nat: T2198: add ipv4-{address,prefix,rage}-exclude validators

Exclude validators are required to support the ! (not) operator on the CLI to exclude addresses from NAT.
author: Christian Poessinger <christian@poessinger.com> 2020-05-12 19:23:15 +0200
committer: Christian Poessinger <christian@poessinger.com> 2020-05-16 15:30:26 +0200
commit: 1330898ed095b42b6aba7ba00f9a6932b241a230 (patch)
tree: cd4e524fd1d91ded256f918007c97184be537fbd /interface-definitions
parent: 728e1c6073cb216d3cb8b66f519bd590458165e6 (diff)
download: vyos-1x-1330898ed095b42b6aba7ba00f9a6932b241a230.tar.gz
vyos-1x-1330898ed095b42b6aba7ba00f9a6932b241a230.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/interface-definitions/include/nat-address-port.xml.i b/interface-definitions/include/nat-address-port.xml.i
index 0848364ff..8705d31cb 100644
--- a/interface-definitions/include/nat-address-port.xml.i
+++ b/interface-definitions/include/nat-address-port.xml.i
@@ -25,7 +25,14 @@
       <format>!ipv4range</format>
       <description>Match everything except the specified range</description>
     </valueHelp>
-    <!-- TODO: add general iptables constraint script -->
+    <constraint>
+      <validator name="ipv4-address"/>
+      <validator name="ipv4-prefix"/>
+      <validator name="ipv4-range"/>
+      <validator name="ipv4-address-exclude"/>
+      <validator name="ipv4-prefix-exclude"/>
+      <validator name="ipv4-range-exclude"/>
+    </constraint>
   </properties>
 </leafNode>
 <leafNode name="port">
author	Christian Poessinger <christian@poessinger.com>	2020-05-12 19:23:15 +0200
committer	Christian Poessinger <christian@poessinger.com>	2020-05-16 15:30:26 +0200
commit	1330898ed095b42b6aba7ba00f9a6932b241a230 (patch)
tree	cd4e524fd1d91ded256f918007c97184be537fbd /interface-definitions
parent	728e1c6073cb216d3cb8b66f519bd590458165e6 (diff)
download	vyos-1x-1330898ed095b42b6aba7ba00f9a6932b241a230.tar.gz vyos-1x-1330898ed095b42b6aba7ba00f9a6932b241a230.zip