Bug 5681: Templates changed to move NAT out of service branch, "service/nat" -> "nat".

22 files changed, 163 insertions, 0 deletions

diff --git a/templates-cfg/nat/node.def b/templates-cfg/nat/node.def
new file mode 100644
index 0000000..63f8866
--- /dev/null
+++ b/templates-cfg/nat/node.def
@@ -0,0 +1,5 @@
+priority: 220
+
+help: Network Address Translation (NAT) parameters
+
+end:expression: "sudo /opt/vyatta/sbin/vyatta-update-nat.pl"
diff --git a/templates-cfg/nat/rule/node.def b/templates-cfg/nat/rule/node.def
new file mode 100644
index 0000000..c666be9
--- /dev/null
+++ b/templates-cfg/nat/rule/node.def
@@ -0,0 +1,11 @@
+tag:
+
+type: u32
+
+help: Rule number for NAT
+
+syntax:expression: ($VAR(@) > 0 && $VAR(@) < 10000) ; \
+         "Rule number must be between 1 and 9999."
+
+val_help: u32:1-9999 ; Number for this NAT rule
+
diff --git a/templates-cfg/nat/rule/node.tag/description/node.def b/templates-cfg/nat/rule/node.tag/description/node.def
new file mode 100644
index 0000000..90bf88b
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/description/node.def
@@ -0,0 +1,3 @@
+type: txt
+
+help: Rule description
diff --git a/templates-cfg/nat/rule/node.tag/destination/address/node.def b/templates-cfg/nat/rule/node.tag/destination/address/node.def
new file mode 100644
index 0000000..e580b57
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/destination/address/node.def
@@ -0,0 +1,10 @@
+type: txt
+
+help: Destination IP address, subnet, or range
+
+val_help: ipv4 ; IP address to match
+val_help: ipv4net; Subnet to match
+val_help: ipv4range ; IP range to match
+val_help: !ipv4 ; Match everything except the specified address
+val_help: !ipv4net ; Match everything except the specified subnet
+val_help: !ipv4range ; Match everything except the specified range
diff --git a/templates-cfg/nat/rule/node.tag/destination/node.def b/templates-cfg/nat/rule/node.tag/destination/node.def
new file mode 100644
index 0000000..8fc8e75
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/destination/node.def
@@ -0,0 +1 @@
+help: NAT destination parameters
diff --git a/templates-cfg/nat/rule/node.tag/destination/port/node.def b/templates-cfg/nat/rule/node.tag/destination/port/node.def
new file mode 100644
index 0000000..7505487
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/destination/port/node.def
@@ -0,0 +1,11 @@
+type: txt
+
+help: Destination port
+
+val_help: <port name> ; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535 ; Numbered port
+val_help: <start>-<end> ; Numbered port range (e.g., 1001-1005)
+
+comp_help: Multiple destination ports can be specified as a comma-separated list.
+The whole list can also be "negated" using '!'. 
