Merge pull request #1167 from sarthurdev/firewall

firewall: T4178: Use lowercase for TCP flags and add an validator
author: Christian Poessinger <christian@poessinger.com> 2022-01-14 20:30:56 +0100
committer: GitHub <noreply@github.com> 2022-01-14 20:30:56 +0100
commit: 9aa8e51de06bda0099231f2567dbb83e430faee4 (patch)
tree: 1eecd3caba390e300450af400bffee90ed137887 /interface-definitions
parent: 97472739b4432cdbf8f73275ab00876add071692 (diff)
parent: df5a862beb84145dfc8434efde7d7fee783199cf (diff)
download: vyos-1x-9aa8e51de06bda0099231f2567dbb83e430faee4.tar.gz
vyos-1x-9aa8e51de06bda0099231f2567dbb83e430faee4.zip
3 files changed, 96 insertions, 6 deletions
diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i
index 92950cc68..6e8203c88 100644
--- a/interface-definitions/include/firewall/common-rule.xml.i
+++ b/interface-definitions/include/firewall/common-rule.xml.i
@@ -274,12 +274,42 @@
         <help>TCP flags to match</help>
         <valueHelp>
           <format>txt</format>
-          <description>TCP flags to match</description>
+          <description>Multiple comma-separated flags</description>
+        </valueHelp>
+        <valueHelp>
+          <format>syn</format>
+          <description>Syncronise flag</description>
+        </valueHelp>
+        <valueHelp>
+          <format>ack</format>
+          <description>Acknowledge flag</description>
+        </valueHelp>
+        <valueHelp>
+          <format>fin</format>
+          <description>Finish flag</description>
+        </valueHelp>
+        <valueHelp>
+          <format>rst</format>
+          <description>Reset flag</description>
+        </valueHelp>
+        <valueHelp>
+          <format>urg</format>
+          <description>Urgent flag</description>
+        </valueHelp>
+        <valueHelp>
+          <format>psh</format>
+          <description>Push flag</description>
         </valueHelp>
         <valueHelp>
           <format> </format>
-          <description>\n\n  Allowed values for TCP flags : SYN ACK FIN RST URG PSH ALL\n  When specifying more than one flag, flags should be comma-separated.\n For example : value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n  the SYN flag set, and the ACK, FIN and RST flags unset</description>
+          <description>\n When specifying more than one flag, flags should be comma-separated.\n For example: value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset</description>
         </valueHelp>
+        <completionHelp>
+          <list>syn ack fin rst urg psh</list>
+        </completionHelp>
+        <constraint>
+          <validator name="tcp-flag"/>
+        </constraint>
       </properties>
     </leafNode>
   </children>
diff --git a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i
index 2d6adcd1d..b8fee4b7b 100644
--- a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i
+++ b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i
@@ -330,12 +330,42 @@
         <help>TCP flags to match</help>
         <valueHelp>
           <format>txt</format>
-          <description>TCP flags to match</description>
+          <description>Multiple comma-separated flags</description>
+        </valueHelp>
+        <valueHelp>
+          <format>syn</format>
+          <description>Syncronise flag</description>
+        </valueHelp>
+        <valueHelp>
+          <format>ack</format>
+          <description>Acknowledge flag</description>
+        </valueHelp>
+        <valueHelp>
+          <format>fin</format>
+          <description>Finish flag</description>
+        </valueHelp>
+        <valueHelp>
+          <format>rst</format>
+          <description>Reset flag</description>
+        </valueHelp>
+        <valueHelp>
+          <format>urg</format>
+          <description>Urgent flag</description>
+        </valueHelp>
+        <valueHelp>
+          <format>psh</format>
+          <description>Push flag</description>
         </valueHelp>
         <valueHelp>
           <format> </format>
-          <description>\n\n  Allowed values for TCP flags : SYN ACK FIN RST URG PSH ALL\n  When specifying more than one flag, flags should be comma-separated.\n For example : value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n  the SYN flag set, and the ACK, FIN and RST flags unset</description>
+          <description>\n When specifying more than one flag, flags should be comma-separated.\n For example: value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset</description>
         </valueHelp>
+        <completionHelp>
+          <list>syn ack fin rst urg psh</list>
+        </completionHelp>
+        <constraint>
+          <validator name="tcp-flag"/>
+        </constraint>
       </properties>
     </leafNode>
   </children>
diff --git a/interface-definitions/include/policy/route-common-rule.xml.i b/interface-definitions/include/policy/route-common-rule.xml.i
index c4deefd2a..17b47474d 100644
--- a/interface-definitions/include/policy/route-common-rule.xml.i
+++ b/interface-definitions/include/policy/route-common-rule.xml.i
@@ -330,12 +330,42 @@
         <help>TCP flags to match</help>
         <valueHelp>
           <format>txt</format>
-          <description>TCP flags to match</description>
+          <description>Multiple comma-separated flags</description>
+        </valueHelp>
+        <valueHelp>
+          <format>syn</format>
+          <description>Syncronise flag</description>
+        </valueHelp>
+        <valueHelp>
+          <format>ack</format>
+          <description>Acknowledge flag</description>
+        </valueHelp>
+        <valueHelp>
+          <format>fin</format>
+          <description>Finish flag</description>
+        </valueHelp>
+        <valueHelp>
+          <format>rst</format>
+          <description>Reset flag</description>
+        </valueHelp>
+        <valueHelp>
+          <format>urg</format>
+          <description>Urgent flag</description>
+        </valueHelp>
+        <valueHelp>
+          <format>psh</format>
+          <description>Push flag</description>
         </valueHelp>
         <valueHelp>
           <format> </format>
-          <description>\n\n  Allowed values for TCP flags : SYN ACK FIN RST URG PSH ALL\n  When specifying more than one flag, flags should be comma-separated.\n For example : value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n  the SYN flag set, and the ACK, FIN and RST flags unset</description>
+          <description>\n When specifying more than one flag, flags should be comma-separated.\n For example: value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset</description>
         </valueHelp>
+        <completionHelp>
+          <list>syn ack fin rst urg psh</list>
+        </completionHelp>
+        <constraint>
+          <validator name="tcp-flag"/>
+        </constraint>
       </properties>
     </leafNode>
   </children>
author	Christian Poessinger <christian@poessinger.com>	2022-01-14 20:30:56 +0100
committer	GitHub <noreply@github.com>	2022-01-14 20:30:56 +0100
commit	9aa8e51de06bda0099231f2567dbb83e430faee4 (patch)
tree	1eecd3caba390e300450af400bffee90ed137887 /interface-definitions
parent	97472739b4432cdbf8f73275ab00876add071692 (diff)
parent	df5a862beb84145dfc8434efde7d7fee783199cf (diff)
download	vyos-1x-9aa8e51de06bda0099231f2567dbb83e430faee4.tar.gz vyos-1x-9aa8e51de06bda0099231f2567dbb83e430faee4.zip