diff options
58 files changed, 86 insertions, 79 deletions
diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in index acd951a..9f365db 100644 --- a/scripts/firewall/firewall.init.in +++ b/scripts/firewall/firewall.init.in @@ -52,6 +52,12 @@ start () { # by default, nothing is tracked. iptables -t raw -A PREROUTING -j NOTRACK iptables -t raw -A OUTPUT -j NOTRACK + + # set up post-firewall hook + iptables -N VYATTA_POST_FW_HOOK + iptables -A VYATTA_POST_FW_HOOK -j ACCEPT + iptables -A INPUT -j VYATTA_POST_FW_HOOK + iptables -A FORWARD -j VYATTA_POST_FW_HOOK } case "$ACTION" in diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl index c409f82..e01f30c 100755 --- a/scripts/firewall/vyatta-firewall.pl +++ b/scripts/firewall/vyatta-firewall.pl @@ -275,8 +275,9 @@ sub update_ints() { if (!defined($cmd)) { # no matching rule if ($action eq 'update') { - # add new rule - $cmd = "--append $direction $interface --jump $chain"; + # add new rule. + # there is a post-fw rule at the end. insert at the front. + $cmd = "--insert $direction 1 $interface --jump $chain"; } else { # delete non-existent rule! die 'Error updating interfaces: no matching rule to delete'; @@ -318,9 +319,9 @@ sub teardown_iptables() { foreach $chain (@chains) { # chains start with Chain if ($chain =~ s/^Chain//) { - # all we need to do is make sure this is a user chain - # by looking at the references keyword and then - if ($chain =~ /references/) { + # make sure this is a user chain by looking at "references". + # make sure this is not a hook. + if (($chain =~ /references/) && !($chain =~ /VYATTA_\w+_HOOK/)) { ($chain) = split /\(/, $chain; $chain =~ s/\s//g; delete_chain("$chain"); diff --git a/templates/firewall/broadcast-ping/node.def b/templates/firewall/broadcast-ping/node.def index 0a15914..e92d08a 100644 --- a/templates/firewall/broadcast-ping/node.def +++ b/templates/firewall/broadcast-ping/node.def @@ -1,5 +1,5 @@ type: txt -help: ignore all ICMP ECHO and TIMESTAMP requests sent via broadcast/multicast +help: Set ignorance of all ICMP ECHO and TIMESTAMP requests sent via broadcast/multicast (default: disable) default: "disable" syntax:expression: $VAR(@) in "enable", "disable"; "broadcast-ping must be enable or disable" create:expression: "if [ x$VAR(@) == xenable ]; \ diff --git a/templates/firewall/ip-src-route/node.def b/templates/firewall/ip-src-route/node.def index 46ff9f4..1f813dc 100644 --- a/templates/firewall/ip-src-route/node.def +++ b/templates/firewall/ip-src-route/node.def @@ -1,5 +1,5 @@ type: txt -help: Accept packets with SRR option +help: Set acceptance for packets with SRR option (default: disable) default: "disable" syntax:expression: $VAR(@) in "enable", "disable"; "ip-src-route must be enable or disable" create:expression: "if [ x$VAR(@) == xenable ]; \ diff --git a/templates/firewall/log-martians/node.def b/templates/firewall/log-martians/node.def index 0c107f4..4a31e68 100644 --- a/templates/firewall/log-martians/node.def +++ b/templates/firewall/log-martians/node.def @@ -1,5 +1,5 @@ type: txt -help: Allow syslog logging of packets with impossible addresses +help: Set syslog logging of packets with impossible addresses (default: enable) default: "enable" syntax:expression: $VAR(@) in "enable", "disable"; "log-martians must be enable or disable" create:expression: "if [ x$VAR(@) == xenable ]; \ diff --git a/templates/firewall/name/node.def b/templates/firewall/name/node.def index b43ea95..491fe71 100644 --- a/templates/firewall/name/node.def +++ b/templates/firewall/name/node.def @@ -1,4 +1,4 @@ tag: type: txt syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot start with \"-\"" -help: Configure firewall rule set name +help: Set firewall rule set name diff --git a/templates/firewall/name/node.tag/description/node.def b/templates/firewall/name/node.tag/description/node.def index 2e61606..678e325 100644 --- a/templates/firewall/name/node.tag/description/node.def +++ b/templates/firewall/name/node.tag/description/node.def @@ -1,2 +1,2 @@ type: txt -help: Configure firewall description +help: Set firewall description diff --git a/templates/firewall/name/node.tag/rule/node.def b/templates/firewall/name/node.tag/rule/node.def index 3d8cf02..010f808 100644 --- a/templates/firewall/name/node.tag/rule/node.def +++ b/templates/firewall/name/node.tag/rule/node.def @@ -1,4 +1,4 @@ tag: type: u32 -help: Configure firewall rule number from 1 to 1024 +help: Set firewall rule number (1-1024) syntax:expression: $VAR(@) > 0 && $VAR(@) < 1025; "firewall rule number must be between 1 and 1024" diff --git a/templates/firewall/name/node.tag/rule/node.tag/action/node.def b/templates/firewall/name/node.tag/rule/node.tag/action/node.def index d6a4029..6de6660 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/action/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/action/node.def @@ -1,3 +1,3 @@ type: txt -help: Configure firewall rule action +help: Set firewall rule action syntax:expression: $VAR(@) in "drop", "reject", "accept"; "action must be one of drop, reject, or accept" diff --git a/templates/firewall/name/node.tag/rule/node.tag/description/node.def b/templates/firewall/name/node.tag/rule/node.tag/description/node.def index 22107f9..9c0c2bb 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/description/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/description/node.def @@ -1,2 +1,2 @@ type: txt -help: Configure rule description +help: Set rule description diff --git a/templates/firewall/name/node.tag/rule/node.tag/destination/address/node.def b/templates/firewall/name/node.tag/rule/node.tag/destination/address/node.def index d6f1723..e25da77 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/destination/address/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/destination/address/node.def @@ -1,9 +1,9 @@ type: txt -help: Destination IP address, subnet, or range +help: Set destination IP address, subnet, or range comp_help: Possible completions: - <IP address> IP address to match - <IP address>/<prefix length> Subnet to match - <IP address>-<IP address> IP range to match - !<IP address> Match everything except the specified address - !<IP address>/<prefix length> Match everything except the specified subnet - !<IP address>-<IP address> Match everything except the specified range + <x.x.x.x> IP address to match + <x.x.x.x/x> Subnet to match + <x.x.x.x>-<x.x.x.x> IP range to match + !<x.x.x.x> Match everything except the specified address + !<x.x.x.x/x> Match everything except the specified subnet + !<x.x.x.x>-<x.x.x.x> Match everything except the specified range diff --git a/templates/firewall/name/node.tag/rule/node.tag/destination/node.def b/templates/firewall/name/node.tag/rule/node.tag/destination/node.def index 8d56caa..500e0bb 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/destination/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/destination/node.def @@ -1 +1 @@ -help: Configure firewall destination parameters +help: Set firewall destination parameters diff --git a/templates/firewall/name/node.tag/rule/node.tag/destination/port/node.def b/templates/firewall/name/node.tag/rule/node.tag/destination/port/node.def index 6f655d7..65170b2 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/destination/port/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/destination/port/node.def @@ -1,8 +1,8 @@ type: txt -help: Configure destination port +help: Set destination port comp_help: Destination port(s) can be specified as a comma-separated list of: <port name> Named port (any name in /etc/services, e.g., http) - <port number> Numbered port (between 1 and 65535) + <1-65535> Numbered port <start>-<end> Numbered port range (e.g., 1001-1005) The whole list can also be "negated" using '!'. For example: '!22,telnet,http,123,1001-1005' diff --git a/templates/firewall/name/node.tag/rule/node.tag/icmp/code/node.def b/templates/firewall/name/node.tag/rule/node.tag/icmp/code/node.def index ef6e79d..71bacfc 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/icmp/code/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/icmp/code/node.def @@ -1,3 +1,3 @@ type: u32; "ICMP code must be between 0 and 255" -help: ICMP code must be between 0 and 255 +help: Set ICMP code (0-255) syntax:expression: $VAR(@) >=0 && $VAR(@) <= 255; "ICMP code must be between 0 and 255" diff --git a/templates/firewall/name/node.tag/rule/node.tag/icmp/node.def b/templates/firewall/name/node.tag/rule/node.tag/icmp/node.def index 08acb72..dcf9fcc 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/icmp/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/icmp/node.def @@ -1 +1 @@ -help: Configure rule ICMP type and code