diff options
| author | An-Cheng Huang <ancheng@vyatta.com> | 2007-10-01 13:14:31 -0700 |
|---|---|---|
| committer | An-Cheng Huang <ancheng@vyatta.com> | 2007-10-01 13:14:31 -0700 |
| commit | cfa368bbc1d4c55c42c60838e04fc523625932b7 (patch) | |
| tree | e439217d7e3ebb726b9954d7f823db2b47f18c9d /templates/policy/access-list | |
| download | vyatta-cfg-quagga-cfa368bbc1d4c55c42c60838e04fc523625932b7.tar.gz vyatta-cfg-quagga-cfa368bbc1d4c55c42c60838e04fc523625932b7.zip | |
initial import (from eureka /cli).upstream
Diffstat (limited to 'templates/policy/access-list')
15 files changed, 83 insertions, 0 deletions
diff --git a/templates/policy/access-list/node.def b/templates/policy/access-list/node.def new file mode 100644 index 00000000..b97eb0a6 --- /dev/null +++ b/templates/policy/access-list/node.def @@ -0,0 +1,14 @@ +tag: +type: u32 +help: "access-list number must be \n \ + <1-99> IP standard access list \n \ + <100-199> IP extended access list \n \ + <1300-1999> IP standard access list (expanded range) \n \ + <2000-2699> IP extended access list (expanded range) \n " +syntax: ($(@) >= 1 && $(@) <= 199) || ($(@) >= 1300 && $(@) <= 2699); \ +"access-list number must be \n \ + <1-99> IP standard access list \n \ + <100-199> IP extended access list \n \ + <1300-1999> IP standard access list (expanded range) \n \ + <2000-2699> IP extended access list (expanded range) \n " +end: "/opt/vyatta/sbin/vyatta_policy.pl --update-access-list $(@)" diff --git a/templates/policy/access-list/node.tag/description/node.def b/templates/policy/access-list/node.tag/description/node.def new file mode 100644 index 00000000..c5b70286 --- /dev/null +++ b/templates/policy/access-list/node.tag/description/node.def @@ -0,0 +1,2 @@ +type: txt +help: "access-list description" diff --git a/templates/policy/access-list/node.tag/rule/node.def b/templates/policy/access-list/node.tag/rule/node.def new file mode 100644 index 00000000..fb9ca24a --- /dev/null +++ b/templates/policy/access-list/node.tag/rule/node.def @@ -0,0 +1,4 @@ +tag: +type: u32 +help: "Specify access-list rule number" +syntax: $(@) >= 1 && $(@) <= 65535; "rule number must be between 1 and 65535" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/action/node.def b/templates/policy/access-list/node.tag/rule/node.tag/action/node.def new file mode 100644 index 00000000..bca61186 --- /dev/null +++ b/templates/policy/access-list/node.tag/rule/node.tag/action/node.def @@ -0,0 +1,3 @@ +type: txt +help: "action to take on packets matching this rule" +syntax: $(@) in "permit", "deny"; "must be permit or deny" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/description/node.def b/templates/policy/access-list/node.tag/rule/node.tag/description/node.def new file mode 100644 index 00000000..3d61ac85 --- /dev/null +++ b/templates/policy/access-list/node.tag/rule/node.tag/description/node.def @@ -0,0 +1,2 @@ +type: txt +help: "description for this rule" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/destination/any/node.def b/templates/policy/access-list/node.tag/rule/node.tag/destination/any/node.def new file mode 100644 index 00000000..6dbee23b --- /dev/null +++ b/templates/policy/access-list/node.tag/rule/node.tag/destination/any/node.def @@ -0,0 +1,9 @@ +help: "filter any IP address" +# TODO: won't work until 2220 is fixed +syntax: $(../host/@) == "" && $(../network/@) == ""; "You may only define one filter type. (host|network|any)" +# TODO: pending 2284 +syntax: ($(../../@) >= 100 && $(../../@) <= 199) || ($(../../@) >= 2000) && $(../../@) <= 2699); " \ +To set destination filter parameters, the access-list rule number must be \n \ + <100-199> IP extended access list \n \ + <2000-2699> IP extended access list (expanded range) \n" +commit: $(../../action/@) != ""; "You must specify an action before committing" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/destination/host/node.def b/templates/policy/access-list/node.tag/rule/node.tag/destination/host/node.def new file mode 100644 index 00000000..993c64ea --- /dev/null +++ b/templates/policy/access-list/node.tag/rule/node.tag/destination/host/node.def @@ -0,0 +1,9 @@ +type: ipv4 +help: "filter a host IP address" +syntax: $(../any/@) == "" && $(../network/@) == ""; "You may only define one filter type. (host|network|any)" +# TODO: pending 2284 +syntax: ($(../../@) >= 100 && $(../../@) <= 199) || ($(../../@) >= 2000) && $(../../@) <= 2699); " \ +To set destination filter parameters, the access-list rule number must be \n \ + <100-199> IP extended access list \n \ + <2000-2699> IP extended access list (expanded range) \n" +commit: $(../../action/@) != ""; "You must specify an action before committing" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/destination/inverse-mask/node.def b/templates/policy/access-list/node.tag/rule/node.tag/destination/inverse-mask/node.def