Merge pull request #2306 from sarthurdev/fw_helper

firewall: T5614: Add support for matching on conntrack helper
author: John Estabrook <jestabro@vyos.io> 2023-09-28 09:52:22 -0500
committer: GitHub <noreply@github.com> 2023-09-28 09:52:22 -0500
commit: 6aa3679187243a9d1eaa16e6e81237f00dde0c63 (patch)
tree: 6012703b1be01e3fa7506ad3914dc820cb0ed355 /interface-definitions/include/firewall
parent: 8ffe4a8cdd937ce3002ed95283b10acbfb9d6351 (diff)
parent: 81dee963a9ca3224ddbd54767a36efae5851a001 (diff)
download: vyos-1x-6aa3679187243a9d1eaa16e6e81237f00dde0c63.tar.gz
vyos-1x-6aa3679187243a9d1eaa16e6e81237f00dde0c63.zip
2 files changed, 43 insertions, 0 deletions
diff --git a/interface-definitions/include/firewall/common-rule-inet.xml.i b/interface-definitions/include/firewall/common-rule-inet.xml.i
index e51dd0056..3dbfbb65c 100644
--- a/interface-definitions/include/firewall/common-rule-inet.xml.i
+++ b/interface-definitions/include/firewall/common-rule-inet.xml.i
@@ -4,6 +4,7 @@
 #include <include/firewall/dscp.xml.i>
 #include <include/firewall/packet-options.xml.i>
 #include <include/firewall/connection-mark.xml.i>
+#include <include/firewall/conntrack-helper.xml.i>
 #include <include/firewall/nft-queue.xml.i>
 <leafNode name="disable">
   <properties>
diff --git a/interface-definitions/include/firewall/conntrack-helper.xml.i b/interface-definitions/include/firewall/conntrack-helper.xml.i
new file mode 100644
index 000000000..ee17f2c61
--- /dev/null
+++ b/interface-definitions/include/firewall/conntrack-helper.xml.i
@@ -0,0 +1,42 @@
+<!-- include start from firewall/conntrack-helper.xml.i -->
+<leafNode name="conntrack-helper">
+  <properties>
+    <help>Match related traffic from conntrack helpers</help>
+    <completionHelp>
+      <list>ftp h323 pptp nfs sip tftp sqlnet</list>
+    </completionHelp>
+    <valueHelp>
+      <format>ftp</format>
+      <description>Related traffic from FTP helper</description>
+    </valueHelp>
+    <valueHelp>
+      <format>h323</format>
+      <description>Related traffic from H.323 helper</description>
+    </valueHelp>
+    <valueHelp>
+      <format>pptp</format>
+      <description>Related traffic from PPTP helper</description>
+    </valueHelp>
+    <valueHelp>
+      <format>nfs</format>
+      <description>Related traffic from NFS helper</description>
+    </valueHelp>
+    <valueHelp>
+      <format>sip</format>
+      <description>Related traffic from SIP helper</description>
+    </valueHelp>
+    <valueHelp>
+      <format>tftp</format>
+      <description>Related traffic from TFTP helper</description>
+    </valueHelp>
+    <valueHelp>
+      <format>sqlnet</format>
+      <description>Related traffic from SQLNet helper</description>
+    </valueHelp>
+    <constraint>
+      <regex>(ftp|h323|pptp|nfs|sip|tftp|sqlnet)</regex>
+    </constraint>
+    <multi/>
+  </properties>
+</leafNode>
+<!-- include end -->
author	John Estabrook <jestabro@vyos.io>	2023-09-28 09:52:22 -0500
committer	GitHub <noreply@github.com>	2023-09-28 09:52:22 -0500
commit	6aa3679187243a9d1eaa16e6e81237f00dde0c63 (patch)
tree	6012703b1be01e3fa7506ad3914dc820cb0ed355 /interface-definitions/include/firewall
parent	8ffe4a8cdd937ce3002ed95283b10acbfb9d6351 (diff)
parent	81dee963a9ca3224ddbd54767a36efae5851a001 (diff)
download	vyos-1x-6aa3679187243a9d1eaa16e6e81237f00dde0c63.tar.gz vyos-1x-6aa3679187243a9d1eaa16e6e81237f00dde0c63.zip