summaryrefslogtreecommitdiff
path: root/templates-cfg/zone-policy/zone/node.tag
diff options
context:
space:
mode:
Diffstat (limited to 'templates-cfg/zone-policy/zone/node.tag')
-rw-r--r--templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/.ipv6-enable/node.def46
-rw-r--r--templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/enable/node.def46
-rw-r--r--templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/node.def1
-rw-r--r--templates-cfg/zone-policy/zone/node.tag/interface/node.def16
-rw-r--r--templates-cfg/zone-policy/zone/node.tag/local-zone/node.def14
5 files changed, 0 insertions, 123 deletions
diff --git a/templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/.ipv6-enable/node.def b/templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/.ipv6-enable/node.def
deleted file mode 100644
index 87a2ea1..0000000
--- a/templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/.ipv6-enable/node.def
+++ /dev/null
@@ -1,46 +0,0 @@
-help: Option to enable IPv6 content-inspection
-
-# check if traffic-filter is set
-commit:expression:
-exec "
-if cli-shell-api existsEffective \
-content-inspection traffic-filter ipv6-preset; then \
- exit 0; \
-fi; \
-if cli-shell-api existsEffective \
-content-inspection traffic-filter ipv6-custom; then \
- exit 0; \
-fi; \
-echo IPv6 content-inspection traffic-filter not set; \
-exit 1"
-
-# make sure inspect-all is not enabled
-commit:expression:
-exec "
-if ! cli-shell-api existsEffective \
-content-inspection inspect-all ipv6-enable; then \
- exit 0; \
-fi; \
-echo IPv6 content-inspection enabled for all traffic. Not \
-allowed to configure inspection on a per-zone basis.; \
-exit 1"
-
-create:
- if ! /opt/vyatta/sbin/vyatta-zone-ips.pl \
- --action=add-fromzone-ips \
- --zone-name="$VAR(../../../@)" \
- --from-zone="$VAR(../../@)" \
- --ruleset-type=ipv6-name \
- --ruleset-name=VYATTA_SNORT_all_HOOK; then
- exit 1
- fi
-
-delete:
- if ! /opt/vyatta/sbin/vyatta-zone-ips.pl \
- --action=delete-fromzone-ips \
- --zone-name="$VAR(../../../@)" \
- --from-zone="$VAR(../../@)" \
- --ruleset-type=ipv6-name \
- --ruleset-name=VYATTA_SNORT_all_HOOK; then
- exit 1
- fi
diff --git a/templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/enable/node.def b/templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/enable/node.def
deleted file mode 100644
index 484780a..0000000
--- a/templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/enable/node.def
+++ /dev/null
@@ -1,46 +0,0 @@
-help: Option to enable IPv4 content-inspection
-
-# check if traffic-filter is set
-commit:expression:
-exec "
-if cli-shell-api existsEffective \
-content-inspection traffic-filter preset; then \
- exit 0; \
-fi; \
-if cli-shell-api existsEffective \
-content-inspection traffic-filter custom; then \
- exit 0; \
-fi; \
-echo IPv4 content-inspection traffic-filter not set; \
-exit 1"
-
-# make sure inspect-all is not enabled
-commit:expression:
-exec "
-if ! cli-shell-api existsEffective \
-content-inspection inspect-all enable; then \
- exit 0; \
-fi; \
-echo IPv4 content-inspection enabled for all traffic. Not \
-allowed to configure inspection on a per-zone basis.; \
-exit 1"
-
-create:
- if ! /opt/vyatta/sbin/vyatta-zone-ips.pl \
- --action=add-fromzone-ips \
- --zone-name="$VAR(../../../@)" \
- --from-zone="$VAR(../../@)" \
- --ruleset-type=name \
- --ruleset-name=VYATTA_SNORT_all_HOOK; then
- exit 1
- fi
-
-delete:
- if ! /opt/vyatta/sbin/vyatta-zone-ips.pl \
- --action=delete-fromzone-ips \
- --zone-name="$VAR(../../../@)" \
- --from-zone="$VAR(../../@)" \
- --ruleset-type=name \
- --ruleset-name=VYATTA_SNORT_all_HOOK; then
- exit 1
- fi
diff --git a/templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/node.def b/templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/node.def
deleted file mode 100644
index 9ba25ef..0000000
--- a/templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/node.def
+++ /dev/null
@@ -1 +0,0 @@
-help: Content-inspection options
diff --git a/templates-cfg/zone-policy/zone/node.tag/interface/node.def b/templates-cfg/zone-policy/zone/node.tag/interface/node.def
index c9137c4..ab16aa5 100644
--- a/templates-cfg/zone-policy/zone/node.tag/interface/node.def
+++ b/templates-cfg/zone-policy/zone/node.tag/interface/node.def
@@ -16,14 +16,6 @@ create:
exit 1
fi
- # ips zone actions
- if ! /opt/vyatta/sbin/vyatta-zone-ips.pl \
- --action=add-zone-interface \
- --zone-name="$VAR(../@)" \
- --interface="$VAR(@)"; then
- exit 1
- fi
-
delete:
# fw zone actions
if ! /opt/vyatta/sbin/vyatta-zone.pl \
@@ -32,11 +24,3 @@ delete:
--interface="$VAR(@)"; then
exit 1
fi
-
- # ips zone actions
- if ! /opt/vyatta/sbin/vyatta-zone-ips.pl \
- --action=delete-zone-interface \
- --zone-name="$VAR(../@)" \
- --interface="$VAR(@)"; then
- exit 1
- fi
diff --git a/templates-cfg/zone-policy/zone/node.tag/local-zone/node.def b/templates-cfg/zone-policy/zone/node.tag/local-zone/node.def
index 07c3d55..22be69b 100644
--- a/templates-cfg/zone-policy/zone/node.tag/local-zone/node.def
+++ b/templates-cfg/zone-policy/zone/node.tag/local-zone/node.def
@@ -8,13 +8,6 @@ create:
exit 1
fi
- # ips zone actions
- if ! /opt/vyatta/sbin/vyatta-zone-ips.pl \
- --action=add-localzone \
- --zone-name="$VAR(../@)"; then
- exit 1
- fi
-
delete:
# fw zone actions
if ! /opt/vyatta/sbin/vyatta-zone.pl \
@@ -22,10 +15,3 @@ delete:
--zone-name="$VAR(../@)"; then
exit 1
fi
-
- # ips zone actions
- if ! /opt/vyatta/sbin/vyatta-zone-ips.pl \
- --action=delete-localzone \
- --zone-name="$VAR(../@)"; then
- exit 1
- fi
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-19 23:04:10 +0000