nat: T4138: Add port-range validation for NAT

Add port-validators for NAT rules that prevent to set incorrect
port-ranges (21-5) and incorrect ports (70000)

2 files changed, 10 insertions, 0 deletions

diff --git a/interface-definitions/include/nat-port.xml.i b/interface-definitions/include/nat-port.xml.i
index 7aabc33c3..5f762cfb3 100644
--- a/interface-definitions/include/nat-port.xml.i
+++ b/interface-definitions/include/nat-port.xml.i
@@ -3,6 +3,10 @@
   <properties>
     <help>Port number</help>
     <valueHelp>
+     <format>txt</format>
+     <description>Named port (any name in /etc/services, e.g., http)</description>
+    </valueHelp>
+    <valueHelp>
       <format>u32:1-65535</format>
       <description>Numeric IP port</description>
     </valueHelp>
@@ -14,6 +18,9 @@
       <format/>
       <description>\n\nMultiple destination ports can be specified as a comma-separated list.\nThe whole list can also be negated using '!'.\nFor example: '!22,telnet,http,123,1001-1005'</description>
     </valueHelp>
+    <constraint>
+     <validator name="port-multi"/>
+    </constraint>
   </properties>
 </leafNode>
 <!-- include end -->
diff --git a/interface-definitions/include/nat-translation-port.xml.i b/interface-definitions/include/nat-translation-port.xml.i
index 6e507353c..6f17df3d9 100644
--- a/interface-definitions/include/nat-translation-port.xml.i
+++ b/interface-definitions/include/nat-translation-port.xml.i
@@ -10,6 +10,9 @@
       <format>range</format>
       <description>Numbered port range (e.g., 1001-1005)</description>
     </valueHelp>
+    <constraint>
+     <validator name="port-range"/>
+    </constraint>
   </properties>
 </leafNode>
 <!-- include end -->