diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-10-19 20:06:52 +0200 | 
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-19 20:06:52 +0200 | 
| commit | 0dcddbd4594fa957a331c9e5ef752b035513bc12 (patch) | |
| tree | 787585a6e5ea18c1ef1dba96f7ec093742ae9bf4 /interface-definitions | |
| parent | c2edbc6c414024b46f5908cf646d64600eb6270f (diff) | |
| parent | c82fe6540c0c0c499434c3ccbb4228b30b24e924 (diff) | |
| download | vyos-1x-0dcddbd4594fa957a331c9e5ef752b035513bc12.tar.gz vyos-1x-0dcddbd4594fa957a331c9e5ef752b035513bc12.zip | |
Merge pull request #2362 from nicolas-fort/T5541
T5541: firewall zone: re add firewall zone-base firewall
Diffstat (limited to 'interface-definitions')
| -rw-r--r-- | interface-definitions/firewall.xml.in | 142 | 
1 files changed, 142 insertions, 0 deletions
| diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index 81e6b89ea..0bb14a1b3 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -355,6 +355,148 @@            #include <include/firewall/ipv6-custom-name.xml.i>          </children>        </node> +      <tagNode name="zone"> +        <properties> +          <help>Zone-policy</help> +          <valueHelp> +            <format>txt</format> +            <description>Zone name</description> +          </valueHelp> +          <constraint> +            <regex>[a-zA-Z0-9][\w\-\.]*</regex> +          </constraint> +        </properties> +        <children> +          #include <include/generic-description.xml.i> +          #include <include/firewall/enable-default-log.xml.i> +          <leafNode name="default-action"> +            <properties> +              <help>Default-action for traffic coming into this zone</help> +              <completionHelp> +                <list>drop reject</list> +              </completionHelp> +              <valueHelp> +                <format>drop</format> +                <description>Drop silently</description> +              </valueHelp> +              <valueHelp> +                <format>reject</format> +                <description>Drop and notify source</description> +              </valueHelp> +              <constraint> +                <regex>(drop|reject)</regex> +              </constraint> +            </properties> +            <defaultValue>drop</defaultValue> +          </leafNode> +          <tagNode name="from"> +            <properties> +              <help>Zone from which to filter traffic</help> +              <completionHelp> +                <path>zone-policy zone</path> +              </completionHelp> +            </properties> +            <children> +              <node name="firewall"> +                <properties> +                  <help>Firewall options</help> +                </properties> +                <children> +                  <leafNode name="ipv6-name"> +                    <properties> +                      <help>IPv6 firewall ruleset</help> +                      <completionHelp> +                        <path>firewall ipv6 name</path> +                      </completionHelp> +                    </properties> +                  </leafNode> +                  <leafNode name="name"> +                    <properties> +                      <help>IPv4 firewall ruleset</help> +                      <completionHelp> +                        <path>firewall ipv4 name</path> +                      </completionHelp> +                    </properties> +                  </leafNode> +                </children> +              </node> +            </children> +          </tagNode> +          <leafNode name="interface"> +            <properties> +              <help>Interface associated with zone</help> +              <valueHelp> +                <format>txt</format> +                <description>Interface associated with zone</description> +              </valueHelp> +              <valueHelp> +                <format>vrf</format> +                <description>VRF associated with zone</description> +              </valueHelp> +              <completionHelp> +                <script>${vyos_completion_dir}/list_interfaces</script> +                <path>vrf name</path> +              </completionHelp> +              <multi/> +            </properties> +          </leafNode> +          <node name="intra-zone-filtering"> +            <properties> +              <help>Intra-zone filtering</help> +            </properties> +            <children> +              <leafNode name="action"> +                <properties> +                  <help>Action for intra-zone traffic</help> +                  <completionHelp> +                    <list>accept drop</list> +                  </completionHelp> +                  <valueHelp> +                    <format>accept</format> +                    <description>Accept traffic</description> +                  </valueHelp> +                  <valueHelp> +                    <format>drop</format> +                    <description>Drop silently</description> +                  </valueHelp> +                  <constraint> +                    <regex>(accept|drop)</regex> +                  </constraint> +                </properties> +              </leafNode> +              <node name="firewall"> +                <properties> +                  <help>Use the specified firewall chain</help> +                </properties> +                <children> +                  <leafNode name="ipv6-name"> +                    <properties> +                      <help>IPv6 firewall ruleset</help> +                      <completionHelp> +                        <path>firewall ipv6 name</path> +                      </completionHelp> +                    </properties> +                  </leafNode> +                  <leafNode name="name"> +                    <properties> +                      <help>IPv4 firewall ruleset</help> +                      <completionHelp> +                        <path>firewall ipv4 name</path> +                      </completionHelp> +                    </properties> +                  </leafNode> +                </children> +              </node> +            </children> +          </node> +          <leafNode name="local-zone"> +            <properties> +              <help>Zone to be local-zone</help> +              <valueless/> +            </properties> +          </leafNode> +        </children> +      </tagNode>      </children>    </node>  </interfaceDefinition> | 
