diff options
author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-01-13 12:58:37 +0100 |
---|---|---|
committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-01-14 14:04:39 +0100 |
commit | df5a862beb84145dfc8434efde7d7fee783199cf (patch) | |
tree | 5a6f09bc9c035a5c4dacc5714536af3340a0059d /interface-definitions/include/policy | |
parent | a132ba993e786994a3b129c72fb0024931339619 (diff) | |
download | vyos-1x-df5a862beb84145dfc8434efde7d7fee783199cf.tar.gz vyos-1x-df5a862beb84145dfc8434efde7d7fee783199cf.zip |
firewall: T4178: Use lowercase for TCP flags and add an validator
Diffstat (limited to 'interface-definitions/include/policy')
-rw-r--r-- | interface-definitions/include/policy/route-common-rule-ipv6.xml.i | 34 | ||||
-rw-r--r-- | interface-definitions/include/policy/route-common-rule.xml.i | 34 |
2 files changed, 64 insertions, 4 deletions
diff --git a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i index 2d6adcd1d..b8fee4b7b 100644 --- a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i +++ b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i @@ -330,12 +330,42 @@ <help>TCP flags to match</help> <valueHelp> <format>txt</format> - <description>TCP flags to match</description> + <description>Multiple comma-separated flags</description> + </valueHelp> + <valueHelp> + <format>syn</format> + <description>Syncronise flag</description> + </valueHelp> + <valueHelp> + <format>ack</format> + <description>Acknowledge flag</description> + </valueHelp> + <valueHelp> + <format>fin</format> + <description>Finish flag</description> + </valueHelp> + <valueHelp> + <format>rst</format> + <description>Reset flag</description> + </valueHelp> + <valueHelp> + <format>urg</format> + <description>Urgent flag</description> + </valueHelp> + <valueHelp> + <format>psh</format> + <description>Push flag</description> </valueHelp> <valueHelp> <format> </format> - <description>\n\n Allowed values for TCP flags : SYN ACK FIN RST URG PSH ALL\n When specifying more than one flag, flags should be comma-separated.\n For example : value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset</description> + <description>\n When specifying more than one flag, flags should be comma-separated.\n For example: value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset</description> </valueHelp> + <completionHelp> + <list>syn ack fin rst urg psh</list> + </completionHelp> + <constraint> + <validator name="tcp-flag"/> + </constraint> </properties> </leafNode> </children> diff --git a/interface-definitions/include/policy/route-common-rule.xml.i b/interface-definitions/include/policy/route-common-rule.xml.i index c4deefd2a..17b47474d 100644 --- a/interface-definitions/include/policy/route-common-rule.xml.i +++ b/interface-definitions/include/policy/route-common-rule.xml.i @@ -330,12 +330,42 @@ <help>TCP flags to match</help> <valueHelp> <format>txt</format> - <description>TCP flags to match</description> + <description>Multiple comma-separated flags</description> + </valueHelp> + <valueHelp> + <format>syn</format> + <description>Syncronise flag</description> + </valueHelp> + <valueHelp> + <format>ack</format> + <description>Acknowledge flag</description> + </valueHelp> + <valueHelp> + <format>fin</format> + <description>Finish flag</description> + </valueHelp> + <valueHelp> + <format>rst</format> + <description>Reset flag</description> + </valueHelp> + <valueHelp> + <format>urg</format> + <description>Urgent flag</description> + </valueHelp> + <valueHelp> + <format>psh</format> + <description>Push flag</description> </valueHelp> <valueHelp> <format> </format> - <description>\n\n Allowed values for TCP flags : SYN ACK FIN RST URG PSH ALL\n When specifying more than one flag, flags should be comma-separated.\n For example : value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset</description> + <description>\n When specifying more than one flag, flags should be comma-separated.\n For example: value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset</description> </valueHelp> + <completionHelp> + <list>syn ack fin rst urg psh</list> + </completionHelp> + <constraint> + <validator name="tcp-flag"/> + </constraint> </properties> </leafNode> </children> |