diff options
Diffstat (limited to 'templates/policy/access-list')
15 files changed, 66 insertions, 58 deletions
diff --git a/templates/policy/access-list/node.def b/templates/policy/access-list/node.def index de8ec16e..05736a3e 100644 --- a/templates/policy/access-list/node.def +++ b/templates/policy/access-list/node.def @@ -1,10 +1,14 @@ tag: type: u32 -help: IP access list number +help: IP access-list filter syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 199) || ($VAR(@) >= 1300 && $VAR(@) <= 2699); \ -"Access list number must be \n \ - <1-99> IP standard access list \n \ - <100-199> IP extended access list \n \ - <1300-1999> IP standard access list (expanded range) \n \ - <2000-2699> IP extended access list (expanded range) \n " -end:expression: "/opt/vyatta/sbin/vyatta-policy.pl --update-access-list $VAR(@)" +"Access list number must be + <1-99>\tIP standard access list + <100-199>\tIP extended access list + <1300-1999>\tIP standard access list (expanded range) + <2000-2699>\tIP extended access list (expanded range)" +comp_help: \1 <1-99>\tIP standard access list + <100-199>\tIP extended access list + <1300-1999>\tIP standard access list (expanded range) + <2000-2699>\tIP extended access list (expanded range) +end: /opt/vyatta/sbin/vyatta-policy.pl --update-access-list $VAR(@) diff --git a/templates/policy/access-list/node.tag/description/node.def b/templates/policy/access-list/node.tag/description/node.def index 1f2b8525..77835b24 100644 --- a/templates/policy/access-list/node.tag/description/node.def +++ b/templates/policy/access-list/node.tag/description/node.def @@ -1,2 +1,2 @@ type: txt -help: Access list description +help: set a description for this access-list diff --git a/templates/policy/access-list/node.tag/rule/node.def b/templates/policy/access-list/node.tag/rule/node.def index b33229bb..4f2ce75c 100644 --- a/templates/policy/access-list/node.tag/rule/node.def +++ b/templates/policy/access-list/node.tag/rule/node.def @@ -1,4 +1,5 @@ tag: type: u32 -help: Specify access-list rule number +help: create a rule for this access-list +comp_help: \1 <1-65535>\taccess-list rule number syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "rule number must be between 1 and 65535" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/action/node.def b/templates/policy/access-list/node.tag/rule/node.tag/action/node.def index 735e0a77..c529071e 100644 --- a/templates/policy/access-list/node.tag/rule/node.tag/action/node.def +++ b/templates/policy/access-list/node.tag/rule/node.tag/action/node.def @@ -1,3 +1,5 @@ type: txt -help: Action to take on packets matching this rule -syntax:expression: $VAR(@) in "permit", "deny"; "must be permit or deny" +help: action to take on networks matching this rule +comp_help: \1 permit\tpermit matching networks + deny\t\tdeny matching networks +syntax:expression: $VAR(@) in "permit", "deny"; "action must be permit or deny" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/description/node.def b/templates/policy/access-list/node.tag/rule/node.tag/description/node.def index b8e3095b..562ab020 100644 --- a/templates/policy/access-list/node.tag/rule/node.tag/description/node.def +++ b/templates/policy/access-list/node.tag/rule/node.tag/description/node.def @@ -1,2 +1,2 @@ type: txt -help: Description for this rule +help: set a description for this rule diff --git a/templates/policy/access-list/node.tag/rule/node.tag/destination/any/node.def b/templates/policy/access-list/node.tag/rule/node.tag/destination/any/node.def index d00ecfc3..1de3b2f6 100644 --- a/templates/policy/access-list/node.tag/rule/node.tag/destination/any/node.def +++ b/templates/policy/access-list/node.tag/rule/node.tag/destination/any/node.def @@ -1,7 +1,7 @@ -help: Filter any IP address -syntax:expression: ($VAR(../../../@) >= 100 && $VAR(../../../@) <= 199) || ($VAR(../../../@) >= 2000 && $VAR(../../../@) <= 2699); " \ -To set destination filter parameters, the access-list number must be \n \ - <100-199> IP extended access list \n \ - <2000-2699> IP extended access list (expanded range) \n" -commit:expression: $VAR(../../action/) != ""; "You must specify an action before committing" -commit:expression: ($VAR(../host/) == "") && ($VAR(../network/) == ""); "You may only define one filter type. (host|network|any)" +help: match any IP address +commit:expression: ($VAR(../../../@) >= 100 && $VAR(../../../@) <= 199) || ($VAR(../../../@) >= 2000 && $VAR(../../../@) <= 2699); "\ +policy access-list $VAR(../../../@) rule $VAR(../../@) destination: access-list number must be <100-199> or <2000-2699> to set destination matches" +commit:expression: ($VAR(../host/) == "") && ($VAR(../network/) == ""); "\ +policy access-list $VAR(../../../@) rule $VAR(../../@) destination: you may only define one filter type. (host|network|any)" +commit:expression: $VAR(../../action/) != ""; "policy access-list $VAR(../../../@) rule $VAR(../../@) destination: you must specify an action" + diff --git a/templates/policy/access-list/node.tag/rule/node.tag/destination/host/node.def b/templates/policy/access-list/node.tag/rule/node.tag/destination/host/node.def index e89026c7..46cb9007 100644 --- a/templates/policy/access-list/node.tag/rule/node.tag/destination/host/node.def +++ b/templates/policy/access-list/node.tag/rule/node.tag/destination/host/node.def @@ -1,8 +1,8 @@ type: ipv4 -help: Filter a host IP address -syntax:expression: ($VAR(../../../@) >= 100 && $VAR(../../../@) <= 199) || ($VAR(../../../@) >= 2000 && $VAR(../../../@) <= 2699); " \ -To set destination filter parameters, the access-list rule number must be \n \ - <100-199> IP extended access list \n \ - <2000-2699> IP extended access list (expanded range) \n" -commit:expression: ($VAR(../any/) == "") && ($VAR(../network/) == ""); "You may only define one filter type. (host|network|any)" -commit:expression: $VAR(../../action/) != ""; "You must specify an action before committing" +help: match a single host IP address +comp_help: \1 <x.x.x.x>\thost address to match +commit:expression: ($VAR(../../../@) >= 100 && $VAR(../../../@) <= 199) || ($VAR(../../../@) >= 2000 && $VAR(../../../@) <= 2699); "\ +policy access-list $VAR(../../../@) rule $VAR(../../@) destination: access-list number must be <100-199> or <2000-2699> to set destination matches" +commit:expression: ($VAR(../any/) == "") && ($VAR(../network/) == ""); "\ +policy access-list $VAR(../../../@) rule $VAR(../../@) destination: you may only define one filter type. (host|network|any)" +commit:expression: $VAR(../../action/) != ""; "policy access-list $VAR(../../../@) rule $VAR(../../@) destination: you must specify an action" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/destination/inverse-mask/node.def b/templates/policy/access-list/node.tag/rule/node.tag/destination/inverse-mask/node.def index 7dea1a34..54d9b7fd 100644 --- a/templates/policy/access-list/node.tag/rule/node.tag/destination/inverse-mask/node.def +++ b/templates/policy/access-list/node.tag/rule/node.tag/destination/inverse-mask/node.def @@ -1,9 +1,8 @@ type: ipv4 -help: Filter a network IP netmask -syntax:expression: ($VAR(../../../@) >= 100 && $VAR(../../../@) <= 199) || ($VAR(../../../@) >= 2000 && $VAR(../../../@) <= 2699); " \ -To set destination filter parameters, the access-list rule number must be \n \ - <100-199> IP extended access list \n \ - <2000-2699> IP extended access list (expanded range) \n" -commit:expression: $VAR(../network/) != ""; "You must specify a network before committing" -commit:expression: $VAR(../../action/) != ""; "You must specify an action before committing" -commit:expression: ($VAR(../any/) == "") && ($VAR(../host/) == ""); "You may only define one filter type. (host|network|any)" +help: match a network/netmask (requires network be defined) +comp_help: \1 <x.x.x.x>\tinverse-mask to match +commit:expression: ($VAR(../../../@) >= 100 && $VAR(../../../@) <= 199) || ($VAR(../../../@) >= 2000 && $VAR(../../../@) <= 2699); "\ +policy access-list $VAR(../../../@) rule $VAR(../../@) destination: access-list number must be <100-199> or <2000-2699> to set destination