summaryrefslogtreecommitdiff
path: root/interface-definitions/include
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-05-12 19:23:15 +0200
committerChristian Poessinger <christian@poessinger.com>2020-05-16 15:30:26 +0200
commit1330898ed095b42b6aba7ba00f9a6932b241a230 (patch)
treecd4e524fd1d91ded256f918007c97184be537fbd /interface-definitions/include
parent728e1c6073cb216d3cb8b66f519bd590458165e6 (diff)
downloadvyos-1x-1330898ed095b42b6aba7ba00f9a6932b241a230.tar.gz
vyos-1x-1330898ed095b42b6aba7ba00f9a6932b241a230.zip
nat: T2198: add ipv4-{address,prefix,rage}-exclude validators
Exclude validators are required to support the ! (not) operator on the CLI to exclude addresses from NAT.
Diffstat (limited to 'interface-definitions/include')
-rw-r--r--interface-definitions/include/nat-address-port.xml.i9
1 files changed, 8 insertions, 1 deletions
diff --git a/interface-definitions/include/nat-address-port.xml.i b/interface-definitions/include/nat-address-port.xml.i
index 0848364ff..8705d31cb 100644
--- a/interface-definitions/include/nat-address-port.xml.i
+++ b/interface-definitions/include/nat-address-port.xml.i
@@ -25,7 +25,14 @@
<format>!ipv4range</format>
<description>Match everything except the specified range</description>
</valueHelp>
- <!-- TODO: add general iptables constraint script -->
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="ipv4-prefix"/>
+ <validator name="ipv4-range"/>
+ <validator name="ipv4-address-exclude"/>
+ <validator name="ipv4-prefix-exclude"/>
+ <validator name="ipv4-range-exclude"/>
+ </constraint>
</properties>
</leafNode>
<leafNode name="port">