summaryrefslogtreecommitdiff
path: root/interface-definitions/include/firewall/tcp-flags.xml.i
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-09-22 19:38:14 +0200
committerChristian Poessinger <christian@poessinger.com>2022-09-22 19:44:50 +0200
commite1d3fd0b29a1178e775cbc86f6c0011a682506ba (patch)
treeb1fa30654ce0686b342c95498f3d386858deedaa /interface-definitions/include/firewall/tcp-flags.xml.i
parent4115503de153fd8e9222ab049141e890b4179719 (diff)
downloadvyos-1x-e1d3fd0b29a1178e775cbc86f6c0011a682506ba.tar.gz
vyos-1x-e1d3fd0b29a1178e775cbc86f6c0011a682506ba.zip
xml: T4698: validating a range must be explicitly enabled in the validator
This extends commit 28573ffe4f ("xml: T4698: drop validator name="range" and replace it with numeric"). The first version allowed both a range and discrete numbers to be validated by the numeric validator. This had a flaw as both 22 and 22-30 were valid at the same time. The generic "port-number.xml.i" building block only allows a discrete number. Now if a user set port 22-30 for e.g. SSH the daemon did no longer start. This is why range validation must be explicitly enabled.
Diffstat (limited to 'interface-definitions/include/firewall/tcp-flags.xml.i')
-rw-r--r--interface-definitions/include/firewall/tcp-flags.xml.i2
1 files changed, 1 insertions, 1 deletions
diff --git a/interface-definitions/include/firewall/tcp-flags.xml.i b/interface-definitions/include/firewall/tcp-flags.xml.i
index fc0da3135..e2ce7b9fd 100644
--- a/interface-definitions/include/firewall/tcp-flags.xml.i
+++ b/interface-definitions/include/firewall/tcp-flags.xml.i
@@ -126,7 +126,7 @@
<description>TCP MSS range (use '-' as delimiter)</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 1-16384"/>
+ <validator name="numeric" argument="--allow-range --range 1-16384"/>
</constraint>
</properties>
</leafNode>