diff options
-rw-r--r-- | Makefile.am | 2 | ||||
-rw-r--r-- | cfg-version/firewall@6 (renamed from cfg-version/firewall@5) | 0 | ||||
-rw-r--r-- | debian/control | 3 | ||||
-rw-r--r-- | debian/vyatta-cfg-firewall.install | 3 | ||||
-rwxr-xr-x | gen-interface-policy-templates.pl | 4 | ||||
-rwxr-xr-x | gen-interface-templates.pl | 8 | ||||
-rw-r--r-- | templates/firewall/name/node.tag/rule/node.tag/icmp/code/node.def | 2 | ||||
-rw-r--r-- | templates/firewall/name/node.tag/rule/node.tag/icmp/type/node.def | 2 |
8 files changed, 17 insertions, 7 deletions
diff --git a/Makefile.am b/Makefile.am index dc0f6a9..f9e5b13 100644 --- a/Makefile.am +++ b/Makefile.am @@ -7,7 +7,7 @@ modprobe_DATA = etc/modprobe.d/vyatta_xt_recent.conf modprobe_DATA += etc/modprobe.d/vyatta_ipset.conf sbin_SCRIPTS = -curver_DATA = cfg-version/firewall@5 +curver_DATA = cfg-version/firewall@6 sbin_SCRIPTS += scripts/firewall/vyatta-firewall.pl sbin_SCRIPTS += scripts/firewall/vyatta-firewall-trap.pl diff --git a/cfg-version/firewall@5 b/cfg-version/firewall@6 index e69de29..e69de29 100644 --- a/cfg-version/firewall@5 +++ b/cfg-version/firewall@6 diff --git a/debian/control b/debian/control index 1b5f4d4..9ea52d6 100644 --- a/debian/control +++ b/debian/control @@ -26,8 +26,7 @@ Depends: sed (>= 4.1.5), libswitch-perl, libsnmp-perl Replaces: vyatta-cfg-system, - vyatta-openvpn, - vyatta-wirelessmodem + vyatta-openvpn Suggests: util-linux (>= 2.13-5), net-tools, ethtool, diff --git a/debian/vyatta-cfg-firewall.install b/debian/vyatta-cfg-firewall.install index 40f05db..baafd31 100644 --- a/debian/vyatta-cfg-firewall.install +++ b/debian/vyatta-cfg-firewall.install @@ -9,13 +9,14 @@ opt/vyatta/share/vyatta-cfg/templates/interfaces/bridge opt/vyatta/share/vyatta-cfg/templates/interfaces/dummy opt/vyatta/share/vyatta-cfg/templates/interfaces/ethernet opt/vyatta/share/vyatta-cfg/templates/interfaces/input +opt/vyatta/share/vyatta-cfg/templates/interfaces/macsec opt/vyatta/share/vyatta-cfg/templates/interfaces/openvpn opt/vyatta/share/vyatta-cfg/templates/interfaces/pppoe opt/vyatta/share/vyatta-cfg/templates/interfaces/pseudo-ethernet opt/vyatta/share/vyatta-cfg/templates/interfaces/tunnel opt/vyatta/share/vyatta-cfg/templates/interfaces/vti opt/vyatta/share/vyatta-cfg/templates/interfaces/wireless -opt/vyatta/share/vyatta-cfg/templates/interfaces/wirelessmodem +opt/vyatta/share/vyatta-cfg/templates/interfaces/wwan opt/vyatta/share/vyatta-cfg/templates/interfaces/l2tpv3 opt/vyatta/share/vyatta-cfg/templates/interfaces/vxlan opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard diff --git a/gen-interface-policy-templates.pl b/gen-interface-policy-templates.pl index b48b24e..e744c39 100755 --- a/gen-interface-policy-templates.pl +++ b/gen-interface-policy-templates.pl @@ -41,6 +41,7 @@ my %interface_hash = ( 'bonding/node.tag/vif-s/node.tag/vif-c/node.tag' => '$VAR(../../../../@).$VAR(../../../@).$VAR(../../@)', 'bonding/node.tag/vif/node.tag' => '$VAR(../../../@).$VAR(../../@)', 'bridge/node.tag' => '$VAR(../../@)', + 'bridge/node.tag/vif/node.tag' => '$VAR(../../../@).$VAR(../../@)', 'dummy/node.tag' => '$VAR(../../@)', 'ethernet/node.tag' => '$VAR(../../@)', 'ethernet/node.tag/vif-s/node.tag' => '$VAR(../../../@).$VAR(../../@)', @@ -49,6 +50,7 @@ my %interface_hash = ( 'input/node.tag' => '$VAR(../../@)', 'l2tpv3/node.tag' => '$VAR(../../@)', 'multilink/node.tag/vif/node.tag' => '$VAR(../../../@)', + 'macsec/node.tag' => '$VAR(../../@)', 'openvpn/node.tag' => '$VAR(../../@)', 'pppoe/node.tag' => '$VAR(../../@)', 'pseudo-ethernet/node.tag' => '$VAR(../../@)', @@ -60,7 +62,7 @@ my %interface_hash = ( 'vxlan/node.tag' => '$VAR(../../@)', 'wireless/node.tag' => '$VAR(../../@)', 'wireless/node.tag/vif/node.tag' => '$VAR(../../../@).