summaryrefslogtreecommitdiff
path: root/interface-definitions/include/firewall
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-09-19 18:48:09 +0200
committerGitHub <noreply@github.com>2023-09-19 18:48:09 +0200
commite570044ff8a81cbcfc340df5c8a33763a6962af3 (patch)
tree1ba3123b08fdb08dfc45295091a461cc39046dc0 /interface-definitions/include/firewall
parent38cab26959ded78a737db2272fe25106a2de47b0 (diff)
parent0984a36f6d6427bb6cb665002be3e67c4a72ff9d (diff)
downloadvyos-1x-e570044ff8a81cbcfc340df5c8a33763a6962af3.tar.gz
vyos-1x-e570044ff8a81cbcfc340df5c8a33763a6962af3.zip
Merge pull request #2288 from sarthurdev/flowtable
firewall: T4502: Update to flowtable CLI
Diffstat (limited to 'interface-definitions/include/firewall')
-rw-r--r--interface-definitions/include/firewall/action-forward.xml.i45
-rw-r--r--interface-definitions/include/firewall/flow-offload.xml.i47
-rw-r--r--interface-definitions/include/firewall/global-options.xml.i1
-rw-r--r--interface-definitions/include/firewall/ipv4-hook-forward.xml.i2
-rw-r--r--interface-definitions/include/firewall/ipv6-hook-forward.xml.i2
-rw-r--r--interface-definitions/include/firewall/offload-target.xml.i10
6 files changed, 59 insertions, 48 deletions
diff --git a/interface-definitions/include/firewall/action-forward.xml.i b/interface-definitions/include/firewall/action-forward.xml.i
new file mode 100644
index 000000000..f61e51887
--- /dev/null
+++ b/interface-definitions/include/firewall/action-forward.xml.i
@@ -0,0 +1,45 @@
+<!-- include start from firewall/action-forward.xml.i -->
+<leafNode name="action">
+ <properties>
+ <help>Rule action</help>
+ <completionHelp>
+ <list>accept continue jump reject return drop queue offload</list>
+ </completionHelp>
+ <valueHelp>
+ <format>accept</format>
+ <description>Accept matching entries</description>
+ </valueHelp>
+ <valueHelp>
+ <format>continue</format>
+ <description>Continue parsing next rule</description>
+ </valueHelp>
+ <valueHelp>
+ <format>jump</format>
+ <description>Jump to another chain</description>
+ </valueHelp>
+ <valueHelp>
+ <format>reject</format>
+ <description>Reject matching entries</description>
+ </valueHelp>
+ <valueHelp>
+ <format>return</format>
+ <description>Return from the current chain and continue at the next rule of the last chain</description>
+ </valueHelp>
+ <valueHelp>
+ <format>drop</format>
+ <description>Drop matching entries</description>
+ </valueHelp>
+ <valueHelp>
+ <format>queue</format>
+ <description>Enqueue packet to userspace</description>
+ </valueHelp>
+ <valueHelp>
+ <format>offload</format>
+ <description>Offload packet via flowtable</description>
+ </valueHelp>
+ <constraint>
+ <regex>(accept|continue|jump|reject|return|drop|queue|offload)</regex>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/flow-offload.xml.i b/interface-definitions/include/firewall/flow-offload.xml.i
deleted file mode 100644
index 706836362..000000000
--- a/interface-definitions/include/firewall/flow-offload.xml.i
+++ /dev/null
@@ -1,47 +0,0 @@
-<!-- include start from firewall/flow-offload.xml.i -->
-<node name="flow-offload">
- <properties>
- <help>Configurable flow offload options</help>
- </properties>
- <children>
- <leafNode name="disable">
- <properties>
- <help>Disable flow offload</help>
- <valueless/>
- </properties>
- </leafNode>
- <node name="software">
- <properties>
- <help>Software offload</help>
- </properties>
- <children>
- <leafNode name="interface">
- <properties>
- <help>Interfaces to enable</help>
- <completionHelp>
- <script>${vyos_completion_dir}/list_interfaces</script>
- </completionHelp>
- <multi/>
- </properties>
- </leafNode>
- </children>
- </node>
- <node name="hardware">
- <properties>
- <help>Hardware offload</help>
- </properties>
- <children>
- <leafNode name="interface">
- <properties>
- <help>Interfaces to enable</help>
- <completionHelp>
- <script>${vyos_completion_dir}/list_interfaces</script>
- </completionHelp>
- <multi/>
- </properties>
- </leafNode>
- </children>
- </node>
- </children>
-</node>
-<!-- include end -->
diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i
index 03c07e657..e655cd6ac 100644
--- a/interface-definitions/include/firewall/global-options.xml.i
+++ b/interface-definitions/include/firewall/global-options.xml.i
@@ -271,7 +271,6 @@
</properties>
<defaultValue>disable</defaultValue>
</leafNode>
- #include <include/firewall/flow-offload.xml.i>
</children>
</node>
<!-- include end -->
diff --git a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i
index 08ee96419..70c0adb77 100644
--- a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i
+++ b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i
@@ -24,8 +24,10 @@
<constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage>
</properties>
<children>
+ #include <include/firewall/action-forward.xml.i>
#include <include/firewall/common-rule-ipv4.xml.i>
#include <include/firewall/inbound-interface.xml.i>
+ #include <include/firewall/offload-target.xml.i>
#include <include/firewall/outbound-interface.xml.i>
</children>
</tagNode>
diff --git a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i
index 20ab8dbe8..d83827161 100644
--- a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i
+++ b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i
@@ -24,8 +24,10 @@
<constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage>
</properties>
<children>
+ #include <include/firewall/action-forward.xml.i>
#include <include/firewall/common-rule-ipv6.xml.i>
#include <include/firewall/inbound-interface.xml.i>
+ #include <include/firewall/offload-target.xml.i>
#include <include/firewall/outbound-interface.xml.i>
</children>
</tagNode>
diff --git a/interface-definitions/include/firewall/offload-target.xml.i b/interface-definitions/include/firewall/offload-target.xml.i
new file mode 100644
index 000000000..940ed8091
--- /dev/null
+++ b/interface-definitions/include/firewall/offload-target.xml.i
@@ -0,0 +1,10 @@
+<!-- include start from firewall/offload-target.xml.i -->
+<leafNode name="offload-target">
+ <properties>
+ <help>Set flowtable offload target. Action offload must be defined to use this setting</help>
+ <completionHelp>
+ <path>firewall flowtable</path>
+ </completionHelp>
+ </properties>
+</leafNode>
+<!-- include end -->