summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2022-08-31 12:46:51 +0300
committerViacheslav Hletenko <v.gletenko@vyos.io>2022-08-31 17:30:57 +0000
commit3489089000a43a533fcd89282b0ced2434851c03 (patch)
tree24b42a02eedbfaa2323ec65a148848f996ecf3b5 /interface-definitions
parent69bcdb9a680b33422d041fd03e70c25094bfa6a2 (diff)
parent69f79beee2070906b68f2b910296c362e7216278 (diff)
downloadvyos-1x-3489089000a43a533fcd89282b0ced2434851c03.tar.gz
vyos-1x-3489089000a43a533fcd89282b0ced2434851c03.zip
nat: T538: Move nat configs to /run directory
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/firewall.xml.in16
-rw-r--r--interface-definitions/include/firewall/default-action.xml.i (renamed from interface-definitions/include/firewall/name-default-action.xml.i)3
-rw-r--r--interface-definitions/include/firewall/enable-default-log.xml.i (renamed from interface-definitions/include/firewall/name-default-log.xml.i)2
-rw-r--r--interface-definitions/include/firewall/tcp-flags.xml.i17
-rw-r--r--interface-definitions/include/nat/protocol.xml.i34
-rw-r--r--interface-definitions/nat66.xml.in8
-rw-r--r--interface-definitions/policy-route.xml.in4
-rw-r--r--interface-definitions/policy.xml.in2
-rw-r--r--interface-definitions/protocols-rpki.xml.in6
-rw-r--r--interface-definitions/service-monitoring-telegraf.xml.in39
-rw-r--r--interface-definitions/service-upnp.xml.in19
-rw-r--r--interface-definitions/system-proxy.xml.in2
-rw-r--r--interface-definitions/vpn-openconnect.xml.in13
-rw-r--r--interface-definitions/zone-policy.xml.in2
14 files changed, 107 insertions, 60 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 2e9452dfd..9488ddcdc 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -342,8 +342,8 @@
</constraint>
</properties>
<children>
- #include <include/firewall/name-default-action.xml.i>
- #include <include/firewall/name-default-log.xml.i>
+ #include <include/firewall/default-action.xml.i>
+ #include <include/firewall/enable-default-log.xml.i>
#include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
@@ -433,7 +433,7 @@
<children>
<leafNode name="code">
<properties>
- <help>ICMPv6 code (0-255)</help>
+ <help>ICMPv6 code</help>
<valueHelp>
<format>u32:0-255</format>
<description>ICMPv6 code (0-255)</description>
@@ -445,7 +445,7 @@
</leafNode>
<leafNode name="type">
<properties>
- <help>ICMPv6 type (0-255)</help>
+ <help>ICMPv6 type</help>
<valueHelp>
<format>u32:0-255</format>
<description>ICMPv6 type (0-255)</description>
@@ -530,8 +530,8 @@
</constraint>
</properties>
<children>
- #include <include/firewall/name-default-action.xml.i>
- #include <include/firewall/name-default-log.xml.i>
+ #include <include/firewall/default-action.xml.i>
+ #include <include/firewall/enable-default-log.xml.i>
#include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
@@ -578,7 +578,7 @@
<children>
<leafNode name="code">
<properties>
- <help>ICMP code (0-255)</help>
+ <help>ICMP code</help>
<valueHelp>
<format>u32:0-255</format>
<description>ICMP code (0-255)</description>
@@ -590,7 +590,7 @@
</leafNode>
<leafNode name="type">
<properties>
- <help>ICMP type (0-255)</help>
+ <help>ICMP type</help>
<valueHelp>
<format>u32:0-255</format>
<description>ICMP type (0-255)</description>
diff --git a/interface-definitions/include/firewall/name-default-action.xml.i b/interface-definitions/include/firewall/default-action.xml.i
index 512b0296f..92a2fcaaf 100644
--- a/interface-definitions/include/firewall/name-default-action.xml.i
+++ b/interface-definitions/include/firewall/default-action.xml.i
@@ -1,4 +1,4 @@
-<!-- include start from firewall/name-default-action.xml.i -->
+<!-- include start from firewall/default-action.xml.i -->
<leafNode name="default-action">
