diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-12-30 23:25:20 +0100 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2023-12-31 23:49:48 +0100 |
| commit | 4ef110fd2c501b718344c72d495ad7e16d2bd465 (patch) | |
| tree | e98bf08f93c029ec4431a3b6ca078e7562e0cc58 /interface-definitions/system-conntrack.xml.in | |
| parent | 2286b8600da6c631b17e1d5b9b341843e50f9abf (diff) | |
| download | vyos-1x-4ef110fd2c501b718344c72d495ad7e16d2bd465.tar.gz vyos-1x-4ef110fd2c501b718344c72d495ad7e16d2bd465.zip | |
T5474: establish common file name pattern for XML conf mode commands
We will use _ as CLI level divider. The XML definition filename and also
the Python helper should match the CLI node.
Example:
set interfaces ethernet -> interfaces_ethernet.xml.in
set interfaces bond -> interfaces_bond.xml.in
set service dhcp-server -> service_dhcp-server-xml.in
Diffstat (limited to 'interface-definitions/system-conntrack.xml.in')
| -rw-r--r-- | interface-definitions/system-conntrack.xml.in | 513 |
1 files changed, 0 insertions, 513 deletions
diff --git a/interface-definitions/system-conntrack.xml.in b/interface-definitions/system-conntrack.xml.in deleted file mode 100644 index d9504544d..000000000 --- a/interface-definitions/system-conntrack.xml.in +++ /dev/null @@ -1,513 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="system"> - <children> - <node name="conntrack" owner="${vyos_conf_scripts_dir}/conntrack.py"> - <properties> - <help>Connection Tracking Engine Options</help> - <!-- Before NAT and conntrack-sync are configured --> - <priority>218</priority> - </properties> - <children> - <leafNode name="flow-accounting"> - <properties> - <help>Enable connection tracking flow accounting</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="expect-table-size"> - <properties> - <help>Size of connection tracking expect table</help> - <valueHelp> - <format>u32:1-50000000</format> - <description>Number of entries allowed in connection tracking expect table</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-50000000"/> - </constraint> - </properties> - <defaultValue>2048</defaultValue> - </leafNode> - <leafNode name="hash-size"> - <properties> - <help>Hash size for connection tracking table</help> - <valueHelp> - <format>u32:1-50000000</format> - <description>Size of hash to use for connection tracking table</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-50000000"/> - </constraint> - </properties> - <defaultValue>32768</defaultValue> - </leafNode> - <node name="ignore"> - <properties> - <help>Customized rules to ignore selective connection tracking</help> - </properties> - <children> - <node name="ipv4"> - <properties> - <help>IPv4 rules</help> - </properties> - <children> - <tagNode name="rule"> - <properties> - <help>Rule number</help> - <valueHelp> - <format>u32:1-999999</format> - <description>Number of conntrack ignore rule</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-999999"/> - </constraint> - <constraintErrorMessage>Ignore rule number must be between 1 and 999999</constraintErrorMessage> - </properties> - <children> - #include <include/generic-description.xml.i> - <node name="destination"> - <properties> - <help>Destination parameters</help> - </properties> - <children> - #include <include/firewall/source-destination-group-ipv4.xml.i> - #include <include/nat-address.xml.i> - #include <include/nat-port.xml.i> - </children> - </node> - <leafNode name="inbound-interface"> - <properties> - <help>Interface to ignore connections tracking on</help> - <completionHelp> - <list>any</list> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - </leafNode> - #include <include/ip-protocol.xml.i> - <leafNode name="protocol"> - <properties> - <help>Protocol to match (protocol name, number, or "all")</help> - <completionHelp> - <script>${vyos_completion_dir}/list_protocols.sh</script> - <list>all tcp_udp</list> - </completionHelp> - <valueHelp> - <format>all</format> - <description>All IP protocols</description> - </valueHelp> - <valueHelp> - <format>tcp_udp</format> - <description>Both TCP and UDP</description> - </valueHelp> - <valueHelp> - <format>u32:0-255</format> - <description>IP protocol number</description> - </valueHelp> - <valueHelp> - <format><protocol></format> - <description>IP protocol name</description> - </valueHelp> - <valueHelp> - <format>!