+For example:  '!22,telnet,http,123,1001-1005'
diff --git a/templates-cfg/nat/rule/node.tag/disable/node.def b/templates-cfg/nat/rule/node.tag/disable/node.def
new file mode 100644
index 0000000..c23fc5a
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/disable/node.def
@@ -0,0 +1 @@
+help: Disable NAT rule
diff --git a/templates-cfg/nat/rule/node.tag/exclude/node.def b/templates-cfg/nat/rule/node.tag/exclude/node.def
new file mode 100644
index 0000000..3fc118a
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/exclude/node.def
@@ -0,0 +1 @@
+help: Exclude packets matching this rule from NAT
diff --git a/templates-cfg/nat/rule/node.tag/inbound-interface/node.def b/templates-cfg/nat/rule/node.tag/inbound-interface/node.def
new file mode 100644
index 0000000..69913d6
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/inbound-interface/node.def
@@ -0,0 +1,20 @@
+type:  txt
+
+help: Inbound interface of NAT traffic
+
+enumeration: existing-interfaces
+
+val_help: <interface> ; Interface name
+
+commit:expression: exec "
+        intf_array=($(awk '$1 ~ /:/ { print $1 }' /proc/net/dev))
+        intf_array_len=${#intf_array[*]}
+        i=0
+        while [ $i -lt $intf_array_len ]; do
+             temp=${intf_array[$i]%:*}
+             if [ \"$temp\" == \"$VAR(@)\" ] ; then
+                   exit 0
+             fi
+             let i++
+        done
+        echo NAT configuration warning: interface $VAR(@) does not exist on this system "
diff --git a/templates-cfg/nat/rule/node.tag/inside-address/address/node.def b/templates-cfg/nat/rule/node.tag/inside-address/address/node.def
new file mode 100644
index 0000000..a00b483
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/inside-address/address/node.def
@@ -0,0 +1,7 @@
+type: txt
+
+help: Inside IP address or range for NAT
+
+val_help: ipv4 ; NAT to the specified IP address
+val_help: ipv4range ; NAT to the specified IP range
+val_help: ipv4net ; NAT to the specified network address. Host part of the address will remain unchanged
diff --git a/templates-cfg/nat/rule/node.tag/inside-address/node.def b/templates-cfg/nat/rule/node.tag/inside-address/node.def
new file mode 100644
index 0000000..e13cd32
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/inside-address/node.def
@@ -0,0 +1 @@
+help: Inside NAT IP (used by destination NAT only)
diff --git a/templates-cfg/nat/rule/node.tag/inside-address/port/node.def b/templates-cfg/nat/rule/node.tag/inside-address/port/node.def
new file mode 100644
index 0000000..ab6f9d4
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/inside-address/port/node.def
@@ -0,0 +1,6 @@
+type: txt
+
+help: Inside port
+
+val_help: u32:1-65535 ; Numbered port 
+val_help: <start>-<end> ; Numbered port range (e.g., 1001-1005)
diff --git a/templates-cfg/nat/rule/node.tag/log/node.def b/templates-cfg/nat/rule/node.tag/log/node.def
new file mode 100644
index 0000000..867b471
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/log/node.def
@@ -0,0 +1,6 @@
+type: txt
+
+help: NAT rule logging
+
+syntax:expression: $VAR(@) in "enable", "disable"; \
+         "NAT logging must be enable or disable."
diff --git a/templates-cfg/nat/rule/node.tag/outbound-interface/node.def b/templates-cfg/nat/rule/node.tag/outbound-interface/node.def
new file mode 100644
index 0000000..28e42e8
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/outbound-interface/node.def
@@ -0,0 +1,20 @@
+type:  txt
+
+help: Outbound interface for NAT traffic
+
+enumeration: existing-interfaces
+
+val_help: <interface> ; Interface name
+
+commit:expression: exec "
+        intf_array=($(awk '$1 ~ /:/ { print $1 }' /proc/net/dev))
+        intf_array_len=${#intf_array[*]}
+        i=0
+        while [ $i -lt $intf_array_len ]; do
+             temp=${intf_array[$i]%:*}
+             if [ \"$temp\" == \"$VAR(@)\" ] ; then
+                   exit 0
+             fi
+             let i++
+        done
+        echo NAT configuration warning: interface $VAR(@) does not exist on this system "
