diff options
Diffstat (limited to 'interface-definitions/include/firewall')
6 files changed, 41 insertions, 9 deletions
diff --git a/interface-definitions/include/firewall/action.xml.i b/interface-definitions/include/firewall/action.xml.i index 512cc23bd..468340cbb 100644 --- a/interface-definitions/include/firewall/action.xml.i +++ b/interface-definitions/include/firewall/action.xml.i @@ -3,22 +3,30 @@ <properties> <help>Rule action</help> <completionHelp> - <list>accept reject drop</list> + <list>accept jump reject return drop</list> </completionHelp> <valueHelp> <format>accept</format> <description>Accept matching entries</description> </valueHelp> <valueHelp> + <format>jump</format> + <description>Jump to another chain</description> + </valueHelp> + <valueHelp> <format>reject</format> <description>Reject matching entries</description> </valueHelp> <valueHelp> + <format>return</format> + <description>Return from the current chain and continue at the next rule of the last chain</description> + </valueHelp> + <valueHelp> <format>drop</format> <description>Drop matching entries</description> </valueHelp> <constraint> - <regex>(accept|reject|drop)</regex> + <regex>(accept|jump|reject|return|drop)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i index 079864122..a4f66f5cb 100644 --- a/interface-definitions/include/firewall/common-rule.xml.i +++ b/interface-definitions/include/firewall/common-rule.xml.i @@ -26,6 +26,14 @@ </leafNode> </children> </node> +<leafNode name="inbound-interface"> + <properties> + <help>Match inbound-interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> +</leafNode> <node name="ipsec"> <properties> <help>Inbound IPsec packets</help> @@ -122,6 +130,14 @@ </leafNode> </children> </node> +<leafNode name="outbound-interface"> + <properties> + <help>Match outbound-interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> +</leafNode> <leafNode name="protocol"> <properties> <help>Protocol to match (protocol name, number, or "all")</help> diff --git a/interface-definitions/include/firewall/default-action.xml.i b/interface-definitions/include/firewall/default-action.xml.i index 92a2fcaaf..80efaf335 100644 --- a/interface-definitions/include/firewall/default-action.xml.i +++ b/interface-definitions/include/firewall/default-action.xml.i @@ -3,22 +3,30 @@ <properties> <help>Default-action for rule-set</help> <completionHelp> - <list>drop reject accept</list> + <list>drop jump reject return accept</list> </completionHelp> <valueHelp> <format>drop</format> <description>Drop if no prior rules are hit</description> </valueHelp> <valueHelp> + <format>jump</format> + <description>Jump to another chain if no prior rules are hit</description> + </valueHelp> + <valueHelp> <format>reject</format> <description>Drop and notify source if no prior rules are hit</description> </valueHelp> <valueHelp> + <format>return</format> + <description>Return from the current chain and continue at the next rule of the last chain</description> + </valueHelp> + <valueHelp> <format>accept</format> <description>Accept if no prior rules are hit</description> </valueHelp> <constraint> - <regex>(drop|reject|accept)</regex> + <regex>(drop|jump|reject|return|accept)</regex> </constraint> </properties> <defaultValue>drop</defaultValue> diff --git a/interface-definitions/include/firewall/dscp.xml.i b/interface-definitions/include/firewall/dscp.xml.i index 796bab548..dd4da4894 100644 --- a/interface-definitions/include/firewall/dscp.xml.i +++ b/interface-definitions/include/firewall/dscp.xml.i @@ -11,7 +11,7 @@ <description>DSCP range to match</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 0-63"/> + <validator name="numeric" argument="--allow-range --range 0-63"/> </constraint> <multi/> </properties> @@ -28,7 +28,7 @@ <description>DSCP range not to match</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 0-63"/> + <validator name="numeric" argument="--allow-range --range 0-63"/> </constraint> <multi/> </properties> diff --git a/interface-definitions/include/firewall/packet-length.xml.i b/interface-definitions/include/firewall/packet-length.xml.i index 91f08314a..fd2eb67b0 100644 --- a/interface-definitions/include/firewall/packet-length.xml.i +++ b/interface-definitions/include/firewall/packet-length.xml.i @@ -11,7 +11,7 @@ <description>Packet length range to match</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 1-65535"/> + <validator name="numeric" argument="--allow-range --range 1-65535"/> </constraint> <multi/> </properties> @@ -28,7 +28,7 @@ <description>Packet length range not to match</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 1-65535"/> + <validator name="numeric" argument="--allow-range --range 1-65535"/> </constraint> <multi/> </properties> diff --git a/interface-definitions/include/firewall/tcp-flags.xml.i b/interface-definitions/include/firewall/tcp-flags.xml.i index fc0da3135..e2ce7b9fd 100644 --- a/interface-definitions/include/firewall/tcp-flags.xml.i +++ b/interface-definitions/include/firewall/tcp-flags.xml.i @@ -126,7 +126,7 @@ <description>TCP MSS range (use '-' as delimiter)</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 1-16384"/> + <validator name="numeric" argument="--allow-range --range 1-16384"/> </constraint> </properties> </leafNode> |