From 9e657cce7adc07b11f3f19c492ac670b9b817899 Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil.baturin@vyatta.com>
Date: Tue, 13 Sep 2011 22:26:19 +0700
Subject: Add templates for destination NAT

---
 templates-cfg/nat/destination/node.def             |  1 +
 templates-cfg/nat/destination/rule/node.def        | 11 ++++++++
 .../destination/rule/node.tag/description/node.def |  3 +++
 .../rule/node.tag/destination/address/node.def     | 10 ++++++++
 .../destination/rule/node.tag/destination/node.def |  1 +
 .../rule/node.tag/destination/port/node.def        | 11 ++++++++
 .../nat/destination/rule/node.tag/disable/node.def |  1 +
 .../nat/destination/rule/node.tag/exclude/node.def |  1 +
 .../rule/node.tag/inbound-interface/node.def       | 30 ++++++++++++++++++++++
 .../rule/node.tag/inside-address/address/node.def  |  7 +++++
 .../rule/node.tag/inside-address/node.def          |  1 +
 .../rule/node.tag/inside-address/port/node.def     |  6 +++++
 .../nat/destination/rule/node.tag/log/node.def     |  6 +++++
 .../destination/rule/node.tag/protocol/node.def    | 15 +++++++++++
 .../rule/node.tag/source/address/node.def          | 10 ++++++++
 .../nat/destination/rule/node.tag/source/node.def  |  1 +
 .../destination/rule/node.tag/source/port/node.def | 11 ++++++++
 17 files changed, 126 insertions(+)
 create mode 100644 templates-cfg/nat/destination/node.def
 create mode 100644 templates-cfg/nat/destination/rule/node.def
 create mode 100644 templates-cfg/nat/destination/rule/node.tag/description/node.def
 create mode 100644 templates-cfg/nat/destination/rule/node.tag/destination/address/node.def
 create mode 100644 templates-cfg/nat/destination/rule/node.tag/destination/node.def
 create mode 100644 templates-cfg/nat/destination/rule/node.tag/destination/port/node.def
 create mode 100644 templates-cfg/nat/destination/rule/node.tag/disable/node.def
 create mode 100644 templates-cfg/nat/destination/rule/node.tag/exclude/node.def
 create mode 100644 templates-cfg/nat/destination/rule/node.tag/inbound-interface/node.def
 create mode 100644 templates-cfg/nat/destination/rule/node.tag/inside-address/address/node.def
 create mode 100644 templates-cfg/nat/destination/rule/node.tag/inside-address/node.def
 create mode 100644 templates-cfg/nat/destination/rule/node.tag/inside-address/port/node.def
 create mode 100644 templates-cfg/nat/destination/rule/node.tag/log/node.def
 create mode 100644 templates-cfg/nat/destination/rule/node.tag/protocol/node.def
 create mode 100644 templates-cfg/nat/destination/rule/node.tag/source/address/node.def
 create mode 100644 templates-cfg/nat/destination/rule/node.tag/source/node.def
 create mode 100644 templates-cfg/nat/destination/rule/node.tag/source/port/node.def

diff --git a/templates-cfg/nat/destination/node.def b/templates-cfg/nat/destination/node.def
new file mode 100644
index 0000000..6fb1f43
--- /dev/null
+++ b/templates-cfg/nat/destination/node.def
@@ -0,0 +1 @@
+help: Destination NAT settings
\ No newline at end of file
diff --git a/templates-cfg/nat/destination/rule/node.def b/templates-cfg/nat/destination/rule/node.def
new file mode 100644
index 0000000..c666be9
--- /dev/null
+++ b/templates-cfg/nat/destination/rule/node.def
@@ -0,0 +1,11 @@
+tag:
+
+type: u32
+
+help: Rule number for NAT
+
+syntax:expression: ($VAR(@) > 0 && $VAR(@) < 10000) ; \
+         "Rule number must be between 1 and 9999."
