summaryrefslogtreecommitdiff
path: root/interface-definitions/firewall.xml.in
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions/firewall.xml.in')
-rw-r--r--interface-definitions/firewall.xml.in62
1 files changed, 60 insertions, 2 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 673461036..7d7e0a38f 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -126,7 +126,7 @@
<description>Domain address to match</description>
</valueHelp>
<constraint>
- <regex>[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,99}?(\/.*)?</regex>
+ <validator name="fqdn"/>
</constraint>
<multi/>
</properties>
@@ -134,6 +134,35 @@
#include <include/generic-description.xml.i>
</children>
</tagNode>
+ <tagNode name="interface-group">
+ <properties>
+ <help>Firewall interface-group</help>
+ <constraint>
+ <regex>[a-zA-Z0-9][\w\-\.]*</regex>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="interface">
+ <properties>
+ <help>Interface-group member</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="include">
+ <properties>
+ <help>Include another interface-group</help>
+ <completionHelp>
+ <path>firewall group interface-group</path>
+ </completionHelp>
+ <multi/>
+ </properties>
+ </leafNode>
+ #include <include/generic-description.xml.i>
+ </children>
+ </tagNode>
<tagNode name="ipv6-address-group">
<properties>
<help>Firewall ipv6-address-group</help>
@@ -218,7 +247,7 @@
<properties>
<help>Mac-group member</help>
<valueHelp>
- <format>&lt;MAC address&gt;</format>
+ <format>macaddr</format>
<description>MAC address to match</description>
</valueHelp>
<constraint>
@@ -408,9 +437,11 @@
</properties>
<children>
#include <include/firewall/address-ipv6.xml.i>
+ #include <include/firewall/fqdn.xml.i>
#include <include/firewall/geoip.xml.i>
#include <include/firewall/source-destination-group-ipv6.xml.i>
#include <include/firewall/port.xml.i>
+ #include <include/firewall/address-mask-ipv6.xml.i>
</children>
</node>
<node name="source">
@@ -419,15 +450,18 @@
</properties>
<children>
#include <include/firewall/address-ipv6.xml.i>
+ #include <include/firewall/fqdn.xml.i>
#include <include/firewall/geoip.xml.i>
#include <include/firewall/source-destination-group-ipv6.xml.i>
#include <include/firewall/port.xml.i>
+ #include <include/firewall/address-mask-ipv6.xml.i>
</children>
</node>
#include <include/firewall/common-rule.xml.i>
#include <include/firewall/dscp.xml.i>
#include <include/firewall/packet-length.xml.i>
#include <include/firewall/hop-limit.xml.i>
+ #include <include/firewall/connection-mark.xml.i>
<node name="icmpv6">
<properties>
<help>ICMPv6 type and code information</help>
@@ -572,9 +606,11 @@
</properties>
<children>
#include <include/firewall/address.xml.i>
+ #include <include/firewall/fqdn.xml.i>
#include <include/firewall/geoip.xml.i>
#include <include/firewall/source-destination-group.xml.i>
#include <include/firewall/port.xml.i>
+ #include <include/firewall/address-mask.xml.i>
</children>
</node>
<node name="source">
@@ -583,14 +619,17 @@
</properties>
<children>
#include <include/firewall/address.xml.i>
+ #include <include/firewall/fqdn.xml.i>
#include <include/firewall/geoip.xml.i>
#include <include/firewall/source-destination-group.xml.i>
#include <include/firewall/port.xml.i>
+ #include <include/firewall/address-mask.xml.i>
</children>
</node>
#include <include/firewall/common-rule.xml.i>
#include <include/firewall/dscp.xml.i>
#include <include/firewall/packet-length.xml.i>
+ #include <include/firewall/connection-mark.xml.i>
<node name="icmp">
<properties>
<help>ICMP type and code information</help>
@@ -656,6 +695,25 @@
</properties>
<defaultValue>disable</defaultValue>
</leafNode>
+ <leafNode name="resolver-cache">
+ <properties>
+ <help>Retains last successful value if domain resolution fails</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="resolver-interval">
+ <properties>
+ <help>Domain resolver update interval</help>
+ <valueHelp>
+ <format>u32:10-3600</format>
+ <description>Interval (seconds)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 10-3600"/>
+ </constraint>
+ </properties>
+ <defaultValue>300</defaultValue>
+ </leafNode>
<leafNode name="send-redirects">
<properties>
<help>Policy for sending IPv4 ICMP redirect messages</help>