diff options
| author | Shirish Sandesara <shirish.sandesara@vyatta.com> | 2013-05-28 14:23:04 -0700 |
|---|---|---|
| committer | Shirish Sandesara <shirish.sandesara@vyatta.com> | 2013-05-28 14:23:04 -0700 |
| commit | 5822867924c6ffca8ed0d7c4dfb8d7fd41ce7231 (patch) | |
| tree | 165f220c217490d74782baa8e0e6c2083d4b9c7b | |
| parent | c9d72ff7ad1d4cc13517bbfc6a2375ff757c767c (diff) | |
| download | vyatta-cfg-quagga-5822867924c6ffca8ed0d7c4dfb8d7fd41ce7231.tar.gz vyatta-cfg-quagga-5822867924c6ffca8ed0d7c4dfb8d7fd41ce7231.zip | |
Move policy route[6] back into vplane-config-npf
38 files changed, 2 insertions, 230 deletions
diff --git a/debian/vyatta-cfg-quagga-extra.install b/debian/vyatta-cfg-quagga-extra.install index a4bb9cc3..4048ccf1 100644 --- a/debian/vyatta-cfg-quagga-extra.install +++ b/debian/vyatta-cfg-quagga-extra.install @@ -1,5 +1,3 @@ -opt/vyatta/share/vyatta-cfg/templates/policy -opt/vyatta/share/vyatta-cfg/templates/protocols opt/vyatta/share/vyatta-cfg/templates/interfaces/pseudo-ethernet opt/vyatta/share/vyatta-cfg/templates/interfaces/bonding opt/vyatta/share/vyatta-cfg/templates/interfaces/ethernet/node.tag/pppoe diff --git a/debian/vyatta-cfg-quagga.install b/debian/vyatta-cfg-quagga.install index 86427074..2cda1c61 100644 --- a/debian/vyatta-cfg-quagga.install +++ b/debian/vyatta-cfg-quagga.install @@ -11,3 +11,5 @@ opt/vyatta/share/vyatta-cfg/templates/interfaces/loopback opt/vyatta/share/vyatta-cfg/templates/interfaces/openvpn opt/vyatta/share/vyatta-cfg/templates/interfaces/tunnel opt/vyatta/share/vyatta-cfg/templates/interfaces/vti +opt/vyatta/share/vyatta-cfg/templates/policy +opt/vyatta/share/vyatta-cfg/templates/protocols diff --git a/templates/policy/route/node.def b/templates/policy/route/node.def deleted file mode 100644 index d511b474..00000000 --- a/templates/policy/route/node.def +++ /dev/null @@ -1,5 +0,0 @@ -tag: -type: txt -help: pbr route-map (group made of rules) name - -delete: /opt/vyatta/sbin/vyatta-dp-pbr.pl --cmd=delete-group --group=$VAR(@) diff --git a/templates/policy/route/node.tag/rule/node.def b/templates/policy/route/node.tag/rule/node.def deleted file mode 100644 index 7964f3f4..00000000 --- a/templates/policy/route/node.tag/rule/node.def +++ /dev/null @@ -1,19 +0,0 @@ -tag: - -type: u32 - -help: Rule number (1-998) - -syntax:expression: $VAR(@) > 0 && $VAR(@) <= 998; "pbr rule number must be between 1 and 998" - -val_help: u32:1-998; Rule number - - -end: if [ ${COMMIT_ACTION} = 'DELETE' ] ; - then - /opt/vyatta/sbin/vyatta-dp-pbr.pl --cmd=delete --group="$VAR(../@)" --rule="$VAR(@)"; - else - /opt/vyatta/sbin/vyatta-dp-pbr.pl --cmd=update --group="$VAR(../@)" --rule="$VAR(@)"; - fi - - diff --git a/templates/policy/route/node.tag/rule/node.tag/action/node.def b/templates/policy/route/node.tag/rule/node.tag/action/node.def deleted file mode 100644 index 17b595ac..00000000 --- a/templates/policy/route/node.tag/rule/node.tag/action/node.def +++ /dev/null @@ -1,11 +0,0 @@ -type: txt - -help: Rule action [REQUIRED] - -syntax:expression: $VAR(@) in "allow", "deny"; - "action must be allow or deny" - -allowed: echo "deny allow" - -val_help: deny ; Rule action to deny -val_help: allow ; Rule action to allow diff --git a/templates/policy/route/node.tag/rule/node.tag/destination/address/node.def b/templates/policy/route/node.tag/rule/node.tag/destination/address/node.def deleted file mode 100644 index 83d75145..00000000 --- a/templates/policy/route/node.tag/rule/node.tag/destination/address/node.def +++ /dev/null @@ -1,10 +0,0 @@ -type: txt - -help: Destination IP address, subnet, or range - -val_help: ipv4; IP address to match -val_help: ipv4net; Subnet to match -val_help: ipv4range; IP range to match -val_help: !ipv4; Match everything except the specified address -val_help: !ipv4net; Match everything except the specified subnet -val_help: !ipv4range; Match everything except the specified range diff --git