<properties>
<help>Default-action for rule-set</help>
@@ -21,5 +21,6 @@
<regex>(drop|reject|accept)</regex>
</constraint>
</properties>
+ <defaultValue>drop</defaultValue>
</leafNode>
<!-- include end -->
diff --git a/interface-definitions/include/firewall/name-default-log.xml.i b/interface-definitions/include/firewall/enable-default-log.xml.i
index 1d0ff9497..1e64edc6e 100644
--- a/interface-definitions/include/firewall/name-default-log.xml.i
+++ b/interface-definitions/include/firewall/enable-default-log.xml.i
@@ -1,4 +1,4 @@
-<!-- include start from firewall/name-default-log.xml.i -->
+<!-- include start from firewall/enable-default-log.xml.i -->
<leafNode name="enable-default-log">
<properties>
<help>Option to log packets hitting default-action</help>
diff --git a/interface-definitions/include/firewall/tcp-flags.xml.i b/interface-definitions/include/firewall/tcp-flags.xml.i
index b99896687..5a7b5a8d3 100644
--- a/interface-definitions/include/firewall/tcp-flags.xml.i
+++ b/interface-definitions/include/firewall/tcp-flags.xml.i
@@ -114,6 +114,23 @@
</node>
</children>
</node>
+ <leafNode name="mss">
+ <properties>
+ <help>Maximum segment size (MSS)</help>
+ <valueHelp>
+ <format>u32:1-16384</format>
+ <description>Maximum segment size</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;min&gt;-&lt;max&gt;</format>
+ <description>TCP MSS range (use '-' as delimiter)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-16384"/>
+ <validator name="range" argument="--min=1 --max=16384"/>
+ </constraint>
+ </properties>
+ </leafNode>
</children>
</node>
<!-- include end -->
diff --git a/interface-definitions/include/nat/protocol.xml.i b/interface-definitions/include/nat/protocol.xml.i
new file mode 100644
index 000000000..54e7ff00d
--- /dev/null
+++ b/interface-definitions/include/nat/protocol.xml.i
@@ -0,0 +1,34 @@
+<!-- include start from nat/protocol.xml.i -->
+<leafNode name="protocol">
+ <properties>
+ <help>Protocol to match (protocol name, number, or "all")</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_protocols.sh</script>
+ <list>all tcp_udp</list>
+ </completionHelp>
+ <valueHelp>
+ <format>all</format>
+ <description>All IP protocols</description>
+ </valueHelp>
+ <valueHelp>
+ <format>tcp_udp</format>
+ <description>Both TCP and UDP</description>
+ </valueHelp>
+ <valueHelp>
+ <format>u32:0-255</format>
+ <description>IP protocol number</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;protocol&gt;</format>
+ <description>IP protocol name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>!&lt;protocol&gt;</format>
+ <description>IP protocol name</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ip-protocol"/>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/nat66.xml.in b/interface-definitions/nat66.xml.in
index bde1a6f8d..dab4543e0 100644
--- a/interface-definitions/nat66.xml.in
+++ b/interface-definitions/nat66.xml.in
@@ -50,6 +50,7 @@
</completionHelp>
</properties>
</leafNode>
+ #include <include/nat/protocol.xml.i>
<node name="destination">
<properties>
<help>IPv6 destination prefix options</help>
@@ -72,6 +73,7 @@
</constraint>
</properties>
</leafNode>
+ #include <include/nat-port.xml.i>
</children>
</node>
<node name="source">
@@ -96,6 +98,7 @@
</constraint>
</properties>
</leafNode>
+ #include <include/nat-port.xml.i>
</children>
</node>
<node name="translation">
@@ -128,6 +131,7 @@
</constraint>
</properties>
</leafNode>
+ #include <include/nat-translation-port.xml.i>
</children>
</node>
</children>
@@ -179,6 +183,7 @@
</completionHelp>
</properties>
</leafNode>
+ #include <include/nat/protocol.xml.i>
<node name="destination">
<properties>
<help>IPv6 destination prefix options</help>
@@ -211,6 +216,7 @@