settings +help: Set rule ICMP type and code information diff --git a/templates/firewall/name/node.tag/rule/node.tag/icmp/type/node.def b/templates/firewall/name/node.tag/rule/node.tag/icmp/type/node.def index 18b7740..6275a64 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/icmp/type/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/icmp/type/node.def @@ -1,3 +1,3 @@ type: u32; "ICMP type must be between 0 and 255" -help: ICMP type must be between 0 and 255 +help: Set ICMP type (0-255) syntax:expression: $VAR(@) >=0 && $VAR(@) <= 255; "ICMP type must be between 0 and 255" diff --git a/templates/firewall/name/node.tag/rule/node.tag/log/node.def b/templates/firewall/name/node.tag/rule/node.tag/log/node.def index 1e975d7..5023547 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/log/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/log/node.def @@ -1,3 +1,3 @@ type: txt; "firwall logging must be enable or disable" -help: Configure firewall logging +help: Set firewall logging syntax:expression: $VAR(@) in "enable", "disable"; "firwall logging must be enable or disable" diff --git a/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def b/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def index 50c0052..3a912fb 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/protocol/node.def @@ -1,8 +1,8 @@ type: txt -help: Configure which protocol to match (this can be a protocol name in /etc/protocols, a protocol number, or "all") +help: Set protocol to match (protocol name in /etc/protocols or protocol number or "all") syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'" ; "invalid protocol \"$VAR(@)\"" comp_help:Possible completions: - <text> An IP protocol name from /etc/protocols (e.g. "tcp" or "udp"). - <0-255> An IP protocol number. - all All IP protocols. - !<protocol> All IP protocols except for the specified name or number (negation). + <text> An IP protocol name from /etc/protocols (e.g. "tcp" or "udp") + <0-255> An IP protocol number + all All IP protocols + !<protocol> All IP protocols except for the specified name or number (negation) diff --git a/templates/firewall/name/node.tag/rule/node.tag/source/address/node.def b/templates/firewall/name/node.tag/rule/node.tag/source/address/node.def index ae18e02..a11b2ba 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/source/address/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/source/address/node.def @@ -1,9 +1,9 @@ type: txt -help: Source IP address, subnet, or range +help: Set source IP address, subnet, or range comp_help: Possible completions: - <IP address> IP address to match - <IP address>/<prefix length> Subnet to match - <IP address>-<IP address> IP range to match - !<IP address> Match everything except the specified address - !<IP address>/<prefix length> Match everything except the specified subnet - !<IP address>-<IP address> Match everything except the specified range + <x.x.x.x> IP address to match + <x.x.x.x/x> Subnet to match + <x.x.x.x>-<x.x.x.x> IP range to match + !<x.x.x.x> Match everything except the specified address + !<x.x.x.x/x> Match everything except the specified subnet + !<x.x.x.x>-<x.x.x.x> Match everything except the specified range diff --git a/templates/firewall/name/node.tag/rule/node.tag/source/mac-address/node.def b/templates/firewall/name/node.tag/rule/node.tag/source/mac-address/node.def index dcf5212..fd10e26 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/source/mac-address/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/source/mac-address/node.def @@ -1,3 +1,3 @@ type: txt -help: Configure source MAC address +help: Set source MAC address syntax:expression: exec "/opt/vyatta/sbin/vyatta-validate-type.pl macaddr_negate '$VAR(@)'" ; "invalid MAC address \"$VAR(@)\"" diff --git a/templates/firewall/name/node.tag/rule/node.tag/source/node.def b/templates/firewall/name/node.tag/rule/node.tag/source/node.def index 08452e8..16ab3ad 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/source/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/source/node.def @@ -1 +1 @@ -help: Configure firewall source parameters +help: Set firewall source parameters diff --git a/templates/firewall/name/node.tag/rule/node.tag/source/port/node.def b/templates/firewall/name/node.tag/rule/node.tag/source/port/node.def index 1973f1c..e65cbfd 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/source/port/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/source/port/node.def @@ -1,8 +1,8 @@ type: txt -help: Configure source port +help: Set source port comp_help: Source port(s) can be specified as a comma-separated list of: <port name> Named port (any name in /etc/services, e.g., http) - <port number> Numbered port (between 1 and 65535) + <1-65535> Numbered port <start>-<end> Numbered port range (e.g., 1001-1005) The whole list can also be "negated" using '!'