summaryrefslogtreecommitdiff
path: root/templates/policy
diff options
context:
space:
mode:
Diffstat (limited to 'templates/policy')
-rw-r--r--templates/policy/access-list/node.def14
-rw-r--r--templates/policy/access-list/node.tag/description/node.def2
-rw-r--r--templates/policy/access-list/node.tag/rule/node.def4
-rw-r--r--templates/policy/access-list/node.tag/rule/node.tag/action/node.def3
-rw-r--r--templates/policy/access-list/node.tag/rule/node.tag/description/node.def2
-rw-r--r--templates/policy/access-list/node.tag/rule/node.tag/destination/any/node.def9
-rw-r--r--templates/policy/access-list/node.tag/rule/node.tag/destination/host/node.def9
-rw-r--r--templates/policy/access-list/node.tag/rule/node.tag/destination/inverse-mask/node.def10
-rw-r--r--templates/policy/access-list/node.tag/rule/node.tag/destination/network/node.def10
-rw-r--r--templates/policy/access-list/node.tag/rule/node.tag/destination/node.def1
-rw-r--r--templates/policy/access-list/node.tag/rule/node.tag/source/any/node.def4
-rw-r--r--templates/policy/access-list/node.tag/rule/node.tag/source/host/node.def4
-rw-r--r--templates/policy/access-list/node.tag/rule/node.tag/source/inverse-mask/node.def5
-rw-r--r--templates/policy/access-list/node.tag/rule/node.tag/source/network/node.def5
-rw-r--r--templates/policy/access-list/node.tag/rule/node.tag/source/node.def1
-rw-r--r--templates/policy/as-path-list/node.def5
-rw-r--r--templates/policy/as-path-list/node.tag/description/node.def2
-rw-r--r--templates/policy/as-path-list/node.tag/rule/node.def4
-rw-r--r--templates/policy/as-path-list/node.tag/rule/node.tag/action/node.def3
-rw-r--r--templates/policy/as-path-list/node.tag/rule/node.tag/description/node.def2
-rw-r--r--templates/policy/as-path-list/node.tag/rule/node.tag/regex/node.def5
-rw-r--r--templates/policy/community-list/node.def8
-rw-r--r--templates/policy/community-list/node.tag/description/node.def2
-rw-r--r--templates/policy/community-list/node.tag/rule/node.def4
-rw-r--r--templates/policy/community-list/node.tag/rule/node.tag/action/node.def3
-rw-r--r--templates/policy/community-list/node.tag/rule/node.tag/description/node.def2
-rw-r--r--templates/policy/community-list/node.tag/rule/node.tag/regex/node.def11
-rw-r--r--templates/policy/node.def1
-rw-r--r--templates/policy/prefix-list/node.def4
-rw-r--r--templates/policy/prefix-list/node.tag/description/node.def2
-rw-r--r--templates/policy/prefix-list/node.tag/rule/node.def35
-rw-r--r--templates/policy/prefix-list/node.tag/rule/node.tag/action/node.def3
-rw-r--r--templates/policy/prefix-list/node.tag/rule/node.tag/description/node.def2
-rw-r--r--templates/policy/prefix-list/node.tag/rule/node.tag/ge/node.def3
-rw-r--r--templates/policy/prefix-list/node.tag/rule/node.tag/le/node.def3
-rw-r--r--templates/policy/prefix-list/node.tag/rule/node.tag/prefix/node.def2
-rw-r--r--templates/policy/route-map/node.def5
-rw-r--r--templates/policy/route-map/node.tag/description/node.def2
-rw-r--r--templates/policy/route-map/node.tag/rule/node.def4
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/action/node.def6
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/call/node.def10
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/continue/node.def3
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/description/node.def2
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/as-path/node.def13
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/community/community-list/node.def3
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/community/exact-match/node.def1
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/community/node.def19
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/interface/node.def18
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/ip/address/access-list/node.def4
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/ip/address/node.def1
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/ip/address/prefix-list/node.def4
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/ip/nexthop/access-list/node.def4
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/ip/nexthop/node.def1
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/ip/nexthop/prefix-list/node.def4
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/ip/node.def1
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/ip/route-source/access-list/node.def4
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/ip/route-source/node.def1
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/ip/route-source/prefix-list/node.def4
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/metric/node.def13
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/origin/node.def14
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/peer/node.def14
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/match/tag/node.def14
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/on-match/goto/node.def14
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/on-match/next/node.def13
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/on-match/node.def2
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/set/aggregator/as/node.def3
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/set/aggregator/ip/node.def3
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/set/aggregator/node.def16
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/set/as-path-prepend/node.def12
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/set/atomic-aggregate/node.def11
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/set/comm-list/comm-list/node.def3
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/set/comm-list/delete/node.def1
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/set/comm-list/node.def19
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/set/community/node.def13
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/set/ip-next-hop/node.def13
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/set/local-preference/node.def12
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/set/metric/node.def13
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/set/node.def1
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/set/origin/node.def13
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/set/originator-id/node.def12
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/set/tag/node.def13
-rw-r--r--templates/policy/route-map/node.tag/rule/node.tag/set/weight/node.def12
82 files changed, 557 insertions, 0 deletions
diff --git a/templates/policy/access-list/node.def b/templates/policy/access-list/node.def
new file mode 100644
