diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2022-08-31 12:46:51 +0300 |
---|---|---|
committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2022-08-31 17:30:57 +0000 |
commit | 3489089000a43a533fcd89282b0ced2434851c03 (patch) | |
tree | 24b42a02eedbfaa2323ec65a148848f996ecf3b5 /interface-definitions | |
parent | 69bcdb9a680b33422d041fd03e70c25094bfa6a2 (diff) | |
parent | 69f79beee2070906b68f2b910296c362e7216278 (diff) | |
download | vyos-1x-3489089000a43a533fcd89282b0ced2434851c03.tar.gz vyos-1x-3489089000a43a533fcd89282b0ced2434851c03.zip |
nat: T538: Move nat configs to /run directory
Diffstat (limited to 'interface-definitions')
-rw-r--r-- | interface-definitions/firewall.xml.in | 16 | ||||
-rw-r--r-- | interface-definitions/include/firewall/default-action.xml.i (renamed from interface-definitions/include/firewall/name-default-action.xml.i) | 3 | ||||
-rw-r--r-- | interface-definitions/include/firewall/enable-default-log.xml.i (renamed from interface-definitions/include/firewall/name-default-log.xml.i) | 2 | ||||
-rw-r--r-- | interface-definitions/include/firewall/tcp-flags.xml.i | 17 | ||||
-rw-r--r-- | interface-definitions/include/nat/protocol.xml.i | 34 | ||||
-rw-r--r-- | interface-definitions/nat66.xml.in | 8 | ||||
-rw-r--r-- | interface-definitions/policy-route.xml.in | 4 | ||||
-rw-r--r-- | interface-definitions/policy.xml.in | 2 | ||||
-rw-r--r-- | interface-definitions/protocols-rpki.xml.in | 6 | ||||
-rw-r--r-- | interface-definitions/service-monitoring-telegraf.xml.in | 39 | ||||
-rw-r--r-- | interface-definitions/service-upnp.xml.in | 19 | ||||
-rw-r--r-- | interface-definitions/system-proxy.xml.in | 2 | ||||
-rw-r--r-- | interface-definitions/vpn-openconnect.xml.in | 13 | ||||
-rw-r--r-- | interface-definitions/zone-policy.xml.in | 2 |
14 files changed, 107 insertions, 60 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index 2e9452dfd..9488ddcdc 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -342,8 +342,8 @@ </constraint> </properties> <children> - #include <include/firewall/name-default-action.xml.i> - #include <include/firewall/name-default-log.xml.i> + #include <include/firewall/default-action.xml.i> + #include <include/firewall/enable-default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -433,7 +433,7 @@ <children> <leafNode name="code"> <properties> - <help>ICMPv6 code (0-255)</help> + <help>ICMPv6 code</help> <valueHelp> <format>u32:0-255</format> <description>ICMPv6 code (0-255)</description> @@ -445,7 +445,7 @@ </leafNode> <leafNode name="type"> <properties> - <help>ICMPv6 type (0-255)</help> + <help>ICMPv6 type</help> <valueHelp> <format>u32:0-255</format> <description>ICMPv6 type (0-255)</description> @@ -530,8 +530,8 @@ </constraint> </properties> <children> - #include <include/firewall/name-default-action.xml.i> - #include <include/firewall/name-default-log.xml.i> + #include <include/firewall/default-action.xml.i> + #include <include/firewall/enable-default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -578,7 +578,7 @@ <children> <leafNode name="code"> <properties> - <help>ICMP code (0-255)</help> + <help>ICMP code</help> <valueHelp> <format>u32:0-255</format> <description>ICMP code (0-255)</description> @@ -590,7 +590,7 @@ </leafNode> <leafNode name="type"> <properties> - <help>ICMP type (0-255)</help> + <help>ICMP type</help> <valueHelp> <format>u32:0-255</format> <description>ICMP type (0-255)</description> diff --git a/interface-definitions/include/firewall/name-default-action.xml.i b/interface-definitions/include/firewall/default-action.xml.i index 512b0296f..92a2fcaaf 100644 --- a/interface-definitions/include/firewall/name-default-action.xml.i +++ b/interface-definitions/include/firewall/default-action.xml.i @@ -1,4 +1,4 @@ -<!