diff --git a/templates-cfg/nat/rule/node.tag/outside-address/address/node.def b/templates-cfg/nat/rule/node.tag/outside-address/address/node.def
new file mode 100644
index 0000000..abd5d45
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/outside-address/address/node.def
@@ -0,0 +1,7 @@
+type: txt
+
+help: Outside IP address or range for NAT
+
+val_help: ipv4 ; NAT to the specified IP address
+val_help: ipv4range ; NAT to the specified IP range
+val_help: ipv4net ; NAT to the specified network address. Host part of the address will remain unchanged
diff --git a/templates-cfg/nat/rule/node.tag/outside-address/node.def b/templates-cfg/nat/rule/node.tag/outside-address/node.def
new file mode 100644
index 0000000..b8e1e19
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/outside-address/node.def
@@ -0,0 +1 @@
+help: Outside NAT IP (used by source NAT only)
diff --git a/templates-cfg/nat/rule/node.tag/outside-address/port/node.def b/templates-cfg/nat/rule/node.tag/outside-address/port/node.def
new file mode 100644
index 0000000..8e3b331
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/outside-address/port/node.def
@@ -0,0 +1,6 @@
+type: txt
+
+help: Outside port
+
+val_help: u32:1-65535 ; Numbered port
+val_help: <start>-<end> ; Numbered port range (e.g., 1001-1005)
diff --git a/templates-cfg/nat/rule/node.tag/protocol/node.def b/templates-cfg/nat/rule/node.tag/protocol/node.def
new file mode 100644
index 0000000..882581d
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/protocol/node.def
@@ -0,0 +1,15 @@
+type:  txt
+
+help: Protocol to NAT 
+
+val_help: txt ; IP protocol name from /etc/protocols (e.g. "tcp" or "udp")
+val_help: u32:0-255 ; IP protocol number
+val_help: tcp_udp ; Both TCP and UDP
+val_help: all ; All IP protocols
+val_help: !<protocol> ; All IP protocols except for the specified name or number (negation)
+
+syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'`\" ] \
+                        && [ \"$VAR(@)\" != 'tcp_udp' ]; then \
+        echo invalid protocol \"$VAR(@)\" ; \
+        exit 1 ; \
+     fi ; "
diff --git a/templates-cfg/nat/rule/node.tag/source/address/node.def b/templates-cfg/nat/rule/node.tag/source/address/node.def
new file mode 100644
index 0000000..08c0b41
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/source/address/node.def
@@ -0,0 +1,10 @@
+type: txt
+
+help: Source IPv4 address, subnet, or range
+
+val_help: ipv4 ; IP address to match
+val_help: ipv4net ; Subnet to match
+val_help: ipv4range ; IP range to match
+val_help: !ipv4 ; Match everything except the specified address
+val_help: !ipv4net ; Match everything except the specified subnet
+val_help: !ipv4range ; Match everything except the specified range
diff --git a/templates-cfg/nat/rule/node.tag/source/node.def b/templates-cfg/nat/rule/node.tag/source/node.def
new file mode 100644
index 0000000..299f6e5
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/source/node.def
@@ -0,0 +1 @@
+help: NAT source parameters
diff --git a/templates-cfg/nat/rule/node.tag/source/port/node.def b/templates-cfg/nat/rule/node.tag/source/port/node.def
new file mode 100644
index 0000000..d0e9de6
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/source/port/node.def
@@ -0,0 +1,11 @@
+type: txt
+
+help: Source port
+
+val_help: <port name> ; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535 ; Numbered port
+val_help: <start>-<end> ; Numbered port range (e.g., 1001-1005)
+
+comp_help: Multiple source ports can be specified as a comma-separated list.
+The whole list can also be "negated" using '!'. 
+For example:  '!22,telnet,http,123,1001-1005'
diff --git a/templates-cfg/nat/rule/node.tag/type/node.def b/templates-cfg/nat/rule/node.tag/type/node.def
new file mode 100644
index 0000000..3f65d88
--- /dev/null
+++ b/templates-cfg/nat/rule/node.tag/type/node.def
@@ -0,0 +1,9 @@
+type:  txt
+
+help: Type of NAT [REQUIRED]
+
+syntax:expression: $VAR(@) in "source", "destination", "masquerade"; "invalid type $VAR(@)"
+
+val_help: source ; Source NAT
+val_help: destination ; Destination NAT
+val_help: masquerade ; Masquerade NAT