node.tag/default-action/node.def
@@ -7,6 +7,5 @@ default: "drop"
syntax:expression: $VAR(@) in "drop", "accept";
"default-action must be either drop or accept"
-comp_help: possible completions:
- drop Drop if no prior rules are hit (default)
- accept Accept if no prior rules are hit
+val_help: drop; Drop if no prior rules are hit (default)
+val_help: accept; Accept if no prior rules are hit
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/destination/address/node.def b/templates/firewall/modify/node.tag/rule/node.tag/destination/address/node.def
index 1bb5321..f142aba 100644
--- a/templates/firewall/modify/node.tag/rule/node.tag/destination/address/node.def
+++ b/templates/firewall/modify/node.tag/rule/node.tag/destination/address/node.def
@@ -1,9 +1,8 @@
type: txt
help: Destination IP address, subnet, or range
-comp_help: Possible completions:
- <x.x.x.x> IP address to match
- <x.x.x.x/x> Subnet to match
- <x.x.x.x>-<x.x.x.x> IP range to match
- !<x.x.x.x> Match everything except the specified address
- !<x.x.x.x/x> Match everything except the specified subnet
- !<x.x.x.x>-<x.x.x.x> Match everything except the specified range
+val_help: ipv4; IP address to match
+val_help: ipv4net; Subnet to match
+val_help: ipv4range; IP range to match
+val_help: !ipv4; Match everything except the specified address
+val_help: !ipv4net; Match everything except the specified subnet
+val_help: !ipv4range; Match everything except the specified range
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/destination/port/node.def b/templates/firewall/modify/node.tag/rule/node.tag/destination/port/node.def
index 8989f99..3299c9a 100644
--- a/templates/firewall/modify/node.tag/rule/node.tag/destination/port/node.def
+++ b/templates/firewall/modify/node.tag/rule/node.tag/destination/port/node.def
@@ -1,8 +1,8 @@
type: txt
help: Destination port
-comp_help: Destination port(s) can be specified as a comma-separated list of:
- <port name> Named port (any name in /etc/services, e.g., http)
- <1-65535> Numbered port
- <start>-<end> Numbered port range (e.g., 1001-1005)
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple destination ports can be specified as a comma-separated list.
The whole list can also be "negated" using '!'. For example:
'!22,telnet,http,123,1001-1005'
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def
index 66a5634..5491708 100644
--- a/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def
+++ b/templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def
@@ -1,12 +1,11 @@
type: txt
help: Protocol to match (protocol name in /etc/protocols or protocol number or "all")
-comp_help:Possible completions:
- <text> An IP protocol name from /etc/protocols (e.g. "tcp" or "udp")
- <0-255> An IP protocol number
- tcp_udp Both TCP and UDP
- all All IP protocols
- !<protocol> All IP protocols except for the specified name or number (negation)
+val_help: txt; IP protocol name from /etc/protocols (e.g. "tcp" or "udp")
+val_help: u32:0-255; IP protocol number
+val_help: tcp_udp; Both TCP and UDP
+val_help: all; All IP protocols
+val_help: !<protocol>; All IP protocols except for the specified name or number
syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'`\" ] \
&& [ \"$VAR(@)\" != 'tcp_udp' ]; then \
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/source/address/node.def b/templates/firewall/modify/node.tag/rule/node.tag/source/address/node.def
index 2bee1b7..72d6a17 100644
--- a/templates/firewall/modify/node.tag/rule/node.tag/source/address/node.def
+++ b/templates/firewall/modify/node.tag/rule/node.tag/source/address/node.def
@@ -1,9 +1,8 @@
type: txt
-help: Source IP address, subnet, or range\
-comp_help: Possible completions:
- <x.x.x.x> IP address to match
- <x.x.x.x/x> Subnet to match
- <x.x.x.x>-<x.x.x.x> IP range to match
- !<x.x.x.x> Match everything except the specified address
- !<x.x.x.x/x> Match everything except the specified subnet
- !<x.x.x.x>-<x.x.x.x> Match everything except the specified range
+help: Source IP address, subnet, or range
+val_help: ipv4; IP address to match
+val_help: ipv4net; Subnet to match
+val_help: ipv4range; IP range to match
+val_help: !ipv4; Match everything except the specified address
+val_help: !ipv4net; Match everything except the specified subnet
+val_help: !ipv4range; Match everything except the specified range
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/source/port/node.def b/templates/firewall/modify/node.tag/rule/node.tag/source/port/node.def
index 4cec3cf..adfae7a 100644
--- a/templates/firewall/modify/node.tag/rule/node.tag/source/port/node.def
+++ b/templates/firewall/modify/node.tag/rule/node.tag/source/port/node.def
@@ -1,8 +1,8 @@
type: txt
help: Source port
-comp_help: Source port(s) can be specified as a comma-separated list of:
- <port name> Named port (any name in /etc/services, e.g., http)
- <1-65535> Numbered port
- <start>-<end> Numbered port range (e.g., 1001-1005)
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple source ports can be specified as a comma-separated list.