</constraint>
</properties>
</leafNode>
+ #include <include/nat-port.xml.i>
</children>
</node>
<node name="source">
@@ -245,6 +251,7 @@
</constraint>
</properties>
</leafNode>
+ #include <include/nat-port.xml.i>
</children>
</node>
<node name="translation">
@@ -269,6 +276,7 @@
</constraint>
</properties>
</leafNode>
+ #include <include/nat-translation-port.xml.i>
</children>
</node>
</children>
diff --git a/interface-definitions/policy-route.xml.in b/interface-definitions/policy-route.xml.in
index a10c9b08f..c2a9a8d94 100644
--- a/interface-definitions/policy-route.xml.in
+++ b/interface-definitions/policy-route.xml.in
@@ -12,7 +12,7 @@
</properties>
<children>
#include <include/generic-description.xml.i>
- #include <include/firewall/name-default-log.xml.i>
+ #include <include/firewall/enable-default-log.xml.i>
<tagNode name="rule">
<properties>
<help>Policy rule number</help>
@@ -61,7 +61,7 @@
</properties>
<children>
#include <include/generic-description.xml.i>
- #include <include/firewall/name-default-log.xml.i>
+ #include <include/firewall/enable-default-log.xml.i>
<tagNode name="rule">
<properties>
<help>Policy rule number</help>
diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in
index cc1de609d..e794c4b90 100644
--- a/interface-definitions/policy.xml.in
+++ b/interface-definitions/policy.xml.in
@@ -392,7 +392,7 @@
<description>Prefix to match against</description>
</valueHelp>
<constraint>
- <validator name="ip-prefix"/>
+ <validator name="ipv4-prefix"/>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/protocols-rpki.xml.in b/interface-definitions/protocols-rpki.xml.in
index 68762ff9a..4535d3990 100644
--- a/interface-definitions/protocols-rpki.xml.in
+++ b/interface-definitions/protocols-rpki.xml.in
@@ -12,15 +12,15 @@
<help>RPKI cache server address</help>
<valueHelp>
<format>ipv4</format>
- <description>IP address of NTP server</description>
+ <description>IP address of RPKI server</description>
</valueHelp>
<valueHelp>
<format>ipv6</format>
- <description>IPv6 address of NTP server</description>
+ <description>IPv6 address of RPKI server</description>
</valueHelp>
<valueHelp>
<format>hostname</format>
- <description>Fully qualified domain name of NTP server</description>
+ <description>Fully qualified domain name of RPKI server</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
diff --git a/interface-definitions/service-monitoring-telegraf.xml.in b/interface-definitions/service-monitoring-telegraf.xml.in
index 36f40a539..68215dba4 100644
--- a/interface-definitions/service-monitoring-telegraf.xml.in
+++ b/interface-definitions/service-monitoring-telegraf.xml.in
@@ -10,7 +10,7 @@
<children>
<node name="telegraf" owner="${vyos_conf_scripts_dir}/service_monitoring_telegraf.py">
<properties>
- <help>Telegraf monitoring</help>
+ <help>Telegraf metric collector</help>
</properties>
<children>
<node name="influxdb">
@@ -228,27 +228,7 @@
</constraint>
</properties>
</leafNode>
- <leafNode name="listen-address">
- <properties>
- <help>Local IP addresses to listen on</help>
- <completionHelp>
- <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
- </completionHelp>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address to listen for incoming connections</description>
- </valueHelp>
- <valueHelp>
- <format>ipv6</format>
- <description>IPv6 address to listen for incoming connections</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- <validator name="ipv6-address"/>
- <validator name="ipv6-link-local"/>
- </constraint>
- </properties>
- </leafNode>
+ #include <include/listen-address.xml.i>
<leafNode name="metric-version">
<properties>
<help>Metric version control mapping from Telegraf to Prometheus format</help>
