firewall: T2199: Refactor firewall + zone-policy, move interfaces under firewall node

* Refactor firewall and zone-policy rule creation and cleanup * Migrate interface firewall values to `firewall interfaces <name> <direction> name/ipv6-name <name>` * Remove `firewall-interface.py` conf script
author: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2022-08-30 11:46:16 +0200
committer: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2022-09-13 11:59:11 +0200
commit: 450ca9a9b46d69036af432ddad316d4ddb126085 (patch)
tree: 5f39017252450472e7c012ae30b506995158600f /interface-definitions/include
parent: 627cfc6d6733998a721ac97f9f5bc44c4c2c6797 (diff)
download: vyos-1x-450ca9a9b46d69036af432ddad316d4ddb126085.tar.gz
vyos-1x-450ca9a9b46d69036af432ddad316d4ddb126085.zip
7 files changed, 19 insertions, 241 deletions
diff --git a/interface-definitions/include/firewall/name.xml.i b/interface-definitions/include/firewall/name.xml.i
new file mode 100644
index 000000000..231b9b144
--- /dev/null
+++ b/interface-definitions/include/firewall/name.xml.i
@@ -0,0 +1,18 @@
+<!-- include start from firewall/name.xml.i -->
+<leafNode name="name">
+  <properties>
+    <help>Local IPv4 firewall ruleset name for interface</help>
+    <completionHelp>
+      <path>firewall name</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<leafNode name="ipv6-name">
+  <properties>
+    <help>Local IPv6 firewall ruleset name for interface</help>
+    <completionHelp>
+      <path>firewall ipv6-name</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<!-- include end from firewall/name.xml.i -->
+\ No newline at end of file
diff --git a/interface-definitions/include/interface/interface-firewall-vif-c.xml.i b/interface-definitions/include/interface/interface-firewall-vif-c.xml.i
deleted file mode 100644
index 1bc235fcb..000000000
--- a/interface-definitions/include/interface/interface-firewall-vif-c.xml.i
+++ /dev/null
@@ -1,79 +0,0 @@
-<!-- include start from interface/interface-firewall-vif-c.xml.i -->
-<node name="firewall" owner="${vyos_conf_scripts_dir}/firewall-interface.py $VAR(../../../@).$VAR(../../@).$VAR(../@)">
-  <properties>
-    <priority>615</priority>
-    <help>Firewall options</help>
-  </properties>
-  <children>
-    <node name="in">
-      <properties>
-        <help>forwarded packets on inbound interface</help>
-      </properties>
-      <children>
-        <leafNode name="name">
-          <properties>
-            <help>Inbound IPv4 firewall ruleset name for interface</help>
-            <completionHelp>
-              <path>firewall name</path>
-            </completionHelp>
-          </properties>
-        </leafNode>
-        <leafNode name="ipv6-name">
-          <properties>
-            <help>Inbound IPv6 firewall ruleset name for interface</help>
-            <completionHelp>
-              <path>firewall ipv6-name</path>
-            </completionHelp>
-          </properties>
-        </leafNode>
-      </children>
-    </node>
-    <node name="out">
-      <properties>
-        <help>forwarded packets on outbound interface</help>
-      </properties>
-      <children>
-        <leafNode name="name">
-          <properties>
-            <help>Outbound IPv4 firewall ruleset name for interface</help>
-            <completionHelp>
-              <path>firewall name</path>
-            </completionHelp>
-          </properties>
-        </leafNode>
-        <leafNode name="ipv6-name">
-          <properties>
-            <help>Outbound IPv6 firewall ruleset name for interface</help>
-            <completionHelp>
-              <path>firewall ipv6-name</path>
-            </completionHelp>
-          </properties>
-        </leafNode>
-      </children>
-    </node>
-    <node name="local">
-      <properties>
-        <help>packets destined for this router</help>
-      </properties>
-      <children>
-        <leafNode name="name">
-          <properties>
-            <help>Local IPv4 firewall ruleset name for interface</help>
-            <completionHelp>
-              <path>firewall name</path>
-            </completionHelp>
-          </properties>
-        </leafNode>
-        <leafNode name="ipv6-name">
-          <properties>