a/templates/policy/route/node.tag/rule/node.tag/destination/node.def b/templates/policy/route/node.tag/rule/node.tag/destination/node.def deleted file mode 100644 index dc227b70..00000000 --- a/templates/policy/route/node.tag/rule/node.tag/destination/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Destination parameters diff --git a/templates/policy/route/node.tag/rule/node.tag/destination/port/node.def b/templates/policy/route/node.tag/rule/node.tag/destination/port/node.def deleted file mode 100644 index 58e196bd..00000000 --- a/templates/policy/route/node.tag/rule/node.tag/destination/port/node.def +++ /dev/null @@ -1,9 +0,0 @@ -type: txt - -help: Destination port - -val_help: <port name>; Named port (any name in /etc/services, e.g., http) -val_help: u32:1-65535; Numbered port -val_help: range; Numbered port range (e.g., 1001-1005) -comp_help: Multiple destination ports can be specified as a comma-separated list. - 'telnet,http,123,1001-1005' diff --git a/templates/policy/route/node.tag/rule/node.tag/icmp/code/node.def b/templates/policy/route/node.tag/rule/node.tag/icmp/code/node.def deleted file mode 100644 index 84f77b4d..00000000 --- a/templates/policy/route/node.tag/rule/node.tag/icmp/code/node.def +++ /dev/null @@ -1,5 +0,0 @@ -type: u32; "ICMP code must be between 0 and 255" - -help: ICMP code (0-255) - -syntax:expression: $VAR(@) >=0 && $VAR(@) <= 255; "ICMP code must be between 0 and 255" diff --git a/templates/policy/route/node.tag/rule/node.tag/icmp/node.def b/templates/policy/route/node.tag/rule/node.tag/icmp/node.def deleted file mode 100644 index 33a8e894..00000000 --- a/templates/policy/route/node.tag/rule/node.tag/icmp/node.def +++ /dev/null @@ -1 +0,0 @@ -help: ICMP type and code information diff --git a/templates/policy/route/node.tag/rule/node.tag/icmp/type/node.def b/templates/policy/route/node.tag/rule/node.tag/icmp/type/node.def deleted file mode 100644 index ce69c452..00000000 --- a/templates/policy/route/node.tag/rule/node.tag/icmp/type/node.def +++ /dev/null @@ -1,5 +0,0 @@ -type: u32; "ICMP type must be between 0 and 255" - -help: ICMP type (0-255) - -syntax:expression: $VAR(@) >=0 && $VAR(@) <= 255; "ICMP type must be between 0 and 255" diff --git a/templates/policy/route/node.tag/rule/node.tag/node.def b/templates/policy/route/node.tag/rule/node.tag/node.def deleted file mode 100644 index 2024d5f8..00000000 --- a/templates/policy/route/node.tag/rule/node.tag/node.def +++ /dev/null @@ -1 +0,0 @@ -help: pbr in rule number diff --git a/templates/policy/route/node.tag/rule/node.tag/protocol/node.def b/templates/policy/route/node.tag/rule/node.tag/protocol/node.def deleted file mode 100644 index 24735ad4..00000000 --- a/templates/policy/route/node.tag/rule/node.tag/protocol/node.def +++ /dev/null @@ -1,9 +0,0 @@ -type: txt - -help: Protocol to match (tcp, udp or icmp) - - -# Provide some help for command completion. Doesn't return negated -# values or protocol numbers -allowed: - echo -n "tcp udp icmp" diff --git a/templates/policy/route/node.tag/rule/node.tag/source/address/node.def b/templates/policy/route/node.tag/rule/node.tag/source/address/node.def deleted file mode 100644 index 72d6a170..00000000 --- a/templates/policy/route/node.tag/rule/node.tag/source/address/node.def +++ /dev/null @@ -1,8 +0,0 @@ -type: txt -help: Source IP address, subnet, or range -val_help: ipv4; IP address to match -val_help: ipv4net; Subnet to match -val_help: ipv4range; IP range to match -val_help: !ipv4; Match everything except the specified address -val_help: !ipv4net; Match everything except the specified subnet -val_help: !ipv4range; Match everything except the specified range diff --git a/templates/policy/route/node.tag/rule/node.tag/source/node.def b/templates/policy/route/node.tag/rule/node.tag/source/node.def deleted file mode 100644 index 84cdc1f3..00000000 --- a/templates/policy/route/node.tag/rule/node.tag/source/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Source