@@ -291,21 +271,10 @@
</leafNode>
</children>
</node>
- <leafNode name="url">
- <properties>
- <help>Remote URL</help>
- <valueHelp>
- <format>url</format>
- <description>Remote URL to Splunk collector</description>
- </valueHelp>
- <constraint>
- <regex>^(http(s?):\/\/.*):(\d*)\/?(.*)</regex>
- </constraint>
- <constraintErrorMessage>Incorrect URL format</constraintErrorMessage>
- </properties>
- </leafNode>
+ #include <include/monitoring/url.xml.i>
</children>
</node>
+ #include <include/interface/vrf.xml.i>
</children>
</node>
</children>
diff --git a/interface-definitions/service-upnp.xml.in b/interface-definitions/service-upnp.xml.in
index a129b7260..ec23d87df 100644
--- a/interface-definitions/service-upnp.xml.in
+++ b/interface-definitions/service-upnp.xml.in
@@ -103,19 +103,19 @@
</valueHelp>
<valueHelp>
<format>ipv4</format>
- <description>IP address to listen for incoming connections</description>
+ <description>IPv4 address to listen for incoming connections</description>
</valueHelp>
<valueHelp>
- <format>ipv4-prefix</format>
- <description>IP prefix to listen for incoming connections</description>
+ <format>ipv4net</format>
+ <description>IPv4 prefix to listen for incoming connections</description>
</valueHelp>
<valueHelp>
<format>ipv6</format>
- <description>IP address to listen for incoming connections</description>
+ <description>IPv6 address to listen for incoming connections</description>
</valueHelp>
<valueHelp>
- <format>ipv6-prefix</format>
- <description>IP prefix to listen for incoming connections</description>
+ <format>ipv6net</format>
+ <description>IPv6 prefix to listen for incoming connections</description>
</valueHelp>
<multi/>
<constraint>
@@ -197,10 +197,15 @@
<help>The IP to which this rule applies (REQUIRE)</help>
<valueHelp>
<format>ipv4</format>
+ <description>The IPv4 address to which this rule applies</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv4net</format>
<description>The IPv4 to which this rule applies</description>
</valueHelp>
<constraint>
- <validator name="ipv4-address" />
+ <validator name="ipv4-address"/>
+ <validator name="ipv4-host"/>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/system-proxy.xml.in b/interface-definitions/system-proxy.xml.in
index 1c06b347f..8fb6bfae5 100644
--- a/interface-definitions/system-proxy.xml.in
+++ b/interface-definitions/system-proxy.xml.in
@@ -11,7 +11,7 @@
<properties>
<help>Proxy URL</help>
<constraint>
- <regex>http:\/\/[a-z0-9\.]+</regex>
+ <regex>http(s)?:\/\/[a-z0-9-\.]+</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in
index 21b47125d..6309863c5 100644
--- a/interface-definitions/vpn-openconnect.xml.in
+++ b/interface-definitions/vpn-openconnect.xml.in
@@ -265,6 +265,19 @@
</children>
</node>
#include <include/name-server-ipv4-ipv6.xml.i>
+ <leafNode name="split-dns">
+ <properties>
+ <help>Domains over which the provided DNS should be used</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Client prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="fqdn"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
</children>
</node>
</children>
diff --git a/interface-definitions/zone-policy.xml.in b/interface-definitions/zone-policy.xml.in
index dca4c59d1..dc3408c3d 100644
--- a/interface-definitions/zone-policy.xml.in
+++ b/interface-definitions/zone-policy.xml.in
@@ -19,7 +19,7 @@
</properties>
<children>
#include <include/generic-description.xml.i>
- #include <include/firewall/name-default-log.xml.i>
+ #include <include/firewall/enable-default-log.xml.i>
<leafNode name="default-action">
<properties>
<help>Default-action for traffic coming into this zone</help>
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-22 04:47:20 +0000