summaryrefslogtreecommitdiff
path: root/templates/policy
diff options
context:
space:
mode:
authorStig Thormodsrud <stig@vyatta.com>2010-01-18 16:22:29 -0800
committerStig Thormodsrud <stig@vyatta.com>2010-01-18 16:22:29 -0800
commit90fee79f793f26a39a05cd8feadb3d15ff3fd13e (patch)
treea0fdd0032f7fa69a40f421e1a332ded11c1197d6 /templates/policy
parent6fcc7325db526924cf21123a9f9ab662a64e490c (diff)
downloadvyatta-cfg-quagga-90fee79f793f26a39a05cd8feadb3d15ff3fd13e.tar.gz
vyatta-cfg-quagga-90fee79f793f26a39a05cd8feadb3d15ff3fd13e.zip
Add IPv6 policy access-list.
Diffstat (limited to 'templates/policy')
-rw-r--r--templates/policy/access-list6/node.def17
-rw-r--r--templates/policy/access-list6/node.tag/description/node.def2
-rw-r--r--templates/policy/access-list6/node.tag/rule/node.def11
-rw-r--r--templates/policy/access-list6/node.tag/rule/node.tag/action/node.def9
-rw-r--r--templates/policy/access-list6/node.tag/rule/node.tag/description/node.def2
-rw-r--r--templates/policy/access-list6/node.tag/rule/node.tag/source/any/node.def5
-rw-r--r--templates/policy/access-list6/node.tag/rule/node.tag/source/exact-match/node.def3
-rw-r--r--templates/policy/access-list6/node.tag/rule/node.tag/source/network/node.def10
-rw-r--r--templates/policy/access-list6/node.tag/rule/node.tag/source/node.def1
-rw-r--r--templates/policy/route-map/node.tag/description/node.def2
-rw-r--r--templates/policy/route-map/node.tag/rule/node.def2
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/address/access-list/node.def11
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/nexthop/access-list/node.def11
13 files changed, 70 insertions, 16 deletions
diff --git a/templates/policy/access-list6/node.def b/templates/policy/access-list6/node.def
new file mode 100644
index 00000000..01a5f90f
--- /dev/null
+++ b/templates/policy/access-list6/node.def
@@ -0,0 +1,17 @@
+tag:
+
+type: txt
+
+help: Set IPv6 access-list filter
+
+syntax:expression: pattern $VAR(@) "^[[:graph:]]{1,64}$" ; \
+ "access-list name must be 64 characters or less"
+syntax:expression: pattern $VAR(@) "^[^-]" ; \
+ "access-list name cannot start with \"-\""
+syntax:expression: pattern $VAR(@) "^[^|;&$<>]*$" ; \
+ "access-list name cannot contain shell punctuation"
+
+end: /opt/vyatta/sbin/vyatta-policy.pl --update-access-list6 "$VAR(@)"
+
+comp_help: possible completions:
+ <txt> Set name of ipv6 access-list
diff --git a/templates/policy/access-list6/node.tag/description/node.def b/templates/policy/access-list6/node.tag/description/node.def
new file mode 100644
index 00000000..2ed57fe5
--- /dev/null
+++ b/templates/policy/access-list6/node.tag/description/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: Set a description for this IPv6 access-list
diff --git a/templates/policy/access-list6/node.tag/rule/node.def b/templates/policy/access-list6/node.tag/rule/node.def
new file mode 100644
index 00000000..68666a4e
--- /dev/null
+++ b/templates/policy/access-list6/node.tag/rule/node.def
@@ -0,0 +1,11 @@
+tag:
+
+type: u32
+
+help: Set a rule for this access-list6
+
+syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; \
+ "rule number must be between 1 and 65535"
+
+comp_help: possible completions:
+ <1-65535> Set access-list6 rule number
diff --git a/templates/policy/access-list6/node.tag/rule/node.tag/action/node.def b/templates/policy/access-list6/node.tag/rule/node.tag/action/node.def
new file mode 100644
index 00000000..00d8d511
--- /dev/null
+++ b/templates/policy/access-list6/node.tag/rule/node.tag/action/node.def
@@ -0,0 +1,9 @@
+type: txt
+
+help: Set action to take on networks matching this rule [REQUIRED]
+
+syntax:expression: $VAR(@) in "permit", "deny"; "action must be permit or deny"
+
+comp_help: possible completions
+ permit permit matching networks
+ deny deny matching networks
diff --git a/templates/policy/access-list6/node.tag/rule/node.tag/description/node.def b/templates/policy/access-list6/node.tag/rule/node.tag/description/node.def
new file mode 100644
index 00000000..9fbe0f6c
--- /dev/null
+++ b/templates/policy/access-list6/node.tag/rule/node.tag/description/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: Set a description for this IPv6 access-list rule
diff --git a/templates/policy/access-list6/node.tag/rule/node.tag/source/any/node.def b/templates/policy/access-list6/node.tag/rule/node.tag/source/any/node.def
new file mode 100644
index 00000000..94dac8f3
--- /dev/null
+++ b/templates/policy/access-list6/node.tag/rule/node.tag/source/any/node.def
@@ -0,0 +1,5 @@
+help: Set any IPv6 address to match
+
+commit:expression: ($VAR(../network/) == ""); "policy access-list6 $VAR(../../../@) rule $VAR(../../@) source: you may only define one filter type. (network|any)"
+
+commit:expression: $VAR(../../action/) != ""; "policy access-list6 $VAR(../../../@) rule $VAR(../../@) source: you must specify an action"
diff --git a/templates/policy/access-list6/node.tag/rule/node.tag/source/exact-match/node.def b/templates/policy/access-list6/node.tag/rule/node.tag/source/exact-match/node.def
new file mode 100644
index 00000000..170efc33
--- /dev/null
+++ b/templates/policy/access-list6/node.tag/rule/node.tag/source/exact-match/node.def
@@ -0,0 +1,3 @@
+help: Exact match of the network prefixes
+
+commit:expression: ($VAR(../any/) == ""); "policy access-list6 $VAR(../../../@) rule $VAR(../../@) source: exact-match can only be used with a network filter "