+
+val_help: u32:1-9999 ; Number for this NAT rule
+
diff --git a/templates-cfg/nat/destination/rule/node.tag/description/node.def b/templates-cfg/nat/destination/rule/node.tag/description/node.def
new file mode 100644
index 0000000..90bf88b
--- /dev/null
+++ b/templates-cfg/nat/destination/rule/node.tag/description/node.def
@@ -0,0 +1,3 @@
+type: txt
+
+help: Rule description
diff --git a/templates-cfg/nat/destination/rule/node.tag/destination/address/node.def b/templates-cfg/nat/destination/rule/node.tag/destination/address/node.def
new file mode 100644
index 0000000..e580b57
--- /dev/null
+++ b/templates-cfg/nat/destination/rule/node.tag/destination/address/node.def
@@ -0,0 +1,10 @@
+type: txt
+
+help: Destination IP address, subnet, or range
+
+val_help: ipv4 ; IP address to match
+val_help: ipv4net; Subnet to match
+val_help: ipv4range ; IP range to match
+val_help: !ipv4 ; Match everything except the specified address
+val_help: !ipv4net ; Match everything except the specified subnet
+val_help: !ipv4range ; Match everything except the specified range
diff --git a/templates-cfg/nat/destination/rule/node.tag/destination/node.def b/templates-cfg/nat/destination/rule/node.tag/destination/node.def
new file mode 100644
index 0000000..8fc8e75
--- /dev/null
+++ b/templates-cfg/nat/destination/rule/node.tag/destination/node.def
@@ -0,0 +1 @@
+help: NAT destination parameters
diff --git a/templates-cfg/nat/destination/rule/node.tag/destination/port/node.def b/templates-cfg/nat/destination/rule/node.tag/destination/port/node.def
new file mode 100644
index 0000000..7505487
--- /dev/null
+++ b/templates-cfg/nat/destination/rule/node.tag/destination/port/node.def
@@ -0,0 +1,11 @@
+type: txt
+
+help: Destination port
+
+val_help: <port name> ; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535 ; Numbered port
+val_help: <start>-<end> ; Numbered port range (e.g., 1001-1005)
+
+comp_help: Multiple destination ports can be specified as a comma-separated list.
+The whole list can also be "negated" using '!'. 
+For example:  '!22,telnet,http,123,1001-1005'
diff --git a/templates-cfg/nat/destination/rule/node.tag/disable/node.def b/templates-cfg/nat/destination/rule/node.tag/disable/node.def
new file mode 100644
index 0000000..c23fc5a
--- /dev/null
+++ b/templates-cfg/nat/destination/rule/node.tag/disable/node.def
@@ -0,0 +1 @@
+help: Disable NAT rule
diff --git a/templates-cfg/nat/destination/rule/node.tag/exclude/node.def b/templates-cfg/nat/destination/rule/node.tag/exclude/node.def
new file mode 100644
index 0000000..3fc118a
--- /dev/null
+++ b/templates-cfg/nat/destination/rule/node.tag/exclude/node.def
@@ -0,0 +1 @@
+help: Exclude packets matching this rule from NAT
diff --git a/templates-cfg/nat/destination/rule/node.tag/inbound-interface/node.def b/templates-cfg/nat/destination/rule/node.tag/inbound-interface/node.def
new file mode 100644
index 0000000..03466b9
--- /dev/null
+++ b/templates-cfg/nat/destination/rule/node.tag/inbound-interface/node.def
@@ -0,0 +1,30 @@
+type:  txt
+
+help: Inbound interface of NAT traffic
+
+enumeration: existing-interfaces; echo "any"
+
+val_help: <interface> ; Interface name or "any"
+
+commit:expression: exec "
+        if [ \"any\" == \"$VAR(@)\" ] ; then
+            exit 0
+        fi
+        intf_array=($(awk '$1 ~ /:/ { print $1 }' /proc/net/dev))
+        intf_array_len=${#intf_array[*]}
+        i=0
+        while [ $i -lt $intf_array_len ]; do
+             temp=${intf_array[$i]%:*}
+             if [ \"$temp\" == \"$VAR(@)\" ] ; then
+                   exit 0
+             fi
+             let i++
+        done
+        intf_group_name_array=\"eth+ bond+ br+ peth+ vtun+ tun+ wlm+ wlan+\"
+        i=0
+        for i in $intf_group_name_array; do
+          if [ \"$i\" == \"$VAR(@)\" ]; then
+            exit 0
+          fi
+        done
+        echo NAT configuration warning: interface $VAR(@) does not exist on this system "
diff --git a/templates-cfg/nat/destination/rule/node.tag/inside-address/address/node.def b/templates-cfg/nat/destination/rule/node.tag/inside-address/address/node.def