index 00000000..b97eb0a6
--- /dev/null
+++ b/templates/policy/access-list/node.def
@@ -0,0 +1,14 @@
+tag:
+type: u32
+help: "access-list number must be \n \
+ <1-99> IP standard access list \n \
+ <100-199> IP extended access list \n \
+ <1300-1999> IP standard access list (expanded range) \n \
+ <2000-2699> IP extended access list (expanded range) \n "
+syntax: ($(@) >= 1 && $(@) <= 199) || ($(@) >= 1300 && $(@) <= 2699); \
+"access-list number must be \n \
+ <1-99> IP standard access list \n \
+ <100-199> IP extended access list \n \
+ <1300-1999> IP standard access list (expanded range) \n \
+ <2000-2699> IP extended access list (expanded range) \n "
+end: "/opt/vyatta/sbin/vyatta_policy.pl --update-access-list $(@)"
diff --git a/templates/policy/access-list/node.tag/description/node.def b/templates/policy/access-list/node.tag/description/node.def
new file mode 100644
index 00000000..c5b70286
--- /dev/null
+++ b/templates/policy/access-list/node.tag/description/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: "access-list description"
diff --git a/templates/policy/access-list/node.tag/rule/node.def b/templates/policy/access-list/node.tag/rule/node.def
new file mode 100644
index 00000000..fb9ca24a
--- /dev/null
+++ b/templates/policy/access-list/node.tag/rule/node.def
@@ -0,0 +1,4 @@
+tag:
+type: u32
+help: "Specify access-list rule number"
+syntax: $(@) >= 1 && $(@) <= 65535; "rule number must be between 1 and 65535"
diff --git a/templates/policy/access-list/node.tag/rule/node.tag/action/node.def b/templates/policy/access-list/node.tag/rule/node.tag/action/node.def
new file mode 100644
index 00000000..bca61186
--- /dev/null
+++ b/templates/policy/access-list/node.tag/rule/node.tag/action/node.def
@@ -0,0 +1,3 @@
+type: txt
+help: "action to take on packets matching this rule"
+syntax: $(@) in "permit", "deny"; "must be permit or deny"
diff --git a/templates/policy/access-list/node.tag/rule/node.tag/description/node.def b/templates/policy/access-list/node.tag/rule/node.tag/description/node.def
new file mode 100644
index 00000000..3d61ac85
--- /dev/null
+++ b/templates/policy/access-list/node.tag/rule/node.tag/description/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: "description for this rule"
diff --git a/templates/policy/access-list/node.tag/rule/node.tag/destination/any/node.def b/templates/policy/access-list/node.tag/rule/node.tag/destination/any/node.def
new file mode 100644
index 00000000..6dbee23b
--- /dev/null
+++ b/templates/policy/access-list/node.tag/rule/node.tag/destination/any/node.def
@@ -0,0 +1,9 @@
+help: "filter any IP address"
+# TODO: won't work until 2220 is fixed
+syntax: $(../host/@) == "" && $(../network/@) == ""; "You may only define one filter type. (host|network|any)"
+# TODO: pending 2284
+syntax: ($(../../@) >= 100 && $(../../@) <= 199) || ($(../../@) >= 2000) && $(../../@) <= 2699); " \
+To set destination filter parameters, the access-list rule number must be \n \
+ <100-199> IP extended access list \n \
+ <2000-2699> IP extended access list (expanded range) \n"
+commit: $(../../action/@) != ""; "You must specify an action before committing"
diff --git a/templates/policy/access-list/node.tag/rule/node.tag/destination/host/node.def b/templates/policy/access-list/node.tag/rule/node.tag/destination/host/node.def
new file mode 100644
index 00000000..993c64ea
--- /dev/null
+++ b/templates/policy/access-list/node.tag/rule/node.tag/destination/host/node.def
@@ -0,0 +1,9 @@
+type: ipv4
+help: "filter a host IP address"
+syntax: $(../any/@) == "" && $(../network/@) == ""; "You may only define one filter type. (host|network|any)"
+# TODO: pending 2284
+syntax: ($(../../@) >= 100 && $(../../@) <= 199) || ($(../../@) >= 2000) && $(../../@) <= 2699); " \
+To set destination filter parameters, the access-list rule number must be \n \
+ <100-199> IP extended access list \n \
+ <2000-2699> IP extended access list (expanded range) \n"
+commit: $(../../action/@) != ""; "You must specify an action before committing"
diff --git a/templates/policy/access-list/node.tag/rule/node.tag/destination/inverse-mask/node.def b/templates/policy/access-list/node.tag/rule/node.tag/destination/inverse-mask/node.def
new file mode 100644
index 00000000..37bbc95a
--- /dev/null
+++ b/templates/policy/access-list/node.tag/rule/node.tag/destination/inverse-mask/node.def
@@ -0,0 +1,10 @@
+type: ipv4
+help: "filter a network IP netmask"
+syntax: $(../any/@) == "" && $(../host/@) == ""; "You may only define one filter type. (host|network|any)"
+# TODO: pending 2284
+syntax: ($(../../@) >= 100 && $(../../@) <= 199) || ($(../../@) >= 2000) && $(../../@) <= 2699); " \
+To set destination filter parameters, the access-list rule number must be \n \
+ <100-199> IP extended access list \n \
+ <2000-2699> IP extended access list (expanded range) \n"
+commit: $(../network/@) != ""; "You must specify a network before committing"
+commit: $(../../action/@) != ""; "You must specify an action before committing"
diff --git a/templates/policy/access-list/node.tag/rule/node.tag/destination/network/node.def b/templates/policy/access-list/node.tag/rule/node.tag/destination/network/node.def
new file mode 100644
index 00000000..c016170f
--- /dev/null
+++ b/templates/policy/access-list/node.tag/rule/node.tag/destination/network/node.def
@@ -0,0 +1,10 @@
+type: ipv4
+help: "filter a network IP address"
+syntax: $(../host/@) != "" || $(../any/@) != ""; "You may only define one filter type. (host|network|any)"
+# TODO: pending 2284
+syntax: ($(../../@) >= 100 && $(../../@) <= 199) || ($(../../@) >= 2000) && $(../../@) <= 2699); " \
+To set destination filter parameters, the access-list rule number must be \n \
+ <100-199> IP extended access list \n \
+ <2000-2699> IP extended access list (expanded range) \n"
+commit: $(../inverse-mask/@) != ""; "You must specify an inverse-mask before comitting"
+commit: $(../../action/@) != ""; "You must specify an action before committing"
diff --git a/templates/policy/access-list/node.tag/rule/node.tag/destination/node.def b/templates/policy/access-list/node.tag/rule/node.tag/destination/node.def
new file mode 100644
index 00000000..21f3005a
--- /dev/null
+++ b/templates/policy/access-list/node.tag/rule/node.tag/destination/node.def
@@ -0,0 +1 @@
+help: "define a destination address or network filter"
diff --git a/templates/policy/access-list/node.tag/rule/node.tag/source/any/node.def b/templates/policy/access-list/node.tag/rule/node.tag/source/any/node.def
new file mode 100644
index 00000000..34c30831
--- /dev/null