-- include start from firewall/name-default-action.xml.i --> +<!-- include start from firewall/default-action.xml.i --> <leafNode name="default-action"> <properties> <help>Default-action for rule-set</help> @@ -21,5 +21,6 @@ <regex>(drop|reject|accept)</regex> </constraint> </properties> + <defaultValue>drop</defaultValue> </leafNode> <!-- include end --> diff --git a/interface-definitions/include/firewall/name-default-log.xml.i b/interface-definitions/include/firewall/enable-default-log.xml.i index 1d0ff9497..1e64edc6e 100644 --- a/interface-definitions/include/firewall/name-default-log.xml.i +++ b/interface-definitions/include/firewall/enable-default-log.xml.i @@ -1,4 +1,4 @@ -<!-- include start from firewall/name-default-log.xml.i --> +<!-- include start from firewall/enable-default-log.xml.i --> <leafNode name="enable-default-log"> <properties> <help>Option to log packets hitting default-action</help> diff --git a/interface-definitions/include/firewall/tcp-flags.xml.i b/interface-definitions/include/firewall/tcp-flags.xml.i index b99896687..5a7b5a8d3 100644 --- a/interface-definitions/include/firewall/tcp-flags.xml.i +++ b/interface-definitions/include/firewall/tcp-flags.xml.i @@ -114,6 +114,23 @@ </node> </children> </node> + <leafNode name="mss"> + <properties> + <help>Maximum segment size (MSS)</help> + <valueHelp> + <format>u32:1-16384</format> + <description>Maximum segment size</description> + </valueHelp> + <valueHelp> + <format><min>-<max></format> + <description>TCP MSS range (use '-' as delimiter)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-16384"/> + <validator name="range" argument="--min=1 --max=16384"/> + </constraint> + </properties> + </leafNode> </children> </node> <!-- include end --> diff --git a/interface-definitions/include/nat/protocol.xml.i b/interface-definitions/include/nat/protocol.xml.i new file mode 100644 index 000000000..54e7ff00d --- /dev/null +++ b/interface-definitions/include/nat/protocol.xml.i @@ -0,0 +1,34 @@ +<!-- include start from nat/protocol.xml.i --> +<leafNode name="protocol"> + <properties> + <help>Protocol to match (protocol name, number, or "all")</help> + <completionHelp> + <script>${vyos_completion_dir}/list_protocols.sh</script> + <list>all tcp_udp</list> + </completionHelp> + <valueHelp> + <format>all</format> + <description>All IP protocols</description> + </valueHelp> + <valueHelp> + <format>tcp_udp</format> + <description>Both TCP and UDP</description> + </valueHelp> + <valueHelp> + <format>u32:0-255</format> + <description>IP protocol number</description> + </valueHelp> + <valueHelp> + <format><protocol></format> + <description>IP protocol name</description> + </valueHelp> + <valueHelp> + <format>!<protocol></format> + <description>IP protocol name</description> + </valueHelp> + <constraint> + <validator name="ip-protocol"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/nat66.xml.in b/interface-definitions/nat66.xml.in index bde1a6f8d..dab4543e0 100644 --- a/interface-definitions/nat66.xml.in +++ b/interface-definitions/nat66.xml.in @@ -50,6 +50,7 @@ </completionHelp> </properties> </leafNode> + #include <include/nat/protocol.xml.i> <node name="destination"> <properties> <help>IPv6 destination prefix options</help> @@ -72,6 +73,7 @@ </constraint> </properties> </leafNode> + #include <include/nat-port.xml.i> </children> </node> <node name="source"> @@ -96,6 +98,7 @@ </constraint> </properties> </leafNode> + #include <include/nat-port.xml.i> </children> </node> <node name="translation"> @@ -128,6 +131,7 @@ </constraint> </properties> </leafNode> + #include <include/nat-translation-port.xml.i> </children> </node> </children> @@ -179,6 +183,7 @@ </completionHelp> </properties> </leafNode> + #include <include/nat/protocol.xml.i> <node name="destination"> <properties> <help>IPv6 destination prefix options</help> @@ -211,6 +216,7 @@ </constraint> </properties> </leafNode> + #include <include/nat-port.xml.i> </children> </node> <node name="source"> @@ -245,6 +251,7 @@ </constraint> </properties> </leafNode> + #include <include/nat-port.xml.i> </children> </node> <node name="translation"> @@ -269,6 +276,7 @@ </constraint> </properties> </leafNode> + #include <include/nat-translation-port.xml.i> </children> </node> </children> diff --git a/interface-definitions/policy-route.xml.in b/interface-definitions/policy-route.xml.in index a10c9b08f..c2a9a8d94 100644 --- a/interface-definitions/policy-route.xml.in +++ b/interface-definitions/policy-route.xml.in @@ -12,7 +12,7 @@ </properties> <children> #include <include/generic-description.xml.i> - #include <include/firewall/name-default-log.xml.i> + #include <include/firewall/enable-default-log.xml.i> <tagNode name="rule"> <properties> <help>Policy rule number</help> @@ -61,7 +61,7 @@ </properties> <children> #include <include/generic-description.xml.i> - #include <include/firewall/name-default-log.xml.i> + #include <include/firewall/enable-default-log.xml.i> <tagNode name="rule"> <properties> <help>Policy rule number</help> diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in index cc1de609d..e794c4b90 100644 --- a/interface-definitions/policy.xml.in +++ b/interface-definitions/policy.xml.in @@ -392,7 +392,7 @@ <description>Prefix to match against</description> </valueHelp> <constraint> - <validator name="ip-prefix"/> + <validator name="ipv4-prefix"/> </constraint> </properties> </leafNode> diff --git a/interface-definitions/protocols-rpki.xml.in b/interface-definitions/protocols-rpki.xml.in index 68762ff9a..4535d3990 100644 --- a/interface-definitions/protocols-rpki.xml.in +++ b/interface-definitions/protocols-rpki.xml.in @@ -12,15 +12,15 @@ <help>RPKI cache server address</help> <valueHelp> <format>ipv4</format> - <description>IP address of NTP server</description> + <description>IP address of RPKI server</description> </valueHelp> <valueHelp> <format>ipv6</format> - <description>IPv6 address of NTP server</description> + <description>IPv6 address of RPKI server</description> </valueHelp> <valueHelp> <format>hostname</format> - <description>Fully qualified domain name of NTP server</description> + <description>Fully qualified domain name of RPKI server</description> </valueHelp> <constraint> <validator name="ipv4-address"/> diff --git a/interface-definitions/service-monitoring-telegraf.xml.in b/interface-definitions/service-monitoring-telegraf.xml.in index 36f40a539..68215dba4 100644 --- a/interface-definitions/service-monitoring-telegraf.xml.in +++ b/interface-definitions/service-monitoring-telegraf.xml.in @@ -10,7 +10,7 @@ <children> <node name="telegraf" owner="${vyos_conf_scripts_dir}/service_monitoring_telegraf.py"> <properties> - <help>Telegraf monitoring</help> + <help>Telegraf metric collector</help> </properties> <children> <node name="influxdb"> @@ -228,27 +228,7 @@ </constraint> </properties> </leafNode> - <leafNode name="listen-address"> - <properties> - <help>Local IP addresses to listen on</help> - <completionHelp> - <script>${vyos_completion_dir}/list_local_ips.sh --both</script> - </completionHelp> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address to listen for incoming connections</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address to listen for incoming connections</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - <validator name="ipv6-address"/> - <validator name="ipv6-link-local"/> - </constraint> - </properties> - </leafNode> + #include <include/listen-address.xml.i> <leafNode name="metric-version"> <properties> <help>Metric version control mapping from Telegraf to Prometheus format</help> @@ -291,21 +271,10 @@ </leafNode> </children> </node> - <leafNode name="url"> - <properties> - <help>Remote URL</help> - <valueHelp> - <format>url</format> - <description>Remote URL to Splunk collector</description> - </valueHelp> - <constraint> - <regex>^(http(s?):\/\/.