summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2023-09-05 16:09:45 +0200
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2023-09-05 20:27:49 +0200
commitbe3d2f9f6623396f2e9c6543f67d81161c7ad94b (patch)
tree8a17456d75de90ad9ca0e57ebace41e0be4402ad /interface-definitions
parent0de3de1e0a78eb35b666b8f613d3e54fd3ad54e4 (diff)
downloadvyos-1x-be3d2f9f6623396f2e9c6543f67d81161c7ad94b.tar.gz
vyos-1x-be3d2f9f6623396f2e9c6543f67d81161c7ad94b.zip
firewall: T3509: Split IPv4 and IPv6 reverse path filtering like on interfaces
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/include/firewall/global-options.xml.i32
1 files changed, 28 insertions, 4 deletions
diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i
index a63874cb0..e655cd6ac 100644
--- a/interface-definitions/include/firewall/global-options.xml.i
+++ b/interface-definitions/include/firewall/global-options.xml.i
@@ -145,21 +145,21 @@
</leafNode>
<leafNode name="source-validation">
<properties>
- <help>Policy for source validation by reversed path, as specified in RFC3704</help>
+ <help>Policy for IPv4 source validation by reversed path, as specified in RFC3704</help>
<completionHelp>
<list>strict loose disable</list>
</completionHelp>
<valueHelp>
<format>strict</format>
- <description>Enable Strict Reverse Path Forwarding as defined in RFC3704</description>
+ <description>Enable IPv4 Strict Reverse Path Forwarding as defined in RFC3704</description>
</valueHelp>
<valueHelp>
<format>loose</format>
- <description>Enable Loose Reverse Path Forwarding as defined in RFC3704</description>
+ <description>Enable IPv4 Loose Reverse Path Forwarding as defined in RFC3704</description>
</valueHelp>
<valueHelp>
<format>disable</format>
- <description>No source validation</description>
+ <description>No IPv4 source validation</description>
</valueHelp>
<constraint>
<regex>(strict|loose|disable)</regex>
@@ -227,6 +227,30 @@
</properties>
<defaultValue>disable</defaultValue>
</leafNode>
+ <leafNode name="ipv6-source-validation">
+ <properties>
+ <help>Policy for IPv6 source validation by reversed path, as specified in RFC3704</help>
+ <completionHelp>
+ <list>strict loose disable</list>
+ </completionHelp>
+ <valueHelp>
+ <format>strict</format>
+ <description>Enable IPv6 Strict Reverse Path Forwarding as defined in RFC3704</description>
+ </valueHelp>
+ <valueHelp>
+ <format>loose</format>
+ <description>Enable IPv6 Loose Reverse Path Forwarding as defined in RFC3704</description>
+ </valueHelp>
+ <valueHelp>
+ <format>disable</format>
+ <description>No IPv6 source validation</description>
+ </valueHelp>
+ <constraint>
+ <regex>(strict|loose|disable)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>disable</defaultValue>
+ </leafNode>
<leafNode name="ipv6-src-route">
<properties>
<help>Policy for handling IPv6 packets with routing extension header</help>