+++ b/templates/policy/access-list/node.tag/rule/node.tag/source/any/node.def
@@ -0,0 +1,4 @@
+help: "filter any IP address"
+# TODO: won't work until 2220 is fixed
+syntax: $(../host/@) == "" && $(../network/@) == ""; "You may only define one filter type. (host|network|any)"
+commit: $(../../action/@) != ""; "You must specify an action before committing"
diff --git a/templates/policy/access-list/node.tag/rule/node.tag/source/host/node.def b/templates/policy/access-list/node.tag/rule/node.tag/source/host/node.def
new file mode 100644
index 00000000..5b1b6257
--- /dev/null
+++ b/templates/policy/access-list/node.tag/rule/node.tag/source/host/node.def
@@ -0,0 +1,4 @@
+type: ipv4
+help: "filter a host IP address"
+syntax: $(../any/@) == "" && $(../network/@) == ""; "You may only define one filter type. (host|network|any)"
+commit: $(../../action/@) != ""; "You must specify an action before committing"
diff --git a/templates/policy/access-list/node.tag/rule/node.tag/source/inverse-mask/node.def b/templates/policy/access-list/node.tag/rule/node.tag/source/inverse-mask/node.def
new file mode 100644
index 00000000..8b77960d
--- /dev/null
+++ b/templates/policy/access-list/node.tag/rule/node.tag/source/inverse-mask/node.def
@@ -0,0 +1,5 @@
+type: ipv4
+help: "filter a network IP netmask"
+syntax: $(../any/@) == "" || $(../host/@) == ""; "You may only define one filter type. (host|network|any)"
+commit: $(../network/@) != ""; "You must specify a network before committing"
+commit: $(../../action/@) != ""; "You must specify an action before committing"
diff --git a/templates/policy/access-list/node.tag/rule/node.tag/source/network/node.def b/templates/policy/access-list/node.tag/rule/node.tag/source/network/node.def
new file mode 100644
index 00000000..f95182ac
--- /dev/null
+++ b/templates/policy/access-list/node.tag/rule/node.tag/source/network/node.def
@@ -0,0 +1,5 @@
+type: ipv4
+help: "filter a network IP address"
+syntax: $(../host/@) == "" && $(../any/@) == ""; "You may only define one filter type. (host|network|any)"
+commit: $(../inverse-mask/@) != ""; "You must specify an inverse-mask before comitting"
+commit: $(../../action/@) != ""; "You must specify an action before committing"
diff --git a/templates/policy/access-list/node.tag/rule/node.tag/source/node.def b/templates/policy/access-list/node.tag/rule/node.tag/source/node.def
new file mode 100644
index 00000000..69a6c7b4
--- /dev/null
+++ b/templates/policy/access-list/node.tag/rule/node.tag/source/node.def
@@ -0,0 +1 @@
+help: "define a source address or network filter"
diff --git a/templates/policy/as-path-list/node.def b/templates/policy/as-path-list/node.def
new file mode 100644
index 00000000..04ba5e7b
--- /dev/null
+++ b/templates/policy/as-path-list/node.def
@@ -0,0 +1,5 @@
+tag:
+type: txt
+help: "BGP autonomous system path filter"
+syntax: pattern $(@) "^[-a-zA-Z0-9.]+$" ; "as-path-list name must be alpha-numeric"
+end: "/opt/vyatta/sbin/vyatta_policy.pl --update-aspath-list $(@)"
diff --git a/templates/policy/as-path-list/node.tag/description/node.def b/templates/policy/as-path-list/node.tag/description/node.def
new file mode 100644
index 00000000..1d708acb
--- /dev/null
+++ b/templates/policy/as-path-list/node.tag/description/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: "as-path-list description"
diff --git a/templates/policy/as-path-list/node.tag/rule/node.def b/templates/policy/as-path-list/node.tag/rule/node.def
new file mode 100644
index 00000000..3a0c33bd
--- /dev/null
+++ b/templates/policy/as-path-list/node.tag/rule/node.def
@@ -0,0 +1,4 @@
+tag:
+type: u32
+help: "Specify as-path-list rule number"
+syntax: $(@) >= 1 && $(@) <= 65535; "rule number must be between 1 and 65535"
diff --git a/templates/policy/as-path-list/node.tag/rule/node.tag/action/node.def b/templates/policy/as-path-list/node.tag/rule/node.tag/action/node.def
new file mode 100644
index 00000000..26f6c631
--- /dev/null
+++ b/templates/policy/as-path-list/node.tag/rule/node.tag/action/node.def
@@ -0,0 +1,3 @@
+type: txt
+help: "action to take on AS paths matching this rule"
+syntax: $(@) in "permit", "deny"; "action must be permit or deny"
diff --git a/templates/policy/as-path-list/node.tag/rule/node.tag/description/node.def b/templates/policy/as-path-list/node.tag/rule/node.tag/description/node.def
new file mode 100644
index 00000000..3d61ac85
--- /dev/null
+++ b/templates/policy/as-path-list/node.tag/rule/node.tag/description/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: "description for this rule"
diff --git a/templates/policy/as-path-list/node.tag/rule/node.tag/regex/node.def b/templates/policy/as-path-list/node.tag/rule/node.tag/regex/node.def
new file mode 100644
index 00000000..39cc3615
--- /dev/null
+++ b/templates/policy/as-path-list/node.tag/rule/node.tag/regex/node.def
@@ -0,0 +1,5 @@
+type: txt
+help: "AS path regular expression"
+# TODO: check regex syntax; \
+# "invalid chars in regex syntax"
+commit: $(../action/@) != ""; "You must specify an action before committing"
diff --git a/templates/policy/community-list/node.def b/templates/policy/community-list/node.def
new file mode 100644
index 00000000..812dd436
--- /dev/null
+++ b/templates/policy/community-list/node.def
@@ -0,0 +1,8 @@
+tag:
+type: u32
+help: "Add a community list entry"
+syntax: $(@) >= 1 && $(@) <= 500; " \
+community-list must be \
+ <1-99> Community list number (standard) \
+ <100-500> Community list number (expanded) "
+end: "/opt/vyatta/sbin/vyatta_policy.pl --update-community-list $(@)"
diff --git a/templates/policy/community-list/node.tag/description/node.def b/templates/policy/community-list/node.tag/description/node.def
new file mode 100644
index 00000000..c6f76be3
--- /dev/null
+++ b/templates/policy/community-list/node.tag/description/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: "community-list description"
diff --git a/templates/policy/community-list/node.tag/rule/node.def b/templates/policy/community-list/node.tag/rule/node.def
new file mode 100644
index 00000000..3a0c33bd
--- /dev/null
+++ b/templates/policy/community-list/node.tag/rule/node.def
@@ -0,0 +1,4 @@
+tag:
+type: u32
+help: "Specify as-path-list rule number"
+syntax: $(@) >= 1 && $(@) <= 65535; "rule number must be between 1 and 65535"
diff --git a/templates/policy/community-list/node.tag/rule/node.tag/action/node.def b/templates/policy/community-list/node.tag/rule/node.tag/action/node.def
new file mode 100644
index 00000000..92e66ad2
--- /dev/null
+++ b/templates/policy/community-list/node.tag/rule/node.tag/action/node.def
@@ -0,0 +1,3 @@
+type: txt
