summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-09-17 21:16:40 +0200
committerGitHub <noreply@github.com>2022-09-17 21:16:40 +0200
commitdcf755594d3ce63239af407f71ceae295a12ed75 (patch)
treeba46fd714927010c7f7f4ccc1fae2e8fa11c1a75 /interface-definitions
parenta4feb96af9ac45aff41ded1744cf302b5c5a9e7e (diff)
parent99155150df9ceed0be4df46351844451b0683b3b (diff)
downloadvyos-1x-dcf755594d3ce63239af407f71ceae295a12ed75.tar.gz
vyos-1x-dcf755594d3ce63239af407f71ceae295a12ed75.zip
Merge pull request #1546 from nicolas-fort/fwall-jump
T4699: Firewall: Add jump action in firewall ruleset
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/firewall.xml.in32
-rw-r--r--interface-definitions/include/firewall/action.xml.i8
-rw-r--r--interface-definitions/include/firewall/default-action.xml.i8
3 files changed, 44 insertions, 4 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index d39dddc77..d6fa76892 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -379,6 +379,14 @@
#include <include/firewall/default-action.xml.i>
#include <include/firewall/enable-default-log.xml.i>
#include <include/generic-description.xml.i>
+ <leafNode name="default-jump-target">
+ <properties>
+ <help>Set jump target. Action jump must be defined in default-action to use this setting</help>
+ <completionHelp>
+ <path>firewall ipv6-name</path>
+ </completionHelp>
+ </properties>
+ </leafNode>
<tagNode name="rule">
<properties>
<help>Firewall rule number (IPv6)</help>
@@ -452,6 +460,14 @@
#include <include/firewall/icmpv6-type-name.xml.i>
</children>
</node>
+ <leafNode name="jump-target">
+ <properties>
+ <help>Set jump target. Action jump must be defined to use this setting</help>
+ <completionHelp>
+ <path>firewall ipv6-name</path>
+ </completionHelp>
+ </properties>
+ </leafNode>
</children>
</tagNode>
</children>
@@ -527,6 +543,14 @@
#include <include/firewall/default-action.xml.i>
#include <include/firewall/enable-default-log.xml.i>
#include <include/generic-description.xml.i>
+ <leafNode name="default-jump-target">
+ <properties>
+ <help>Set jump target. Action jump must be defined in default-action to use this setting</help>
+ <completionHelp>
+ <path>firewall name</path>
+ </completionHelp>
+ </properties>
+ </leafNode>
<tagNode name="rule">
<properties>
<help>Firewall rule number (IPv4)</help>
@@ -599,6 +623,14 @@
#include <include/firewall/icmp-type-name.xml.i>
</children>
</node>
+ <leafNode name="jump-target">
+ <properties>
+ <help>Set jump target. Action jump must be defined to use this setting</help>
+ <completionHelp>
+ <path>firewall name</path>
+ </completionHelp>
+ </properties>
+ </leafNode>
#include <include/firewall/ttl.xml.i>
</children>
</tagNode>
diff --git a/interface-definitions/include/firewall/action.xml.i b/interface-definitions/include/firewall/action.xml.i
index 512cc23bd..0738fa503 100644
--- a/interface-definitions/include/firewall/action.xml.i
+++ b/interface-definitions/include/firewall/action.xml.i
@@ -3,13 +3,17 @@
<properties>
<help>Rule action</help>
<completionHelp>
- <list>accept reject drop</list>
+ <list>accept jump reject drop</list>
</completionHelp>
<valueHelp>
<format>accept</format>
<description>Accept matching entries</description>
</valueHelp>
<valueHelp>
+ <format>jump</format>
+ <description>Jump to another chain</description>
+ </valueHelp>
+ <valueHelp>
<format>reject</format>
<description>Reject matching entries</description>
</valueHelp>
@@ -18,7 +22,7 @@
<description>Drop matching entries</description>
</valueHelp>
<constraint>
- <regex>(accept|reject|drop)</regex>
+ <regex>(accept|jump|reject|drop)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/firewall/default-action.xml.i b/interface-definitions/include/firewall/default-action.xml.i
index 92a2fcaaf..5107768d3 100644
--- a/interface-definitions/include/firewall/default-action.xml.i
+++ b/interface-definitions/include/firewall/default-action.xml.i
@@ -3,13 +3,17 @@
<properties>
<help>Default-action for rule-set</help>
<completionHelp>
- <list>drop reject accept</list>
+ <list>drop jump reject accept</list>
</completionHelp>
<valueHelp>
<format>drop</format>
<description>Drop if no prior rules are hit</description>
</valueHelp>
<valueHelp>
+ <format>jump</format>
+ <description>Jump to another chain if no prior rules are hit</description>
+ </valueHelp>
+ <valueHelp>
<format>reject</format>
<description>Drop and notify source if no prior rules are hit</description>
</valueHelp>
@@ -18,7 +22,7 @@
<description>Accept if no prior rules are hit</description>
</valueHelp>
<constraint>
- <regex>(drop|reject|accept)</regex>
+ <regex>(drop|jump|reject|accept)</regex>
</constraint>
</properties>
<defaultValue>drop</defaultValue>