parameters diff --git a/templates/policy/route/node.tag/rule/node.tag/source/port/node.def b/templates/policy/route/node.tag/rule/node.tag/source/port/node.def deleted file mode 100644 index e69685ab..00000000 --- a/templates/policy/route/node.tag/rule/node.tag/source/port/node.def +++ /dev/null @@ -1,7 +0,0 @@ -type: txt -help: Source port -val_help: <port name>; Named port (any name in /etc/services, e.g., http) -val_help: u32:1-65535; Numbered port -val_help: range; Numbered port range (e.g., 1001-1005) -comp_help: Multiple source ports can be specified as a comma-separated list. - 'telnet,http,123,1001-1005' diff --git a/templates/policy/route/node.tag/rule/node.tag/state/node.def b/templates/policy/route/node.tag/rule/node.tag/state/node.def deleted file mode 100644 index 588e4763..00000000 --- a/templates/policy/route/node.tag/rule/node.tag/state/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Enable state firewall rule - diff --git a/templates/policy/route/node.tag/rule/node.tag/table/node.def b/templates/policy/route/node.tag/rule/node.tag/table/node.def deleted file mode 100644 index 2e7c4e0b..00000000 --- a/templates/policy/route/node.tag/rule/node.tag/table/node.def +++ /dev/null @@ -1,5 +0,0 @@ -type: u32 -help: Policy Based Routing Table id -syntax:expression: $VAR(@) > 0 && $VAR(@) <201 ; "table id must be greater than 0 and less than or equeal to 200" -val_help: u32:1-200; - diff --git a/templates/policy/route/node.tag/rule/node.tag/tcp/flags/node.def b/templates/policy/route/node.tag/rule/node.tag/tcp/flags/node.def deleted file mode 100644 index f6235173..00000000 --- a/templates/policy/route/node.tag/rule/node.tag/tcp/flags/node.def +++ /dev/null @@ -1,13 +0,0 @@ -type: txt -help: TCP flags to match -syntax:expression: pattern $VAR(@) "^((!?ALL)|((!?(SYN|ACK|FIN|RST|PSH|URG),)*(!?(SYN|ACK|FIN|RST|PSH|URG))))$" ; \ -"Invalid value for TCP flags. Allowed values : SYN ACK FIN RST URG PSH ALL -When specifying more than one flag, flags should be comma-separated. -For example : value of 'SYN,!ACK,!FIN,!RST' will only match packets with -the SYN flag set, and the ACK, FIN and RST flags unset" - -comp_help: Allowed values for TCP flags : SYN ACK FIN RST URG PSH ALL -When specifying more than one flag, flags should be comma-separated. -For example : value of 'SYN,!ACK,!FIN,!RST' will only match packets with -the SYN flag set, and the ACK, FIN and RST flags unset - diff --git a/templates/policy/route/node.tag/rule/node.tag/tcp/node.def b/templates/policy/route/node.tag/rule/node.tag/tcp/node.def deleted file mode 100644 index a57ef521..00000000 --- a/templates/policy/route/node.tag/rule/node.tag/tcp/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: TCP flags to match - diff --git a/templates/policy/route6/node.def b/templates/policy/route6/node.def deleted file mode 100644 index 088e4d2a..00000000 --- a/templates/policy/route6/node.def +++ /dev/null @@ -1,5 +0,0 @@ -tag: -type: txt -help: IPv6 pbr route-map (group made of rules) name - -delete: /opt/vyatta/sbin/vyatta-dp-pbr.pl --cmd=delete-group --group=$VAR(@) diff --git a/templates/policy/route6/node.tag/rule/node.def b/templates/policy/route6/node.tag/rule/node.def deleted file mode 100644 index 7964f3f4..00000000 --- a/templates/policy/route6/node.tag/rule/node.def +++ /dev/null @@ -1,19 +0,0 @@ -tag: - -type: u32 - -help: Rule number (1-998) - -syntax:expression: $VAR(@) > 0 && $VAR(@) <= 998; "pbr rule number must be between 1 and 998" - -val_help: u32:1-998; Rule number - - -end: if [ ${COMMIT_ACTION} = 'DELETE' ] ; - then - /opt/vyatta/sbin/vyatta-dp-pbr.pl --cmd=delete --group="$VAR(../@)" --rule="$VAR(@)"; - else - /opt/vyatta/sbin/vyatta-dp-pbr.pl --cmd=update --group="$VAR(../@)" --rule="$VAR(@)"; - fi - - diff --git a/templates/policy/route6/node.tag/rule/node.tag/action/node.def b/templates/policy/route6/node.tag/rule/node.tag/action/node.def