+help: "action to take on communities matching this rule"
+syntax: $(@) in "permit", "deny"; "action must be permit or deny"
diff --git a/templates/policy/community-list/node.tag/rule/node.tag/description/node.def b/templates/policy/community-list/node.tag/rule/node.tag/description/node.def
new file mode 100644
index 00000000..3d61ac85
--- /dev/null
+++ b/templates/policy/community-list/node.tag/rule/node.tag/description/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: "description for this rule"
diff --git a/templates/policy/community-list/node.tag/rule/node.tag/regex/node.def b/templates/policy/community-list/node.tag/rule/node.tag/regex/node.def
new file mode 100644
index 00000000..6b116123
--- /dev/null
+++ b/templates/policy/community-list/node.tag/rule/node.tag/regex/node.def
@@ -0,0 +1,11 @@
+type: txt
+help: "community list regular expression"
+# pending bug 2285
+syntax: exec " \
+if [ $(../../@) -ge 1 ] && [ $(../../@) -le 99 ]; then \
+ if [ -n \"`echo $(@) | sed 's/[0-9]*:[0-9]*//g' | sed -e 's/internet//g' -e 's/local-AS//g' -e 's/no-advertise//g' -e 's/no-export//g'`\" ]; then \
+ echo regex $(@) is invalid for a standard community list; \
+ exit 1 ; \
+ fi ; \
+fi ; "
+commit: $(../action/@) != ""; "You must specify an action before committing"
diff --git a/templates/policy/node.def b/templates/policy/node.def
new file mode 100644
index 00000000..56991078
--- /dev/null
+++ b/templates/policy/node.def
@@ -0,0 +1 @@
+help: "configure routing policy"
diff --git a/templates/policy/prefix-list/node.def b/templates/policy/prefix-list/node.def
new file mode 100644
index 00000000..de9d34ab
--- /dev/null
+++ b/templates/policy/prefix-list/node.def
@@ -0,0 +1,4 @@
+tag:
+type: txt
+help: "Add a prefix list entry"
+syntax: pattern $(@) "^[-a-zA-Z0-9.]+$" ; "prefix-list name must be alpha-numeric"
diff --git a/templates/policy/prefix-list/node.tag/description/node.def b/templates/policy/prefix-list/node.tag/description/node.def
new file mode 100644
index 00000000..effa9577
--- /dev/null
+++ b/templates/policy/prefix-list/node.tag/description/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: "prefix-list description"
diff --git a/templates/policy/prefix-list/node.tag/rule/node.def b/templates/policy/prefix-list/node.tag/rule/node.def
new file mode 100644
index 00000000..7750cba9
--- /dev/null
+++ b/templates/policy/prefix-list/node.tag/rule/node.def
@@ -0,0 +1,35 @@
+tag:
+type: u32; "prefix-list rule number must be an integer"
+help: "Specify prefix-list rule number"
+delete: "touch /tmp/protocols-$(../@)-$(@).\\$PPID \
+ LEN=`echo $(@) | awk -F/ '{ print \\$2 }'` ; \
+ if [ -n \"$(./ge/@)\" ]; then \
+ COND=\"ge $(./ge/@) \";
+ fi;
+ if [ -n \"$(./le/@)\" ] && [ $(./le/@) -ne 32 ]; then \
+ COND=\"\\$COND le $(./le/@) \"; \
+ fi; \
+ /opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"no ip prefix-list $(../@) seq $(@) $(./action/@) $(./prefix/@) \\$COND \" "
+end: "LEN=`echo $(@) | awk -F/ '{ print \\$2 }'` ; \
+ if [ -n \"$(./ge/@)\" ]; then \
+ if [ \\$LEN -le $(./ge/@) ]; then \
+ echo ge must be greater than prefix length ;\
+ exit 1 ; \
+ fi ; \
+ COND=\"ge $(./ge/@) \";
+ fi;
+ if [ -n \"$(./le/@)\" ] && [ $(./le/@) -ne 32 ]; then \
+ if [ $(./le/@) -le $(./ge/@) ]; then \
+ echo le must be greater than or equal to ge ; \
+ exit 1 ; \
+ fi ; \
+ COND=\"\\$COND le $(./le/@) \"; \
+ fi; \
+ if [ -f \"/tmp/protocols-$(../@)-$(@).\\$PPID\" ]; then \
+ rm -f \"protocols-$(../@)-$(@).\\$PPID\" ; \
+ else \
+ /opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"ip prefix-list $(../@) seq $(@) $(./action/@) $(./prefix/@) \\$COND \" ; \
+ fi ; \
+ exit 0 ; "
diff --git a/templates/policy/prefix-list/node.tag/rule/node.tag/action/node.def b/templates/policy/prefix-list/node.tag/rule/node.tag/action/node.def
new file mode 100644
index 00000000..4eada21b
--- /dev/null
+++ b/templates/policy/prefix-list/node.tag/rule/node.tag/action/node.def
@@ -0,0 +1,3 @@
+type: txt
+help: "action to take on prefixes matching this rule"
+syntax: $(@) in "permit", "deny"; "action must be permit or deny"
diff --git a/templates/policy/prefix-list/node.tag/rule/node.tag/description/node.def b/templates/policy/prefix-list/node.tag/rule/node.tag/description/node.def
new file mode 100644
index 00000000..3d61ac85
--- /dev/null
+++ b/templates/policy/prefix-list/node.tag/rule/node.tag/description/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: "description for this rule"
diff --git a/templates/policy/prefix-list/node.tag/rule/node.tag/ge/node.def b/templates/policy/prefix-list/node.tag/rule/node.tag/ge/node.def
new file mode 100644
index 00000000..638c2b61
--- /dev/null
+++ b/templates/policy/prefix-list/node.tag/rule/node.tag/ge/node.def
@@ -0,0 +1,3 @@
+type: u32
+help: "prefix greater than or equal to"
+syntax: $(@) >= 0 && $(@) <= 32; "ge must be between 0 and 32"
diff --git a/templates/policy/prefix-list/node.tag/rule/node.tag/le/node.def b/templates/policy/prefix-list/node.tag/rule/node.tag/le/node.def
new file mode 100644
index 00000000..e83ae034
--- /dev/null
+++ b/templates/policy/prefix-list/node.tag/rule/node.tag/le/node.def
@@ -0,0 +1,3 @@
+type: u32
+help: "prefix less than or equal to"
+syntax: $(@) >= 0 && $(@) <= 32; "le must be between 0 and 32"
diff --git a/templates/policy/prefix-list/node.tag/rule/node.tag/prefix/node.def b/templates/policy/prefix-list/node.tag/rule/node.tag/prefix/node.def
new file mode 100644
index 00000000..ed167d00
--- /dev/null
+++ b/templates/policy/prefix-list/node.tag/rule/node.tag/prefix/node.def
@@ -0,0 +1,2 @@
+type: ipv4net; "prefix-list $(../../@) rule $(../@) prefix: must be an IPv4 prefix"
+help: "prefix to match against this rule"
diff --git a/templates/policy/route-map/node.def b/templates/policy/route-map/node.def
new file mode 100644
index 00000000..9b5a830b
--- /dev/null
+++ b/templates/policy/route-map/node.def
@@ -0,0 +1,5 @@
+tag:
+type: txt
+help: "Create route-map or enter route-map command mode"
+syntax: pattern $(@) "^[-a-zA-Z0-9.]+$" ; "route-map $(@): name must be alpha-numeric"
+delete: "/opt/vyatta/sbin/vtysh -c\"configure terminal\" -c\"no route-map $(@)\" "
diff --git a/templates/policy/route-map/node.tag/description/node.def b/templates/policy/route-map/node.tag/description/node.def
new file mode 100644
index 00000000..b43c9b77
--- /dev/null
+++ b/templates/policy/route-map/node.tag/description/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: "route-map description"
diff --git a/templates/policy/route-map/node.tag/rule/node.def b/templates/policy/route-map/node.tag/rule/node.def
new file mode 100644
