firewall: T3560: Add support for MAC address groups

author: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2022-01-18 15:29:03 +0100
committer: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2022-01-18 20:35:03 +0100
commit: 0a5a78621b2b28f06af1f40c10ee8bb880f860a0 (patch)
tree: a984e64e7135923430bedcebefc4a824f4ff735b /interface-definitions
parent: 385b72da4845e5c247aaeae9469ca04da216a4cb (diff)
download: vyos-1x-0a5a78621b2b28f06af1f40c10ee8bb880f860a0.tar.gz
vyos-1x-0a5a78621b2b28f06af1f40c10ee8bb880f860a0.zip
7 files changed, 42 insertions, 0 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index fd98ae138..987ccaca6 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -144,6 +144,27 @@
               </leafNode>
             </children>
           </tagNode>
+          <tagNode name="mac-group">
+            <properties>
+              <help>Firewall mac-group</help>
+            </properties>
+            <children>
+              #include <include/generic-description.xml.i>
+              <leafNode name="mac-address">
+                <properties>
+                  <help>Mac-group member</help>
+                  <valueHelp>
+                    <format>&lt;MAC address&gt;</format>
+                    <description>MAC address to match</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="mac-address"/>
+                  </constraint>
+                  <multi/>
+                </properties>
+              </leafNode>
+            </children>
+          </tagNode>
           <tagNode name="network-group">
             <properties>
               <help>Firewall network-group</help>
diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i
index 5ffbd639c..521fe54f2 100644
--- a/interface-definitions/include/firewall/common-rule.xml.i
+++ b/interface-definitions/include/firewall/common-rule.xml.i
@@ -176,6 +176,9 @@
           <format>!&lt;MAC address&gt;</format>
           <description>Match everything except the specified MAC address</description>
         </valueHelp>
+        <constraint>
+          <validator name="mac-address-firewall"/>
+        </constraint>
       </properties>
     </leafNode>
     #include <include/firewall/port.xml.i>
diff --git a/interface-definitions/include/firewall/mac-group.xml.i b/interface-definitions/include/firewall/mac-group.xml.i
new file mode 100644
index 000000000..dbce3fc88
--- /dev/null
+++ b/interface-definitions/include/firewall/mac-group.xml.i
@@ -0,0 +1,10 @@
+<!-- include start from firewall/mac-group.xml.i -->
+<leafNode name="mac-group">
+  <properties>
+    <help>Group of MAC addresses</help>
+    <completionHelp>
+      <path>firewall group mac-group</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<!-- include start from firewall/mac-group.xml.i -->
+\ No newline at end of file
diff --git a/interface-definitions/include/firewall/source-destination-group-ipv6.xml.i b/interface-definitions/include/firewall/source-destination-group-ipv6.xml.i
index 7815b78d4..c2cc7edb3 100644
--- a/interface-definitions/include/firewall/source-destination-group-ipv6.xml.i
+++ b/interface-definitions/include/firewall/source-destination-group-ipv6.xml.i
@@ -12,6 +12,7 @@
         </completionHelp>
       </properties>
     </leafNode>
+    #include <include/firewall/mac-group.xml.i>
     <leafNode name="network-group">
       <properties>
         <help>Group of networks</help>
diff --git a/interface-definitions/include/firewall/source-destination-group.xml.i b/interface-definitions/include/firewall/source-destination-group.xml.i
index 9a9bed0fe..ab11e89e9 100644
--- a/interface-definitions/include/firewall/source-destination-group.xml.i
+++ b/interface-definitions/include/firewall/source-destination-group.xml.i
@@ -12,6 +12,7 @@
         </completionHelp>
       </properties>
     </leafNode>
+    #include <include/firewall/mac-group.xml.i>
     <leafNode name="network-group">
       <properties>
         <help>Group of networks</help>
diff --git a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i
index 735edbd48..406125e55 100644
--- a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i
+++ b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i
@@ -232,6 +232,9 @@
           <format>!&lt;MAC address&gt;</format>
           <description>Match everything except the specified MAC address</description>
         </valueHelp>
+        <constraint>
+          <validator name="mac-address-firewall"/>
+        </constraint>
       </properties>
     </leafNode>
     #include <include/firewall/port.xml.i>
diff --git a/interface-definitions/include/policy/route-common-rule.xml.i b/interface-definitions/include/policy/route-common-rule.xml.i
index 4452f78fc..33c4ba77c 100644
--- a/interface-definitions/include/policy/route-common-rule.xml.i
+++ b/interface-definitions/include/policy/route-common-rule.xml.i
@@ -232,6 +232,9 @@
           <format>!&lt;MAC address&gt;</format>
           <description>Match everything except the specified MAC address</description>
         </valueHelp>
+        <constraint>
+          <validator name="mac-address-firewall"/>
+        </constraint>
       </properties>
     </leafNode>
     #include <include/firewall/port.xml.i>
author	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2022-01-18 15:29:03 +0100
committer	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2022-01-18 20:35:03 +0100
commit	0a5a78621b2b28f06af1f40c10ee8bb880f860a0 (patch)
tree	a984e64e7135923430bedcebefc4a824f4ff735b /interface-definitions
parent	385b72da4845e5c247aaeae9469ca04da216a4cb (diff)
download	vyos-1x-0a5a78621b2b28f06af1f40c10ee8bb880f860a0.tar.gz vyos-1x-0a5a78621b2b28f06af1f40c10ee8bb880f860a0.zip