Merge pull request #1546 from nicolas-fort/fwall-jump

T4699: Firewall: Add jump action in firewall ruleset

3 files changed, 44 insertions, 4 deletions

diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index d39dddc77..d6fa76892 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -379,6 +379,14 @@
           #include <include/firewall/default-action.xml.i>
           #include <include/firewall/enable-default-log.xml.i>
           #include <include/generic-description.xml.i>
+          <leafNode name="default-jump-target">
+            <properties>
+              <help>Set jump target. Action jump must be defined in default-action to use this setting</help>
+              <completionHelp>
+                <path>firewall ipv6-name</path>
+              </completionHelp>
+            </properties>
+          </leafNode>
           <tagNode name="rule">
             <properties>
               <help>Firewall rule number (IPv6)</help>
@@ -452,6 +460,14 @@
                   #include <include/firewall/icmpv6-type-name.xml.i>
                 </children>
               </node>
+              <leafNode name="jump-target">
+                <properties>
+                  <help>Set jump target. Action jump must be defined to use this setting</help>
+                  <completionHelp>
+                    <path>firewall ipv6-name</path>
+                  </completionHelp>
+                </properties>
+              </leafNode>
             </children>
           </tagNode>
         </children>
@@ -527,6 +543,14 @@
           #include <include/firewall/default-action.xml.i>
           #include <include/firewall/enable-default-log.xml.i>
           #include <include/generic-description.xml.i>
+          <leafNode name="default-jump-target">
+            <properties>
+              <help>Set jump target. Action jump must be defined in default-action to use this setting</help>
+              <completionHelp>
+                <path>firewall name</path>
+              </completionHelp>
+            </properties>
+          </leafNode>
           <tagNode name="rule">
             <properties>
               <help>Firewall rule number (IPv4)</help>
@@ -599,6 +623,14 @@
                   #include <include/firewall/icmp-type-name.xml.i>
                 </children>
               </node>
+              <leafNode name="jump-target">
+                <properties>
+                  <help>Set jump target. Action jump must be defined to use this setting</help>
+                  <completionHelp>
+                    <path>firewall name</path>
+                  </completionHelp>
+                </properties>
+              </leafNode>
               #include <include/firewall/ttl.xml.i>
             </children>
           </tagNode>
diff --git a/interface-definitions/include/firewall/action.xml.i b/interface-definitions/include/firewall/action.xml.i
index 512cc23bd..0738fa503 100644
--- a/interface-definitions/include/firewall/action.xml.i
+++ b/interface-definitions/include/firewall/action.xml.i
@@ -3,13 +3,17 @@
   <properties>
     <help>Rule action</help>
     <completionHelp>
-      <list>accept reject drop</list>
+      <list>accept jump reject drop</list>
     </completionHelp>
     <valueHelp>
       <format>accept</format>
       <description>Accept matching entries</description>
     </valueHelp>
     <valueHelp>
+      <format>jump</format>
+      <description>Jump to another chain</description>
+    </valueHelp>
+    <valueHelp>
       <format>reject</format>
       <description>Reject matching entries</description>
     </valueHelp>
@@ -18,7 +22,7 @@
       <description>Drop matching entries</description>
     </valueHelp>
     <constraint>
-      <regex>(accept|reject|drop)</regex>
+      <regex>(accept|jump|reject|drop)</regex>
     </constraint>
   </properties>
 </leafNode>
diff --git a/interface-definitions/include/firewall/default-action.xml.i b/interface-definitions/include/firewall/default-action.xml.i
index 92a2fcaaf..5107768d3 100644
--- a/interface-definitions/include/firewall/default-action.xml.i
+++ b/interface-definitions/include/firewall/default-action.xml.i
@@ -3,13 +3,17 @@
   <properties>
     <help>Default-action for rule-set</help>
     <completionHelp>
-      <list>drop reject accept</list>
+      <list>drop jump reject accept</list>
     </completionHelp>
     <valueHelp>
       <format>drop</format>
       <description>Drop if no prior rules are hit</description>
     </valueHelp>
     <valueHelp>
+      <format>jump</format>
+      <description>Jump to another chain if no prior rules are hit</description>
+    </valueHelp>
+    <valueHelp>
       <format>reject</format>
       <description>Drop and notify source if no prior rules are hit</description>
     </valueHelp>
@@ -18,7 +22,7 @@
       <description>Accept if no prior rules are hit</description>
     </valueHelp>
     <constraint>
-      <regex>(drop|reject|accept)</regex>
+      <regex>(drop|jump|reject|accept)</regex>
     </constraint>
   </properties>
   <defaultValue>drop</defaultValue>