diff --git a/templates/policy/access-list6/node.tag/rule/node.tag/source/network/node.def b/templates/policy/access-list6/node.tag/rule/node.tag/source/network/node.def
new file mode 100644
index 00000000..085a59ec
--- /dev/null
+++ b/templates/policy/access-list6/node.tag/rule/node.tag/source/network/node.def
@@ -0,0 +1,10 @@
+type: ipv6net
+
+help: Set a network/netmask to match (requires inverse-mask be defined)
+
+comp_help: possible completions:
+ <h:h:h:h:h:h:h:h/x> Set the IPv6 address and prefix length
+
+commit:expression: ($VAR(../any/) == ""); "policy access-list6 $VAR(../../../@) rule $VAR(../../@) source: you may only define one filter type. (network|any)"
+
+commit:expression: $VAR(../../action/) != ""; "policy access-list6 $VAR(../../../@) rule $VAR(../../@) source: you must specify an action"
diff --git a/templates/policy/access-list6/node.tag/rule/node.tag/source/node.def b/templates/policy/access-list6/node.tag/rule/node.tag/source/node.def
new file mode 100644
index 00000000..37277c3d
--- /dev/null
+++ b/templates/policy/access-list6/node.tag/rule/node.tag/source/node.def
@@ -0,0 +1 @@
+help: Set source IPv6 network to match
diff --git a/templates/policy/route-map/node.tag/description/node.def b/templates/policy/route-map/node.tag/description/node.def
index 040ef5c1..27f1ce01 100644
--- a/templates/policy/route-map/node.tag/description/node.def
+++ b/templates/policy/route-map/node.tag/description/node.def
@@ -1,2 +1,2 @@
type: txt
-help: Set a description for this access-list
+help: Set a description for this route-map
diff --git a/templates/policy/route-map/node.tag/rule/node.def b/templates/policy/route-map/node.tag/rule/node.def
index 24bdbfc9..98c179da 100644
--- a/templates/policy/route-map/node.tag/rule/node.def
+++ b/templates/policy/route-map/node.tag/rule/node.def
@@ -1,6 +1,6 @@
tag:
type: u32
-help: Set a rule for this access-list
+help: Set a rule for this route-map
comp_help: \1 <1-65535>\troute-map rule number
syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "rule number must be between 1 and 65535"
delete: if [ -f /tmp/route-map-$VAR(../@)-rule-$VAR(@)-action.$PPID ]; then
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/address/access-list/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/address/access-list/node.def
index 2cb8ca32..2f7526a0 100644
--- a/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/address/access-list/node.def
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/address/access-list/node.def
@@ -1,9 +1,9 @@
-type: u32
-help: Set an IP access-list to match
+type: txt
+help: Set an IPv6 access-list6 to match
commit:expression: $VAR(../prefix-list/) == ""; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@) match ip address access-list: you may only specify a prefix-list or access-list"
-commit:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy access-list $VAR(@)\" "; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@) match ipv6 address access-list: access-list $VAR(@) does not exist"
+commit:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy access-list6 $VAR(@)\" "; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@) match ipv6 address access-list: access-list6 $VAR(@) does not exist"
commit:expression: $VAR(../../../../action/) != ""; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@): you must specify an action"
@@ -16,7 +16,4 @@ delete: vyatta-vtysh -c "configure terminal" \
-c "no match ipv6 address $VAR(@) "
comp_help: possible completions:
- <1-99> IP standard access list number
- <100-199> IP extended access list number
- <1300-1999> IP standard access list number (expanded range)
- <2000-2699> IP extended access list number (expanded range) \ No newline at end of file
+ <txt> name of an IPv6 access-list6
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/nexthop/access-list/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/nexthop/access-list/node.def
index 03b8c244..83e9e3dd 100644
--- a/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/nexthop/access-list/node.def
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/ipv6/nexthop/access-list/node.def
@@ -1,9 +1,9 @@
-type: u32
-help: Set an IP access-list to match
+type: txt
+help: Set an IPv6 access-list6 to match
commit:expression: $VAR(../prefix-list/) == ""; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@) match ipv6 nexthop access-list: you may only specify a prefix-list or access-list"
-commit:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy access-list $VAR(@)\" "; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@) match ipv6 nexthop access-list: access-list $VAR(@) does not exist"
+commit:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy access-list6 $VAR(@)\" "; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@) match ipv6 nexthop access-list: access-list6 $VAR(@) does not exist"
commit:expression: $VAR(../../../../action/) != ""; "policy route-map $VAR(../../../../../@) rule $VAR(../../../../@): you must specify an action"
@@ -16,7 +16,4 @@ delete: vyatta-vtysh -c "configure terminal" \
-c "no match ipv6 next-hop $VAR(@)"
comp_help: possible completions:
- <1-99> IP standard access list number
- <100-199> IP extended access list number
- <1300-1999> IP standard access list number (expanded range)
- <2000-2699> IP extended access list number (expanded range)
+ <txt> name of IPv6 access-list6