diff options
| author | Nataliia Solomko <natalirs1985@gmail.com> | 2025-06-13 12:20:40 +0300 |
|---|---|---|
| committer | Nataliia Solomko <natalirs1985@gmail.com> | 2025-06-17 18:16:51 +0300 |
| commit | 8dbc3c5e67cc1fd043a78dd3446a1a733ebd814f (patch) | |
| tree | 970a4f45190b216eabe7aa581e1faa611d79ab09 /interface-definitions/include | |
| parent | 09f63fb975daaefe843641c5ffbec34ddf6b18de (diff) | |
| download | vyos-1x-8dbc3c5e67cc1fd043a78dd3446a1a733ebd814f.tar.gz vyos-1x-8dbc3c5e67cc1fd043a78dd3446a1a733ebd814f.zip | |
firewall: T6951: Add a configuration command for ethertypes that bridge firewalls should always accept
Diffstat (limited to 'interface-definitions/include')
| -rw-r--r-- | interface-definitions/include/firewall/global-options.xml.i | 49 | ||||
| -rw-r--r-- | interface-definitions/include/version/firewall-version.xml.i | 2 |
2 files changed, 46 insertions, 5 deletions
diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i index 794da4f9d..e19f3a7c5 100644 --- a/interface-definitions/include/firewall/global-options.xml.i +++ b/interface-definitions/include/firewall/global-options.xml.i @@ -49,12 +49,53 @@ <help>Apply configured firewall rules to traffic switched by bridges</help> </properties> <children> - <leafNode name="invalid-connections"> + <node name="accept-invalid"> <properties> - <help>Accept ARP, 802.1q, 802.1ad, DHCP, PPPoE and WoL despite being marked as invalid connections</help> - <valueless/> + <help>Accept connections despite they are marked as invalid</help> </properties> - </leafNode> + <children> + <leafNode name="ethernet-type"> + <properties> + <help>Ethernet type</help> + <completionHelp> + <list>arp dhcp pppoe 802.1q 802.1ad pppoe-discovery wol</list> + </completionHelp> + <valueHelp> + <format>arp</format> + <description>Adress Resolution Protocol (ARP)</description> + </valueHelp> + <valueHelp> + <format>dhcp</format> + <description>Dynamic Host Configuration Protocol (DHCP)</description> + </valueHelp> + <valueHelp> + <format>pppoe</format> + <description>Point to Point over Ethernet (PPPoE) Session</description> + </valueHelp> + <valueHelp> + <format>pppoe-discovery</format> + <description>PPPoE Discovery</description> + </valueHelp> + <valueHelp> + <format>802.1q</format> + <description>Customer VLAN tag type (802.1Q)</description> + </valueHelp> + <valueHelp> + <format>802.1ad</format> + <description>Service VLAN tag type (802.1ad)</description> + </valueHelp> + <valueHelp> + <format>wol</format> + <description>Wake-on-LAN magic packet</description> + </valueHelp> + <constraint> + <regex>(arp|dhcp|pppoe|pppoe-discovery|802.1q|802.1ad|wol)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> <leafNode name="ipv4"> <properties> <help>Apply configured IPv4 firewall rules</help> diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i index 1a8098297..1f3b779d5 100644 --- a/interface-definitions/include/version/firewall-version.xml.i +++ b/interface-definitions/include/version/firewall-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/firewall-version.xml.i --> -<syntaxVersion component='firewall' version='18'></syntaxVersion> +<syntaxVersion component='firewall' version='19'></syntaxVersion> <!-- include end --> |