firewall: T5729: T5681: T5217: backport subsystem from current branch

This is a combined backport for all accumulated changes done to the firewall
subsystem on the current branch.

1 files changed, 9 insertions, 2 deletions

diff --git a/interface-definitions/include/firewall/common-rule-inet.xml.i b/interface-definitions/include/firewall/common-rule-inet.xml.i
index 3b5cb724d..6f56ecc85 100644
--- a/interface-definitions/include/firewall/common-rule-inet.xml.i
+++ b/interface-definitions/include/firewall/common-rule-inet.xml.i
@@ -7,7 +7,12 @@
 #include <include/firewall/connection-mark.xml.i>
 #include <include/firewall/conntrack-helper.xml.i>
 #include <include/firewall/nft-queue.xml.i>
-#include <include/generic-disable-node.xml.i>
+<leafNode name="disable">
+  <properties>
+    <help>Option to disable firewall rule</help>
+    <valueless/>
+  </properties>
+</leafNode>
 <node name="fragment">
   <properties>
     <help>IP fragment match</help>
@@ -179,8 +184,10 @@
     </leafNode>
   </children>
 </node>
+#include <include/firewall/synproxy.xml.i>
 #include <include/firewall/state.xml.i>
 #include <include/firewall/tcp-flags.xml.i>
+#include <include/firewall/tcp-mss.xml.i>
 <node name="time">
   <properties>
     <help>Time to match rule</help>
@@ -249,4 +256,4 @@
     </leafNode>
   </children>
 </node>
-<!-- include end -->
\ No newline at end of file
+<!-- include end -->