diff options
author | Nicolas Fort <nicolasfort1988@gmail.com> | 2024-07-31 12:42:25 +0000 |
---|---|---|
committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2024-08-02 12:50:26 +0000 |
commit | c33cd6157ebc5c08dc1e3ff1aa36f2d2fbb9ca83 (patch) | |
tree | 55454c478da7bc0cf6e2e9df11f520bbcefc7d26 /interface-definitions/include/firewall | |
parent | fa764927c14350104671edbb2bb3570ab267e416 (diff) | |
download | vyos-1x-c33cd6157ebc5c08dc1e3ff1aa36f2d2fbb9ca83.tar.gz vyos-1x-c33cd6157ebc5c08dc1e3ff1aa36f2d2fbb9ca83.zip |
T4072: change same helpers in xml definitions; add notrack action for prerouting chain; re introduce <set vrf> in policy; change global options for passing traffic to IPvX firewall; update smoketest
Diffstat (limited to 'interface-definitions/include/firewall')
8 files changed, 32 insertions, 11 deletions
diff --git a/interface-definitions/include/firewall/bridge-custom-name.xml.i b/interface-definitions/include/firewall/bridge-custom-name.xml.i index 48d48949e..9a2a829d0 100644 --- a/interface-definitions/include/firewall/bridge-custom-name.xml.i +++ b/interface-definitions/include/firewall/bridge-custom-name.xml.i @@ -32,6 +32,7 @@ </properties> <children> #include <include/firewall/common-rule-bridge.xml.i> + #include <include/firewall/action-l2.xml.i> #include <include/firewall/connection-mark.xml.i> #include <include/firewall/connection-status.xml.i> #include <include/firewall/state.xml.i> diff --git a/interface-definitions/include/firewall/bridge-hook-forward.xml.i b/interface-definitions/include/firewall/bridge-hook-forward.xml.i index 0bc1fc357..fcc981925 100644 --- a/interface-definitions/include/firewall/bridge-hook-forward.xml.i +++ b/interface-definitions/include/firewall/bridge-hook-forward.xml.i @@ -26,6 +26,7 @@ </properties> <children> #include <include/firewall/common-rule-bridge.xml.i> + #include <include/firewall/action-l2.xml.i> #include <include/firewall/connection-mark.xml.i> #include <include/firewall/connection-status.xml.i> #include <include/firewall/state.xml.i> diff --git a/interface-definitions/include/firewall/bridge-hook-input.xml.i b/interface-definitions/include/firewall/bridge-hook-input.xml.i index 32de14d54..f6a11f8da 100644 --- a/interface-definitions/include/firewall/bridge-hook-input.xml.i +++ b/interface-definitions/include/firewall/bridge-hook-input.xml.i @@ -26,6 +26,7 @@ </properties> <children> #include <include/firewall/common-rule-bridge.xml.i> + #include <include/firewall/action-l2.xml.i> #include <include/firewall/connection-mark.xml.i> #include <include/firewall/connection-status.xml.i> #include <include/firewall/state.xml.i> diff --git a/interface-definitions/include/firewall/bridge-hook-output.xml.i b/interface-definitions/include/firewall/bridge-hook-output.xml.i index da0c02470..38b8b08ca 100644 --- a/interface-definitions/include/firewall/bridge-hook-output.xml.i +++ b/interface-definitions/include/firewall/bridge-hook-output.xml.i @@ -26,6 +26,7 @@ </properties> <children> #include <include/firewall/common-rule-bridge.xml.i> + #include <include/firewall/action-l2.xml.i> #include <include/firewall/connection-mark.xml.i> #include <include/firewall/connection-status.xml.i> #include <include/firewall/state.xml.i> diff --git a/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i b/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i index b6c1fe87a..ea567644f 100644 --- a/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i +++ b/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i @@ -14,7 +14,7 @@ #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> - <help>Bridge Firewall prerouting filter rule number</help> + <help>Bridge firewall prerouting filter rule number</help> <valueHelp> <format>u32:1-999999</format> <description>Number