diff options
Diffstat (limited to 'templates')
10 files changed, 0 insertions, 271 deletions
diff --git a/templates/zone-policy/node.def b/templates/zone-policy/node.def deleted file mode 100644 index c374bdbd..00000000 --- a/templates/zone-policy/node.def +++ /dev/null @@ -1,6 +0,0 @@ -priority: 975 -help: Configure zone-policy -begin: -if ! /opt/vyatta/sbin/vyatta-zone.pl --action=validity-checks --zone-name=none --silent-validate=false; then - exit 1 -fi diff --git a/templates/zone-policy/zone/node.def b/templates/zone-policy/zone/node.def deleted file mode 100644 index eb8c3c87..00000000 --- a/templates/zone-policy/zone/node.def +++ /dev/null @@ -1,24 +0,0 @@ -tag: -type: txt -help: Zone name - -syntax:expression: pattern $VAR(@) "^[[:print:]]{1,20}$" ; - "Zone name must be 20 characters or less" - -syntax:expression: pattern $VAR(@) "^[^-]" ; "Zone name cannot start with \"-\"" - -syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Zone name cannot contain ';'" - -create: - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=add-zone \ - --zone-name="$VAR(@)"; then - exit 1 - fi - -delete: - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=delete-zone \ - --zone-name="$VAR(@)"; then - exit 1 - fi diff --git a/templates/zone-policy/zone/node.tag/default-action/node.def b/templates/zone-policy/zone/node.tag/default-action/node.def deleted file mode 100644 index 61c8c784..00000000 --- a/templates/zone-policy/zone/node.tag/default-action/node.def +++ /dev/null @@ -1,26 +0,0 @@ -type: txt -help: Default-action for traffic coming into this zone -default: "drop" -allowed: echo drop reject - -syntax:expression: $VAR(@) in "drop", "reject"; - "default-action must be either drop or reject" - -val_help: drop; Drop silently (default) -val_help: reject; Drop and notify source - -create: - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=set-default-policy \ - --zone-name="$VAR(../@)" \ - --default-policy="$VAR(@)"; then - exit 1 - fi - -update: - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=set-default-policy \ - --zone-name="$VAR(../@)" \ - --default-policy="$VAR(@)"; then - exit 1 - fi diff --git a/templates/zone-policy/zone/node.tag/description/node.def b/templates/zone-policy/zone/node.tag/description/node.def deleted file mode 100644 index 7acb96dc..00000000 --- a/templates/zone-policy/zone/node.tag/description/node.def +++ /dev/null @@ -1,2 +0,0 @@ -type: txt -help: Zone description diff --git a/templates/zone-policy/zone/node.tag/from/node.def b/templates/zone-policy/zone/node.tag/from/node.def deleted file mode 100644 index 4aeb199d..00000000 --- a/templates/zone-policy/zone/node.tag/from/node.def +++ /dev/null @@ -1,42 +0,0 @@ -tag: -priority: 970 -type: txt -help: Zone from which to filter traffic - -allowed: - local -a zones ; - eval "zones=($(cli-shell-api listActiveNodes zone-policy zone))" - echo -n "${zones[@]}" - -begin: -if ! /opt/vyatta/sbin/vyatta-zone.pl --action=validity-checks --zone-name=none --silent-validate=true; then - exit 1 -fi - -create: - parent_zone=$VAR(../@) - zones=($VAR(../@@)) - num_zones=${#zones[*]} - i=0 - found=0 - while [ $i -lt $num_zones ]; do - if [ "${zones[$i]}" == "$VAR(@)" ] ; then - if [ "$parent_zone" == "$VAR(@)" ]; then - echo from zone same as zone [$parent_zone] itself - exit 1 - fi - found=1 - fi - let i++ - done - if [ $found -eq 0 ]; then - echo Undefined from zone [$VAR(@)] under zone $parent_zone - exit 1 - else - if ! /opt/vyatta/sbin/vyatta-zone.pl --action=add-zone --zone-name="$parent_zone"; then - exit 1 - fi - if ! /opt/vyatta/sbin/vyatta-zone.pl --action=add-zone --zone-name="$VAR(@)"; then - exit 1 - fi - fi diff --git a/templates/zone-policy/zone/node.tag/from/node.tag/firewall/ipv6-name/node.def b/templates/zone-policy/zone/node.tag/from/node.tag/firewall/ipv6-name/node.def deleted file mode 100644 index 391a66bc..00000000 --- a/templates/zone-policy/zone/node.tag/from/node.tag/firewall/ipv6-name/node.def +++ /dev/null @@ -1,65 +0,0 @@ -type: txt -help: IPv6 firewall ruleset - -allowed: - local -a params ; - eval "params=($(cli-shell-api listActiveNodes firewall ipv6-name))" - echo -n "${params[@]}" - -create: - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=is-fwruleset-active \ - --zone-name="$VAR(../../../@)" \ - --ruleset-type=ipv6-name \ - --ruleset-name="$VAR(@)"; then - exit 1 - fi - - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=add-fromzone-fw \ - --zone-name="$VAR(../../../@)" \ - --from-zone="$VAR(../../@)" \ - --ruleset-type=ipv6-name \ - --ruleset-name="$VAR(@)"; then - exit 1 - fi - -update: - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=is-fwruleset-active \ - --zone-name="$VAR(../../../@)" \ - --ruleset-type=ipv6-name \ - --ruleset-name="$VAR(@)"; then - exit 1 - fi - - # need to undo previous ruleset here first - old_ruleset=$(cli-shell-api returnActiveValue zone-policy zone \ - $VAR(../../../@) from $VAR(../../@) firewall ipv6-name) - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=delete-fromzone-fw \ - --zone-name="$VAR(../../../@)" \ - --from-zone="$VAR(../../@)" \ - --ruleset-type=ipv6-name \ - --ruleset-name="$old_ruleset"; then - exit 1 - fi - - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=add-fromzone-fw \ - --zone-name="$VAR(../../../@)" \ - --from-zone="$VAR(../../@)" \ - --ruleset-type=ipv6-name \ - --ruleset-name="$VAR(@)"; then - exit 1 - fi - -delete: - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=delete-fromzone-fw \ - --zone-name="$VAR(../../../@)" \ - --from-zone="$VAR(../../@)" \ - --ruleset-type=ipv6-name \ - --ruleset-name="$VAR(@)"; then - exit 1 - fi diff --git a/templates/zone-policy/zone/node.tag/from/node.tag/firewall/name/node.def b/templates/zone-policy/zone/node.tag/from/node.tag/firewall/name/node.def deleted file mode 100644 index 605add4b..00000000 --- a/templates/zone-policy/zone/node.tag/from/node.tag/firewall/name/node.def +++ /dev/null @@ -1,66 +0,0 @@ -type: txt -help: IPv4 firewall ruleset - -allowed: - local -a params ; - eval "params=($(cli-shell-api listActiveNodes firewall name))" - echo -n "${params[@]}" - -create: - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=is-fwruleset-active \ - --zone-name="$VAR(../../../@)" \ - --ruleset-type=name \ - --ruleset-name="$VAR(@)"; then - exit 1 - fi - - - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=add-fromzone-fw \ - --zone-name="$VAR(../../../@)" \ - --from-zone="$VAR(../../@)" \ - --ruleset-type=name \ - --ruleset-name="$VAR(@)"; then - exit 1 - fi - -update: - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=is-fwruleset-active \ - --zone-name="$VAR(../../../@)" \ - --ruleset-type=name \ - --ruleset-name="$VAR(@)"; then - exit 1 - fi - - # need to undo previous ruleset here first - old_ruleset=$(cli-shell-api returnActiveValue zone-policy zone \ - $VAR(../../../@) from $VAR(../../@) firewall name) - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=delete-fromzone-fw \ - --zone-name="$VAR(../../../@)" \ - --from-zone="$VAR(../../@)" \ - --ruleset-type=name \ - --ruleset-name="$old_ruleset"; then - exit 1 - fi - - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=add-fromzone-fw \ - --zone-name="$VAR(../../../@)" \ - --from-zone="$VAR(../../@)" \ - --ruleset-type=name \ - --ruleset-name="$VAR(@)"; then - exit 1 - fi - -delete: - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=delete-fromzone-fw \ - --zone-name="$VAR(../../../@)" \ - --from-zone="$VAR(../../@)" \ - --ruleset-type=name \ - --ruleset-name="$VAR(@)"; then - exit 1 - fi diff --git a/templates/zone-policy/zone/node.tag/from/node.tag/firewall/node.def b/templates/zone-policy/zone/node.tag/from/node.tag/firewall/node.def deleted file mode 100644 index bb7fff53..00000000 --- a/templates/zone-policy/zone/node.tag/from/node.tag/firewall/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Firewall options diff --git a/templates/zone-policy/zone/node.tag/interface/node.def b/templates/zone-policy/zone/node.tag/interface/node.def deleted file mode 100644 index 36ff3e29..00000000 --- a/templates/zone-policy/zone/node.tag/interface/node.def +++ /dev/null @@ -1,24 +0,0 @@ -multi: -type: txt -help: Interface associated with zone -allowed: /opt/vyatta/sbin/vyatta-interfaces.pl --show=all | sed -e s/'lo '// - -syntax:expression: $VAR(@) != "lo" ; "Cannot assign loopback interface to a transit zone. It's part of local-zone" - -create: /opt/vyatta/sbin/vyatta-interfaces.pl --dev=$VAR(@) --warn - -create: - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=add-zone-interface \ - --zone-name="$VAR(../@)" \ - --interface="$VAR(@)"; then - exit 1 - fi - -delete: - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=delete-zone-interface \ - --zone-name="$VAR(../@)" \ - --interface="$VAR(@)"; then - exit 1 - fi diff --git a/templates/zone-policy/zone/node.tag/local-zone/node.def b/templates/zone-policy/zone/node.tag/local-zone/node.def deleted file mode 100644 index 4db0f63e..00000000 --- a/templates/zone-policy/zone/node.tag/local-zone/node.def +++ /dev/null @@ -1,15 +0,0 @@ -help: Zone to be local-zone - -create: - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=add-localzone \ - --zone-name="$VAR(../@)"; then - exit 1 - fi - -delete: - if ! /opt/vyatta/sbin/vyatta-zone.pl \ - --action=delete-localzone \ - --zone-name="$VAR(../@)"; then - exit 1 - fi |