diff options
author | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-10-25 11:59:01 +0000 |
---|---|---|
committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-10-25 11:59:01 +0000 |
commit | 51abbc0f1b2ccf4785cf7f29f1fe6f4af6007ee6 (patch) | |
tree | 0a00a858b06b89abccf9d736d2a7d3ff6f35bc31 /interface-definitions | |
parent | 90bcb2f96f32f20c355ce4223d0afe89fb12271f (diff) | |
download | vyos-1x-51abbc0f1b2ccf4785cf7f29f1fe6f4af6007ee6.tar.gz vyos-1x-51abbc0f1b2ccf4785cf7f29f1fe6f4af6007ee6.zip |
T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher (valid for interfaces and groups) in firewal, nat and nat66.
Diffstat (limited to 'interface-definitions')
4 files changed, 72 insertions, 19 deletions
diff --git a/interface-definitions/include/firewall/inbound-interface-no-group.xml.i b/interface-definitions/include/firewall/inbound-interface-no-group.xml.i new file mode 100644 index 000000000..bcd4c9570 --- /dev/null +++ b/interface-definitions/include/firewall/inbound-interface-no-group.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/inbound-interface-no-group.xml.i --> +<node name="inbound-interface"> + <properties> + <help>Match inbound-interface</help> + </properties> + <children> + <leafNode name="name"> + <properties> + <help>Match interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + <path>vrf name</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <valueHelp> + <format>txt*</format> + <description>Interface name with wildcard</description> + </valueHelp> + <valueHelp> + <format>!txt</format> + <description>Inverted interface name to match</description> + </valueHelp> + <constraint> + <regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex> + <validator name="vrf-name"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/match-interface.xml.i b/interface-definitions/include/firewall/match-interface.xml.i index 1cd9f8c4a..5da6f51fb 100644 --- a/interface-definitions/include/firewall/match-interface.xml.i +++ b/interface-definitions/include/firewall/match-interface.xml.i @@ -1,5 +1,5 @@ <!-- include start from firewall/match-interface.xml.i --> -<leafNode name="interface-name"> +<leafNode name="name"> <properties> <help>Match interface</help> <completionHelp> @@ -24,7 +24,7 @@ </constraint> </properties> </leafNode> -<leafNode name="interface-group"> +<leafNode name="group"> <properties> <help>Match interface-group</help> <completionHelp> diff --git a/interface-definitions/include/firewall/outbound-interface-no-group.xml.i b/interface-definitions/include/firewall/outbound-interface-no-group.xml.i new file mode 100644 index 000000000..e3bace42d --- /dev/null +++ b/interface-definitions/include/firewall/outbound-interface-no-group.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/outbound-interface-no-group.xml.i --> +<node name="outbound-interface"> + <properties> + <help>Match outbound-interface</help> + </properties> + <children> + <leafNode name="name"> + <properties> + <help>Match interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + <path>vrf name</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <valueHelp> + <format>txt*</format> + <description>Interface name with wildcard</description> + </valueHelp> + <valueHelp> + <format>!txt</format> + <description>Inverted interface name to match</description> + </valueHelp> + <constraint> + <regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex> + <validator name="vrf-name"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/nat66.xml.in b/interface-definitions/nat66.xml.in index 7a8970bdf..a657535ba 100644 --- a/interface-definitions/nat66.xml.in +++ b/interface-definitions/nat66.xml.in @@ -38,14 +38,7 @@ <valueless/> </properties> </leafNode> - <leafNode name="outbound-interface"> - <properties> - <help>Outbound interface of NAT66 traffic</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - </leafNode> + #include <include/firewall/outbound-interface-no-group.xml.i> #include <include/nat/protocol.xml.i> <node name="destination"> <properties> @@ -166,15 +159,7 @@ <valueless/> </properties> </leafNode> - <leafNode name="inbound-interface"> - <properties> - <help>Inbound interface of NAT66 traffic</help> - <completionHelp> - <list>any</list> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - </leafNode> + #include <include/firewall/inbound-interface-no-group.xml.i> #include <include/nat/protocol.xml.i> <node name="destination"> <properties> |