deleted file mode 100644 index 17b595ac..00000000 --- a/templates/policy/route6/node.tag/rule/node.tag/action/node.def +++ /dev/null @@ -1,11 +0,0 @@ -type: txt - -help: Rule action [REQUIRED] - -syntax:expression: $VAR(@) in "allow", "deny"; - "action must be allow or deny" - -allowed: echo "deny allow" - -val_help: deny ; Rule action to deny -val_help: allow ; Rule action to allow diff --git a/templates/policy/route6/node.tag/rule/node.tag/destination/address/node.def b/templates/policy/route6/node.tag/rule/node.tag/destination/address/node.def deleted file mode 100644 index 087960fb..00000000 --- a/templates/policy/route6/node.tag/rule/node.tag/destination/address/node.def +++ /dev/null @@ -1,10 +0,0 @@ -type: txt - -help: Destination IP address, subnet, or range - -val_help: ipv6; IP address to match -val_help: ipv6net; Subnet to match -val_help: ipv6range; IP range to match -val_help: !ipv6; Match everything except the specified address -val_help: !ipv6net; Match everything except the specified subnet -val_help: !ipv6range; Match everything except the specified range diff --git a/templates/policy/route6/node.tag/rule/node.tag/destination/node.def b/templates/policy/route6/node.tag/rule/node.tag/destination/node.def deleted file mode 100644 index dc227b70..00000000 --- a/templates/policy/route6/node.tag/rule/node.tag/destination/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Destination parameters diff --git a/templates/policy/route6/node.tag/rule/node.tag/destination/port/node.def b/templates/policy/route6/node.tag/rule/node.tag/destination/port/node.def deleted file mode 100644 index 58e196bd..00000000 --- a/templates/policy/route6/node.tag/rule/node.tag/destination/port/node.def +++ /dev/null @@ -1,9 +0,0 @@ -type: txt - -help: Destination port - -val_help: <port name>; Named port (any name in /etc/services, e.g., http) -val_help: u32:1-65535; Numbered port -val_help: range; Numbered port range (e.g., 1001-1005) -comp_help: Multiple destination ports can be specified as a comma-separated list. - 'telnet,http,123,1001-1005' diff --git a/templates/policy/route6/node.tag/rule/node.tag/icmp/code/node.def b/templates/policy/route6/node.tag/rule/node.tag/icmp/code/node.def deleted file mode 100644 index 84f77b4d..00000000 --- a/templates/policy/route6/node.tag/rule/node.tag/icmp/code/node.def +++ /dev/null @@ -1,5 +0,0 @@ -type: u32; "ICMP code must be between 0 and 255" - -help: ICMP code (0-255) - -syntax:expression: $VAR(@) >=0 && $VAR(@) <= 255; "ICMP code must be between 0 and 255" diff --git a/templates/policy/route6/node.tag/rule/node.tag/icmp/node.def b/templates/policy/route6/node.tag/rule/node.tag/icmp/node.def deleted file mode 100644 index 33a8e894..00000000 --- a/templates/policy/route6/node.tag/rule/node.tag/icmp/node.def +++ /dev/null @@ -1 +0,0 @@ -help: ICMP type and code information diff --git a/templates/policy/route6/node.tag/rule/node.tag/icmp/type/node.def b/templates/policy/route6/node.tag/rule/node.tag/icmp/type/node.def deleted file mode 100644 index ce69c452..00000000 --- a/templates/policy/route6/node.tag/rule/node.tag/icmp/type/node.def +++ /dev/null @@ -1,5 +0,0 @@ -type: u32; "ICMP type must be between 0 and 255" - -help: ICMP type (0-255) - -syntax:expression: $VAR(@) >=0 && $VAR(@) <= 255; "ICMP type must be between 0 and 255" diff --git a/templates/policy/route6/node.tag/rule/node.tag/node.def b/templates/policy/route6/node.tag/rule/node.tag/node.def deleted file mode 100644 index e4043b92..00000000 --- a/templates/policy/route6/node.tag/rule/node.tag/node.def +++ /dev/null @@ -1 +0,0 @@ -help: V6 pbr rule number diff --git a/templates/policy/route6/node.tag/rule/node.tag/protocol/node.def b/templates/policy/route6/node.tag/rule/node.tag/protocol/node.def deleted file mode 100644 index 24735ad4..00000000 --- a/templates/policy/route6/node.tag/rule/node.tag/protocol/node.def +++ /dev/null @@ -1,9 +0,0 @@ -type: txt - -help: Protocol to match (tcp, udp or icmp) - - -# Provide some help for command completion. Doesn't return negated -# values or protocol numbers -allowed: - echo -n "tcp udp icmp" diff --git a/templates/policy/route6/node.tag/rule/node.tag/source/address/node.def b/templates/policy/route6/node.tag/rule/node.tag/source/address/node.def deleted file mode 100644 index 503b9bd8..00000000 --- a/templates/policy/route6/node.tag/rule/node.tag/source/address/node.def +++ /dev/null @@ -1,8 +0,0 @@ -type: txt -help: Source IP address, subnet, or range -val_help: ipv6; IP address to match -val_help: ipv6net; Subnet to match -val_help: ipv6range; IP range to match -val_help: !ipv6; Match everything except the specified address -val_help: !ipv6net; Match everything except the specified subnet -val_help: !ipv6range; Match everything except the specified range diff --git a/templates/policy/route6/node.tag/rule/node.tag/source/node.def b/templates/policy/route6/node.tag/rule/node.tag/source/node.def deleted file mode 100644 index 84cdc1f3..00000000 --- a/templates/policy/route6/node.tag/rule/node.tag/source/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Source parameters diff --git a/templates/policy/route6/node.tag/rule/node.tag/source/port/node.def b/templates/policy/route6/node.tag/rule/node.tag/source/port/node.def deleted file mode 100644 index e69685ab..00000000 --- a/templates/policy/route6/node.tag/rule/node.tag/source/port/node.def +++ /dev/null @@ -1,7 +0,0 @@ -type: txt -help: Source port -val_help: <port name>; Named port (any name in /etc/services, e.g., http) -val_help: u32:1-65535; Numbered port -val_help: range; Numbered port range (e.g., 1001-1005) -comp_help: Multiple source ports can be specified as a comma-separated list. - 'telnet,http,123,1001-1005' diff --git a/templates/policy/route6/node.tag/rule/node.tag/state/node.def b/templates/policy/route6/node.tag/rule/node.tag/state/node.def deleted file mode 100644 index 588e4763..00000000 --- a/templates/policy/route6/node.tag/rule/node.tag/state/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Enable state firewall rule - diff --git a/templates/policy/route6/node.tag/rule/node.tag/table/node.def b/templates/policy/route6/node.tag/rule/node.tag/table/node.def deleted file mode 100644 index 18b9c103..00000000 --- a/templates/policy/route6/node.tag/rule/node.tag/table/node.def +++ /dev/null @@ -1,5 +0,0 @@ -type: u32 -help: V6 Policy Based Routing Table id -syntax:expression: $VAR(@) > 0 && $VAR(@) <201 ; "table id must be greater than 0 and less than or equeal to 200" -val_help: u32:1-200; - diff --git a/templates/policy/route6/node.tag/rule/node.tag/tcp/flags/node.def b/templates/policy/route6/node.tag/rule/node.tag/tcp/flags/node.def deleted file mode 100644 index f6235173..00000000 --- a/templates/policy/route6/node.tag/rule/node.tag/tcp/flags/node.def +++ /dev/null @@ -1,13 +0,0 @@ -type: txt -help: TCP flags to match -syntax:expression: pattern $VAR(@) "^((!?ALL)|((!?(SYN|ACK|FIN|RST|PSH|URG),)*(!?(SYN|ACK|FIN|RST|PSH|URG))))$" ; \ -"Invalid value for TCP flags. Allowed values : SYN ACK FIN RST URG PSH ALL -When specifying more than one flag, flags should be comma-separated. -For example : value of 'SYN,!ACK,!FIN,!RST' will only match packets with -the SYN flag set, and the ACK, FIN and RST flags unset" - -comp_help: Allowed values for TCP flags : SYN ACK FIN RST URG PSH ALL -When specifying more than one flag, flags should be comma-separated. -For example : value of 'SYN,!ACK,!FIN,!RST' will only match packets with -the SYN flag set, and the ACK, FIN and RST flags unset - diff --git a/templates/policy/route6/node.tag/rule/node.tag/tcp/node.def b/templates/policy/route6/node.tag/rule/node.tag/tcp/node.def deleted file mode 100644 index a57ef521..00000000 --- a/templates/policy/route6/node.tag/rule/node.tag/tcp/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: TCP flags to match - |