index 00000000..b59435f0
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.def
@@ -0,0 +1,4 @@
+tag:
+type: u32
+help: "Specify route-map rule number"
+syntax: $(@) >= 1 && $(@) <= 65535; "route-map $(../@): rule number $(@) must be between 1 and 65535"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/action/node.def b/templates/policy/route-map/node.tag/rule/node.tag/action/node.def
new file mode 100644
index 00000000..f594fdb6
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/action/node.def
@@ -0,0 +1,6 @@
+type: txt
+help: "action to take on prefixes matching this rule"
+syntax: $(@) in "permit", "deny"; "route-map $(../../@) $(@) $(../@) action: must be permit or deny"
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" -c \"route-map $(../../@) $(@) $(../@)\" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" -c \"route-map $(../../@) $(@) $(../@)\" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" -c \"no route-map $(../../@) $(@) $(../@)\" "
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/call/node.def b/templates/policy/route-map/node.tag/rule/node.tag/call/node.def
new file mode 100644
index 00000000..bfddaec9
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/call/node.def
@@ -0,0 +1,10 @@
+type: txt
+help: "Target route-map name"
+syntax: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy route-map $(@)\"; "route-map $(@) doesn't exist"
+commit: $(../action/@); "must define an action for route-map $(../../@) rule $(../@)"
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" -c \"route-map $(../../@) $(../action/@) $(../@)\" \
+ -c \"call $(@)\" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" -c \"route-map $(../../@) $(../action/@) $(../@)\" \
+ -c \"call $(@)\" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" -c \"route-map $(../../@) $(../action/@) $(../@)\" \
+ -c \"no call \" "
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/continue/node.def b/templates/policy/route-map/node.tag/rule/node.tag/continue/node.def
new file mode 100644
index 00000000..e26d72c8
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/continue/node.def
@@ -0,0 +1,3 @@
+type: u32
+help: "Continue on a different entry within the route-map"
+syntax: $(@) >= 1 && $(@) <= 65535; "continue must be between 1 and 65535"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/description/node.def b/templates/policy/route-map/node.tag/rule/node.tag/description/node.def
new file mode 100644
index 00000000..146d4535
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/description/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: "route-map rule description"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/as-path/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/as-path/node.def
new file mode 100644
index 00000000..1054bdb5
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/as-path/node.def
@@ -0,0 +1,13 @@
+type: txt
+help: "Match BGP AS path list"
+commit: $(../../action/@) != ""; "You must specify an action for route-map $(../../../@) rule $(../../@)"
+commit: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy as-path-list $(@)\"; "aspath-list $(@) doesn't exist"
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"match as-path $(@)\" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"match as-path $(@)\" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no match as-path $(@)\" "
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/community/community-list/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/community/community-list/node.def
new file mode 100644
index 00000000..6e6687fe
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/community/community-list/node.def
@@ -0,0 +1,3 @@
+type: txt
+help: "Match community list"
+commit: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy community-list $(@)\"; "community-list $(@) doesn't exist"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/community/exact-match/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/community/exact-match/node.def
new file mode 100644
index 00000000..439b06bb
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/community/exact-match/node.def
@@ -0,0 +1 @@
+help: "Do exact matching of communities"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/community/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/community/node.def
new file mode 100644
index 00000000..64c477ad
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/community/node.def
@@ -0,0 +1,19 @@
+help: "Match BGP community list"
+delete: "touch /tmp/policy-route-map-$(../../../@)-$(../../action/@)-$(../../@)-match-community.\\$PPID"
+end: "if [ -z \"$(./community-list/)\" ]; then \
+ echo You must configure a community-list ; \
+ exit 1 ; \
+ fi ; \
+ /opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no match community \" ; \
+ if [ -f \"/tmp/policy-route-map-$(../../../@)-$(../../action/@)-$(../../@)-match-community.\\$PPID\" ]; then \
+ rm -rf /tmp/policy-route-map-$(../../../@)-$(../../action/@)-$(../../@)-match-community.\\$PPID; \
+ else \
+ if [ -n \"$(./exact-match/)\" ]; then \
+ COND=\"exact-match \"; \
+ fi ; \
+ /opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"match community $(./community-list/@) \\$COND\" ; \
+ fi; "
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/interface/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/interface/node.def
new file mode 100644
index 00000000..2db98b6c
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/interface/node.def
@@ -0,0 +1,18 @@
+type: txt
+help: "Match first hop interface of route"
+# TODO: this node isn't returning an error, but it also isn't adding anything to vyatta
+commit: $(../../action/@) != ""; "You must specify an action for route-map $(../../../@) rule $(../../@)"
+syntax: exec " \
+ if [ -z \"`ip addr | grep $(@) `\" ]; then \
+ echo $(@) doesn\\'t exist on this system ; \
+ exit 1 ; \
+ fi ; "
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"match interface $(@)\" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"match interface $(@)\" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no match interface $(@)\" "
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/ip/address/access-list/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/address/access-list/node.def
new file mode 100644
index 00000000..fae2c56c
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/address/access-list/node.def
@@ -0,0 +1,4 @@
+type: u32
+help: "IP access-list number"
+syntax: $(../prefix-list/@) == ""; "You can only specify a prefix-list or access-list"