. For example: '!22,telnet,http,123,1001-1005' diff --git a/templates/firewall/name/node.tag/rule/node.tag/state/established/node.def b/templates/firewall/name/node.tag/rule/node.tag/state/established/node.def index 540dae0..802e35d 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/state/established/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/state/established/node.def @@ -1,3 +1,3 @@ type: txt -help: Configure established state +help: Set established state syntax:expression: $VAR(@) in "enable", "disable" ; "state value must be enable or disable" diff --git a/templates/firewall/name/node.tag/rule/node.tag/state/invalid/node.def b/templates/firewall/name/node.tag/rule/node.tag/state/invalid/node.def index 11cac2d..ddba99f 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/state/invalid/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/state/invalid/node.def @@ -1,3 +1,3 @@ type: txt -help: Configure invalid state +help: Set invalid state syntax:expression: $VAR(@) in "enable", "disable" ; "state value must be enable or disable" diff --git a/templates/firewall/name/node.tag/rule/node.tag/state/new/node.def b/templates/firewall/name/node.tag/rule/node.tag/state/new/node.def index fe26a5e..23854e7 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/state/new/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/state/new/node.def @@ -1,3 +1,3 @@ type: txt -help: Configure new state +help: Set new state syntax:expression: $VAR(@) in "enable", "disable" ; "state value must be enable or disable" diff --git a/templates/firewall/name/node.tag/rule/node.tag/state/node.def b/templates/firewall/name/node.tag/rule/node.tag/state/node.def index 0e38df4..3b7b383 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/state/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/state/node.def @@ -1 +1 @@ -help: Session state +help: Set session state diff --git a/templates/firewall/name/node.tag/rule/node.tag/state/related/node.def b/templates/firewall/name/node.tag/rule/node.tag/state/related/node.def index f792fa6..acddc3b 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/state/related/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/state/related/node.def @@ -1,3 +1,3 @@ type: txt -help: Configure related state +help: Set related state syntax:expression: $VAR(@) in "enable", "disable" ; "state value must be enable or disable" diff --git a/templates/firewall/receive-redirects/node.def b/templates/firewall/receive-redirects/node.def index bb9d460..59996ec 100644 --- a/templates/firewall/receive-redirects/node.def +++ b/templates/firewall/receive-redirects/node.def @@ -1,5 +1,5 @@ type: txt -help: accept redirects +help: Set receive ICMP redirects (default: disable) default: "disable" syntax:expression: $VAR(@) in "enable", "disable"; "receive-redirects must be enable or disable" create:expression: "if [ x$VAR(@) == xenable ]; \ diff --git a/templates/firewall/send-redirects/node.def b/templates/firewall/send-redirects/node.def index db18a50..a83fa45 100644 --- a/templates/firewall/send-redirects/node.def +++ b/templates/firewall/send-redirects/node.def @@ -1,5 +1,5 @@ type: txt -help: send ICMP redirects +help: Set send ICMP redirects (default: disable) default: "disable" syntax:expression: $VAR(@) in "enable", "disable"; "send-redirects must be enable or disable" create:expression: "if [ x$VAR(@) == xenable ]; \ diff --git a/templates/firewall/syn-cookies/node.def b/templates/firewall/syn-cookies/node.def index 70b447b..9521f12 100644 --- a/templates/firewall/syn-cookies/node.def +++ b/templates/firewall/syn-cookies/node.def @@ -1,5 +1,5 @@ type: txt -help: use TCP syn cookies +help: Set use TCP syn cookies (default: enable) default: "enable" syntax:expression: $VAR(@) in "enable", "disable"; "syn-cookies must be enable or