for this firewall rule</description> @@ -26,7 +26,7 @@ </properties> <children> #include <include/firewall/common-rule-bridge.xml.i> - #include <include/firewall/set-packet-modifications.xml.i> + #include <include/firewall/action-and-notrack.xml.i> #include <include/firewall/inbound-interface.xml.i> </children> </tagNode> diff --git a/interface-definitions/include/firewall/common-rule-bridge.xml.i b/interface-definitions/include/firewall/common-rule-bridge.xml.i index b47408aa8..9ae28f7be 100644 --- a/interface-definitions/include/firewall/common-rule-bridge.xml.i +++ b/interface-definitions/include/firewall/common-rule-bridge.xml.i @@ -1,7 +1,6 @@ <!-- include start from firewall/common-rule-bridge.xml.i --> #include <include/generic-description.xml.i> #include <include/generic-disable-node.xml.i> -#include <include/firewall/action-l2.xml.i> #include <include/firewall/dscp.xml.i> #include <include/firewall/firewall-mark.xml.i> #include <include/firewall/fragment.xml.i> diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i index 1f2899672..cee8f1854 100644 --- a/interface-definitions/include/firewall/global-options.xml.i +++ b/interface-definitions/include/firewall/global-options.xml.i @@ -44,7 +44,7 @@ </properties> <defaultValue>disable</defaultValue> </leafNode> - <node name="apply-for-bridge"> + <node name="apply-to-bridged-traffic"> <properties> <help>Apply configured firewall rules to traffic switched by bridges</help> </properties> diff --git a/interface-definitions/include/firewall/set-packet-modifications.xml.i b/interface-definitions/include/firewall/set-packet-modifications.xml.i index eda568a0e..ee019b64e 100644 --- a/interface-definitions/include/firewall/set-packet-modifications.xml.i +++ b/interface-definitions/include/firewall/set-packet-modifications.xml.i @@ -6,10 +6,10 @@ <children> <leafNode name="connection-mark"> <properties> - <help>Connection marking</help> + <help>Set connection mark</help> <valueHelp> <format>u32:0-2147483647</format> - <description>Connection marking</description> + <description>Connection mark</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-2147483647"/> @@ -18,7 +18,7 @@ </leafNode> <leafNode name="dscp"> <properties> - <help>Packet Differentiated Services Codepoint (DSCP)</help> + <help>Set DSCP (Packet Differentiated Services Codepoint) bits</help> <valueHelp> <format>u32:0-63</format> <description>DSCP number</description> @@ -30,10 +30,10 @@ </leafNode> <leafNode name="mark"> <properties> - <help>Packet marking</help> + <help>Set packet mark</help> <valueHelp> <format>u32:1-2147483647</format> - <description>Packet marking</description> + <description>Packet mark</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-2147483647"/> @@ -42,7 +42,7 @@ </leafNode> <leafNode name="table"> <properties> - <help>Routing table to forward packet with</help> + <help>Set the routing table for matched packets</help> <valueHelp> <format>u32:1-200</format> <description>Table number</description> @@ -61,9 +61,27 @@ </completionHelp> </properties> </leafNode> + <leafNode name="vrf"> + <properties> + <help>VRF to forward packet with</help> + <valueHelp> + <format>txt</format> + <description>VRF instance name</description> + </valueHelp> + <valueHelp> + <format>default</format> + <description>Forward into default global VRF</description> + </valueHelp> + <completionHelp> + <list>default</list> + <path>vrf name</path> + </completionHelp> + #include <include/constraint/vrf.xml.i> + </properties> + </leafNode> <leafNode name="tcp-mss"> <properties> - <help>TCP Maximum Segment Size</help> + <help>Set TCP Maximum Segment Size</help> <valueHelp> <format>u32:500-1460</format> <description>Explicitly set TCP MSS value</description> |