-            <help>Local IPv6 firewall ruleset name for interface</help>
-            <completionHelp>
-              <path>firewall ipv6-name</path>
-            </completionHelp>
-          </properties>
-        </leafNode>
-      </children>
-    </node>
-  </children>
-</node>
-<!-- include end -->
diff --git a/interface-definitions/include/interface/interface-firewall-vif.xml.i b/interface-definitions/include/interface/interface-firewall-vif.xml.i
deleted file mode 100644
index a37ac5c4a..000000000
--- a/interface-definitions/include/interface/interface-firewall-vif.xml.i
+++ /dev/null
@@ -1,79 +0,0 @@
-<!-- include start from interface/interface-firewall-vif.xml.i -->
-<node name="firewall" owner="${vyos_conf_scripts_dir}/firewall-interface.py $VAR(../../@).$VAR(../@)">
-  <properties>
-    <priority>615</priority>
-    <help>Firewall options</help>
-  </properties>
-  <children>
-    <node name="in">
-      <properties>
-        <help>forwarded packets on inbound interface</help>
-      </properties>
-      <children>
-        <leafNode name="name">
-          <properties>
-            <help>Inbound IPv4 firewall ruleset name for interface</help>
-            <completionHelp>
-              <path>firewall name</path>
-            </completionHelp>
-          </properties>
-        </leafNode>
-        <leafNode name="ipv6-name">
-          <properties>
-            <help>Inbound IPv6 firewall ruleset name for interface</help>
-            <completionHelp>
-              <path>firewall ipv6-name</path>
-            </completionHelp>
-          </properties>
-        </leafNode>
-      </children>
-    </node>
-    <node name="out">
-      <properties>
-        <help>forwarded packets on outbound interface</help>
-      </properties>
-      <children>
-        <leafNode name="name">
-          <properties>
-            <help>Outbound IPv4 firewall ruleset name for interface</help>
-            <completionHelp>
-              <path>firewall name</path>
-            </completionHelp>
-          </properties>
-        </leafNode>
-        <leafNode name="ipv6-name">
-          <properties>
-            <help>Outbound IPv6 firewall ruleset name for interface</help>
-            <completionHelp>
-              <path>firewall ipv6-name</path>
-            </completionHelp>
-          </properties>
-        </leafNode>
-      </children>
-    </node>
-    <node name="local">
-      <properties>
-        <help>packets destined for this router</help>
-      </properties>
-      <children>
-        <leafNode name="name">
-          <properties>
-            <help>Local IPv4 firewall ruleset name for interface</help>
-            <completionHelp>
-              <path>firewall name</path>
-            </completionHelp>
-          </properties>
-        </leafNode>
-        <leafNode name="ipv6-name">
-          <properties>
-            <help>Local IPv6 firewall ruleset name for interface</help>
-            <completionHelp>
-              <path>firewall ipv6-name</path>
-            </completionHelp>
-          </properties>
-        </leafNode>
-      </children>
-    </node>
-  </children>
-</node>
-<!-- include end -->
diff --git a/interface-definitions/include/interface/interface-firewall.xml.i b/interface-definitions/include/interface/interface-firewall.xml.i
deleted file mode 100644
index b3f20c3bf..000000000
--- a/interface-definitions/include/interface/interface-firewall.xml.i
+++ /dev/null
@@ -1,79 +0,0 @@
-<!-- include start from interface/interface-firewall.xml.i -->
-<node name="firewall" owner="${vyos_conf_scripts_dir}/firewall-interface.py $VAR(../@)">
-  <properties>
-    <priority>615</priority>
-    <help>Firewall options</help>
-  </properties>
-  <children>
-    <node name="in">
-      <properties>
-        <help>forwarded packets on inbound interface</help>
-      </properties>
-      <children>
-        <leafNode name="name">
-          <properties>
-            <help>Inbound IPv4 firewall ruleset name for interface</help>
-            <completionHelp>
-              <path>firewall name</path>
-            </completionHelp>
-          </properties>
-        </leafNode>
-        <leafNode name="ipv6-name">
-          <properties>
-            <help>Inbound IPv6 firewall ruleset name for interface</help>
