summaryrefslogtreecommitdiff
path: root/interface-definitions/include/policy
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-01-17 18:08:34 +0100
committerGitHub <noreply@github.com>2022-01-17 18:08:34 +0100
commit9fb2e1432209f907d6e5e3ce748da243c85f2851 (patch)
tree0f3607ccd75cfad67f25ba06b62bdaa1232874fb /interface-definitions/include/policy
parent7e731c0ef503334eaab2bfd723163a9749d64da2 (diff)
parent53c2b62dda5bcd1f605a8b9ea438f0f76e366e36 (diff)
downloadvyos-1x-9fb2e1432209f907d6e5e3ce748da243c85f2851.tar.gz
vyos-1x-9fb2e1432209f907d6e5e3ce748da243c85f2851.zip
Merge pull request #1174 from sarthurdev/firewall
firewall: T4178: T3873: tcp flags syntax refactor, intra-zone-filtering fix
Diffstat (limited to 'interface-definitions/include/policy')
-rw-r--r--interface-definitions/include/policy/route-common-rule-ipv6.xml.i51
-rw-r--r--interface-definitions/include/policy/route-common-rule.xml.i51
2 files changed, 2 insertions, 100 deletions
diff --git a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i
index b8fee4b7b..735edbd48 100644
--- a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i
+++ b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i
@@ -320,56 +320,7 @@
</leafNode>
</children>
</node>
-<node name="tcp">
- <properties>
- <help>TCP flags to match</help>
- </properties>
- <children>
- <leafNode name="flags">
- <properties>
- <help>TCP flags to match</help>
- <valueHelp>
- <format>txt</format>
- <description>Multiple comma-separated flags</description>
- </valueHelp>
- <valueHelp>
- <format>syn</format>
- <description>Syncronise flag</description>
- </valueHelp>
- <valueHelp>
- <format>ack</format>
- <description>Acknowledge flag</description>
- </valueHelp>
- <valueHelp>
- <format>fin</format>
- <description>Finish flag</description>
- </valueHelp>
- <valueHelp>
- <format>rst</format>
- <description>Reset flag</description>
- </valueHelp>
- <valueHelp>
- <format>urg</format>
- <description>Urgent flag</description>
- </valueHelp>
- <valueHelp>
- <format>psh</format>
- <description>Push flag</description>
- </valueHelp>
- <valueHelp>
- <format> </format>
- <description>\n When specifying more than one flag, flags should be comma-separated.\n For example: value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset</description>
- </valueHelp>
- <completionHelp>
- <list>syn ack fin rst urg psh</list>
- </completionHelp>
- <constraint>
- <validator name="tcp-flag"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
+#include <include/firewall/tcp-flags.xml.i>
<node name="time">
<properties>
<help>Time to match rule</help>
diff --git a/interface-definitions/include/policy/route-common-rule.xml.i b/interface-definitions/include/policy/route-common-rule.xml.i
index 17b47474d..4452f78fc 100644
--- a/interface-definitions/include/policy/route-common-rule.xml.i
+++ b/interface-definitions/include/policy/route-common-rule.xml.i
@@ -320,56 +320,7 @@
</leafNode>
</children>
</node>
-<node name="tcp">
- <properties>
- <help>TCP flags to match</help>
- </properties>
- <children>
- <leafNode name="flags">
- <properties>
- <help>TCP flags to match</help>
- <valueHelp>
- <format>txt</format>
- <description>Multiple comma-separated flags</description>
- </valueHelp>
- <valueHelp>
- <format>syn</format>
- <description>Syncronise flag</description>
- </valueHelp>
- <valueHelp>
- <format>ack</format>
- <description>Acknowledge flag</description>
- </valueHelp>
- <valueHelp>
- <format>fin</format>
- <description>Finish flag</description>
- </valueHelp>
- <valueHelp>
- <format>rst</format>
- <description>Reset flag</description>
- </valueHelp>
- <valueHelp>
- <format>urg</format>
- <description>Urgent flag</description>
- </valueHelp>
- <valueHelp>
- <format>psh</format>
- <description>Push flag</description>
- </valueHelp>
- <valueHelp>
- <format> </format>
- <description>\n When specifying more than one flag, flags should be comma-separated.\n For example: value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset</description>
- </valueHelp>
- <completionHelp>
- <list>syn ack fin rst urg psh</list>
- </completionHelp>
- <constraint>
- <validator name="tcp-flag"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
+#include <include/firewall/tcp-flags.xml.i>
<node name="time">
<properties>
<help>Time to match rule</help>