matches" +commit:expression: ($VAR(../any/) == "") && ($VAR(../host/) == ""); "policy access-list $VAR(../../../@) rule $VAR(../../@) destination: you may only define one filter type. (host|network|any)" +commit:expression: $VAR(../network/) != ""; "policy access-list $VAR(../../../@) rule $VAR(../../@) destination: you must specify a network if you configure an inverse mask." +commit:expression: $VAR(../../action/) != ""; "policy access-list $VAR(../../../@) rule $VAR(../../@) destination: you must specify an action" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/destination/network/node.def b/templates/policy/access-list/node.tag/rule/node.tag/destination/network/node.def index 9be5cd97..a33d28db 100644 --- a/templates/policy/access-list/node.tag/rule/node.tag/destination/network/node.def +++ b/templates/policy/access-list/node.tag/rule/node.tag/destination/network/node.def @@ -1,9 +1,8 @@ type: ipv4 -help: Filter a network IP address -syntax:expression: ($VAR(../../../@) >= 100 && $VAR(../../../@) <= 199) || ($VAR(../../../@) >= 2000 && $VAR(../../../@) <= 2699); " \ -To set destination filter parameters, the access-list rule number must be \n \ - <100-199> IP extended access list \n \ - <2000-2699> IP extended access list (expanded range) \n" -commit:expression: $VAR(../inverse-mask/) != ""; "You must specify an inverse-mask before committing" -commit:expression: $VAR(../../action/) != ""; "You must specify an action before committing" -commit:expression: ($VAR(../host/) == "") && ($VAR(../any/) == ""); "You may only define one filter type (host|network|any)" +help: match a network/netmask (requires inverse-mask be defined) +comp_help: \1 <x.x.x.x>\tnetwork to match +commit:expression: ($VAR(../../../@) >= 100 && $VAR(../../../@) <= 199) || ($VAR(../../../@) >= 2000 && $VAR(../../../@) <= 2699); "\ +policy access-list $VAR(../../../@) rule $VAR(../../@) destination: access-list number must be <100-199> or <2000-2699> to set destination matches" +commit:expression: ($VAR(../host/) == "") && ($VAR(../any/) == ""); "policy access-list $VAR(../../../@) rule $VAR(../../@) destination: you may only define one filter type. (host|network|any)" +commit:expression: $VAR(../inverse-mask/) != ""; "policy access-list $VAR(../../../@) rule $VAR(../../@) destination: you must specify an inverse-mask if you configure a network" +commit:expression: $VAR(../../action/) != ""; "policy access-list $VAR(../../../@) rule $VAR(../../@) destination: you must specify an action" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/destination/node.def b/templates/policy/access-list/node.tag/rule/node.tag/destination/node.def index aaf2e4b4..e8659d13 100644 --- a/templates/policy/access-list/node.tag/rule/node.tag/destination/node.def +++ b/templates/policy/access-list/node.tag/rule/node.tag/destination/node.def @@ -1 +1 @@ -help: Define a destination address or network filter +help: match on destination network or address diff --git a/templates/policy/access-list/node.tag/rule/node.tag/source/any/node.def b/templates/policy/access-list/node.tag/rule/node.tag/source/any/node.def index 74b4a53c..6dd3b508 100644 --- a/templates/policy/access-list/node.tag/rule/node.tag/source/any/node.def +++ b/templates/policy/access-list/node.tag/rule/node.tag/source/any/node.def @@ -1,3 +1,3 @@ -help: Filter any IP address -commit:expression: ($VAR(../host/) == "") && ($VAR(../network/) == ""); "You may only define one filter type. (host|network|any)" -commit:expression: $VAR(../../action/) != ""; "You must specify an action before committing" +help: match any IP address +commit:expression: ($VAR(../host/) == "") && ($VAR(../network/) == ""); "policy access-list $VAR(../../../@) rule $VAR(../../@) source: you may only define one filter type. (host|network|any)" +commit:expression: $VAR(../../action/) != ""; "policy access-list $VAR(../../../@) rule $VAR(../../@) source: you must specify an action" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/source/host/node.def b/templates/policy/access-list/node.tag/rule/node.tag/source/host/node.def