Firewall: T4651: Add options to match packet size on firewall rules.

author: Nicolas Fort <nicolasfort1988@gmail.com> 2022-08-27 15:35:52 +0000
committer: Nicolas Fort <nicolasfort1988@gmail.com> 2022-08-27 15:35:52 +0000
commit: 37cfa8cdb1c6a1d395109aabd3ee29e83db151da (patch)
tree: 8a710dc72fe799956330008f8031bc07f9d1a407 /interface-definitions
parent: 9126170f0b09285cf79f8c40584312bccd67c3e8 (diff)
download: vyos-1x-37cfa8cdb1c6a1d395109aabd3ee29e83db151da.tar.gz
vyos-1x-37cfa8cdb1c6a1d395109aabd3ee29e83db151da.zip
1 files changed, 40 insertions, 0 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 2e9452dfd..f838f1b88 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -383,6 +383,26 @@
                 </children>
               </node>
               #include <include/firewall/common-rule.xml.i>
+              <leafNode name="ip-length">
+                <properties>
+                  <help>Payload size in bytes, including any extension header</help>
+                  <valueHelp>
+                    <format>u32:1-65535</format>
+                    <description>Numbered packet length</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>&lt;start-end&gt;</format>
+                    <description>Packet length range (e.g. 1001-1005)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format> </format>
+                    <description>\n\n  Multiple values can be specified as a comma-separated list.\n  For example: '64, 512,1001-1005'</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="ip-length"/>
+                  </constraint>
+                </properties>
+              </leafNode>
               <node name="hop-limit">
                 <properties>
                   <help>Hop Limit</help>
@@ -571,6 +591,26 @@
                 </children>
               </node>
               #include <include/firewall/common-rule.xml.i>
+              <leafNode name="ip-length">
+                <properties>
+                  <help>Packet size in bytes, including header and data</help>
+                  <valueHelp>
+                    <format>u32:1-65535</format>
+                    <description>Numbered packet length</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>&lt;start-end&gt;</format>
+                    <description>Packet length range (e.g. 1001-1005)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format> </format>
+                    <description>\n\n  Multiple values can be specified as a comma-separated list.\n  For example: '64, 512,1001-1005'</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="ip-length"/>
+                  </constraint>
+                </properties>
+              </leafNode>
               <node name="icmp">
                 <properties>
                   <help>ICMP type and code information</help>
author	Nicolas Fort <nicolasfort1988@gmail.com>	2022-08-27 15:35:52 +0000
committer	Nicolas Fort <nicolasfort1988@gmail.com>	2022-08-27 15:35:52 +0000
commit	37cfa8cdb1c6a1d395109aabd3ee29e83db151da (patch)
tree	8a710dc72fe799956330008f8031bc07f9d1a407 /interface-definitions
parent	9126170f0b09285cf79f8c40584312bccd67c3e8 (diff)
download	vyos-1x-37cfa8cdb1c6a1d395109aabd3ee29e83db151da.tar.gz vyos-1x-37cfa8cdb1c6a1d395109aabd3ee29e83db151da.zip