+syntax: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy access-list $(@)\"; "access-list $(@) does not exist"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/ip/address/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/address/node.def
new file mode 100644
index 00000000..d37d5622
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/address/node.def
@@ -0,0 +1 @@
+help: "Match address of route"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/ip/address/prefix-list/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/address/prefix-list/node.def
new file mode 100644
index 00000000..1cf23475
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/address/prefix-list/node.def
@@ -0,0 +1,4 @@
+type: u32
+help: "IP access-list number"
+syntax: $(../access-list/@) == ""; "You can only specify a prefix-list or access-list"
+syntax: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy prefix-list $(@)\"; "prefix-list $(@) does not exist"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/ip/nexthop/access-list/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/nexthop/access-list/node.def
new file mode 100644
index 00000000..fae2c56c
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/nexthop/access-list/node.def
@@ -0,0 +1,4 @@
+type: u32
+help: "IP access-list number"
+syntax: $(../prefix-list/@) == ""; "You can only specify a prefix-list or access-list"
+syntax: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy access-list $(@)\"; "access-list $(@) does not exist"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/ip/nexthop/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/nexthop/node.def
new file mode 100644
index 00000000..f7fbc26c
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/nexthop/node.def
@@ -0,0 +1 @@
+help: "Match nexthop of route"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/ip/nexthop/prefix-list/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/nexthop/prefix-list/node.def
new file mode 100644
index 00000000..1cf23475
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/nexthop/prefix-list/node.def
@@ -0,0 +1,4 @@
+type: u32
+help: "IP access-list number"
+syntax: $(../access-list/@) == ""; "You can only specify a prefix-list or access-list"
+syntax: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy prefix-list $(@)\"; "prefix-list $(@) does not exist"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/ip/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/node.def
new file mode 100644
index 00000000..ce13dd49
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/node.def
@@ -0,0 +1 @@
+help: "IP information"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/ip/route-source/access-list/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/route-source/access-list/node.def
new file mode 100644
index 00000000..fae2c56c
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/route-source/access-list/node.def
@@ -0,0 +1,4 @@
+type: u32
+help: "IP access-list number"
+syntax: $(../prefix-list/@) == ""; "You can only specify a prefix-list or access-list"
+syntax: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy access-list $(@)\"; "access-list $(@) does not exist"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/ip/route-source/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/route-source/node.def
new file mode 100644
index 00000000..61fc71bf
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/route-source/node.def
@@ -0,0 +1 @@
+help: "Match route-source of route"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/ip/route-source/prefix-list/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/route-source/prefix-list/node.def
new file mode 100644
index 00000000..1cf23475
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/ip/route-source/prefix-list/node.def
@@ -0,0 +1,4 @@
+type: u32
+help: "IP access-list number"
+syntax: $(../access-list/@) == ""; "You can only specify a prefix-list or access-list"
+syntax: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy prefix-list $(@)\"; "prefix-list $(@) does not exist"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/metric/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/metric/node.def
new file mode 100644
index 00000000..6b7dcab7
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/metric/node.def
@@ -0,0 +1,13 @@
+type: u32; "route-map $(../../../@) $(../../action/@) $(../../@) metric: must be an integer"
+help: "Match metric of route"
+commit: $(../../action/@) != ""; "You must specify an action for route-map $(../../../@) rule $(../../@)"
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"match metric $(@)\" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"match metric $(@)\" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no match metric $(@)\" "
+
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/origin/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/origin/node.def
new file mode 100644
index 00000000..84ecc6e4
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/origin/node.def
@@ -0,0 +1,14 @@
+type: txt
+help: "BGP origin code"
+syntax: $(@) in "egp", "igp", "incomplete"; "origin must be egp, igp, or incomplete"
+commit: $(../../action/@) != ""; "You must specify an action for route-map $(../../../@) rule $(../../@)"
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"match origin $(@)\" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"match origin $(@)\" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no match origin $(@)\" "
+
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/peer/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/peer/node.def
new file mode 100644
index 00000000..a71801c7
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/peer/node.def
@@ -0,0 +1,14 @@
+type: txt
+help: "Match peer address"
+syntax: exec "/opt/vyatta/sbin/vyatta_policy.pl --check-peer-syntax $(@)"; "peer must be either an IP or local"
+commit: $(../../action/@) != ""; "You must specify an action for route-map $(../../../@) rule $(../../@)"
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"match peer $(@)\" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"match peer $(@)\" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no match peer \" "
+
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/tag/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/tag/node.def
new file mode 100644
index 00000000..14d0c0f9
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/match/tag/node.def
@@ -0,0 +1,14 @@
+type: u32
+help: "Match tag of route"