The whole list can also be "negated" using '!'. For example:
'!22,telnet,http,123,1001-1005'
diff --git a/templates/firewall/name/node.tag/default-action/node.def b/templates/firewall/name/node.tag/default-action/node.def
index db160f0..bb61c41 100644
--- a/templates/firewall/name/node.tag/default-action/node.def
+++ b/templates/firewall/name/node.tag/default-action/node.def
@@ -7,7 +7,6 @@ default: "drop"
syntax:expression: $VAR(@) in "drop", "accept", "reject";
"default-action must be drop, reject or accept"
-comp_help: possible completions:
- drop Drop if no prior rules are hit (default)
- reject Drop and notify source if no prior rules are hit
- accept Accept if no prior rules are hit
+val_help: drop; Drop if no prior rules are hit (default)
+val_help: reject; Drop and notify source if no prior rules are hit
+val_help: accept; Accept if no prior rules are hit
diff --git a/templates/firewall/name/node.tag/rule/node.tag/destination/address/node.def b/templates/firewall/name/node.tag/rule/node.tag/destination/address/node.def
index 99d7b8a..83d7514 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/destination/address/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/destination/address/node.def
@@ -2,10 +2,9 @@ type: txt
help: Destination IP address, subnet, or range
-comp_help: Possible completions:
- <x.x.x.x> IPv4 address to match
- <x.x.x.x/x> IPv4 Subnet to match
- <x.x.x.x>-<x.x.x.x> IPv4 range to match
- !<x.x.x.x> Match everything except the specified address
- !<x.x.x.x/x> Match everything except the specified subnet
- !<x.x.x.x>-<x.x.x.x> Match everything except the specified range
+val_help: ipv4; IP address to match
+val_help: ipv4net; Subnet to match
+val_help: ipv4range; IP range to match
+val_help: !ipv4; Match everything except the specified address
+val_help: !ipv4net; Match everything except the specified subnet
+val_help: !ipv4range; Match everything except the specified range
diff --git a/templates/firewall/name/node.tag/rule/node.tag/destination/port/node.def b/templates/firewall/name/node.tag/rule/node.tag/destination/port/node.def
index 760c0e8..2b2d8c7 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/destination/port/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/destination/port/node.def
@@ -2,9 +2,9 @@ type: txt
help: Destination port
-comp_help: Destination port(s) can be specified as a comma-separated list of:
- <port name> Named port (any name in /etc/services, e.g., http)
- <1-65535> Numbered port
- <start>-<end> Numbered port range (e.g., 1001-1005)
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple destination ports can be specified as a comma-separated list.
