5 files changed, 32 insertions, 12 deletions

diff --git a/scripts/firewall/VyattaIpTablesAddressFilter.pm b/scripts/firewall/VyattaIpTablesAddressFilter.pm
index 4747e5e..aa65854 100644
--- a/scripts/firewall/VyattaIpTablesAddressFilter.pm
+++ b/scripts/firewall/VyattaIpTablesAddressFilter.pm
@@ -47,8 +47,12 @@ sub setup {
   # setup address filter nodes
   $self->{_range_start}     = $config->returnValue("range start");
   $self->{_range_stop}      = $config->returnValue("range stop");
-  $self->{_network}         = $config->returnValue("network");
   $self->{_address}         = $config->returnValue("address");
+  $self->{_network} = undef;
+  if (defined($self->{_address}) && ($self->{_address} =~ /\//)) {
+    $self->{_network} = $self->{_address};
+    $self->{_address} = undef;
+  }
   my @tmp                   = $config->returnValues("port-number");
   $self->{_portnumber}      = [ @tmp ]; 
   @tmp                      = $config->returnValues("port-name");
@@ -74,8 +78,12 @@ sub setupOrig {
   # setup address filter nodes
   $self->{_range_start}     = $config->returnOrigValue("range start");
   $self->{_range_stop}      = $config->returnOrigValue("range stop");
-  $self->{_network}         = $config->returnOrigValue("network");
   $self->{_address}         = $config->returnOrigValue("address");
+  $self->{_network} = undef;
+  if (defined($self->{_address}) && ($self->{_address} =~ /\//)) {
+    $self->{_network} = $self->{_address};
+    $self->{_address} = undef;
+  }
   my @tmp                   = $config->returnOrigValues("port-number");
   $self->{_portnumber}      = [ @tmp ]; 
   @tmp                      = $config->returnOrigValues("port-name");
diff --git a/templates/firewall/name/node.tag/rule/node.tag/destination/address/node.def b/templates/firewall/name/node.tag/rule/node.tag/destination/address/node.def
index 61b702a..48da82b 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/destination/address/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/destination/address/node.def
@@ -1,3 +1,12 @@
 type: txt
-help: Configure firewall destination address
-syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv4_negate '$VAR(@)'" ; "invalid destination address \"$VAR(@)\""
+help: Destination address or subnet
+syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl \
+                           -q ipv4_negate '$VAR(@)' \
+                         || /opt/vyatta/sbin/vyatta-validate-type.pl \
+                              -q ipv4net_negate '$VAR(@)'" \
+                   ; "invalid destination address \"$VAR(@)\""
+comp_help: Possible completions:
+  <IP address>                  IP address to match
+  <IP address>/<prefix length>  Subnet to match
+  !<IP address>                 Match everything except the specified address
+  !<IP address>/<prefix length> Match everything except the specified subnet
diff --git a/templates/firewall/name/node.tag/rule/node.tag/destination/network/node.def b/templates/firewall/name/node.tag/rule/node.tag/destination/network/node.def
deleted file mode 100644
index 9d07028..0000000
--- a/templates/firewall/name/node.tag/rule/node.tag/destination/network/node.def
+++ /dev/null
@@ -1,3 +0,0 @@
-type: txt
-help: Configure firewall destination network
-syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv4net_negate '$VAR(@)'" ; "invalid destination network \"$VAR(@)\""
diff --git a/templates/firewall/name/node.tag/rule/node.tag/source/address/node.def b/templates/firewall/name/node.tag/rule/node.tag/source/address/node.def
index 9304fb2..a9dda73 100644
--- a/templates/firewall/name/node.tag/rule/node.tag/source/address/node.def
+++ b/templates/firewall/name/node.tag/rule/node.tag/source/address/node.def
@@ -1,3 +1,12 @@
 type: txt
-help: Configure firewall source address
-syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv4_negate '$VAR(@)'" ; "invalid source address \"$VAR(@)\""
+help: Source address or subnet
+syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl \
+                           -q ipv4_negate '$VAR(@)' \
+                         || /opt/vyatta/sbin/vyatta-validate-type.pl \
+                              -q ipv4net_negate '$VAR(@)'" \
+                   ; "invalid source address \"$VAR(@)\""
+comp_help: Possible completions:
+  <IP address>                  IP address to match
+  <IP address>/<prefix length>  Subnet to match
+  !<IP address>                 Match everything except the specified address
+  !<IP address>/<prefix length> Match everything except the specified subnet
diff --git a/templates/firewall/name/node.tag/rule/node.tag/source/network/node.def b/templates/firewall/name/node.tag/rule/node.tag/source/network/node.def
deleted file mode 100644
index 7c9e939..0000000
--- a/templates/firewall/name/node.tag/rule/node.tag/source/network/node.def
+++ /dev/null
@@ -1,3 +0,0 @@
-type: txt
-help: Configure firewall source network
-syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv4net_negate '$VAR(@)'" ; "invalid source network \"$VAR(@)\""