summaryrefslogtreecommitdiff
path: root/interface-definitions/include/firewall/common-rule-ipv4.xml.i
diff options
context:
space:
mode:
authorNicolas Fort <nicolasfort1988@gmail.com>2024-01-05 12:13:17 +0000
committerNicolas Fort <nicolasfort1988@gmail.com>2024-01-25 12:35:46 +0000
commit6ce5fedb602c5ea0df52049a5e9c4fb4f5a86122 (patch)
treec1260ee9efeddcf038bfcf547372efba17d26ba6 /interface-definitions/include/firewall/common-rule-ipv4.xml.i
parentada6b103f15b5871fa28c5e194afcd2f5019b2e4 (diff)
downloadvyos-1x-6ce5fedb602c5ea0df52049a5e9c4fb4f5a86122.tar.gz
vyos-1x-6ce5fedb602c5ea0df52049a5e9c4fb4f5a86122.zip
T4839: firewall: Add dynamic address group in firewall configuration, and appropiate commands to populate such groups using source and destination address of the packet.
Diffstat (limited to 'interface-definitions/include/firewall/common-rule-ipv4.xml.i')
-rw-r--r--interface-definitions/include/firewall/common-rule-ipv4.xml.i25
1 files changed, 25 insertions, 0 deletions
diff --git a/interface-definitions/include/firewall/common-rule-ipv4.xml.i b/interface-definitions/include/firewall/common-rule-ipv4.xml.i
index 4ed179ae7..158c7a662 100644
--- a/interface-definitions/include/firewall/common-rule-ipv4.xml.i
+++ b/interface-definitions/include/firewall/common-rule-ipv4.xml.i
@@ -1,6 +1,29 @@
<!-- include start from firewall/common-rule-ipv4.xml.i -->
#include <include/firewall/common-rule-inet.xml.i>
#include <include/firewall/ttl.xml.i>
+<node name="add-address-to-group">
+ <properties>
+ <help>Add ip address to dynamic address-group</help>
+ </properties>
+ <children>
+ <node name="source-address">
+ <properties>
+ <help>Add source ip addresses to dynamic address-group</help>
+ </properties>
+ <children>
+ #include <include/firewall/add-dynamic-address-groups.xml.i>
+ </children>
+ </node>
+ <node name="destination-address">
+ <properties>
+ <help>Add destination ip addresses to dynamic address-group</help>
+ </properties>
+ <children>
+ #include <include/firewall/add-dynamic-address-groups.xml.i>
+ </children>
+ </node>
+ </children>
+</node>
<node name="destination">
<properties>
<help>Destination parameters</help>
@@ -13,6 +36,7 @@
#include <include/firewall/mac-address.xml.i>
#include <include/firewall/port.xml.i>
#include <include/firewall/source-destination-group.xml.i>
+ #include <include/firewall/source-destination-dynamic-group.xml.i>
</children>
</node>
<node name="icmp">
@@ -67,6 +91,7 @@
#include <include/firewall/mac-address.xml.i>
#include <include/firewall/port.xml.i>
#include <include/firewall/source-destination-group.xml.i>
+ #include <include/firewall/source-destination-dynamic-group.xml.i>
</children>
</node>
<!-- include end --> \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-05 08:36:03 +0000