The whole list can also be "negated" using '!'. For example:
'!22,telnet,http,123,1001-1005'
diff --git a/templates/firewall/name/node.tag/rule/node.tag/icmp/type-name/node.def b/templates/firewall/name/node.tag/rule/node.tag/icmp/type-name/node.def
index c3d4420..669df14 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/icmp/type-name/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/icmp/type-name/node.def
@@ -37,41 +37,40 @@ done
echo Invalid ICMP type-name [$VAR(@)]
exit 1 "
-comp_help: Possible completions:
-any
-echo-reply (pong)
-destination-unreachable
- network-unreachable
- host-unreachable
- protocol-unreachable
- port-unreachable
- fragmentation-needed
- source-route-failed
- network-unknown
- host-unknown
- network-prohibited
- host-prohibited
- TOS-network-unreachable
- TOS-host-unreachable
- communication-prohibited
- host-precedence-violation
- precedence-cutoff
-source-quench
-redirect
- network-redirect
- host-redirect
- TOS-network-redirect
- TOS-host-redirect
-echo-request (ping)
-router-advertisement
-router-solicitation
-time-exceeded (ttl-exceeded)
- ttl-zero-during-transit
- ttl-zero-during-reassembly
-parameter-problem
- ip-header-bad
- required-option-missing
-timestamp-request
-timestamp-reply
-address-mask-request
-address-mask-reply
+val_help: any; Any ICMP type/code
+val_help: echo-reply (pong); ICMP type/code name
+val_help: destination-unreachable; ICMP type/code name
+val_help: _ network-unreachable; ICMP type/code name
+val_help: _ host-unreachable; ICMP type/code name
+val_help: _ protocol-unreachable; ICMP type/code name
+val_help: _ port-unreachable; ICMP type/code name
+val_help: _ fragmentation-needed; ICMP type/code name
+val_help: _ source-route-failed; ICMP type/code name
+val_help: _ network-unknown; ICMP type/code name
+val_help: _ host-unknown; ICMP type/code name
+val_help: _ network-prohibited; ICMP type/code name
+val_help: _ host-prohibited; ICMP type/code name
+val_help: _ TOS-network-unreachable; ICMP type/code name
+val_help: _ TOS-host-unreachable; ICMP type/code name
+val_help: _ communication-prohibited; ICMP type/code name
+val_help: _ host-precedence-violation; ICMP type/code name
+val_help: _ precedence-cutoff; ICMP type/code name
+val_help: source-quench; ICMP type/code name
+val_help: redirect; ICMP type/code name
+val_help: _ network-redirect; ICMP type/code name
+val_help: _ host-redirect; ICMP type/code name
+val_help: _ TOS-network-redirect; ICMP type/code name
+val_help: _ TOS-host-redirect; ICMP type/code name
+val_help: echo-request (ping); ICMP type/code name
+val_help: router-advertisement; ICMP type/code name
+val_help: router-solicitation; ICMP type/code name
+val_help: time-exceeded (ttl-exceeded); ICMP type/code name
+val_help: _ ttl-zero-during-transit; ICMP type/code name
+val_help: _ ttl-zero-during-reassembly; ICMP type/code name
+val_help: parameter-problem; ICMP type/code name
+val_help: _ ip-header-bad; ICMP type/code name
+val_help: _ required-option-missing; ICMP type/code name
+val_help: timestamp-request; ICMP type/code name
+val_help: timestamp-reply; ICMP type/code name
+val_help: address-mask-request; ICMP type/code name
+val_help: address-mask-reply; ICMP type/code name
diff --git a/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def
index 1e9bf89..1f235f7 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def
@@ -2,12 +2,11 @@ type: txt
help: Protocol to match (protocol name in /etc/protocols or protocol number or "all")
-comp_help:Possible completions:
- <text> An IP protocol name from /etc/protocols (e.g. "tcp" or "udp")
- <1-255> An IP protocol number
- tcp_udp Both TCP and UDP
- all All IP protocols
- !<protocol> All IP protocols except for the specified name or number (negation)
+val_help: txt; IP protocol name from /etc/protocols (e.g. "tcp" or "udp")
+val_help: u32:0-255; IP protocol number
+val_help: tcp_udp; Both TCP and UDP
+val_help: all; All IP protocols
+val_help: !<protocol>; All IP protocols except for the specified name or number
syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'`\" ] \
&& [ \"$VAR(@)\" != 'tcp_udp' ]; then \
diff --git a/templates/firewall/name/node.tag/rule/node.tag/source/address/node.def b/templates/firewall/name/node.tag/rule/node.tag/source/address/node.def
index eab1cb8..72d6a17 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/source/address/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/source/address/node.def
@@ -1,9 +1,8 @@
type: txt
help: Source IP address, subnet, or range
-comp_help: Possible completions:
- <x.x.x.x> IP address to match
- <x.x.x.x/x> Subnet to match
- <x.x.x.x>-<x.x.x.x> IP range to match
- !<x.x.x.x> Match everything except the specified address
- !<x.x.x.x/x> Match everything except the specified subnet
- !<x.x.x.x>-<x.x.x.x> Match everything except the specified range
+val_help: ipv4; IP address to match
+val_help: ipv4net; Subnet to match
+val_help: ipv4range; IP range to match
+val_help: !ipv4; Match everything except the specified address
+val_help: !ipv4net; Match everything except the specified subnet
+val_help: !ipv4range; Match everything except the specified range
diff --git a/templates/firewall/name/node.tag/rule/node.tag/source/port/node.def b/templates/firewall/name/node.tag/rule/node.tag/source/port/node.def
index 4cec3cf..adfae7a 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/source/port/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/source/port/node.def
@@ -1,8 +1,8 @@
type: txt
help: Source port
-comp_help: Source port(s) can be specified as a comma-separated list of:
- <port name> Named port (any name in /etc/services, e.g., http)
- <1-65535> Numbered port
- <start>-<end> Numbered port range (e.g., 1001-1005)
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple source ports can be specified as a comma-separated list.
