summaryrefslogtreecommitdiff
path: root/interface-definitions/include/firewall
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions/include/firewall')
-rw-r--r--interface-definitions/include/firewall/action.xml.i12
-rw-r--r--interface-definitions/include/firewall/default-action.xml.i12
-rw-r--r--interface-definitions/include/firewall/dscp.xml.i6
-rw-r--r--interface-definitions/include/firewall/packet-length.xml.i6
-rw-r--r--interface-definitions/include/firewall/tcp-flags.xml.i3
5 files changed, 25 insertions, 14 deletions
diff --git a/interface-definitions/include/firewall/action.xml.i b/interface-definitions/include/firewall/action.xml.i
index 512cc23bd..468340cbb 100644
--- a/interface-definitions/include/firewall/action.xml.i
+++ b/interface-definitions/include/firewall/action.xml.i
@@ -3,22 +3,30 @@
<properties>
<help>Rule action</help>
<completionHelp>
- <list>accept reject drop</list>
+ <list>accept jump reject return drop</list>
</completionHelp>
<valueHelp>
<format>accept</format>
<description>Accept matching entries</description>
</valueHelp>
<valueHelp>
+ <format>jump</format>
+ <description>Jump to another chain</description>
+ </valueHelp>
+ <valueHelp>
<format>reject</format>
<description>Reject matching entries</description>
</valueHelp>
<valueHelp>
+ <format>return</format>
+ <description>Return from the current chain and continue at the next rule of the last chain</description>
+ </valueHelp>
+ <valueHelp>
<format>drop</format>
<description>Drop matching entries</description>
</valueHelp>
<constraint>
- <regex>(accept|reject|drop)</regex>
+ <regex>(accept|jump|reject|return|drop)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/firewall/default-action.xml.i b/interface-definitions/include/firewall/default-action.xml.i
index 92a2fcaaf..80efaf335 100644
--- a/interface-definitions/include/firewall/default-action.xml.i
+++ b/interface-definitions/include/firewall/default-action.xml.i
@@ -3,22 +3,30 @@
<properties>
<help>Default-action for rule-set</help>
<completionHelp>
- <list>drop reject accept</list>
+ <list>drop jump reject return accept</list>
</completionHelp>
<valueHelp>
<format>drop</format>
<description>Drop if no prior rules are hit</description>
</valueHelp>
<valueHelp>
+ <format>jump</format>
+ <description>Jump to another chain if no prior rules are hit</description>
+ </valueHelp>
+ <valueHelp>
<format>reject</format>
<description>Drop and notify source if no prior rules are hit</description>
</valueHelp>
<valueHelp>
+ <format>return</format>
+ <description>Return from the current chain and continue at the next rule of the last chain</description>
+ </valueHelp>
+ <valueHelp>
<format>accept</format>
<description>Accept if no prior rules are hit</description>
</valueHelp>
<constraint>
- <regex>(drop|reject|accept)</regex>
+ <regex>(drop|jump|reject|return|accept)</regex>
</constraint>
</properties>
<defaultValue>drop</defaultValue>
diff --git a/interface-definitions/include/firewall/dscp.xml.i b/interface-definitions/include/firewall/dscp.xml.i
index 642212d7e..dd4da4894 100644
--- a/interface-definitions/include/firewall/dscp.xml.i
+++ b/interface-definitions/include/firewall/dscp.xml.i
@@ -11,8 +11,7 @@
<description>DSCP range to match</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 0-63"/>
- <validator name="range" argument="--min=0 --max=63"/>
+ <validator name="numeric" argument="--allow-range --range 0-63"/>
</constraint>
<multi/>
</properties>
@@ -29,8 +28,7 @@
<description>DSCP range not to match</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 0-63"/>
- <validator name="range" argument="--min=0 --max=63"/>
+ <validator name="numeric" argument="--allow-range --range 0-63"/>
</constraint>
<multi/>
</properties>
diff --git a/interface-definitions/include/firewall/packet-length.xml.i b/interface-definitions/include/firewall/packet-length.xml.i
index 043f56d16..fd2eb67b0 100644
--- a/interface-definitions/include/firewall/packet-length.xml.i
+++ b/interface-definitions/include/firewall/packet-length.xml.i
@@ -11,8 +11,7 @@
<description>Packet length range to match</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 1-65535"/>
- <validator name="range" argument="--min=1 --max=65535"/>
+ <validator name="numeric" argument="--allow-range --range 1-65535"/>
</constraint>
<multi/>
</properties>
@@ -29,8 +28,7 @@
<description>Packet length range not to match</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 1-65535"/>
- <validator name="range" argument="--min=1 --max=65535"/>
+ <validator name="numeric" argument="--allow-range --range 1-65535"/>
</constraint>
<multi/>
</properties>
diff --git a/interface-definitions/include/firewall/tcp-flags.xml.i b/interface-definitions/include/firewall/tcp-flags.xml.i
index 5a7b5a8d3..e2ce7b9fd 100644
--- a/interface-definitions/include/firewall/tcp-flags.xml.i
+++ b/interface-definitions/include/firewall/tcp-flags.xml.i
@@ -126,8 +126,7 @@
<description>TCP MSS range (use '-' as delimiter)</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 1-16384"/>
- <validator name="range" argument="--min=1 --max=16384"/>
+ <validator name="numeric" argument="--allow-range --range 1-16384"/>
</constraint>
</properties>
</leafNode>
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-08 18:18:24 +0000