summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorNicolas Fort <nicolasfort1988@gmail.com>2022-04-08 14:55:01 +0000
committerNicolas Fort <nicolasfort1988@gmail.com>2022-04-08 14:55:01 +0000
commit3a5cf74b06cef960e9a701172618c2c366591255 (patch)
tree45bfa3566313dd7ba0f0ae4fda81b8247507d4b1 /interface-definitions
parent654dbc9aa3b0d27ec4f3faefff6cbd85fc3e1d1a (diff)
downloadvyos-1x-3a5cf74b06cef960e9a701172618c2c366591255.tar.gz
vyos-1x-3a5cf74b06cef960e9a701172618c2c366591255.zip
Firewall: T990: Add snat and dnat connection status on firewall
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/include/firewall/common-rule.xml.i45
1 files changed, 45 insertions, 0 deletions
diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i
index cd80b7e28..6e61de848 100644
--- a/interface-definitions/include/firewall/common-rule.xml.i
+++ b/interface-definitions/include/firewall/common-rule.xml.i
@@ -95,6 +95,51 @@
</constraint>
</properties>
</leafNode>
+<node name="ct-status">
+ <properties>
+ <help>Connection status in conntrack</help>
+ </properties>
+ <children>
+ <leafNode name="dnat">
+ <properties>
+ <help>Set when connection needs DNAT in original direction</help>
+ <completionHelp>
+ <list>enable disable</list>
+ </completionHelp>
+ <valueHelp>
+ <format>enable</format>
+ <description>Enable</description>
+ </valueHelp>
+ <valueHelp>
+ <format>disable</format>
+ <description>Disable</description>
+ </valueHelp>
+ <constraint>
+ <regex>^(enable|disable)$</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="snat">
+ <properties>
+ <help>Set when connection needs SNAT in original direction</help>
+ <completionHelp>
+ <list>enable disable</list>
+ </completionHelp>
+ <valueHelp>
+ <format>enable</format>
+ <description>Enable</description>
+ </valueHelp>
+ <valueHelp>
+ <format>disable</format>
+ <description>Disable</description>
+ </valueHelp>
+ <constraint>
+ <regex>^(enable|disable)$</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+</node>
<leafNode name="protocol">
<properties>
<help>Protocol to match (protocol name, number, or "all")</help>