diff options
| author | Rain <6818611+Rain@users.noreply.github.com> | 2022-10-08 18:04:01 -0400 |
|---|---|---|
| committer | Rain <6818611+Rain@users.noreply.github.com> | 2022-10-08 18:04:01 -0400 |
| commit | ca6b7340714c6161337f508978b9834722be58dc (patch) | |
| tree | 349bbc00ff73a84851960a6fca7a40c38ba6de2d /interface-definitions | |
| parent | 8248aaaa7952db580a199bd36202e7f26c19ec88 (diff) | |
| download | vyos-1x-ca6b7340714c6161337f508978b9834722be58dc.tar.gz vyos-1x-ca6b7340714c6161337f508978b9834722be58dc.zip | |
firewall: T4612: Support arbitrary netmasks
Add support for arbitrary netmasks on source/destination addresses in
firewall rules. This is particularly useful with DHCPv6-PD when the
delegated prefix changes periodically.
Diffstat (limited to 'interface-definitions')
| -rw-r--r-- | interface-definitions/firewall.xml.in | 4 | ||||
| -rw-r--r-- | interface-definitions/include/firewall/address-mask-ipv6.xml.i | 14 | ||||
| -rw-r--r-- | interface-definitions/include/firewall/address-mask.xml.i | 14 |
3 files changed, 32 insertions, 0 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index 773e86f00..2ac9ca31b 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -411,6 +411,7 @@ #include <include/firewall/geoip.xml.i> #include <include/firewall/source-destination-group-ipv6.xml.i> #include <include/firewall/port.xml.i> + #include <include/firewall/address-mask-ipv6.xml.i> </children> </node> <node name="source"> @@ -422,6 +423,7 @@ #include <include/firewall/geoip.xml.i> #include <include/firewall/source-destination-group-ipv6.xml.i> #include <include/firewall/port.xml.i> + #include <include/firewall/address-mask-ipv6.xml.i> </children> </node> #include <include/firewall/common-rule.xml.i> @@ -575,6 +577,7 @@ #include <include/firewall/geoip.xml.i> #include <include/firewall/source-destination-group.xml.i> #include <include/firewall/port.xml.i> + #include <include/firewall/address-mask.xml.i> </children> </node> <node name="source"> @@ -586,6 +589,7 @@ #include <include/firewall/geoip.xml.i> #include <include/firewall/source-destination-group.xml.i> #include <include/firewall/port.xml.i> + #include <include/firewall/address-mask.xml.i> </children> </node> #include <include/firewall/common-rule.xml.i> diff --git a/interface-definitions/include/firewall/address-mask-ipv6.xml.i b/interface-definitions/include/firewall/address-mask-ipv6.xml.i new file mode 100644 index 000000000..8c0483209 --- /dev/null +++ b/interface-definitions/include/firewall/address-mask-ipv6.xml.i @@ -0,0 +1,14 @@ +<!-- include start from firewall/address-mask-ipv6.xml.i --> +<leafNode name="address-mask"> + <properties> + <help>IP mask</help> + <valueHelp> + <format>ipv6</format> + <description>IP mask to apply</description> + </valueHelp> + <constraint> + <validator name="ipv6"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/address-mask.xml.i b/interface-definitions/include/firewall/address-mask.xml.i new file mode 100644 index 000000000..7f6f17d1e --- /dev/null +++ b/interface-definitions/include/firewall/address-mask.xml.i @@ -0,0 +1,14 @@ +<!-- include start from firewall/address-mask.xml.i --> +<leafNode name="address-mask"> + <properties> + <help>IP mask</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 mask to apply</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> |