summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-12-17 08:30:18 +0100
committerGitHub <noreply@github.com>2022-12-17 08:30:18 +0100
commit8637b02bb60baf499fc63696c28aa1af3559c308 (patch)
tree9037a1bfa13db97f8b0dd9f4e020beee8dd10f32 /interface-definitions
parentd7a67aa4a7e7bb82a60ad18103abc6b966a2f8b8 (diff)
parent9a5dfb4b7ec9e065a73511a38e1713aec03eee0e (diff)
downloadvyos-1x-8637b02bb60baf499fc63696c28aa1af3559c308.tar.gz
vyos-1x-8637b02bb60baf499fc63696c28aa1af3559c308.zip
Merge pull request #1626 from nicolas-fort/fwall_group_interface
T4780: Firewall: add firewall groups in firewall. Extend matching cri…
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/firewall.xml.in29
-rw-r--r--interface-definitions/include/firewall/common-rule.xml.i26
-rw-r--r--interface-definitions/include/firewall/match-interface.xml.i18
-rw-r--r--interface-definitions/include/version/firewall-version.xml.i2
4 files changed, 61 insertions, 14 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 3bce69fc4..c964abb41 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -134,6 +134,35 @@
#include <include/generic-description.xml.i>
</children>
</tagNode>
+ <tagNode name="interface-group">
+ <properties>
+ <help>Firewall interface-group</help>
+ <constraint>
+ <regex>[a-zA-Z0-9][\w\-\.]*</regex>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="interface">
+ <properties>
+ <help>Interface-group member</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="include">
+ <properties>
+ <help>Include another interface-group</help>
+ <completionHelp>
+ <path>firewall group interface-group</path>
+ </completionHelp>
+ <multi/>
+ </properties>
+ </leafNode>
+ #include <include/generic-description.xml.i>
+ </children>
+ </tagNode>
<tagNode name="ipv6-address-group">
<properties>
<help>Firewall ipv6-address-group</help>
diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i
index 75ad427f9..75acefd96 100644
--- a/interface-definitions/include/firewall/common-rule.xml.i
+++ b/interface-definitions/include/firewall/common-rule.xml.i
@@ -26,14 +26,22 @@
</leafNode>
</children>
</node>
-<leafNode name="inbound-interface">
+<node name="inbound-interface">
<properties>
<help>Match inbound-interface</help>
- <completionHelp>
- <script>${vyos_completion_dir}/list_interfaces.py</script>
- </completionHelp>
</properties>
-</leafNode>
+ <children>
+ #include <include/firewall/match-interface.xml.i>
+ </children>
+</node>
+<node name="outbound-interface">
+ <properties>
+ <help>Match outbound-interface</help>
+ </properties>
+ <children>
+ #include <include/firewall/match-interface.xml.i>
+ </children>
+</node>
<node name="ipsec">
<properties>
<help>Inbound IPsec packets</help>
@@ -130,14 +138,6 @@
</leafNode>
</children>
</node>
-<leafNode name="outbound-interface">
- <properties>
- <help>Match outbound-interface</help>
- <completionHelp>
- <script>${vyos_completion_dir}/list_interfaces.py</script>
- </completionHelp>
- </properties>
-</leafNode>
<leafNode name="protocol">
<properties>
<help>Protocol to match (protocol name, number, or "all")</help>
diff --git a/interface-definitions/include/firewall/match-interface.xml.i b/interface-definitions/include/firewall/match-interface.xml.i
new file mode 100644
index 000000000..675a87574
--- /dev/null
+++ b/interface-definitions/include/firewall/match-interface.xml.i
@@ -0,0 +1,18 @@
+<!-- include start from firewall/match-interface.xml.i -->
+<leafNode name="interface-name">
+ <properties>
+ <help>Match interface</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ </properties>
+</leafNode>
+<leafNode name="interface-group">
+ <properties>
+ <help>Match interface-group</help>
+ <completionHelp>
+ <path>firewall group interface-group</path>
+ </completionHelp>
+ </properties>
+</leafNode>
+<!-- include end --> \ No newline at end of file
diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i
index 065925319..bc04f8d51 100644
--- a/interface-definitions/include/version/firewall-version.xml.i
+++ b/interface-definitions/include/version/firewall-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/firewall-version.xml.i -->
-<syntaxVersion component='firewall' version='8'></syntaxVersion>
+<syntaxVersion component='firewall' version='9'></syntaxVersion>
<!-- include end -->