disable" update:expression: "if [ x$VAR(@) == xenable ]; \ diff --git a/templates/interfaces/ethernet/node.tag/firewall/in/name/node.def b/templates/interfaces/ethernet/node.tag/firewall/in/name/node.def index 290e726..45ddefa 100644 --- a/templates/interfaces/ethernet/node.tag/firewall/in/name/node.def +++ b/templates/interfaces/ethernet/node.tag/firewall/in/name/node.def @@ -1,6 +1,6 @@ type: txt -help: Inbound interface filter name +help: Set inbound interface filter name create:expression: "sh -c \"echo create eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ >> /tmp/cli.log && \ diff --git a/templates/interfaces/ethernet/node.tag/firewall/in/node.def b/templates/interfaces/ethernet/node.tag/firewall/in/node.def index 7a9f156..eccc79b 100644 --- a/templates/interfaces/ethernet/node.tag/firewall/in/node.def +++ b/templates/interfaces/ethernet/node.tag/firewall/in/node.def @@ -1 +1 @@ -help: Filter forwarded packets on inbound interface +help: Set filter for forwarded packets on inbound interface diff --git a/templates/interfaces/ethernet/node.tag/firewall/local/name/node.def b/templates/interfaces/ethernet/node.tag/firewall/local/name/node.def index 5bd9cd6..2908207 100644 --- a/templates/interfaces/ethernet/node.tag/firewall/local/name/node.def +++ b/templates/interfaces/ethernet/node.tag/firewall/local/name/node.def @@ -1,6 +1,6 @@ type: txt -help: Local filter name +help: Set local filter name create:expression: "sh -c \"echo create eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ >> /tmp/cli.log && \ diff --git a/templates/interfaces/ethernet/node.tag/firewall/local/node.def b/templates/interfaces/ethernet/node.tag/firewall/local/node.def index eb0ccdf..2595835 100644 --- a/templates/interfaces/ethernet/node.tag/firewall/local/node.def +++ b/templates/interfaces/ethernet/node.tag/firewall/local/node.def @@ -1 +1 @@ -help: Filter packets destined for this router +help: Set filter for packets destined for this router diff --git a/templates/interfaces/ethernet/node.tag/firewall/node.def b/templates/interfaces/ethernet/node.tag/firewall/node.def index 7778775..11748d2 100644 --- a/templates/interfaces/ethernet/node.tag/firewall/node.def +++ b/templates/interfaces/ethernet/node.tag/firewall/node.def @@ -1 +1 @@ -help: Configure firewall options +help: Set firewall options diff --git a/templates/interfaces/ethernet/node.tag/firewall/out/name/node.def b/templates/interfaces/ethernet/node.tag/firewall/out/name/node.def index 0086f38..13a7c31 100644 --- a/templates/interfaces/ethernet/node.tag/firewall/out/name/node.def +++ b/templates/interfaces/ethernet/node.tag/firewall/out/name/node.def @@ -1,6 +1,6 @@ type: txt -help: Outbound interface filter name +help: Set outbound interface filter name create:expression: "sh -c \"echo create eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ >> /tmp/cli.log && \ diff --git a/templates/interfaces/ethernet/node.tag/firewall/out/node.def b/templates/interfaces/ethernet/node.tag/firewall/out/node.def index 4cf0682..3aec5f0 100644 --- a/templates/interfaces/ethernet/node.tag/firewall/out/node.def +++ b/templates/interfaces/ethernet/node.tag/firewall/out/node.def @@ -1 +1 @@ -help: Filter forwarded packets on outbound interface +help: Set filter for forwarded packets on outbound interface diff --git a/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/in/name/node.def b/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/in/name/node.def index 3c55b08..6e629bc 100644 --- a/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/in/name/node.def +++ b/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/in/name/node.def @@ -1,6 +1,6 @@ type: txt -help: Inbound interface filter name +help: Set inbound interface filter name create:expression: "sh -c \"echo create pppoe=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ >> /tmp/cli.log && \ diff --git a/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/in/node.def b/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/in/node.def index 7a9f156..eccc79b 100644 --- a/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/in/node.def +++ b/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/in/node.def @@ -1 +1 @@ -help: Filter forwarded packets on inbound interface +help: Set filter for forwarded packets on inbound interface diff --git