diff options
| author | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-08-06 15:24:57 -0700 |
|---|---|---|
| committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-08-06 15:24:57 -0700 |
| commit | f1315989a14f89e1629180bc16e36f21ddef2285 (patch) | |
| tree | 6310f03e79f3ccadfa99987926ac4fa220ae3a8b | |
| parent | 50d63e63d355fb6833adabd2c4972baeb6a5c61f (diff) | |
| download | vyatta-conntrack-f1315989a14f89e1629180bc16e36f21ddef2285.tar.gz vyatta-conntrack-f1315989a14f89e1629180bc16e36f21ddef2285.zip | |
initial commit for 8067
11 files changed, 69 insertions, 0 deletions
diff --git a/templates-cfg/system/conntrack/ignore/node.def b/templates-cfg/system/conntrack/ignore/node.def new file mode 100644 index 0000000..5bb117f --- /dev/null +++ b/templates-cfg/system/conntrack/ignore/node.def @@ -0,0 +1,2 @@ +help: configure customized ignore rules for selective connection tracking +end:expression: "sudo /opt/vyatta/bin/sudo-users/vyatta-conntrack-ignore.pl" diff --git a/templates-cfg/system/conntrack/ignore/rule/node.def b/templates-cfg/system/conntrack/ignore/rule/node.def new file mode 100644 index 0000000..a504c7e --- /dev/null +++ b/templates-cfg/system/conntrack/ignore/rule/node.def @@ -0,0 +1,10 @@ +tag: + +type: u32 + +help: Rule number (1-9999) + +syntax:expression: $VAR(@) > 0 && $VAR(@) <= 9999; "ignore rule number must be between 1 and 9999" + +val_help: u32:1-9999; Rule number + diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/description/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/description/node.def new file mode 100644 index 0000000..b0b46d2 --- /dev/null +++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/description/node.def @@ -0,0 +1,4 @@ +type: txt + +help: Rule description + diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/destination/address/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/destination/address/node.def new file mode 100644 index 0000000..de86d2a --- /dev/null +++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/destination/address/node.def @@ -0,0 +1,11 @@ +type: txt + +help: Destination IP address, subnet, or range + +val_help: ipv4; IP address to match +val_help: ipv4net; Subnet to match +val_help: ipv4range; IP range to match +val_help: !ipv4; Match everything except the specified address +val_help: !ipv4net; Match everything except the specified subnet +val_help: !ipv4range; Match everything except the specified range + diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/destination/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/destination/node.def new file mode 100644 index 0000000..dc227b7 --- /dev/null +++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/destination/node.def @@ -0,0 +1 @@ +help: Destination parameters diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/destination/port/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/destination/port/node.def new file mode 100644 index 0000000..5f53756 --- /dev/null +++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/destination/port/node.def @@ -0,0 +1,11 @@ +type: txt + +help: Destination port + +val_help: <port name>; Named port (any name in /etc/services, e.g., http) +val_help: u32:1-65535; Numbered port +val_help: range; Numbered port range (e.g., 1001-1005) +comp_help: Multiple destination ports can be specified as a comma-separated list. +The whole list can also be "negated" using '!'. For example: + '!22,telnet,http,123,1001-1005' + diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/inbound-interface/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/inbound-interface/node.def new file mode 100644 index 0000000..62e0fc4 --- /dev/null +++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/inbound-interface/node.def @@ -0,0 +1,5 @@ +type: txt +help: interface to ignore connections tracking on + +allowed: ${vyatta_sbindir}/vyatta-interfaces.pl --show all + diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def new file mode 100644 index 0000000..ccad73d --- /dev/null +++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def @@ -0,0 +1,2 @@ +help: protocol to ignore connection tracking for +type:txt diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/source/address/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/source/address/node.def new file mode 100644 index 0000000..de86d2a --- /dev/null +++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/source/address/node.def @@ -0,0 +1,11 @@ +type: txt + +help: Destination IP address, subnet, or range + +val_help: ipv4; IP address to match +val_help: ipv4net; Subnet to match +val_help: ipv4range; IP range to match +val_help: !ipv4; Match everything except the specified address +val_help: !ipv4net; Match everything except the specified subnet +val_help: !ipv4range; Match everything except the specified range + diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/source/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/source/node.def new file mode 100644 index 0000000..84cdc1f --- /dev/null +++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/source/node.def @@ -0,0 +1 @@ +help: Source parameters diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/source/port/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/source/port/node.def new file mode 100644 index 0000000..5f53756 --- /dev/null +++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/source/port/node.def @@ -0,0 +1,11 @@ +type: txt + +help: Destination port + +val_help: <port name>; Named port (any name in /etc/services, e.g., http) +val_help: u32:1-65535; Numbered port +val_help: range; Numbered port range (e.g., 1001-1005) +comp_help: Multiple destination ports can be specified as a comma-separated list. +The whole list can also be "negated" using '!'. For example: + '!22,telnet,http,123,1001-1005' + |