$VAR(../../@)', - 'wirelessmodem/node.tag' => '$VAR(../../@)', + 'wwan/node.tag' => '$VAR(../../@)', 'wireguard/node.tag' => '$VAR(../../@)', ); diff --git a/gen-interface-templates.pl b/gen-interface-templates.pl index 641da62..3a527bc 100755 --- a/gen-interface-templates.pl +++ b/gen-interface-templates.pl @@ -41,6 +41,7 @@ my %interface_hash = ( 'bonding/node.tag/vif-s/node.tag/vif-c/node.tag' => '$VAR(../../../../../@).$VAR(../../../../@).$VAR(../../../@)', 'bonding/node.tag/vif/node.tag' => '$VAR(../../../../@).$VAR(../../../@)', 'bridge/node.tag' => '$VAR(../../../@)', + 'bridge/node.tag/vif/node.tag' => '$VAR(../../../../@).$VAR(../../../@)', 'dummy/node.tag' => '$VAR(../../../@)', 'ethernet/node.tag' => '$VAR(../../../@)', 'ethernet/node.tag/vif-s/node.tag' => '$VAR(../../../../@).$VAR(../../../@)', @@ -49,6 +50,7 @@ my %interface_hash = ( 'input/node.tag' => '$VAR(../../../@)', 'l2tpv3/node.tag' => '$VAR(../../../@)', 'multilink/node.tag/vif/node.tag' => '$VAR(../../../../@)', + 'macsec/node.tag' => '$VAR(../../../@)', 'openvpn/node.tag' => '$VAR(../../../@)', 'pppoe/node.tag' => '$VAR(../../../@)', 'pseudo-ethernet/node.tag' => '$VAR(../../../@)', @@ -60,7 +62,7 @@ my %interface_hash = ( 'vxlan/node.tag' => '$VAR(../../../@)', 'wireless/node.tag' => '$VAR(../../../@)', 'wireless/node.tag/vif/node.tag' => '$VAR(../../../../@).$VAR(../../../@)', - 'wirelessmodem/node.tag' => '$VAR(../../../@)', + 'wwan/node.tag' => '$VAR(../../../@)', 'wireguard/node.tag' => '$VAR(../../../@)', ); @@ -71,6 +73,7 @@ my %firewall_hash = ( 'bonding/node.tag/vif-s/node.tag/vif-c/node.tag' => 'bonding $VAR(../../../../@) vif-s $VAR(../../@) vif-c $VAR(../@)', 'bonding/node.tag/vif/node.tag' => 'bonding $VAR(../../../@) vif $VAR(../@)', 'bridge/node.tag' => 'bridge $VAR(../@)', + 'bridge/node.tag/vif/node.tag' => 'bonding $VAR(../../../@) vif $VAR(../@)', 'dummy/node.tag' => 'dummy $VAR(../@)', 'ethernet/node.tag' => 'ethernet $VAR(../@)', 'ethernet/node.tag/vif-s/node.tag' => 'ethernet $VAR(../../../@) vif-s $VAR(../@)', @@ -79,6 +82,7 @@ my %firewall_hash = ( 'input/node.tag' => 'input $VAR(../@)', 'l2tpv3/node.tag' => 'l2tpv3 $VAR(../@)', 'multilink/node.tag/vif/node.tag' => 'multilink $VAR(../../../@) vif $VAR(../@)', + 'macsec/node.tag' => 'macsec $VAR(../@)', 'openvpn/node.tag' => 'openvpn $VAR(../@)', 'pppoe/node.tag' => 'pppoe $VAR(../@)', 'pseudo-ethernet/node.tag' => 'pseudo-ethernet $VAR(../@)', @@ -90,7 +94,7 @@ my %firewall_hash = ( 'vxlan/node.tag' => 'vxlan $VAR(../@)', 'wireless/node.tag' => 'wireless $VAR(../@)', 'wireless/node.tag/vif/node.tag' => 'wireless $VAR(../../../@) vif $VAR(../@)', - 'wirelessmodem/node.tag' => 'wirelessmodem $VAR(../@)', + 'wwan/node.tag' => 'wwan $VAR(../@)', 'wireguard/node.tag' => 'wireguard $VAR(../@)', ); diff --git a/templates/firewall/name/node.tag/rule/node.tag/icmp/code/node.def b/templates/firewall/name/node.tag/rule/node.tag/icmp/code/node.def index 84f77b4..72d82e0 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/icmp/code/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/icmp/code/node.def @@ -3,3 +3,5 @@ type: u32; "ICMP code must be between 0 and 255" help: ICMP code (0-255) syntax:expression: $VAR(@) >=0 && $VAR(@) <= 255; "ICMP code must be between 0 and 255" + +val_help: u32:0-255; ICMP code diff --git a/templates/firewall/name/node.tag/rule/node.tag/icmp/type/node.def b/templates/firewall/name/node.tag/rule/node.tag/icmp/type/node.def index ce69c45..fa74aa0 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/icmp/type/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/icmp/type/node.def @@ -3,3 +3,5 @@ type: u32; "ICMP type must be between 0 and 255" help: ICMP type (0-255) syntax:expression: $VAR(@) >=0 && $VAR(@) <= 255; "ICMP type must be between 0 and 255" + +val_help: u32:0-255; ICMP type |