zone_policy: T3873: Implement intra-zone-filtering

author: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2021-10-31 21:24:40 +0100
committer: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2021-12-06 21:20:50 +0100
commit: 28b285b4791aece18fe1bbd76f3d555370545006 (patch)
tree: 84012e52eb729927489ea8a49431910e5ec05c2c /interface-definitions/zone-policy.xml.in
parent: dcd202aeeb890edf289c57305cb0bf07c87df341 (diff)
download: vyos-1x-28b285b4791aece18fe1bbd76f3d555370545006.tar.gz
vyos-1x-28b285b4791aece18fe1bbd76f3d555370545006.zip
1 files changed, 49 insertions, 0 deletions
diff --git a/interface-definitions/zone-policy.xml.in b/interface-definitions/zone-policy.xml.in
index 52fd73f15..dd64c7c16 100644
--- a/interface-definitions/zone-policy.xml.in
+++ b/interface-definitions/zone-policy.xml.in
@@ -81,6 +81,55 @@
               <multi/>
             </properties>
           </leafNode>
+          <node name="intra-zone-filtering">
+            <properties>
+              <help>Intra-zone filtering</help>
+            </properties>
+            <children>
+              <leafNode name="action">
+                <properties>
+                  <help>Action for intra-zone traffic</help>
+                  <completionHelp>
+                    <list>accept drop</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>accept</format>
+                    <description>Accept traffic (default)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>drop</format>
+                    <description>Drop silently</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>^(accept|drop)$</regex>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <node name="firewall">
+                <properties>
+                  <help>Use the specified firewall chain</help>
+                </properties>
+                <children>
+                  <leafNode name="ipv6-name">
+                    <properties>
+                      <help>IPv6 firewall ruleset</help>
+                      <completionHelp>
+                        <path>firewall ipv6-name</path>
+                      </completionHelp>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="name">
+                    <properties>
+                      <help>IPv4 firewall ruleset</help>
+                      <completionHelp>
+                        <path>firewall name</path>
+                      </completionHelp>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+            </children>
+          </node>
           <leafNode name="local-zone">
             <properties>
               <help>Zone to be local-zone</help>
author	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2021-10-31 21:24:40 +0100
committer	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2021-12-06 21:20:50 +0100
commit	28b285b4791aece18fe1bbd76f3d555370545006 (patch)
tree	84012e52eb729927489ea8a49431910e5ec05c2c /interface-definitions/zone-policy.xml.in
parent	dcd202aeeb890edf289c57305cb0bf07c87df341 (diff)
download	vyos-1x-28b285b4791aece18fe1bbd76f3d555370545006.tar.gz vyos-1x-28b285b4791aece18fe1bbd76f3d555370545006.zip