summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/Vyatta/Conntrack/RuleIgnore.pm1
-rw-r--r--templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def21
2 files changed, 21 insertions, 1 deletions
diff --git a/lib/Vyatta/Conntrack/RuleIgnore.pm b/lib/Vyatta/Conntrack/RuleIgnore.pm
index fcb1c6b..9b9abe1 100644
--- a/lib/Vyatta/Conntrack/RuleIgnore.pm
+++ b/lib/Vyatta/Conntrack/RuleIgnore.pm
@@ -67,6 +67,7 @@ sub setup_base {
$self->{_comment} = $level;
$self->{_rule_number} = $config->returnParent("..");
$self->{_interface} = $config->$val_func("inbound-interface");
+ $self->{_protocol} = $config->$val_func("protocol");
$src->$addr_setup("$level source");
$src->{_protocol} = $self->{_protocol};#needed to use address filter
diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def
index ccad73d..59f23a3 100644
--- a/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def
+++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def
@@ -1,2 +1,21 @@
+type: txt
help: protocol to ignore connection tracking for
-type:txt
+
+val_help: txt ; IP protocol name from /etc/protocols (e.g. "tcp" or "udp")
+val_help: u32:0-255 ; IP protocol number
+val_help: tcp_udp ; Both TCP and UDP
+val_help: all ; All IP protocols
+val_help: !<protocol> ; All IP protocols except for the specified name or number (negation)
+
+syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'`\" ] \
+ && [ \"$VAR(@)\" != 'tcp_udp' ]; then \
+ echo invalid protocol \"$VAR(@)\" ; \
+ exit 1 ; \
+ fi ; "
+
+# Provide some help for command completion. Doesn't return negated
+# values or protocol numbers
+allowed:
+ protos=`cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }' | grep -v 'v6'`
+ protos="all $protos tcp_udp"
+ echo -n $protos
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-10 15:31:13 +0000