summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2022-01-25 19:09:08 +0000
committerViacheslav Hletenko <v.gletenko@vyos.io>2022-01-25 19:09:08 +0000
commit1d65ce9558b7c814295474a7cdf648866b612ff6 (patch)
tree095f7b4b9f0e3a37df8cee3a35a69a9dd0aaa4c8
parent3249d761843c45fd25de1de31de33df018455bab (diff)
downloadvyos-1x-1d65ce9558b7c814295474a7cdf648866b612ff6.tar.gz
vyos-1x-1d65ce9558b7c814295474a7cdf648866b612ff6.zip
nat: T4138: Add port-range validation for NAT
Add port-validators for NAT rules that prevent to set incorrect port-ranges (21-5) and incorrect ports (70000)
-rw-r--r--interface-definitions/include/nat-port.xml.i7
-rw-r--r--interface-definitions/include/nat-translation-port.xml.i3
2 files changed, 10 insertions, 0 deletions
diff --git a/interface-definitions/include/nat-port.xml.i b/interface-definitions/include/nat-port.xml.i
index 7aabc33c3..5f762cfb3 100644
--- a/interface-definitions/include/nat-port.xml.i
+++ b/interface-definitions/include/nat-port.xml.i
@@ -3,6 +3,10 @@
<properties>
<help>Port number</help>
<valueHelp>
+ <format>txt</format>
+ <description>Named port (any name in /etc/services, e.g., http)</description>
+ </valueHelp>
+ <valueHelp>
<format>u32:1-65535</format>
<description>Numeric IP port</description>
</valueHelp>
@@ -14,6 +18,9 @@
<format/>
<description>\n\nMultiple destination ports can be specified as a comma-separated list.\nThe whole list can also be negated using '!'.\nFor example: '!22,telnet,http,123,1001-1005'</description>
</valueHelp>
+ <constraint>
+ <validator name="port-multi"/>
+ </constraint>
</properties>
</leafNode>
<!-- include end -->
diff --git a/interface-definitions/include/nat-translation-port.xml.i b/interface-definitions/include/nat-translation-port.xml.i
index 6e507353c..6f17df3d9 100644
--- a/interface-definitions/include/nat-translation-port.xml.i
+++ b/interface-definitions/include/nat-translation-port.xml.i
@@ -10,6 +10,9 @@
<format>range</format>
<description>Numbered port range (e.g., 1001-1005)</description>
</valueHelp>
+ <constraint>
+ <validator name="port-range"/>
+ </constraint>
</properties>
</leafNode>
<!-- include end -->