summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGaurav Sinha <gaurav.sinha@vyatta.com>2012-08-06 15:24:57 -0700
committerGaurav Sinha <gaurav.sinha@vyatta.com>2012-08-06 15:24:57 -0700
commitf1315989a14f89e1629180bc16e36f21ddef2285 (patch)
tree6310f03e79f3ccadfa99987926ac4fa220ae3a8b
parent50d63e63d355fb6833adabd2c4972baeb6a5c61f (diff)
downloadvyatta-conntrack-f1315989a14f89e1629180bc16e36f21ddef2285.tar.gz
vyatta-conntrack-f1315989a14f89e1629180bc16e36f21ddef2285.zip
initial commit for 8067
-rw-r--r--templates-cfg/system/conntrack/ignore/node.def2
-rw-r--r--templates-cfg/system/conntrack/ignore/rule/node.def10
-rw-r--r--templates-cfg/system/conntrack/ignore/rule/node.tag/description/node.def4
-rw-r--r--templates-cfg/system/conntrack/ignore/rule/node.tag/destination/address/node.def11
-rw-r--r--templates-cfg/system/conntrack/ignore/rule/node.tag/destination/node.def1
-rw-r--r--templates-cfg/system/conntrack/ignore/rule/node.tag/destination/port/node.def11
-rw-r--r--templates-cfg/system/conntrack/ignore/rule/node.tag/inbound-interface/node.def5
-rw-r--r--templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def2
-rw-r--r--templates-cfg/system/conntrack/ignore/rule/node.tag/source/address/node.def11
-rw-r--r--templates-cfg/system/conntrack/ignore/rule/node.tag/source/node.def1
-rw-r--r--templates-cfg/system/conntrack/ignore/rule/node.tag/source/port/node.def11
11 files changed, 69 insertions, 0 deletions
diff --git a/templates-cfg/system/conntrack/ignore/node.def b/templates-cfg/system/conntrack/ignore/node.def
new file mode 100644
index 0000000..5bb117f
--- /dev/null
+++ b/templates-cfg/system/conntrack/ignore/node.def
@@ -0,0 +1,2 @@
+help: configure customized ignore rules for selective connection tracking
+end:expression: "sudo /opt/vyatta/bin/sudo-users/vyatta-conntrack-ignore.pl"
diff --git a/templates-cfg/system/conntrack/ignore/rule/node.def b/templates-cfg/system/conntrack/ignore/rule/node.def
new file mode 100644
index 0000000..a504c7e
--- /dev/null
+++ b/templates-cfg/system/conntrack/ignore/rule/node.def
@@ -0,0 +1,10 @@
+tag:
+
+type: u32
+
+help: Rule number (1-9999)
+
+syntax:expression: $VAR(@) > 0 && $VAR(@) <= 9999; "ignore rule number must be between 1 and 9999"
+
+val_help: u32:1-9999; Rule number
+
diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/description/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/description/node.def
new file mode 100644
index 0000000..b0b46d2
--- /dev/null
+++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/description/node.def
@@ -0,0 +1,4 @@
+type: txt
+
+help: Rule description
+
diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/destination/address/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/destination/address/node.def
new file mode 100644
index 0000000..de86d2a
--- /dev/null
+++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/destination/address/node.def
@@ -0,0 +1,11 @@
+type: txt
+
+help: Destination IP address, subnet, or range
+
+val_help: ipv4; IP address to match
+val_help: ipv4net; Subnet to match
+val_help: ipv4range; IP range to match
+val_help: !ipv4; Match everything except the specified address
+val_help: !ipv4net; Match everything except the specified subnet
+val_help: !ipv4range; Match everything except the specified range
+
diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/destination/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/destination/node.def
new file mode 100644
index 0000000..dc227b7
--- /dev/null
+++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/destination/node.def
@@ -0,0 +1 @@
+help: Destination parameters
diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/destination/port/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/destination/port/node.def
new file mode 100644
index 0000000..5f53756
--- /dev/null
+++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/destination/port/node.def
@@ -0,0 +1,11 @@
+type: txt
+
+help: Destination port
+
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple destination ports can be specified as a comma-separated list.
+The whole list can also be "negated" using '!'. For example:
+ '!22,telnet,http,123,1001-1005'
+
diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/inbound-interface/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/inbound-interface/node.def
new file mode 100644
index 0000000..62e0fc4
--- /dev/null
+++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/inbound-interface/node.def
@@ -0,0 +1,5 @@
+type: txt
+help: interface to ignore connections tracking on
+
+allowed: ${vyatta_sbindir}/vyatta-interfaces.pl --show all
+
diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def
new file mode 100644
index 0000000..ccad73d
--- /dev/null
+++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def
@@ -0,0 +1,2 @@
+help: protocol to ignore connection tracking for
+type:txt
diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/source/address/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/source/address/node.def
new file mode 100644
index 0000000..de86d2a
--- /dev/null
+++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/source/address/node.def
@@ -0,0 +1,11 @@
+type: txt
+
+help: Destination IP address, subnet, or range
+
+val_help: ipv4; IP address to match
+val_help: ipv4net; Subnet to match
+val_help: ipv4range; IP range to match
+val_help: !ipv4; Match everything except the specified address
+val_help: !ipv4net; Match everything except the specified subnet
+val_help: !ipv4range; Match everything except the specified range
+
diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/source/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/source/node.def
new file mode 100644
index 0000000..84cdc1f
--- /dev/null
+++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/source/node.def
@@ -0,0 +1 @@
+help: Source parameters
diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/source/port/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/source/port/node.def
new file mode 100644
index 0000000..5f53756
--- /dev/null
+++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/source/port/node.def
@@ -0,0 +1,11 @@
+type: txt
+
+help: Destination port
+
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple destination ports can be specified as a comma-separated list.
+The whole list can also be "negated" using '!'. For example:
+ '!22,telnet,http,123,1001-1005'
+