a/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/local/name/node.def b/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/local/name/node.def index 0ff302d..44e85d1 100644 --- a/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/local/name/node.def +++ b/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/local/name/node.def @@ -1,6 +1,6 @@ type: txt -help: Local filter name +help: Set local filter name create:expression: "sh -c \"echo create pppoe=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ >> /tmp/cli.log && \ diff --git a/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/local/node.def b/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/local/node.def index eb0ccdf..2595835 100644 --- a/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/local/node.def +++ b/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/local/node.def @@ -1 +1 @@ -help: Filter packets destined for this router +help: Set filter for packets destined for this router diff --git a/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/node.def b/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/node.def index 7778775..11748d2 100644 --- a/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/node.def +++ b/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/node.def @@ -1 +1 @@ -help: Configure firewall options +help: Set firewall options diff --git a/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/out/name/node.def b/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/out/name/node.def index 897fdde..2c37224 100644 --- a/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/out/name/node.def +++ b/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/out/name/node.def @@ -1,6 +1,6 @@ type: txt -help: Outbound interface filter name +help: Set outbound interface filter name create:expression: "sh -c \"echo create pppoe=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ >> /tmp/cli.log && \ diff --git a/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/out/node.def b/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/out/node.def index 4cf0682..3aec5f0 100644 --- a/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/out/node.def +++ b/templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/out/node.def @@ -1 +1 @@ -help: Filter forwarded packets on outbound interface +help: Set filter for forwarded packets on outbound interface diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/in/name/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/in/name/node.def index ade7e78..f69297a 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/in/name/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/in/name/node.def @@ -1,6 +1,6 @@ type: txt -help: Inbound interface filter name +help: Set inbound interface filter name create:expression: "sh -c \"echo create eth=[$VAR(../../../../@)] vif=[$VAR(../../../@)] \ dir=[$VAR(..)] name=[$VAR(@)] >> /tmp/cli.log && \ diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/in/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/in/node.def index 7a9f156..eccc79b 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/in/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/in/node.def @@ -1 +1 @@ -help: Filter forwarded packets on inbound interface +help: Set filter for forwarded packets on inbound interface diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/local/name/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/local/name/node.def index 4089ab1..7ed2aa7 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/local/name/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/local/name/node.def @@ -1,6 +1,6 @@ type: txt -help: Local filter name +help: Set local filter name create:expression: "sh -c \"echo create eth=[$VAR(../../../../@)] vif=[$VAR(../../../@)] \ dir=[$VAR(..)] name=[$VAR(@)] >> /tmp/cli.log && \ sudo /opt/vyatta/sbin/vyatta-firewall.pl \ diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/local/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/local/node.def index eb0ccdf..2656a94 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/local/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/local/node.def @@ -1 +1 @@ -help: Filter packets destined for this router +help: Set filter packets destined for this router diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/node.def