summaryrefslogtreecommitdiff
path: root/templates/policy/access-list
diff options
context:
space:
mode:
Diffstat (limited to 'templates/policy/access-list')
-rw-r--r--templates/policy/access-list/node.def2
-rw-r--r--templates/policy/access-list/node.tag/description/node.def2
-rw-r--r--templates/policy/access-list/node.tag/rule/node.def4
-rw-r--r--templates/policy/access-list/node.tag/rule/node.tag/description/node.def2
-rw-r--r--templates/policy/access-list/node.tag/rule/node.tag/destination/host/node.def2
-rw-r--r--templates/policy/access-list/node.tag/rule/node.tag/destination/inverse-mask/node.def2
-rw-r--r--templates/policy/access-list/node.tag/rule/node.tag/destination/network/node.def2
-rw-r--r--templates/policy/access-list/node.tag/rule/node.tag/source/host/node.def2
-rw-r--r--templates/policy/access-list/node.tag/rule/node.tag/source/inverse-mask/node.def2
-rw-r--r--templates/policy/access-list/node.tag/rule/node.tag/source/network/node.def2
10 files changed, 11 insertions, 11 deletions
diff --git a/templates/policy/access-list/node.def b/templates/policy/access-list/node.def
index 8828516d..05736a3e 100644
--- a/templates/policy/access-list/node.def
+++ b/templates/policy/access-list/node.def
@@ -1,6 +1,6 @@
tag:
type: u32
-help: IP network access-list
+help: IP access-list filter
syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 199) || ($VAR(@) >= 1300 && $VAR(@) <= 2699); \
"Access list number must be
<1-99>\tIP standard access list
diff --git a/templates/policy/access-list/node.tag/description/node.def b/templates/policy/access-list/node.tag/description/node.def
index f0292025..77835b24 100644
--- a/templates/policy/access-list/node.tag/description/node.def
+++ b/templates/policy/access-list/node.tag/description/node.def
@@ -1,2 +1,2 @@
type: txt
-help: access-list description
+help: set a description for this access-list
diff --git a/templates/policy/access-list/node.tag/rule/node.def b/templates/policy/access-list/node.tag/rule/node.def
index 5e35a0be..4f2ce75c 100644
--- a/templates/policy/access-list/node.tag/rule/node.def
+++ b/templates/policy/access-list/node.tag/rule/node.def
@@ -1,5 +1,5 @@
tag:
type: u32
-help: access-list rule
-comp_help: \1 <u32>\t\taccess-list rule number
+help: create a rule for this access-list
+comp_help: \1 <1-65535>\taccess-list rule number
syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "rule number must be between 1 and 65535"
diff --git a/templates/policy/access-list/node.tag/rule/node.tag/description/node.def b/templates/policy/access-list/node.tag/rule/node.tag/description/node.def
index e363cfa9..562ab020 100644
--- a/templates/policy/access-list/node.tag/rule/node.tag/description/node.def
+++ b/templates/policy/access-list/node.tag/rule/node.tag/description/node.def
@@ -1,2 +1,2 @@
type: txt
-help: description for this rule
+help: set a description for this rule
diff --git a/templates/policy/access-list/node.tag/rule/node.tag/destination/host/node.def b/templates/policy/access-list/node.tag/rule/node.tag/destination/host/node.def
index d66f8363..46cb9007 100644
--- a/templates/policy/access-list/node.tag/rule/node.tag/destination/host/node.def
+++ b/templates/policy/access-list/node.tag/rule/node.tag/destination/host/node.def
@@ -1,6 +1,6 @@
type: ipv4
help: match a single host IP address
-comp_help: \1 <ipv4>\thost address to match
+comp_help: \1 <x.x.x.x>\thost address to match
commit:expression: ($VAR(../../../@) >= 100 && $VAR(../../../@) <= 199) || ($VAR(../../../@) >= 2000 && $VAR(../../../@) <= 2699); "\
policy access-list $VAR(../../../@) rule $VAR(../../@) destination: access-list number must be <100-199> or <2000-2699> to set destination matches"
commit:expression: ($VAR(../any/) == "") && ($VAR(../network/) == ""); "\
diff --git a/templates/policy/access-list/node.tag/rule/node.tag/destination/inverse-mask/node.def b/templates/policy/access-list/node.tag/rule/node.tag/destination/inverse-mask/node.def
index ce30999c..54d9b7fd 100644
--- a/templates/policy/access-list/node.tag/rule/node.tag/destination/inverse-mask/node.def
+++ b/templates/policy/access-list/node.tag/rule/node.tag/destination/inverse-mask/node.def
@@ -1,6 +1,6 @@
type: ipv4
help: match a network/netmask (requires network be defined)
-comp_help: \1 <ipv4>\tinverse-mask to match
+comp_help: \1 <x.x.x.x>\tinverse-mask to match
