diff options
author | Christian Breunig <christian@breunig.cc> | 2023-03-10 21:22:46 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-03-10 21:22:46 +0100 |
commit | 5d4908288931c9c319eb428e99a35f8dc4a7b9d6 (patch) | |
tree | 5349f494b8534cd3ace8e97d4d208da78de6a406 /interface-definitions | |
parent | fe82d86d3e87cb8d92ebc9d0652c08e3dd79a12c (diff) | |
parent | 16c494c2f1364283988b52e35faf6b01745bbed4 (diff) | |
download | vyos-1x-5d4908288931c9c319eb428e99a35f8dc4a7b9d6.tar.gz vyos-1x-5d4908288931c9c319eb428e99a35f8dc4a7b9d6.zip |
Merge pull request #1871 from nicolas-fort/T5055
T5055: Firewall: add packet-type matcher in firewall and route policy
Diffstat (limited to 'interface-definitions')
-rw-r--r-- | interface-definitions/firewall.xml.in | 4 | ||||
-rw-r--r-- | interface-definitions/include/firewall/packet-options.xml.i (renamed from interface-definitions/include/firewall/packet-length.xml.i) | 29 | ||||
-rw-r--r-- | interface-definitions/policy-route.xml.in | 4 |
3 files changed, 32 insertions, 5 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index d27839700..624d61759 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -459,7 +459,7 @@ </node> #include <include/firewall/common-rule.xml.i> #include <include/firewall/dscp.xml.i> - #include <include/firewall/packet-length.xml.i> + #include <include/firewall/packet-options.xml.i> #include <include/firewall/hop-limit.xml.i> #include <include/firewall/connection-mark.xml.i> <node name="icmpv6"> @@ -629,7 +629,7 @@ </node> #include <include/firewall/common-rule.xml.i> #include <include/firewall/dscp.xml.i> - #include <include/firewall/packet-length.xml.i> + #include <include/firewall/packet-options.xml.i> #include <include/firewall/connection-mark.xml.i> <node name="icmp"> <properties> diff --git a/interface-definitions/include/firewall/packet-length.xml.i b/interface-definitions/include/firewall/packet-options.xml.i index fd2eb67b0..cd94e69c2 100644 --- a/interface-definitions/include/firewall/packet-length.xml.i +++ b/interface-definitions/include/firewall/packet-options.xml.i @@ -1,4 +1,4 @@ -<!-- include start from firewall/packet-length.xml.i --> +<!-- include start from firewall/packet-options.xml.i --> <leafNode name="packet-length"> <properties> <help>Payload size in bytes, including header and data to match</help> @@ -33,4 +33,31 @@ <multi/> </properties> </leafNode> +<leafNode name="packet-type"> + <properties> + <help>Packet type</help> + <completionHelp> + <list>broadcast host multicast other</list> + </completionHelp> + <valueHelp> + <format>broadcast</format> + <description>Match broadcast packet type</description> + </valueHelp> + <valueHelp> + <format>host</format> + <description>Match host packet type, addressed to local host</description> + </valueHelp> + <valueHelp> + <format>multicast</format> + <description>Match multicast packet type</description> + </valueHelp> + <valueHelp> + <format>other</format> + <description>Match packet addressed to another host</description> + </valueHelp> + <constraint> + <regex>(broadcast|host|multicast|other)</regex> + </constraint> + </properties> +</leafNode> <!-- include end --> diff --git a/interface-definitions/policy-route.xml.in b/interface-definitions/policy-route.xml.in index d7b159839..bbd6dbf56 100644 --- a/interface-definitions/policy-route.xml.in +++ b/interface-definitions/policy-route.xml.in @@ -50,7 +50,7 @@ #include <include/policy/route-common.xml.i> #include <include/policy/route-ipv6.xml.i> #include <include/firewall/dscp.xml.i> - #include <include/firewall/packet-length.xml.i> + #include <include/firewall/packet-options.xml.i> #include <include/firewall/hop-limit.xml.i> #include <include/firewall/connection-mark.xml.i> </children> @@ -105,7 +105,7 @@ #include <include/policy/route-common.xml.i> #include <include/policy/route-ipv4.xml.i> #include <include/firewall/dscp.xml.i> - #include <include/firewall/packet-length.xml.i> + #include <include/firewall/packet-options.xml.i> #include <include/firewall/ttl.xml.i> #include <include/firewall/connection-mark.xml.i> </children> |