From b2ce7e136b620e8c870285d84a4796b1810b2191 Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Wed, 15 Oct 2008 10:17:53 -0700 Subject: Bugfix: 3684 Add firewall configuration parameters for ADSL bridged ethernet encapsulation. --- .../bridged-ethernet/firewall/in/name/node.def | 18 ++++++++++++++++++ .../pvc/node.tag/bridged-ethernet/firewall/in/node.def | 1 + .../bridged-ethernet/firewall/local/name/node.def | 18 ++++++++++++++++++ .../node.tag/bridged-ethernet/firewall/local/node.def | 1 + .../pvc/node.tag/bridged-ethernet/firewall/node.def | 1 + .../bridged-ethernet/firewall/out/name/node.def | 18 ++++++++++++++++++ .../node.tag/bridged-ethernet/firewall/out/node.def | 1 + 7 files changed, 58 insertions(+) create mode 100644 templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/in/name/node.def create mode 100644 templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/in/node.def create mode 100644 templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/local/name/node.def create mode 100644 templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/local/node.def create mode 100644 templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/node.def create mode 100644 templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/out/name/node.def create mode 100644 templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/out/node.def (limited to 'templates/interfaces') diff --git a/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/in/name/node.def b/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/in/name/node.def new file mode 100644 index 0000000..871d2c4 --- /dev/null +++ b/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/in/name/node.def @@ -0,0 +1,18 @@ +type: txt + +help: Set inbound interface filter name + +create:expression: "sh -c \"echo create if=[$VAR(../../../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../../../@) $VAR(..) $VAR(@)\" " + +update:expression: "sh -c \"echo update if=[$VAR(../../../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../../../@) $VAR(..) $VAR(@)\" " + +delete:expression: "sh -c \"echo delete if=[$VAR(../../../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces delete $VAR(../../../../../@) $VAR(..) $VAR(@)\" " diff --git a/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/in/node.def b/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/in/node.def new file mode 100644 index 0000000..eccc79b --- /dev/null +++ b/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/in/node.def @@ -0,0 +1 @@ +help: Set filter for forwarded packets on inbound interface diff --git a/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/local/name/node.def b/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/local/name/node.def new file mode 100644 index 0000000..9a025ec --- /dev/null +++ b/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/local/name/node.def @@ -0,0 +1,18 @@ +type: txt + +help: Set local filter name + +create:expression: "sh -c \"echo create if=[$VAR(../../../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../../../@) $VAR(..) $VAR(@)\" " + +update:expression: "sh -c \"echo update if=[$VAR(../../../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../../../@) $VAR(..) $VAR(@)\" " + +delete:expression: "sh -c \"echo delete if=[$VAR(../../../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces delete $VAR(../../../../../@) $VAR(..) $VAR(@)\" " diff --git a/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/local/node.def b/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/local/node.def new file mode 100644 index 0000000..2595835 --- /dev/null +++ b/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/local/node.def @@ -0,0 +1 @@ +help: Set filter for packets destined for this router diff --git a/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/node.def b/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/node.def new file mode 100644 index 0000000..11748d2 --- /dev/null +++ b/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/node.def @@ -0,0 +1 @@ +help: Set firewall options diff --git a/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/out/name/node.def b/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/out/name/node.def new file mode 100644 index 0000000..e1a82da --- /dev/null +++ b/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/out/name/node.def @@ -0,0 +1,18 @@ +type: txt + +help: Set outbound interface filter name + +create:expression: "sh -c \"echo create if=[$VAR(../../../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../../../@) $VAR(..) $VAR(@)\" " + +update:expression: "sh -c \"echo update if=[$VAR(../../../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces update $VAR(../../../../../@) $VAR(..) $VAR(@)\" " + +delete:expression: "sh -c \"echo delete if=[$VAR(../../../../../@)] dir=[$VAR(..)] name=[$VAR(@)] \ +>> /tmp/cli.log && \ +sudo /opt/vyatta/sbin/vyatta-firewall.pl \ +--update-interfaces delete $VAR(../../../../../@) $VAR(..) $VAR(@)\" " diff --git a/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/out/node.def b/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/out/node.def new file mode 100644 index 0000000..3aec5f0 --- /dev/null +++ b/templates/interfaces/adsl/node.tag/pvc/node.tag/bridged-ethernet/firewall/out/node.def @@ -0,0 +1 @@ +help: Set filter for forwarded packets on outbound interface -- cgit v1.2.3