diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-01-17 18:08:34 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-17 18:08:34 +0100 |
commit | 9fb2e1432209f907d6e5e3ce748da243c85f2851 (patch) | |
tree | 0f3607ccd75cfad67f25ba06b62bdaa1232874fb /interface-definitions/include/policy | |
parent | 7e731c0ef503334eaab2bfd723163a9749d64da2 (diff) | |
parent | 53c2b62dda5bcd1f605a8b9ea438f0f76e366e36 (diff) | |
download | vyos-1x-9fb2e1432209f907d6e5e3ce748da243c85f2851.tar.gz vyos-1x-9fb2e1432209f907d6e5e3ce748da243c85f2851.zip |
Merge pull request #1174 from sarthurdev/firewall
firewall: T4178: T3873: tcp flags syntax refactor, intra-zone-filtering fix
Diffstat (limited to 'interface-definitions/include/policy')
-rw-r--r-- | interface-definitions/include/policy/route-common-rule-ipv6.xml.i | 51 | ||||
-rw-r--r-- | interface-definitions/include/policy/route-common-rule.xml.i | 51 |
2 files changed, 2 insertions, 100 deletions
diff --git a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i index b8fee4b7b..735edbd48 100644 --- a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i +++ b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i @@ -320,56 +320,7 @@ </leafNode> </children> </node> -<node name="tcp"> - <properties> - <help>TCP flags to match</help> - </properties> - <children> - <leafNode name="flags"> - <properties> - <help>TCP flags to match</help> - <valueHelp> - <format>txt</format> - <description>Multiple comma-separated flags</description> - </valueHelp> - <valueHelp> - <format>syn</format> - <description>Syncronise flag</description> - </valueHelp> - <valueHelp> - <format>ack</format> - <description>Acknowledge flag</description> - </valueHelp> - <valueHelp> - <format>fin</format> - <description>Finish flag</description> - </valueHelp> - <valueHelp> - <format>rst</format> - <description>Reset flag</description> - </valueHelp> - <valueHelp> - <format>urg</format> - <description>Urgent flag</description> - </valueHelp> - <valueHelp> - <format>psh</format> - <description>Push flag</description> - </valueHelp> - <valueHelp> - <format> </format> - <description>\n When specifying more than one flag, flags should be comma-separated.\n For example: value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset</description> - </valueHelp> - <completionHelp> - <list>syn ack fin rst urg psh</list> - </completionHelp> - <constraint> - <validator name="tcp-flag"/> - </constraint> - </properties> - </leafNode> - </children> -</node> +#include <include/firewall/tcp-flags.xml.i> <node name="time"> <properties> <help>Time to match rule</help> diff --git a/interface-definitions/include/policy/route-common-rule.xml.i b/interface-definitions/include/policy/route-common-rule.xml.i index 17b47474d..4452f78fc 100644 --- a/interface-definitions/include/policy/route-common-rule.xml.i +++ b/interface-definitions/include/policy/route-common-rule.xml.i @@ -320,56 +320,7 @@ </leafNode> </children> </node> -<node name="tcp"> - <properties> - <help>TCP flags to match</help> - </properties> - <children> - <leafNode name="flags"> - <properties> - <help>TCP flags to match</help> - <valueHelp> - <format>txt</format> - <description>Multiple comma-separated flags</description> - </valueHelp> - <valueHelp> - <format>syn</format> - <description>Syncronise flag</description> - </valueHelp> - <valueHelp> - <format>ack</format> - <description>Acknowledge flag</description> - </valueHelp> - <valueHelp> - <format>fin</format> - <description>Finish flag</description> - </valueHelp> - <valueHelp> - <format>rst</format> - <description>Reset flag</description> - </valueHelp> - <valueHelp> - <format>urg</format> - <description>Urgent flag</description> - </valueHelp> - <valueHelp> - <format>psh</format> - <description>Push flag</description> - </valueHelp> - <valueHelp> - <format> </format> - <description>\n When specifying more than one flag, flags should be comma-separated.\n For example: value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset</description> - </valueHelp> - <completionHelp> - <list>syn ack fin rst urg psh</list> - </completionHelp> - <constraint> - <validator name="tcp-flag"/> - </constraint> - </properties> - </leafNode> - </children> -</node> +#include <include/firewall/tcp-flags.xml.i> <node name="time"> <properties> <help>Time to match rule</help> |