The whole list can also be "negated" using '!'. For example:
'!22,telnet,http,123,1001-1005'
diff --git a/templates/firewall/receive-redirects/node.def b/templates/firewall/receive-redirects/node.def
index ffc1649..d45b16a 100644
--- a/templates/firewall/receive-redirects/node.def
+++ b/templates/firewall/receive-redirects/node.def
@@ -16,9 +16,8 @@ type: txt
help: Policy for handling received IPv4 ICMP redirect messages
-comp_help:Possible completions:
- enable\tEnable processing of received IPv4 ICMP redirect messages
- disable\tDisable processing of received IPv4 ICMP redirect messages
+val_help: enable; Enable processing of received IPv4 ICMP redirect messages
+val_help: disable; Disable processing of received IPv4 ICMP redirect messages
default: "disable"
diff --git a/templates/firewall/send-redirects/node.def b/templates/firewall/send-redirects/node.def
index 8acd4bf..e3dca03 100644
--- a/templates/firewall/send-redirects/node.def
+++ b/templates/firewall/send-redirects/node.def
@@ -8,9 +8,8 @@ type: txt
help: Policy for sending IPv4 ICMP redirect messages
-comp_help:Possible completions:
- enable\tEnable sending IPv4 ICMP redirect messages
- disable\tDisable sending IPv4 ICMP redirect messages
+val_help: enable; Enable sending IPv4 ICMP redirect messages
+val_help: disable; Disable sending IPv4 ICMP redirect messages
default: "enable"
diff --git a/templates/firewall/source-validation/node.def b/templates/firewall/source-validation/node.def
index 7853bec..bbd44e4 100644
--- a/templates/firewall/source-validation/node.def
+++ b/templates/firewall/source-validation/node.def
@@ -8,10 +8,9 @@ type: txt
help: Policy for source validation by reversed path, as specified in RFC3704
-comp_help:Possible completions:
- strict\tEnable Strict Reverse Path Forwarding as defined in RFC3704
- loose\t\tEnable Loose Reverse Path Forwarding as defined in RFC3704
- disable\tNo source validation
+val_help: strict; Enable Strict Reverse Path Forwarding as defined in RFC3704
+val_help: loose; Enable Loose Reverse Path Forwarding as defined in RFC3704
+val_help: disable; No source validation
default: "disable"
diff --git a/templates/firewall/syn-cookies/node.def b/templates/firewall/syn-cookies/node.def
index 282a350..903d63d 100644
--- a/templates/firewall/syn-cookies/node.def
+++ b/templates/firewall/syn-cookies/node.def
@@ -7,9 +7,8 @@ type: txt
help: Policy for using TCP SYN cookies with IPv4
-comp_help:Possible completions:
- enable\tEnable use of TCP SYN cookies with IPv4
- disable\tDisable use of TCP SYN cookies with IPv4
+val_help: enable; Enable use of TCP SYN cookies with IPv4
+val_help: disable; Disable use of TCP SYN cookies with IPv4
default: "enable"