summaryrefslogtreecommitdiff
path: root/templates/firewall/state-policy
diff options
context:
space:
mode:
Diffstat (limited to 'templates/firewall/state-policy')
-rw-r--r--templates/firewall/state-policy/established/log/node.def3
-rw-r--r--templates/firewall/state-policy/established/node.def3
-rw-r--r--templates/firewall/state-policy/invalid/log/node.def3
-rw-r--r--templates/firewall/state-policy/invalid/node.def3
-rw-r--r--templates/firewall/state-policy/node.def4
-rw-r--r--templates/firewall/state-policy/related/log/node.def3
-rw-r--r--templates/firewall/state-policy/related/node.def3
7 files changed, 22 insertions, 0 deletions
diff --git a/templates/firewall/state-policy/established/log/node.def b/templates/firewall/state-policy/established/log/node.def
index 78125ae..aaa47bb 100644
--- a/templates/firewall/state-policy/established/log/node.def
+++ b/templates/firewall/state-policy/established/log/node.def
@@ -1 +1,4 @@
help: Option to log packets part of an established connection
+
+commit:expression: $VAR(./enable) != "";
+ "Need to set 'enable' to log packets part of an established connection"
diff --git a/templates/firewall/state-policy/established/node.def b/templates/firewall/state-policy/established/node.def
index 8a199e2..2aa7526 100644
--- a/templates/firewall/state-policy/established/node.def
+++ b/templates/firewall/state-policy/established/node.def
@@ -1 +1,4 @@
help: Global firewall policy for packets part of an established connection
+
+commit:expression: $VAR(./action/) != "";
+ "No action set for state 'established'"
diff --git a/templates/firewall/state-policy/invalid/log/node.def b/templates/firewall/state-policy/invalid/log/node.def
index cfd56b3..73a3915 100644
--- a/templates/firewall/state-policy/invalid/log/node.def
+++ b/templates/firewall/state-policy/invalid/log/node.def
@@ -1 +1,4 @@
help: Option to log packets part of an invalid connection
+
+commit:expression: $VAR(./enable) != "";
+ "Need to set 'enable' to log packets part of an invalid connection"
diff --git a/templates/firewall/state-policy/invalid/node.def b/templates/firewall/state-policy/invalid/node.def
index 71bbf20..2495327 100644
--- a/templates/firewall/state-policy/invalid/node.def
+++ b/templates/firewall/state-policy/invalid/node.def
@@ -1 +1,4 @@
help: Global firewall policy for packets part of an invalid connection
+
+commit:expression: $VAR(./action/) != "";
+ "No action set for state 'invalid'"
diff --git a/templates/firewall/state-policy/node.def b/templates/firewall/state-policy/node.def
index a745c31..230f090 100644
--- a/templates/firewall/state-policy/node.def
+++ b/templates/firewall/state-policy/node.def
@@ -1,6 +1,10 @@
priority: 200
help: Global firewall state-policy
+commit:expression: $VAR(./established) != "" || $VAR(./related) != ""
+ || $VAR(./invalid) != "";
+ "No policy set for either 'established', 'related', or 'invalid' state"
+
begin:
if ! /opt/vyatta/sbin/vyatta-fw-global-state-policy.pl \
--action=state-policy-validity-checks; then \
diff --git a/templates/firewall/state-policy/related/log/node.def b/templates/firewall/state-policy/related/log/node.def
index 245928b..9647b60 100644
--- a/templates/firewall/state-policy/related/log/node.def
+++ b/templates/firewall/state-policy/related/log/node.def
@@ -1 +1,4 @@
help: Option to log packets part of a related connection
+
+commit:expression: $VAR(./enable) != "";
+ "Need to set 'enable' to log packets part of a related connection"
diff --git a/templates/firewall/state-policy/related/node.def b/templates/firewall/state-policy/related/node.def
index df8d7c0..9e4d7dd 100644
--- a/templates/firewall/state-policy/related/node.def
+++ b/templates/firewall/state-policy/related/node.def
@@ -1 +1,4 @@
help: Global firewall policy for packets part of a related connection
+
+commit:expression: $VAR(./action/) != "";
+ "No action set for state 'related'"
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 08:34:34 +0000