diff options
author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-01-15 12:48:48 +0100 |
---|---|---|
committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-01-17 12:28:12 +0100 |
commit | 64668771d5f14fc4b68fff382d166238c164bdde (patch) | |
tree | 8138b4ae97d8edaf0ddf227b20cabb5c28af57f2 /interface-definitions/include/policy | |
parent | df5a862beb84145dfc8434efde7d7fee783199cf (diff) | |
download | vyos-1x-64668771d5f14fc4b68fff382d166238c164bdde.tar.gz vyos-1x-64668771d5f14fc4b68fff382d166238c164bdde.zip |
firewall: policy: T4178: Migrate and refactor tcp flags
* Add support for ECN and CWR flags
Diffstat (limited to 'interface-definitions/include/policy')
-rw-r--r-- | interface-definitions/include/policy/route-common-rule-ipv6.xml.i | 51 | ||||
-rw-r--r-- | interface-definitions/include/policy/route-common-rule.xml.i | 51 |
2 files changed, 2 insertions, 100 deletions
diff --git a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i index b8fee4b7b..735edbd48 100644 --- a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i +++ b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i @@ -320,56 +320,7 @@ </leafNode> </children> </node> -<node name="tcp"> - <properties> - <help>TCP flags to match</help> - </properties> - <children> - <leafNode name="flags"> - <properties> - <help>TCP flags to match</help> - <valueHelp> - <format>txt</format> - <description>Multiple comma-separated flags</description> - </valueHelp> - <valueHelp> - <format>syn</format> - <description>Syncronise flag</description> - </valueHelp> - <valueHelp> - <format>ack</format> - <description>Acknowledge flag</description> - </valueHelp> - <valueHelp> - <format>fin</format> - <description>Finish flag</description> - </valueHelp> - <valueHelp> - <format>rst</format> - <description>Reset flag</description> - </valueHelp> - <valueHelp> - <format>urg</format> - <description>Urgent flag</description> - </valueHelp> - <valueHelp> - <format>psh</format> - <description>Push flag</description> - </valueHelp> - <valueHelp> - <format> </format> - <description>\n When specifying more than one flag, flags should be comma-separated.\n For example: value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset</description> - </valueHelp> - <completionHelp> - <list>syn ack fin rst urg psh</list> - </completionHelp> - <constraint> - <validator name="tcp-flag"/> - </constraint> - </properties> - </leafNode> - </children> -</node> +#include <include/firewall/tcp-flags.xml.i> <node name="time"> <properties> <help>Time to match rule</help> diff --git a/interface-definitions/include/policy/route-common-rule.xml.i b/interface-definitions/include/policy/route-common-rule.xml.i index 17b47474d..4452f78fc 100644 --- a/interface-definitions/include/policy/route-common-rule.xml.i +++ b/interface-definitions/include/policy/route-common-rule.xml.i @@ -320,56 +320,7 @@ </leafNode> </children> </node> -<node name="tcp"> - <properties> - <help>TCP flags to match</help> - </properties> - <children> - <leafNode name="flags"> - <properties> - <help>TCP flags to match</help> - <valueHelp> - <format>txt</format> - <description>Multiple comma-separated flags</description> - </valueHelp> - <valueHelp> - <format>syn</format> - <description>Syncronise flag</description> - </valueHelp> - <valueHelp> - <format>ack</format> - <description>Acknowledge flag</description> - </valueHelp> - <valueHelp> - <format>fin</format> - <description>Finish flag</description> - </valueHelp> - <valueHelp> - <format>rst</format> - <description>Reset flag</description> - </valueHelp> - <valueHelp> - <format>urg</format> - <description>Urgent flag</description> - </valueHelp> - <valueHelp> - <format>psh</format> - <description>Push flag</description> - </valueHelp> - <valueHelp> - <format> </format> - <description>\n When specifying more than one flag, flags should be comma-separated.\n For example: value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset</description> - </valueHelp> - <completionHelp> - <list>syn ack fin rst urg psh</list> - </completionHelp> - <constraint> - <validator name="tcp-flag"/> - </constraint> - </properties> - </leafNode> - </children> -</node> +#include <include/firewall/tcp-flags.xml.i> <node name="time"> <properties> <help>Time to match rule</help> |