diff options
7 files changed, 22 insertions, 0 deletions
diff --git a/templates/firewall/state-policy/established/log/node.def b/templates/firewall/state-policy/established/log/node.def index 78125ae..aaa47bb 100644 --- a/templates/firewall/state-policy/established/log/node.def +++ b/templates/firewall/state-policy/established/log/node.def @@ -1 +1,4 @@ help: Option to log packets part of an established connection + +commit:expression: $VAR(./enable) != ""; + "Need to set 'enable' to log packets part of an established connection" diff --git a/templates/firewall/state-policy/established/node.def b/templates/firewall/state-policy/established/node.def index 8a199e2..2aa7526 100644 --- a/templates/firewall/state-policy/established/node.def +++ b/templates/firewall/state-policy/established/node.def @@ -1 +1,4 @@ help: Global firewall policy for packets part of an established connection + +commit:expression: $VAR(./action/) != ""; + "No action set for state 'established'" diff --git a/templates/firewall/state-policy/invalid/log/node.def b/templates/firewall/state-policy/invalid/log/node.def index cfd56b3..73a3915 100644 --- a/templates/firewall/state-policy/invalid/log/node.def +++ b/templates/firewall/state-policy/invalid/log/node.def @@ -1 +1,4 @@ help: Option to log packets part of an invalid connection + +commit:expression: $VAR(./enable) != ""; + "Need to set 'enable' to log packets part of an invalid connection" diff --git a/templates/firewall/state-policy/invalid/node.def b/templates/firewall/state-policy/invalid/node.def index 71bbf20..2495327 100644 --- a/templates/firewall/state-policy/invalid/node.def +++ b/templates/firewall/state-policy/invalid/node.def @@ -1 +1,4 @@ help: Global firewall policy for packets part of an invalid connection + +commit:expression: $VAR(./action/) != ""; + "No action set for state 'invalid'" diff --git a/templates/firewall/state-policy/node.def b/templates/firewall/state-policy/node.def index a745c31..230f090 100644 --- a/templates/firewall/state-policy/node.def +++ b/templates/firewall/state-policy/node.def @@ -1,6 +1,10 @@ priority: 200 help: Global firewall state-policy +commit:expression: $VAR(./established) != "" || $VAR(./related) != "" + || $VAR(./invalid) != ""; + "No policy set for either 'established', 'related', or 'invalid' state" + begin: if ! /opt/vyatta/sbin/vyatta-fw-global-state-policy.pl \ --action=state-policy-validity-checks; then \ diff --git a/templates/firewall/state-policy/related/log/node.def b/templates/firewall/state-policy/related/log/node.def index 245928b..9647b60 100644 --- a/templates/firewall/state-policy/related/log/node.def +++ b/templates/firewall/state-policy/related/log/node.def @@ -1 +1,4 @@ help: Option to log packets part of a related connection + +commit:expression: $VAR(./enable) != ""; + "Need to set 'enable' to log packets part of a related connection" diff --git a/templates/firewall/state-policy/related/node.def b/templates/firewall/state-policy/related/node.def index df8d7c0..9e4d7dd 100644 --- a/templates/firewall/state-policy/related/node.def +++ b/templates/firewall/state-policy/related/node.def @@ -1 +1,4 @@ help: Global firewall policy for packets part of a related connection + +commit:expression: $VAR(./action/) != ""; + "No action set for state 'related'" |