index dcc0d026..94bfd185 100644 --- a/templates/policy/access-list/node.tag/rule/node.tag/source/host/node.def +++ b/templates/policy/access-list/node.tag/rule/node.tag/source/host/node.def @@ -1,4 +1,5 @@ type: ipv4 -help: Filter a host IP address -commit:expression: ($VAR(../any/) == "") && ($VAR(../network/) == ""); "You may only define one filter type. (host|network|any)" -commit:expression: $VAR(../../action/) != ""; "You must specify an action before committing" +help: match a single host IP address +comp_help: \1 <x.x.x.x>\thost address to match +commit:expression: ($VAR(../any/) == "") && ($VAR(../network/) == ""); "policy access-list $VAR(../../../@) rule $VAR(../../@) source: you may only define one filter type. (host|network|any)" +commit:expression: $VAR(../../action/) != ""; "policy access-list $VAR(../../../@) rule $VAR(../../@) source: you must specify an action" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/source/inverse-mask/node.def b/templates/policy/access-list/node.tag/rule/node.tag/source/inverse-mask/node.def index 8002a86a..167d292a 100644 --- a/templates/policy/access-list/node.tag/rule/node.tag/source/inverse-mask/node.def +++ b/templates/policy/access-list/node.tag/rule/node.tag/source/inverse-mask/node.def @@ -1,5 +1,6 @@ type: ipv4 -help: Filter a network IP netmask -commit:expression: ($VAR(../any/) == "") && ($VAR(../host/) == ""); "You may only define one filter type. (host|network|any)" -commit:expression: $VAR(../network/) != ""; "You must specify a network before committing" -commit:expression: $VAR(../../action/) != ""; "You must specify an action before committing" +help: match a network/netmask (requires network be defined) +comp_help: \1 <x.x.x.x>\tinverse-mask to match +commit:expression: ($VAR(../any/) == "") && ($VAR(../host/) == ""); "policy access-list $VAR(../../../@) rule $VAR(../../@) source: you may only define one filter type. (host|network|any)" +commit:expression: $VAR(../network/) != ""; "policy access-list $VAR(../../../@) rule $VAR(../../@) source: you must specify a network if you configure an inverse-mask" +commit:expression: $VAR(../../action/) != ""; "policy access-list $VAR(../../../@) rule $VAR(../../@) source: you must specify an action" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/source/network/node.def b/templates/policy/access-list/node.tag/rule/node.tag/source/network/node.def index f5f1e3eb..80508a27 100644 --- a/templates/policy/access-list/node.tag/rule/node.tag/source/network/node.def +++ b/templates/policy/access-list/node.tag/rule/node.tag/source/network/node.def @@ -1,5 +1,6 @@ type: ipv4 -help: Filter a network IP address -commit:expression: ($VAR(../host/) == "") && ($VAR(../any/) == ""); "You may only define one filter type (host|network|any)" -commit:expression: $VAR(../inverse-mask/) != ""; "You must specify an inverse-mask before committing" -commit:expression: $VAR(../../action/) != ""; "You must specify an action before committing" +help: match a network/netmask (requires inverse-mask be defined) +comp_help: \1 <x.x.x.x>\tnetwork to match +commit:expression: ($VAR(../host/) == "") && ($VAR(../any/) == ""); "policy access-list $VAR(../../../@) rule $VAR(../../@) source: you may only define one filter type. (host|network|any)" +commit:expression: $VAR(../inverse-mask/) != ""; "policy access-list $VAR(../../../@) rule $VAR(../../@) source: you must specify an inverse-mask if you configure a network" +commit:expression: $VAR(../../action/) != ""; "policy access-list $VAR(../../../@) rule $VAR(../../@) source: you must specify an action" diff --git a/templates/policy/access-list/node.tag/rule/node.tag/source/node.def b/templates/policy/access-list/node.tag/rule/node.tag/source/node.def index 6c77723e..b734c1f2 100644 --- a/templates/policy/access-list/node.tag/rule/node.tag/source/node.def +++ b/templates/policy/access-list/node.tag/rule/node.tag/source/node.def @@ -1 +1 @@ -help: Define a source address or network filter +help: match on source network or address |