Merge pull request #1279 from nicolas-fort/T990

Firewall: T990: Add snat and dnat connection status on firewall

1 files changed, 26 insertions, 0 deletions

diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i
index cbdfa9dc2..2a5137dbf 100644
--- a/interface-definitions/include/firewall/common-rule.xml.i
+++ b/interface-definitions/include/firewall/common-rule.xml.i
@@ -95,6 +95,32 @@
     </constraint>
   </properties>
 </leafNode>
+<node name="connection-status">
+  <properties>
+    <help>Connection status</help>
+  </properties>
+  <children>
+    <leafNode name="nat">
+      <properties>
+        <help>NAT connection status</help>
+        <completionHelp>
+          <list>destination source</list>
+        </completionHelp>
+        <valueHelp>
+          <format>destination</format>
+          <description>Match connections that are subject to destination NAT</description>
+        </valueHelp>
+        <valueHelp>
+          <format>source</format>
+          <description>Match connections that are subject to source NAT</description>
+        </valueHelp>
+        <constraint>
+          <regex>^(destination|source)$</regex>
+        </constraint>
+      </properties>
+    </leafNode>
+  </children>
+</node>
 <leafNode name="protocol">
   <properties>
     <help>Protocol to match (protocol name, number, or "all")</help>