diff options
| author | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-09-27 17:41:14 +0000 | 
|---|---|---|
| committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-09-29 08:15:59 -0300 | 
| commit | 2ae3de0848dee0f3da28727fc30e2beeecd412e1 (patch) | |
| tree | 392ef2d2f7e5c94bb666a7efb80fdee61380b23e /interface-definitions | |
| parent | 400df973d3518e9f18cb84b52ca89e08a399e461 (diff) | |
| download | vyos-1x-2ae3de0848dee0f3da28727fc30e2beeecd412e1.tar.gz vyos-1x-2ae3de0848dee0f3da28727fc30e2beeecd412e1.zip | |
T5616: firewall: add option to be able to match firewall marks in firewall filter and in policy route.
Diffstat (limited to 'interface-definitions')
3 files changed, 28 insertions, 0 deletions
| diff --git a/interface-definitions/include/firewall/common-rule-inet.xml.i b/interface-definitions/include/firewall/common-rule-inet.xml.i index 872abe6cc..a55a1a551 100644 --- a/interface-definitions/include/firewall/common-rule-inet.xml.i +++ b/interface-definitions/include/firewall/common-rule-inet.xml.i @@ -3,6 +3,7 @@  #include <include/generic-description.xml.i>  #include <include/firewall/dscp.xml.i>  #include <include/firewall/packet-options.xml.i> +#include <include/firewall/firewall-mark.xml.i>  #include <include/firewall/connection-mark.xml.i>  #include <include/firewall/conntrack-helper.xml.i>  #include <include/firewall/nft-queue.xml.i> diff --git a/interface-definitions/include/firewall/firewall-mark.xml.i b/interface-definitions/include/firewall/firewall-mark.xml.i new file mode 100644 index 000000000..36a939ba3 --- /dev/null +++ b/interface-definitions/include/firewall/firewall-mark.xml.i @@ -0,0 +1,26 @@ +<!-- include start from firewall/firewall-mark.xml.i --> +<leafNode name="mark"> +  <properties> +    <help>Firewall mark</help> +    <valueHelp> +      <format>u32:0-2147483647</format> +      <description>Firewall mark to match</description> +    </valueHelp> +    <valueHelp> +      <format>!u32:0-2147483647</format> +      <description>Inverted Firewall mark to match</description> +    </valueHelp> +    <valueHelp> +      <format><start-end></format> +      <description>Firewall mark range to match</description> +    </valueHelp> +    <valueHelp> +      <format>!<start-end></format> +      <description>Firewall mark inverted range to match</description> +    </valueHelp> +    <constraint> +      <validator name="numeric-exclude" argument="--allow-range --range 0-2147483647"/> +    </constraint> +  </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/policy/route-common.xml.i b/interface-definitions/include/policy/route-common.xml.i index 6551d23ab..8eab04d4a 100644 --- a/interface-definitions/include/policy/route-common.xml.i +++ b/interface-definitions/include/policy/route-common.xml.i @@ -1,6 +1,7 @@  <!-- include start from policy/route-common.xml.i -->
  #include <include/policy/route-rule-action.xml.i>
  #include <include/generic-description.xml.i>
 +#include <include/firewall/firewall-mark.xml.i>
  <leafNode name="disable">
    <properties>
      <help>Option to disable firewall rule</help>
 | 
