diff options
Diffstat (limited to 'interface-definitions/include/firewall')
4 files changed, 54 insertions, 5 deletions
diff --git a/interface-definitions/include/firewall/action-forward.xml.i b/interface-definitions/include/firewall/action-forward.xml.i index f61e51887..4e59f3c6f 100644 --- a/interface-definitions/include/firewall/action-forward.xml.i +++ b/interface-definitions/include/firewall/action-forward.xml.i @@ -3,7 +3,7 @@ <properties> <help>Rule action</help> <completionHelp> - <list>accept continue jump reject return drop queue offload</list> + <list>accept continue jump reject return drop queue offload synproxy</list> </completionHelp> <valueHelp> <format>accept</format> @@ -37,8 +37,12 @@ <format>offload</format> <description>Offload packet via flowtable</description> </valueHelp> + <valueHelp> + <format>synproxy</format> + <description>Synproxy connections</description> + </valueHelp> <constraint> - <regex>(accept|continue|jump|reject|return|drop|queue|offload)</regex> + <regex>(accept|continue|jump|reject|return|drop|queue|offload|synproxy)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/firewall/action.xml.i b/interface-definitions/include/firewall/action.xml.i index 9391a7bee..954e4f23e 100644 --- a/interface-definitions/include/firewall/action.xml.i +++ b/interface-definitions/include/firewall/action.xml.i @@ -3,7 +3,7 @@ <properties> <help>Rule action</help> <completionHelp> - <list>accept continue jump reject return drop queue</list> + <list>accept continue jump reject return drop queue synproxy</list> </completionHelp> <valueHelp> <format>accept</format> @@ -33,8 +33,12 @@ <format>queue</format> <description>Enqueue packet to userspace</description> </valueHelp> + <valueHelp> + <format>synproxy</format> + <description>Synproxy connections</description> + </valueHelp> <constraint> - <regex>(accept|continue|jump|reject|return|drop|queue)</regex> + <regex>(accept|continue|jump|reject|return|drop|queue|synproxy)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/firewall/common-rule-inet.xml.i b/interface-definitions/include/firewall/common-rule-inet.xml.i index 3dbfbb65c..872abe6cc 100644 --- a/interface-definitions/include/firewall/common-rule-inet.xml.i +++ b/interface-definitions/include/firewall/common-rule-inet.xml.i @@ -220,6 +220,7 @@ </leafNode> </children> </node> +#include <include/firewall/synproxy.xml.i> <node name="state"> <properties> <help>Session state</help> @@ -373,4 +374,4 @@ </leafNode> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/synproxy.xml.i b/interface-definitions/include/firewall/synproxy.xml.i new file mode 100644 index 000000000..a65126ea9 --- /dev/null +++ b/interface-definitions/include/firewall/synproxy.xml.i @@ -0,0 +1,40 @@ +<!-- include start from firewall/synproxy.xml.i --> +<node name="synproxy"> + <properties> + <help>Synproxy options</help> + </properties> + <children> + <node name="tcp"> + <properties> + <help>TCP synproxy options</help> + </properties> + <children> + <leafNode name="mss"> + <properties> + <help>TCP Maximum segment size</help> + <valueHelp> + <format>u32:501-65535</format> + <description>Maximum segment size for synproxy connections</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 501-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="window-scale"> + <properties> + <help>TCP window scale for synproxy connections</help> + <valueHelp> + <format>u32:1-14</format> + <description>TCP window scale</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-14"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> +</node> +<!-- include end --> |