*):(\d*)\/?(.*)</regex> - </constraint> - <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> - </properties> - </leafNode> + #include <include/monitoring/url.xml.i> </children> </node> + #include <include/interface/vrf.xml.i> </children> </node> </children> diff --git a/interface-definitions/service-upnp.xml.in b/interface-definitions/service-upnp.xml.in index a129b7260..ec23d87df 100644 --- a/interface-definitions/service-upnp.xml.in +++ b/interface-definitions/service-upnp.xml.in @@ -103,19 +103,19 @@ </valueHelp> <valueHelp> <format>ipv4</format> - <description>IP address to listen for incoming connections</description> + <description>IPv4 address to listen for incoming connections</description> </valueHelp> <valueHelp> - <format>ipv4-prefix</format> - <description>IP prefix to listen for incoming connections</description> + <format>ipv4net</format> + <description>IPv4 prefix to listen for incoming connections</description> </valueHelp> <valueHelp> <format>ipv6</format> - <description>IP address to listen for incoming connections</description> + <description>IPv6 address to listen for incoming connections</description> </valueHelp> <valueHelp> - <format>ipv6-prefix</format> - <description>IP prefix to listen for incoming connections</description> + <format>ipv6net</format> + <description>IPv6 prefix to listen for incoming connections</description> </valueHelp> <multi/> <constraint> @@ -197,10 +197,15 @@ <help>The IP to which this rule applies (REQUIRE)</help> <valueHelp> <format>ipv4</format> + <description>The IPv4 address to which this rule applies</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> <description>The IPv4 to which this rule applies</description> </valueHelp> <constraint> - <validator name="ipv4-address" /> + <validator name="ipv4-address"/> + <validator name="ipv4-host"/> </constraint> </properties> </leafNode> diff --git a/interface-definitions/system-proxy.xml.in b/interface-definitions/system-proxy.xml.in index 1c06b347f..8fb6bfae5 100644 --- a/interface-definitions/system-proxy.xml.in +++ b/interface-definitions/system-proxy.xml.in @@ -11,7 +11,7 @@ <properties> <help>Proxy URL</help> <constraint> - <regex>http:\/\/[a-z0-9\.]+</regex> + <regex>http(s)?:\/\/[a-z0-9-\.]+</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in index 21b47125d..6309863c5 100644 --- a/interface-definitions/vpn-openconnect.xml.in +++ b/interface-definitions/vpn-openconnect.xml.in @@ -265,6 +265,19 @@ </children> </node> #include <include/name-server-ipv4-ipv6.xml.i> + <leafNode name="split-dns"> + <properties> + <help>Domains over which the provided DNS should be used</help> + <valueHelp> + <format>txt</format> + <description>Client prefix length</description> + </valueHelp> + <constraint> + <validator name="fqdn"/> + </constraint> + <multi/> + </properties> + </leafNode> </children> </node> </children> diff --git a/interface-definitions/zone-policy.xml.in b/interface-definitions/zone-policy.xml.in index dca4c59d1..dc3408c3d 100644 --- a/interface-definitions/zone-policy.xml.in +++ b/interface-definitions/zone-policy.xml.in @@ -19,7 +19,7 @@ </properties> <children> #include <include/generic-description.xml.i> - #include <include/firewall/name-default-log.xml.i> + #include <include/firewall/enable-default-log.xml.i> <leafNode name="default-action"> <properties> <help>Default-action for traffic coming into this zone</help> |