+syntax: $(@) >= 1 && $(@) <= 65535; "tag must be between 1 and 65535"
+commit: $(../../action/@); "You must specify an action for route-map $(../../../@) rule $(../../@)"
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"match tag $(@)\" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"match tag $(@)\" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no match tag $(@)\" "
+
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/on-match/goto/node.def b/templates/policy/route-map/node.tag/rule/node.tag/on-match/goto/node.def
new file mode 100644
index 00000000..d4fc4dfc
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/on-match/goto/node.def
@@ -0,0 +1,14 @@
+type: u32
+help: "Goto sequence number"
+syntax: $(../next/@) != ""; "you can set only goto or next"
+syntax: $(@) >= 1 && $(@) <= 65535; "tag must be between 1 and 65535"
+commit: $(../../action/@); "You must specify an action for route-map $(../../../@) rule $(../../@)"
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"on-match goto $(@)\" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"on-match goto $(@)\" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no on-match goto $(@)\" "
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/on-match/next/node.def b/templates/policy/route-map/node.tag/rule/node.tag/on-match/next/node.def
new file mode 100644
index 00000000..eaffea3c
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/on-match/next/node.def
@@ -0,0 +1,13 @@
+help: "Goto next sequence number"
+syntax: $(../goto/@) != ""; "you can set only goto or next"
+commit: $(../../action/@); "You must specify an action for route-map $(../../../@) rule $(../../@)"
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"on-match next \" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"on-match next \" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no on-match next \" "
+
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/on-match/node.def b/templates/policy/route-map/node.tag/rule/node.tag/on-match/node.def
new file mode 100644
index 00000000..22ea4938
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/on-match/node.def
@@ -0,0 +1,2 @@
+help: "Exit policy on matches"
+
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/aggregator/as/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/aggregator/as/node.def
new file mode 100644
index 00000000..74b860d2
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/set/aggregator/as/node.def
@@ -0,0 +1,3 @@
+type: u32
+help: "AS number of aggregator"
+syntax: $(@) >= 1 && $(@) <= 65535; "AS number must be between 1 and 65535"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/aggregator/ip/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/aggregator/ip/node.def
new file mode 100644
index 00000000..1bfbe125
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/set/aggregator/ip/node.def
@@ -0,0 +1,3 @@
+type: ipv4
+help: "IP address of aggregator"
+syntax: $(@) >= 1 && $(@) <= 65535; "AS number must be between 1 and 65535"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/aggregator/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/aggregator/node.def
new file mode 100644
index 00000000..f86cfe5d
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/set/aggregator/node.def
@@ -0,0 +1,16 @@
+help: "BGP aggregator attribute"
+delete: "touch /tmp/policy-route-map-$(../../../@)-$(../../action/@)-$(../../@)-set-aggregator.\\$PPID"
+end: "if [ -z \"$(./as/)\" ] || [ -z \"$(./ip/)\" ]; then \
+ echo You must configure as and ip ; \
+ exit 1 ; \
+ fi ; \
+ /opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no set aggregator \" ; \
+ if [ -f \"/tmp/policy-route-map-$(../../../@)-$(../../action/@)-$(../../@)-set-aggregator.\\$PPID\" ]; then \
+ rm -rf /tmp/policy-route-map-$(../../../@)-$(../../action/@)-$(../../@)-set-aggregator.\\$PPID; \
+ else \
+ /opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"match community $(./as/@) $(./ip/@)\" ; \
+ fi; "
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/as-path-prepend/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/as-path-prepend/node.def
new file mode 100644
index 00000000..9e602cb2
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/set/as-path-prepend/node.def
@@ -0,0 +1,12 @@
+type: txt;
+help: "Prepend string for a BGP AS-path attribute"
+commit: $(../../action/@) != ""; "You must specify an action for route-map $(../../../@) rule $(../../@)"
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set as-path prepend $(@)\" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set as-path prepend $(@)\" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no set as-path prepend \" "
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/atomic-aggregate/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/atomic-aggregate/node.def
new file mode 100644
index 00000000..233ee4a5
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/set/atomic-aggregate/node.def
@@ -0,0 +1,11 @@
+help: "BGP atomic aggregate attribute"
+commit: $(../../action/@) != ""; "You must specify an action for route-map $(../../../@) rule $(../../@)"
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set atomic-aggregate\" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set atomic-aggregate\" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no set atomic-aggregate\" "
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/comm-list/comm-list/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/comm-list/comm-list/node.def
new file mode 100644
index 00000000..a8e1029e
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/set/comm-list/comm-list/node.def
@@ -0,0 +1,3 @@
+type: txt
+help: "set BGP community list"
+commit: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy community-list $(@)\"; "community list $(@) does not exist"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/comm-list/delete/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/comm-list/delete/node.def
new file mode 100644
index 00000000..f8ca6637
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/set/comm-list/delete/node.def
@@ -0,0 +1 @@
+help: "Delete matching communities"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/comm-list/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/comm-list/node.def
new file mode 100644
index 00000000..613897fd
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/set/comm-list/node.def
@@ -0,0 +1,19 @@
+help: "set BGP community list"
+delete: "touch /tmp/policy-route-map-$(../../../@)-$(../../action/@)-$(../../@)-set-comm-list.\\$PPID"
+end: "if [ -z \"$(./comm-list/)\" ]; then \