new file mode 100644
index 0000000..a00b483
--- /dev/null
+++ b/templates-cfg/nat/destination/rule/node.tag/inside-address/address/node.def
@@ -0,0 +1,7 @@
+type: txt
+
+help: Inside IP address or range for NAT
+
+val_help: ipv4 ; NAT to the specified IP address
+val_help: ipv4range ; NAT to the specified IP range
+val_help: ipv4net ; NAT to the specified network address. Host part of the address will remain unchanged
diff --git a/templates-cfg/nat/destination/rule/node.tag/inside-address/node.def b/templates-cfg/nat/destination/rule/node.tag/inside-address/node.def
new file mode 100644
index 0000000..e13cd32
--- /dev/null
+++ b/templates-cfg/nat/destination/rule/node.tag/inside-address/node.def
@@ -0,0 +1 @@
+help: Inside NAT IP (used by destination NAT only)
diff --git a/templates-cfg/nat/destination/rule/node.tag/inside-address/port/node.def b/templates-cfg/nat/destination/rule/node.tag/inside-address/port/node.def
new file mode 100644
index 0000000..ab6f9d4
--- /dev/null
+++ b/templates-cfg/nat/destination/rule/node.tag/inside-address/port/node.def
@@ -0,0 +1,6 @@
+type: txt
+
+help: Inside port
+
+val_help: u32:1-65535 ; Numbered port 
+val_help: <start>-<end> ; Numbered port range (e.g., 1001-1005)
diff --git a/templates-cfg/nat/destination/rule/node.tag/log/node.def b/templates-cfg/nat/destination/rule/node.tag/log/node.def
new file mode 100644
index 0000000..867b471
--- /dev/null
+++ b/templates-cfg/nat/destination/rule/node.tag/log/node.def
@@ -0,0 +1,6 @@
+type: txt
+
+help: NAT rule logging
+
+syntax:expression: $VAR(@) in "enable", "disable"; \
+         "NAT logging must be enable or disable."
diff --git a/templates-cfg/nat/destination/rule/node.tag/protocol/node.def b/templates-cfg/nat/destination/rule/node.tag/protocol/node.def
new file mode 100644
index 0000000..882581d
--- /dev/null
+++ b/templates-cfg/nat/destination/rule/node.tag/protocol/node.def
@@ -0,0 +1,15 @@
+type:  txt
+
+help: Protocol to NAT 
+
+val_help: txt ; IP protocol name from /etc/protocols (e.g. "tcp" or "udp")
+val_help: u32:0-255 ; IP protocol number
+val_help: tcp_udp ; Both TCP and UDP
+val_help: all ; All IP protocols
+val_help: !<protocol> ; All IP protocols except for the specified name or number (negation)
+
+syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'`\" ] \
+                        && [ \"$VAR(@)\" != 'tcp_udp' ]; then \
+        echo invalid protocol \"$VAR(@)\" ; \
+        exit 1 ; \
+     fi ; "
diff --git a/templates-cfg/nat/destination/rule/node.tag/source/address/node.def b/templates-cfg/nat/destination/rule/node.tag/source/address/node.def
new file mode 100644
index 0000000..08c0b41
--- /dev/null
+++ b/templates-cfg/nat/destination/rule/node.tag/source/address/node.def
@@ -0,0 +1,10 @@
+type: txt
+
+help: Source IPv4 address, subnet, or range
+
+val_help: ipv4 ; IP address to match
+val_help: ipv4net ; Subnet to match
+val_help: ipv4range ; IP range to match
+val_help: !ipv4 ; Match everything except the specified address
+val_help: !ipv4net ; Match everything except the specified subnet
+val_help: !ipv4range ; Match everything except the specified range
diff --git a/templates-cfg/nat/destination/rule/node.tag/source/node.def b/templates-cfg/nat/destination/rule/node.tag/source/node.def
new file mode 100644
index 0000000..299f6e5
--- /dev/null
+++ b/templates-cfg/nat/destination/rule/node.tag/source/node.def
@@ -0,0 +1 @@
+help: NAT source parameters
diff --git a/templates-cfg/nat/destination/rule/node.tag/source/port/node.def b/templates-cfg/nat/destination/rule/node.tag/source/port/node.def
new file mode 100644
index 0000000..d0e9de6
--- /dev/null
+++ b/templates-cfg/nat/destination/rule/node.tag/source/port/node.def
@@ -0,0 +1,11 @@
+type: txt
+
+help: Source port
+
+val_help: <port name> ; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535 ; Numbered port
+val_help: <start>-<end> ; Numbered port range (e.g., 1001-1005)
+
+comp_help: Multiple source ports can be specified as a comma-separated list.
+The whole list can also be "negated" using '!'. 
+For example:  '!22,telnet,http,123,1001-1005'
-- 
cgit v1.2.3