add content-inspection feature for zones

* code to configure content-inspection on a zone-pair basis
* COMING UP : as much as possible, move code applicable to firewall
  and IPS and other future features to ZONE library

1 files changed, 26 insertions, 10 deletions

diff --git a/templates-cfg/zone-policy/zone/node.def b/templates-cfg/zone-policy/zone/node.def
index eb8c3c8..56c09c2 100644
--- a/templates-cfg/zone-policy/zone/node.def
+++ b/templates-cfg/zone-policy/zone/node.def
@@ -10,15 +10,31 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Zone name cannot start with \"-\""
 syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Zone name cannot contain ';'"
 
 create: 
-	if ! /opt/vyatta/sbin/vyatta-zone.pl 	\
-          --action=add-zone                 	\
-          --zone-name="$VAR(@)"; then
-          exit 1
-        fi
+	# fw zone actions
+	if ! /opt/vyatta/sbin/vyatta-zone.pl		\
+	  --action=add-zone				\
+	  --zone-name="$VAR(@)"; then
+	  exit 1
+	fi
+
+	# ips zone actions
+	if ! /opt/vyatta/sbin/vyatta-zone-ips.pl	\
+	  --action=add-zone				\
+	  --zone-name="$VAR(@)"; then
+	  exit 1
+	fi
 
 delete: 
-	if ! /opt/vyatta/sbin/vyatta-zone.pl 	\
-          --action=delete-zone                 	\
-          --zone-name="$VAR(@)"; then
-          exit 1
-        fi
+	# fw zone actions
+	if ! /opt/vyatta/sbin/vyatta-zone.pl		\
+	  --action=delete-zone				\
+	  --zone-name="$VAR(@)"; then
+	  exit 1
+	fi
+
+	# ips zone actions
+	if ! /opt/vyatta/sbin/vyatta-zone-ips.pl	\
+	  --action=delete-zone				\
+	  --zone-name="$VAR(@)"; then
+	  exit 1
+	fi