summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorNicolas Fort <nicolasfort1988@gmail.com>2023-11-24 10:24:48 +0000
committerBjarke Istrup Pedersen <gurli@gurlinet.dk>2023-12-15 21:28:51 +0100
commitfcedc85e2b4d3d6663b0c78c3fb3bd93db91fcc2 (patch)
tree18e4f1b706e2ada437e97c861d85b4575ebd1097 /interface-definitions
parentaf2668c4479377063c2e65e2383648155fb1e8f4 (diff)
downloadvyos-1x-fcedc85e2b4d3d6663b0c78c3fb3bd93db91fcc2.tar.gz
vyos-1x-fcedc85e2b4d3d6663b0c78c3fb3bd93db91fcc2.zip
T5775: firewall: re-add state-policy to firewall. These commands are now included in <set firewall global-options state-policy> node.
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/firewall.xml.in2
-rw-r--r--interface-definitions/include/firewall/global-options.xml.i37
2 files changed, 38 insertions, 1 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 0bb14a1b3..70afdc995 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -393,7 +393,7 @@
<properties>
<help>Zone from which to filter traffic</help>
<completionHelp>
- <path>zone-policy zone</path>
+ <path>firewall zone</path>
</completionHelp>
</properties>
<children>
diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i
index a63874cb0..3026b54ab 100644
--- a/interface-definitions/include/firewall/global-options.xml.i
+++ b/interface-definitions/include/firewall/global-options.xml.i
@@ -167,6 +167,43 @@
</properties>
<defaultValue>disable</defaultValue>
</leafNode>
+ <node name="state-policy">
+ <properties>
+ <help>Global firewall state-policy</help>
+ </properties>
+ <children>
+ <node name="established">
+ <properties>
+ <help>Global firewall policy for packets part of an established connection</help>
+ </properties>
+ <children>
+ #include <include/firewall/action-accept-drop-reject.xml.i>
+ #include <include/firewall/log.xml.i>
+ #include <include/firewall/rule-log-level.xml.i>
+ </children>
+ </node>
+ <node name="invalid">
+ <properties>
+ <help>Global firewall policy for packets part of an invalid connection</help>
+ </properties>
+ <children>
+ #include <include/firewall/action-accept-drop-reject.xml.i>
+ #include <include/firewall/log.xml.i>
+ #include <include/firewall/rule-log-level.xml.i>
+ </children>
+ </node>
+ <node name="related">
+ <properties>
+ <help>Global firewall policy for packets part of a related connection</help>
+ </properties>
+ <children>
+ #include <include/firewall/action-accept-drop-reject.xml.i>
+ #include <include/firewall/log.xml.i>
+ #include <include/firewall/rule-log-level.xml.i>
+ </children>
+ </node>
+ </children>
+ </node>
<leafNode name="syn-cookies">
<properties>
<help>Policy for using TCP SYN cookies with IPv4</help>