-            <completionHelp>
-              <path>firewall ipv6-name</path>
-            </completionHelp>
-          </properties>
-        </leafNode>
-      </children>
-    </node>
-    <node name="out">
-      <properties>
-        <help>forwarded packets on outbound interface</help>
-      </properties>
-      <children>
-        <leafNode name="name">
-          <properties>
-            <help>Outbound IPv4 firewall ruleset name for interface</help>
-            <completionHelp>
-              <path>firewall name</path>
-            </completionHelp>
-          </properties>
-        </leafNode>
-        <leafNode name="ipv6-name">
-          <properties>
-            <help>Outbound IPv6 firewall ruleset name for interface</help>
-            <completionHelp>
-              <path>firewall ipv6-name</path>
-            </completionHelp>
-          </properties>
-        </leafNode>
-      </children>
-    </node>
-    <node name="local">
-      <properties>
-        <help>packets destined for this router</help>
-      </properties>
-      <children>
-        <leafNode name="name">
-          <properties>
-            <help>Local IPv4 firewall ruleset name for interface</help>
-            <completionHelp>
-              <path>firewall name</path>
-            </completionHelp>
-          </properties>
-        </leafNode>
-        <leafNode name="ipv6-name">
-          <properties>
-            <help>Local IPv6 firewall ruleset name for interface</help>
-            <completionHelp>
-              <path>firewall ipv6-name</path>
-            </completionHelp>
-          </properties>
-        </leafNode>
-      </children>
-    </node>
-  </children>
-</node>
-<!-- include end -->
diff --git a/interface-definitions/include/interface/vif-s.xml.i b/interface-definitions/include/interface/vif-s.xml.i
index c1af9f9e3..916349ade 100644
--- a/interface-definitions/include/interface/vif-s.xml.i
+++ b/interface-definitions/include/interface/vif-s.xml.i
@@ -18,7 +18,6 @@
     #include <include/interface/dhcpv6-options.xml.i>
     #include <include/interface/disable-link-detect.xml.i>
     #include <include/interface/disable.xml.i>
-    #include <include/interface/interface-firewall-vif.xml.i>
     #include <include/interface/interface-policy-vif.xml.i>
     <leafNode name="protocol">
       <properties>
@@ -68,7 +67,6 @@
         #include <include/interface/mtu-68-16000.xml.i>
         #include <include/interface/redirect.xml.i>
         #include <include/interface/vrf.xml.i>
-        #include <include/interface/interface-firewall-vif-c.xml.i>
         #include <include/interface/interface-policy-vif-c.xml.i>
       </children>
     </tagNode>
diff --git a/interface-definitions/include/interface/vif.xml.i b/interface-definitions/include/interface/vif.xml.i
index 57ef8d64c..73a8c98ff 100644
--- a/interface-definitions/include/interface/vif.xml.i
+++ b/interface-definitions/include/interface/vif.xml.i
@@ -18,7 +18,6 @@
     #include <include/interface/dhcpv6-options.xml.i>
     #include <include/interface/disable-link-detect.xml.i>
     #include <include/interface/disable.xml.i>
-    #include <include/interface/interface-firewall-vif.xml.i>
     #include <include/interface/interface-policy-vif.xml.i>
     <leafNode name="egress-qos">
       <properties>
diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i
index 059a89f24..065925319 100644
--- a/interface-definitions/include/version/firewall-version.xml.i
+++ b/interface-definitions/include/version/firewall-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/firewall-version.xml.i -->
-<syntaxVersion component='firewall' version='7'></syntaxVersion>
+<syntaxVersion component='firewall' version='8'></syntaxVersion>
 <!-- include end -->
author	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2022-08-30 11:46:16 +0200
committer	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2022-09-13 11:59:11 +0200
commit	450ca9a9b46d69036af432ddad316d4ddb126085 (patch)
tree	5f39017252450472e7c012ae30b506995158600f /interface-definitions/include
parent	627cfc6d6733998a721ac97f9f5bc44c4c2c6797 (diff)
download	vyos-1x-450ca9a9b46d69036af432ddad316d4ddb126085.tar.gz vyos-1x-450ca9a9b46d69036af432ddad316d4ddb126085.zip