<protocol></format> - <description>IP protocol name</description> - </valueHelp> - <constraint> - <validator name="ip-protocol"/> - </constraint> - </properties> - </leafNode> - <node name="source"> - <properties> - <help>Source parameters</help> - </properties> - <children> - #include <include/firewall/source-destination-group-ipv4.xml.i> - #include <include/nat-address.xml.i> - #include <include/nat-port.xml.i> - </children> - </node> - #include <include/firewall/tcp-flags.xml.i> - </children> - </tagNode> - </children> - </node> - <node name="ipv6"> - <properties> - <help>IPv6 rules</help> - </properties> - <children> - <tagNode name="rule"> - <properties> - <help>Rule number</help> - <valueHelp> - <format>u32:1-999999</format> - <description>Number of conntrack ignore rule</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-999999"/> - </constraint> - <constraintErrorMessage>Ignore rule number must be between 1 and 999999</constraintErrorMessage> - </properties> - <children> - #include <include/generic-description.xml.i> - <node name="destination"> - <properties> - <help>Destination parameters</help> - </properties> - <children> - #include <include/firewall/address-ipv6.xml.i> - #include <include/firewall/source-destination-group-ipv6.xml.i> - #include <include/nat-port.xml.i> - </children> - </node> - <leafNode name="inbound-interface"> - <properties> - <help>Interface to ignore connections tracking on</help> - <completionHelp> - <list>any</list> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - </leafNode> - #include <include/ip-protocol.xml.i> - <leafNode name="protocol"> - <properties> - <help>Protocol to match (protocol name, number, or "all")</help> - <completionHelp> - <script>${vyos_completion_dir}/list_protocols.sh</script> - <list>all tcp_udp</list> - </completionHelp> - <valueHelp> - <format>all</format> - <description>All IP protocols</description> - </valueHelp> - <valueHelp> - <format>tcp_udp</format> - <description>Both TCP and UDP</description> - </valueHelp> - <valueHelp> - <format>u32:0-255</format> - <description>IP protocol number</description> - </valueHelp> - <valueHelp> - <format><protocol></format> - <description>IP protocol name</description> - </valueHelp> - <valueHelp> - <format>!<protocol></format> - <description>IP protocol name</description> - </valueHelp> - <constraint> - <validator name="ip-protocol"/> - </constraint> - </properties> - </leafNode> - <node name="source"> - <properties> - <help>Source parameters</help> - </properties> - <children> - #include <include/firewall/address-ipv6.xml.i> - #include <include/firewall/source-destination-group-ipv6.xml.i> - #include <include/nat-port.xml.i> - </children> - </node> - #include <include/firewall/tcp-flags.xml.i> - </children> - </tagNode> - </children> - </node> - - </children> - </node> - <node name="log"> - <properties> - <help>Log connection tracking events per protocol</help> - </properties> - <children> - <node name="icmp"> - <properties> - <help>Log connection tracking events for ICMP</help> - </properties> - <children> - #include <include/conntrack/log-common.xml.i> - </children> - </node> - <node name="other"> - <properties> - <help>Log connection tracking events for all protocols other than TCP, UDP and ICMP</help> - </properties> - <children> - #include <include/conntrack/log-common.xml.i> - </children> - </node> - <node name="tcp"> - <properties> - <help>Log connection tracking events for TCP</help> - </properties> - <children> - #include <include/conntrack/log-common.xml.i> - </children> - </node> - <node name="udp"> - <properties> - <help>Log connection tracking events for UDP</help> - </properties> - <children> - #include <include/conntrack/log-common.xml.i> - </children> - </node> - </children> - </node> - <node name="modules"> - <properties> - <help>Connection tracking modules</help> - </properties> - <children> - <leafNode name="ftp"> - <properties> - <help>FTP connection tracking</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="h323"> - <properties> - <help>H.323 connection tracking</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="nfs"> - <properties> - <help>NFS connection tracking</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="pptp"> - <properties> - <help>PPTP connection tracking</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="sip"> - <properties> - <help>SIP connection tracking</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="sqlnet"> - <properties> - <help>SQLnet connection tracking</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="tftp"> - <properties> - <help>TFTP connection tracking</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <leafNode name="table-size"> - <properties> - <help>Size of connection tracking table</help> - <valueHelp> - <format>u32:1-50000000</format> - <description>Number of entries allowed in connection tracking