diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-11-03 21:10:58 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-03 21:10:58 +0100 |
| commit | 36e54927217d8e1560ddb7d4911542c53c42c71f (patch) | |
| tree | f5f92868c5930c26aaa018089e6c661c0690b6e5 /interface-definitions/firewall.xml.in | |
| parent | d4cb20e1cef23ba3adec543536ef5dfdf143d392 (diff) | |
| parent | b4b491d424fba6f3d417135adc1865e338a480a1 (diff) | |
| download | vyos-1x-36e54927217d8e1560ddb7d4911542c53c42c71f.tar.gz vyos-1x-36e54927217d8e1560ddb7d4911542c53c42c71f.zip | |
Merge pull request #1633 from sarthurdev/fqdn
firewall: T970: T1877: Add source/destination fqdn, refactor domain resolver, firewall groups in NAT
Diffstat (limited to 'interface-definitions/firewall.xml.in')
| -rw-r--r-- | interface-definitions/firewall.xml.in | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index c8685a187..2ebce79e5 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -126,7 +126,7 @@ <description>Domain address to match</description> </valueHelp> <constraint> - <regex>[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,99}?(\/.*)?</regex> + <validator name="fqdn"/> </constraint> <multi/> </properties> @@ -408,6 +408,7 @@ </properties> <children> #include <include/firewall/address-ipv6.xml.i> + #include <include/firewall/fqdn.xml.i> #include <include/firewall/geoip.xml.i> #include <include/firewall/source-destination-group-ipv6.xml.i> #include <include/firewall/port.xml.i> @@ -419,6 +420,7 @@ </properties> <children> #include <include/firewall/address-ipv6.xml.i> + #include <include/firewall/fqdn.xml.i> #include <include/firewall/geoip.xml.i> #include <include/firewall/source-destination-group-ipv6.xml.i> #include <include/firewall/port.xml.i> @@ -572,6 +574,7 @@ </properties> <children> #include <include/firewall/address.xml.i> + #include <include/firewall/fqdn.xml.i> #include <include/firewall/geoip.xml.i> #include <include/firewall/source-destination-group.xml.i> #include <include/firewall/port.xml.i> @@ -583,6 +586,7 @@ </properties> <children> #include <include/firewall/address.xml.i> + #include <include/firewall/fqdn.xml.i> #include <include/firewall/geoip.xml.i> #include <include/firewall/source-destination-group.xml.i> #include <include/firewall/port.xml.i> @@ -656,6 +660,25 @@ </properties> <defaultValue>disable</defaultValue> </leafNode> + <leafNode name="resolver-cache"> + <properties> + <help>Retains last successful value if domain resolution fails</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="resolver-interval"> + <properties> + <help>Domain resolver update interval</help> + <valueHelp> + <format>u32:10-3600</format> + <description>Interval (seconds)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10-3600"/> + </constraint> + </properties> + <defaultValue>300</defaultValue> + </leafNode> <leafNode name="send-redirects"> <properties> <help>Policy for sending IPv4 ICMP redirect messages</help> |