index 7778775..11748d2 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/node.def @@ -1 +1 @@ -help: Configure firewall options +help: Set firewall options diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/out/name/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/out/name/node.def index 22642a2..82a0f0b 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/out/name/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/out/name/node.def @@ -1,6 +1,6 @@ type: txt -help: Outbound interface filter name +help: Set outbound interface filter name create:expression: "sh -c \"echo create eth=[$VAR(../../../../@)] vif=[$VAR(../../../@)] \ dir=[$VAR(..)] name=[$VAR(@)] >> /tmp/cli.log && \ sudo /opt/vyatta/sbin/vyatta-firewall.pl \ diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/out/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/out/node.def index 4cf0682..a3de8f5 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/out/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/out/node.def @@ -1 +1 @@ -help: Filter forwarded packets on outbound interface +help: Set filter forwarded packets on outbound interface diff --git a/templates/interfaces/tunnel/node.tag/firewall/in/name/node.def b/templates/interfaces/tunnel/node.tag/firewall/in/name/node.def index 290e726..45ddefa 100644 --- a/templates/interfaces/tunnel/node.tag/firewall/in/name/node.def +++ b/templates/interfaces/tunnel/node.tag/firewall/in/name/node.def @@ -1,6 +1,6 @@ type: txt -help: Inbound interface filter name +help: Set inbound interface filter name create:expression: "sh -c \"echo create eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ >> /tmp/cli.log && \ diff --git a/templates/interfaces/tunnel/node.tag/firewall/in/node.def b/templates/interfaces/tunnel/node.tag/firewall/in/node.def index 7a9f156..eccc79b 100644 --- a/templates/interfaces/tunnel/node.tag/firewall/in/node.def +++ b/templates/interfaces/tunnel/node.tag/firewall/in/node.def @@ -1 +1 @@ -help: Filter forwarded packets on inbound interface +help: Set filter for forwarded packets on inbound interface diff --git a/templates/interfaces/tunnel/node.tag/firewall/local/name/node.def b/templates/interfaces/tunnel/node.tag/firewall/local/name/node.def index 5bd9cd6..2908207 100644 --- a/templates/interfaces/tunnel/node.tag/firewall/local/name/node.def +++ b/templates/interfaces/tunnel/node.tag/firewall/local/name/node.def @@ -1,6 +1,6 @@ type: txt -help: Local filter name +help: Set local filter name create:expression: "sh -c \"echo create eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ >> /tmp/cli.log && \ diff --git a/templates/interfaces/tunnel/node.tag/firewall/local/node.def b/templates/interfaces/tunnel/node.tag/firewall/local/node.def index eb0ccdf..2595835 100644 --- a/templates/interfaces/tunnel/node.tag/firewall/local/node.def +++ b/templates/interfaces/tunnel/node.tag/firewall/local/node.def @@ -1 +1 @@ -help: Filter packets destined for this router +help: Set filter for packets destined for this router diff --git a/templates/interfaces/tunnel/node.tag/firewall/node.def b/templates/interfaces/tunnel/node.tag/firewall/node.def index 7778775..11748d2 100644 --- a/templates/interfaces/tunnel/node.tag/firewall/node.def +++ b/templates/interfaces/tunnel/node.tag/firewall/node.def @@ -1 +1 @@ -help: Configure firewall options +help: Set firewall options diff --git a/templates/interfaces/tunnel/node.tag/firewall/out/name/node.def b/templates/interfaces/tunnel/node.tag/firewall/out/name/node.def index 0086f38..13a7c31 100644 --- a/templates/interfaces/tunnel/node.tag/firewall/out/name/node.def +++ b/templates/interfaces/tunnel/node.tag/firewall/out/name/node.def @@ -1,6 +1,6 @@ type: txt -help: Outbound interface filter name +help: Set outbound interface filter name create:expression: "sh -c \"echo create eth=[$VAR(../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ >> /tmp/cli.log && \ diff --git a/templates/interfaces/tunnel/node.tag/firewall/out/node.def b/templates/interfaces/tunnel/node.tag/firewall/out/node.def index 4cf0682..3aec5f0 100644 --- a/templates/interfaces/tunnel/node.tag/firewall/out/node.def +++ b/templates/interfaces/tunnel/node.tag/firewall/out/node.def @@ -1 +1 @@ -help: Filter forwarded packets on outbound interface +help: Set filter for forwarded packets on outbound interface |