table</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-50000000"/> - </constraint> - </properties> - <defaultValue>262144</defaultValue> - </leafNode> - <node name="tcp"> - <properties> - <help>TCP options</help> - </properties> - <children> - <leafNode name="half-open-connections"> - <properties> - <help>Maximum number of TCP half-open connections</help> - <valueHelp> - <format>u32:1-2147483647</format> - <description>Generic connection timeout in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-2147483647"/> - </constraint> - </properties> - <defaultValue>512</defaultValue> - </leafNode> - <leafNode name="loose"> - <properties> - <help>Policy to track previously established connections</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Allow tracking of previously established connections</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Do not allow tracking of previously established connections</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - <defaultValue>enable</defaultValue> - </leafNode> - <leafNode name="max-retrans"> - <properties> - <help>Maximum number of packets that can be retransmitted without received an ACK</help> - <valueHelp> - <format>u32:1-255</format> - <description>Number of packets to be retransmitted</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-255"/> - </constraint> - </properties> - <defaultValue>3</defaultValue> - </leafNode> - </children> - </node> - <node name="timeout"> - <properties> - <help>Connection timeout options</help> - </properties> - <children> - <node name="custom"> - <properties> - <help>Define custom timeouts per connection</help> - </properties> - <children> - <node name="ipv4"> - <properties> - <help>IPv4 rules</help> - </properties> - <children> - <tagNode name="rule"> - <properties> - <help>Rule number</help> - <valueHelp> - <format>u32:1-999999</format> - <description>Number of conntrack rule</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-999999"/> - </constraint> - <constraintErrorMessage>Ignore rule number must be between 1 and 999999</constraintErrorMessage> - </properties> - <children> - #include <include/generic-description.xml.i> - <node name="destination"> - <properties> - <help>Destination parameters</help> - </properties> - <children> - #include <include/nat-address.xml.i> - #include <include/nat-port.xml.i> - </children> - </node> - <leafNode name="inbound-interface"> - <properties> - <help>Interface to ignore connections tracking on</help> - <completionHelp> - <list>any</list> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - </leafNode> - <node name="protocol"> - <properties> - <help>Customize protocol specific timers, one protocol configuration per rule</help> - </properties> - <children> - #include <include/conntrack/timeout-custom-protocols.xml.i> - </children> - </node> - <node name="source"> - <properties> - <help>Source parameters</help> - </properties> - <children> - #include <include/nat-address.xml.i> - #include <include/nat-port.xml.i> - </children> - </node> - </children> - </tagNode> - </children> - </node> - <node name="ipv6"> - <properties> - <help>IPv6 rules</help> - </properties> - <children> - <tagNode name="rule"> - <properties> - <help>Rule number</help> - <valueHelp> - <format>u32:1-999999</format> - <description>Number of conntrack rule</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-999999"/> - </constraint> - <constraintErrorMessage>Ignore rule number must be between 1 and 999999</constraintErrorMessage> - </properties> - <children> - #include <include/generic-description.xml.i> - <node name="destination"> - <properties> - <help>Destination parameters</help> - </properties> - <children> - #include <include/firewall/address-ipv6.xml.i> - #include <include/nat-port.xml.i> - </children> - </node> - <leafNode name="inbound-interface"> - <properties> - <help>Interface to ignore connections tracking on</help> - <completionHelp> - <list>any</list> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - </leafNode> - <node name="protocol"> - <properties> - <help>Customize protocol specific timers, one protocol configuration per rule</help> - </properties> - <children> - #include <include/conntrack/timeout-custom-protocols.xml.i> - </children> - </node> - <node name="source"> - <properties> - <help>Source parameters</help> - </properties> - <children> - #include <include/firewall/address-ipv6.xml.i> - #include <include/nat-port.xml.i> - </children> - </node> - </children> - </tagNode> - </children> - </node> - </children> - </node> - #include <include/conntrack/timeout-common-protocols.xml.i> - </children> - </node> - </children> - </node> - </children> - </node> -</interfaceDefinition> |