commit:expression: ($VAR(../../../@) >= 100 && $VAR(../../../@) <= 199) || ($VAR(../../../@) >= 2000 && $VAR(../../../@) <= 2699); "\
policy access-list $VAR(../../../@) rule $VAR(../../@) destination: access-list number must be <100-199> or <2000-2699> to set destination matches"
commit:expression: ($VAR(../any/) == "") && ($VAR(../host/) == ""); "policy access-list $VAR(../../../@) rule $VAR(../../@) destination: you may only define one filter type. (host|network|any)"
diff --git a/templates/policy/access-list/node.tag/rule/node.tag/destination/network/node.def b/templates/policy/access-list/node.tag/rule/node.tag/destination/network/node.def
index 92f99601..a33d28db 100644
--- a/templates/policy/access-list/node.tag/rule/node.tag/destination/network/node.def
+++ b/templates/policy/access-list/node.tag/rule/node.tag/destination/network/node.def
@@ -1,6 +1,6 @@
type: ipv4
help: match a network/netmask (requires inverse-mask be defined)
-comp_help: \1 <ipv4>\tnetwork to match
+comp_help: \1 <x.x.x.x>\tnetwork to match
commit:expression: ($VAR(../../../@) >= 100 && $VAR(../../../@) <= 199) || ($VAR(../../../@) >= 2000 && $VAR(../../../@) <= 2699); "\
policy access-list $VAR(../../../@) rule $VAR(../../@) destination: access-list number must be <100-199> or <2000-2699> to set destination matches"
commit:expression: ($VAR(../host/) == "") && ($VAR(../any/) == ""); "policy access-list $VAR(../../../@) rule $VAR(../../@) destination: you may only define one filter type. (host|network|any)"
diff --git a/templates/policy/access-list/node.tag/rule/node.tag/source/host/node.def b/templates/policy/access-list/node.tag/rule/node.tag/source/host/node.def
index c79647fb..94bfd185 100644
--- a/templates/policy/access-list/node.tag/rule/node.tag/source/host/node.def
+++ b/templates/policy/access-list/node.tag/rule/node.tag/source/host/node.def
@@ -1,5 +1,5 @@
type: ipv4
help: match a single host IP address
-comp_help: \1 <ipv4>\thost address to match
+comp_help: \1 <x.x.x.x>\thost address to match
commit:expression: ($VAR(../any/) == "") && ($VAR(../network/) == ""); "policy access-list $VAR(../../../@) rule $VAR(../../@) source: you may only define one filter type. (host|network|any)"
commit:expression: $VAR(../../action/) != ""; "policy access-list $VAR(../../../@) rule $VAR(../../@) source: you must specify an action"
diff --git a/templates/policy/access-list/node.tag/rule/node.tag/source/inverse-mask/node.def b/templates/policy/access-list/node.tag/rule/node.tag/source/inverse-mask/node.def
index 8c60fcb8..167d292a 100644
--- a/templates/policy/access-list/node.tag/rule/node.tag/source/inverse-mask/node.def
+++ b/templates/policy/access-list/node.tag/rule/node.tag/source/inverse-mask/node.def
@@ -1,6 +1,6 @@
type: ipv4
help: match a network/netmask (requires network be defined)
-comp_help: \1 <ipv4>\tinverse-mask to match
+comp_help: \1 <x.x.x.x>\tinverse-mask to match
commit:expression: ($VAR(../any/) == "") && ($VAR(../host/) == ""); "policy access-list $VAR(../../../@) rule $VAR(../../@) source: you may only define one filter type. (host|network|any)"
commit:expression: $VAR(../network/) != ""; "policy access-list $VAR(../../../@) rule $VAR(../../@) source: you must specify a network if you configure an inverse-mask"
commit:expression: $VAR(../../action/) != ""; "policy access-list $VAR(../../../@) rule $VAR(../../@) source: you must specify an action"
diff --git a/templates/policy/access-list/node.tag/rule/node.tag/source/network/node.def b/templates/policy/access-list/node.tag/rule/node.tag/source/network/node.def
index 7a9d7a97..80508a27 100644
--- a/templates/policy/access-list/node.tag/rule/node.tag/source/network/node.def
+++ b/templates/policy/access-list/node.tag/rule/node.tag/source/network/node.def
@@ -1,6 +1,6 @@
type: ipv4
help: match a network/netmask (requires inverse-mask be defined)
-comp_help: \1 <ipv4>\tnetwork to match
+comp_help: \1 <x.x.x.x>\tnetwork to match
commit:expression: ($VAR(../host/) == "") && ($VAR(../any/) == ""); "policy access-list $VAR(../../../@) rule $VAR(../../@) source: you may only define one filter type. (host|network|any)"
commit:expression: $VAR(../inverse-mask/) != ""; "policy access-list $VAR(../../../@) rule $VAR(../../@) source: you must specify an inverse-mask if you configure a network"
commit:expression: $VAR(../../action/) != ""; "policy access-list $VAR(../../../@) rule $VAR(../../@) source: you must specify an action"