diff options
author | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-09-07 20:30:50 +0000 |
---|---|---|
committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-09-07 20:30:50 +0000 |
commit | 1772c0a7232789e6eeb0caa78fe630fab899522d (patch) | |
tree | 52cb227388e57903f3da1aee2b891201fcaf6833 /interface-definitions/include/firewall/common-rule-bridge.xml.i | |
parent | 487c817ea320ddabcdaf41a8112937a29c19443e (diff) | |
download | vyos-1x-1772c0a7232789e6eeb0caa78fe630fab899522d.tar.gz vyos-1x-1772c0a7232789e6eeb0caa78fe630fab899522d.zip |
T4072: add firewall bridge filtering. First implementation only applies for forward chain and few matchers. Should be extended in the future.
Diffstat (limited to 'interface-definitions/include/firewall/common-rule-bridge.xml.i')
-rw-r--r-- | interface-definitions/include/firewall/common-rule-bridge.xml.i | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/interface-definitions/include/firewall/common-rule-bridge.xml.i b/interface-definitions/include/firewall/common-rule-bridge.xml.i new file mode 100644 index 000000000..381e04b1e --- /dev/null +++ b/interface-definitions/include/firewall/common-rule-bridge.xml.i @@ -0,0 +1,57 @@ +<!-- include start from firewall/common-rule-bridge.xml.i --> +#include <include/firewall/action-l2.xml.i> +#include <include/firewall/nft-queue.xml.i> +<node name="destination"> + <properties> + <help>Destination parameters</help> + </properties> + <children> + #include <include/firewall/mac-address.xml.i> + </children> +</node> +<leafNode name="disable"> + <properties> + <help>Option to disable firewall rule</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="jump-target"> + <properties> + <help>Set jump target. Action jump must be defined to use this setting</help> + <completionHelp> + <path>firewall bridge name</path> + </completionHelp> + </properties> +</leafNode> +<leafNode name="log"> + <properties> + <help>Option to log packets matching rule</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable log</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable log</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> +</leafNode> +#include <include/firewall/rule-log-options.xml.i> +<node name="source"> + <properties> + <help>Source parameters</help> + </properties> + <children> + #include <include/firewall/mac-address.xml.i> + </children> +</node> +#include <include/firewall/inbound-interface.xml.i> +#include <include/firewall/outbound-interface.xml.i> +#include <include/firewall/match-vlan.xml.i> +<!-- include end -->
\ No newline at end of file |