new file mode 100644 index 00000000..37bbc95a --- /dev/null +++ b/templates/policy/access-list/node.tag/rule/node.tag/destination/inverse-mask/node.def @@ -0,0 +1,10 @@ +type: ipv4 +help: "filter a network IP netmask" +syntax: $(../any/@) == "" && $(../host/@) == ""; "You may only define one filter type. (host|network|any)" +# TODO: pending 2284 +syntax: ($(../../@) >= 100 && $(../../@) <= 199) || ($(../../@) >= 2000) && $(../../@) <= 2699); " \ +To set destination filter parameters, the access-list rule number must be \n \ + <100-199> IP extended access list \n \ + <2000-2699> IP extended access list (expanded range) \n" +commit: $(../network/@) != ""; "You must specify a network before committing" +commit: $(../../action/@) != ""; "You must specify an action before committing" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/destination/network/node.def b/templates/policy/access-list/node.tag/rule/node.tag/destination/network/node.def new file mode 100644 index 00000000..c016170f --- /dev/null +++ b/templates/policy/access-list/node.tag/rule/node.tag/destination/network/node.def @@ -0,0 +1,10 @@ +type: ipv4 +help: "filter a network IP address" +syntax: $(../host/@) != "" || $(../any/@) != ""; "You may only define one filter type. (host|network|any)" +# TODO: pending 2284 +syntax: ($(../../@) >= 100 && $(../../@) <= 199) || ($(../../@) >= 2000) && $(../../@) <= 2699); " \ +To set destination filter parameters, the access-list rule number must be \n \ + <100-199> IP extended access list \n \ + <2000-2699> IP extended access list (expanded range) \n" +commit: $(../inverse-mask/@) != ""; "You must specify an inverse-mask before comitting" +commit: $(../../action/@) != ""; "You must specify an action before committing" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/destination/node.def b/templates/policy/access-list/node.tag/rule/node.tag/destination/node.def new file mode 100644 index 00000000..21f3005a --- /dev/null +++ b/templates/policy/access-list/node.tag/rule/node.tag/destination/node.def @@ -0,0 +1 @@ +help: "define a destination address or network filter" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/source/any/node.def b/templates/policy/access-list/node.tag/rule/node.tag/source/any/node.def new file mode 100644 index 00000000..34c30831 --- /dev/null +++ b/templates/policy/access-list/node.tag/rule/node.tag/source/any/node.def @@ -0,0 +1,4 @@ +help: "filter any IP address" +# TODO: won't work until 2220 is fixed +syntax: $(../host/@) == "" && $(../network/@) == ""; "You may only define one filter type. (host|network|any)" +commit: $(../../action/@) != ""; "You must specify an action before committing" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/source/host/node.def b/templates/policy/access-list/node.tag/rule/node.tag/source/host/node.def new file mode 100644 index 00000000..5b1b6257 --- /dev/null +++ b/templates/policy/access-list/node.tag/rule/node.tag/source/host/node.def @@ -0,0 +1,4 @@ +type: ipv4 +help: "filter a host IP address" +syntax: $(../any/@) == "" && $(../network/@) == ""; "You may only define one filter type. (host|network|any)" +commit: $(../../action/@) != ""; "You must specify an action before committing" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/source/inverse-mask/node.def b/templates/policy/access-list/node.tag/rule/node.tag/source/inverse-mask/node.def new file mode 100644 index 00000000..8b77960d --- /dev/null +++ b/templates/policy/access-list/node.tag/rule/node.tag/source/inverse-mask/node.def @@ -0,0 +1,5 @@ +type: ipv4 +help: "filter a network IP netmask" +syntax: $(../any/@) == "" || $(../host/@) == ""; "You may only define one filter type. (host|network|any)" +commit: $(../network/@) != ""; "You must specify a network before committing" +commit: $(../../action/@) != ""; "You must specify an action before committing" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/source/network/node.def b/templates/policy/access-list/node.tag/rule/node.tag/source/network/node.def new file mode 100644 index 00000000..f95182ac --- /dev/null +++ b/templates/policy/access-list/node.tag/rule/node.tag/source/network/node.def @@ -0,0 +1,5 @@ +type: ipv4 +help: "filter a network IP address" +syntax: $(../host/@) == "" && $(../any/@) == ""; "You may only define one filter type. (host|network|any)" +commit: $(../inverse-mask/@) != ""; "You must specify an inverse-mask before comitting" +commit: $(../../action/@) != ""; "You must specify an action before committing" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/source/node.def b/templates/policy/access-list/node.tag/rule/node.tag/source/node.def new file mode 100644 index 00000000..69a6c7b4 --- /dev/null +++ b/templates/policy/access-list/node.tag/rule/node.tag/source/node.def @@ -0,0 +1 @@ +help: "define a source address or network filter" |