+ echo You must configure a comm-list ; \
+ exit 1 ; \
+ fi ; \
+ /opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no set comm-list \" ; \
+ if [ -f \"/tmp/policy-route-map-$(../../../@)-$(../../action/@)-$(../../@)-set-comm-list.\\$PPID\" ]; then \
+ rm -rf /tmp/policy-route-map-$(../../../@)-$(../../action/@)-$(../../@)-set-comm-list.\\$PPID; \
+ else \
+ if [ -n \"$(./delete/)\" ]; then \
+ COND=\"delete\" ; \
+ fi ; \
+ /opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set comm-list $(./comm-list/@) \\$COND\" ; \
+ fi; "
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/community/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/community/node.def
new file mode 100644
index 00000000..ccac5e10
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/set/community/node.def
@@ -0,0 +1,13 @@
+type: txt
+help: "Community number in aa:nn format or local-AS|no-advertise|no-export|internet|additive or none"
+# TODO: check syntax
+commit: $(../../action/@) != ""; "You must specify an action for route-map $(../../../@) rule $(../../@)"
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set community $(@)\" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set community $(@)\" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no set community \" "
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/ip-next-hop/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/ip-next-hop/node.def
new file mode 100644
index 00000000..ff440e80
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/set/ip-next-hop/node.def
@@ -0,0 +1,13 @@
+type: ipv4
+help: "Next hop IP address"
+# TODO: can also set to peer for BGP
+commit: $(../../action/@) != ""; "You must specify an action for route-map $(../../../@) rule $(../../@)"
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set ip next-hop $(@)\" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set ip next-hop $(@)\" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no set ip next-hop \" "
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/local-preference/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/local-preference/node.def
new file mode 100644
index 00000000..929adaf1
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/set/local-preference/node.def
@@ -0,0 +1,12 @@
+type: u32
+help: "BGP local preference path attribute"
+commit: $(../../action/@) != ""; "You must specify an action for route-map $(../../../@) rule $(../../@)"
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set local-preference $(@)\" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set local-preference $(@)\" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no set local-preference \" "
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/metric/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/metric/node.def
new file mode 100644
index 00000000..47a19621
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/set/metric/node.def
@@ -0,0 +1,13 @@
+type: txt
+help: "Metric value for destination routing protocol"
+syntax: exec "if [ -n `echo $(@) | sed 's/[+0123456789]*-*//g'` ]; then exit 1; fi; "; "metric must be an integer with an optional +/- prepend"
+commit: $(../../action/@) != ""; "You must specify an action for route-map $(../../../@) rule $(../../@)"
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set metric $(@)\" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set metric $(@)\" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no set metric \" "
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/node.def
new file mode 100644
index 00000000..6d30b42f
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/set/node.def
@@ -0,0 +1 @@
+help: "Set values in destination routing protocol"
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/origin/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/origin/node.def
new file mode 100644
index 00000000..46c33586
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/set/origin/node.def
@@ -0,0 +1,13 @@
+type: txt
+help: "BGP origin code"
+syntax: $(@) in "igp", "egp", "incomplete"; "origin must be one of igp, egp, or incomplete"
+commit: $(../../action/@) != ""; "You must specify an action for route-map $(../../../@) rule $(../../@)"
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set origin $(@)\" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set origin $(@)\" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no set origin \" "
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/originator-id/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/originator-id/node.def
new file mode 100644
index 00000000..ae749c15
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/set/originator-id/node.def
@@ -0,0 +1,12 @@
+type: ipv4
+help: "BGP originator ID attribute"
+commit: $(../../action/@) != ""; "You must specify an action for route-map $(../../../@) rule $(../../@)"
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set originator-id $(@)\" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set originator-id $(@)\" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no set originator-id \" "
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/tag/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/tag/node.def
new file mode 100644
index 00000000..a0812733
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/set/tag/node.def
@@ -0,0 +1,13 @@
+type: u32
+help: "Tag value for routing protocol"
+syntax: $(@) >= 1 && $(@) <= 65535; "tag must be between 1 and 65535"
+commit: $(../../action/@) != ""; "You must specify an action for route-map $(../../../@) rule $(../../@)"
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set tag $(@)\" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set tag $(@)\" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no set tag \" "
diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/weight/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/weight/node.def
new file mode 100644
index 00000000..34fed745
--- /dev/null
+++ b/templates/policy/route-map/node.tag/rule/node.tag/set/weight/node.def
@@ -0,0 +1,12 @@
+type: u32
+help: "BGP weight for routing table"
+commit: $(../../action/@) != ""; "You must specify an action for route-map $(../../../@) rule $(../../@)"
+create: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set weight $(@)\" "
+update: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"set weight $(@)\" "
+delete: "/opt/vyatta/bin/vtysh -c \"configure terminal\" \
+ -c \"route-map $(../../../@) $(../../action/@) $(../../@)\" \
+ -c \"no set weight \" "