diff options
author | Christian Breunig <christian@breunig.cc> | 2023-09-28 17:24:12 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-09-28 17:24:12 +0200 |
commit | ef94ff7f9959b9f3dcef398f8d85355d143ac73b (patch) | |
tree | b6f15840059df2d9af4f44260587cf8ce01f2843 /interface-definitions | |
parent | 7c2a0e781e2391f50738e2b29011dfd25b60075c (diff) | |
parent | 11641f9979d45ae3b519f3220fab68bfd8700be0 (diff) | |
download | vyos-1x-ef94ff7f9959b9f3dcef398f8d85355d143ac73b.tar.gz vyos-1x-ef94ff7f9959b9f3dcef398f8d85355d143ac73b.zip |
Merge pull request #2320 from vyos/mergify/bp/sagitta/pr-2306
firewall: T5614: Add support for matching on conntrack helper (backport #2306)
Diffstat (limited to 'interface-definitions')
-rw-r--r-- | interface-definitions/include/firewall/common-rule-inet.xml.i | 1 | ||||
-rw-r--r-- | interface-definitions/include/firewall/conntrack-helper.xml.i | 42 |
2 files changed, 43 insertions, 0 deletions
diff --git a/interface-definitions/include/firewall/common-rule-inet.xml.i b/interface-definitions/include/firewall/common-rule-inet.xml.i index 7a2eb86d4..88c055f52 100644 --- a/interface-definitions/include/firewall/common-rule-inet.xml.i +++ b/interface-definitions/include/firewall/common-rule-inet.xml.i @@ -4,6 +4,7 @@ #include <include/firewall/dscp.xml.i> #include <include/firewall/packet-options.xml.i> #include <include/firewall/connection-mark.xml.i> +#include <include/firewall/conntrack-helper.xml.i> #include <include/firewall/nft-queue.xml.i> <leafNode name="disable"> <properties> diff --git a/interface-definitions/include/firewall/conntrack-helper.xml.i b/interface-definitions/include/firewall/conntrack-helper.xml.i new file mode 100644 index 000000000..ee17f2c61 --- /dev/null +++ b/interface-definitions/include/firewall/conntrack-helper.xml.i @@ -0,0 +1,42 @@ +<!-- include start from firewall/conntrack-helper.xml.i --> +<leafNode name="conntrack-helper"> + <properties> + <help>Match related traffic from conntrack helpers</help> + <completionHelp> + <list>ftp h323 pptp nfs sip tftp sqlnet</list> + </completionHelp> + <valueHelp> + <format>ftp</format> + <description>Related traffic from FTP helper</description> + </valueHelp> + <valueHelp> + <format>h323</format> + <description>Related traffic from H.323 helper</description> + </valueHelp> + <valueHelp> + <format>pptp</format> + <description>Related traffic from PPTP helper</description> + </valueHelp> + <valueHelp> + <format>nfs</format> + <description>Related traffic from NFS helper</description> + </valueHelp> + <valueHelp> + <format>sip</format> + <description>Related traffic from SIP helper</description> + </valueHelp> + <valueHelp> + <format>tftp</format> + <description>Related traffic from TFTP helper</description> + </valueHelp> + <valueHelp> + <format>sqlnet</format> + <description>Related traffic from SQLNet helper</description> + </valueHelp> + <constraint> + <regex>(ftp|h323|pptp|nfs|sip|tftp|sqlnet)</regex> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> |