summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/firewall.xml.in16
-rw-r--r--interface-definitions/include/firewall/default-action.xml.i (renamed from interface-definitions/include/firewall/name-default-action.xml.i)3
-rw-r--r--interface-definitions/include/firewall/enable-default-log.xml.i (renamed from interface-definitions/include/firewall/name-default-log.xml.i)2
-rw-r--r--interface-definitions/include/inbound-interface.xml.i11
-rw-r--r--interface-definitions/include/ipv4-address-prefix.xml.i19
-rw-r--r--interface-definitions/nat.xml.in53
-rw-r--r--interface-definitions/policy-route.xml.in4
-rw-r--r--interface-definitions/protocols-rpki.xml.in6
-rw-r--r--interface-definitions/zone-policy.xml.in2
9 files changed, 91 insertions, 25 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index ed84acbb7..cca3c0f7d 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -342,8 +342,8 @@
</constraint>
</properties>
<children>
- #include <include/firewall/name-default-action.xml.i>
- #include <include/firewall/name-default-log.xml.i>
+ #include <include/firewall/default-action.xml.i>
+ #include <include/firewall/enable-default-log.xml.i>
#include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
@@ -434,7 +434,7 @@
<children>
<leafNode name="code">
<properties>
- <help>ICMPv6 code (0-255)</help>
+ <help>ICMPv6 code</help>
<valueHelp>
<format>u32:0-255</format>
<description>ICMPv6 code (0-255)</description>
@@ -446,7 +446,7 @@
</leafNode>
<leafNode name="type">
<properties>
- <help>ICMPv6 type (0-255)</help>
+ <help>ICMPv6 type</help>
<valueHelp>
<format>u32:0-255</format>
<description>ICMPv6 type (0-255)</description>
@@ -531,8 +531,8 @@
</constraint>
</properties>
<children>
- #include <include/firewall/name-default-action.xml.i>
- #include <include/firewall/name-default-log.xml.i>
+ #include <include/firewall/default-action.xml.i>
+ #include <include/firewall/enable-default-log.xml.i>
#include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
@@ -580,7 +580,7 @@
<children>
<leafNode name="code">
<properties>
- <help>ICMP code (0-255)</help>
+ <help>ICMP code</help>
<valueHelp>
<format>u32:0-255</format>
<description>ICMP code (0-255)</description>
@@ -592,7 +592,7 @@
</leafNode>
<leafNode name="type">
<properties>
- <help>ICMP type (0-255)</help>
+ <help>ICMP type</help>
<valueHelp>
<format>u32:0-255</format>
<description>ICMP type (0-255)</description>
diff --git a/interface-definitions/include/firewall/name-default-action.xml.i b/interface-definitions/include/firewall/default-action.xml.i
index 512b0296f..92a2fcaaf 100644
--- a/interface-definitions/include/firewall/name-default-action.xml.i
+++ b/interface-definitions/include/firewall/default-action.xml.i
@@ -1,4 +1,4 @@
-<!-- include start from firewall/name-default-action.xml.i -->
+<!-- include start from firewall/default-action.xml.i -->
<leafNode name="default-action">
<properties>
<help>Default-action for rule-set</help>
@@ -21,5 +21,6 @@
<regex>(drop|reject|accept)</regex>
</constraint>
</properties>
+ <defaultValue>drop</defaultValue>
</leafNode>
<!-- include end -->
diff --git a/interface-definitions/include/firewall/name-default-log.xml.i b/interface-definitions/include/firewall/enable-default-log.xml.i
index 1d0ff9497..1e64edc6e 100644
--- a/interface-definitions/include/firewall/name-default-log.xml.i
+++ b/interface-definitions/include/firewall/enable-default-log.xml.i
@@ -1,4 +1,4 @@
-<!-- include start from firewall/name-default-log.xml.i -->
+<!-- include start from firewall/enable-default-log.xml.i -->
<leafNode name="enable-default-log">
<properties>
<help>Option to log packets hitting default-action</help>
diff --git a/interface-definitions/include/inbound-interface.xml.i b/interface-definitions/include/inbound-interface.xml.i
new file mode 100644
index 000000000..3289bbf8f
--- /dev/null
+++ b/interface-definitions/include/inbound-interface.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from inbound-interface.xml.i -->
+<leafNode name="inbound-interface">
+ <properties>
+ <help>Inbound interface of NAT traffic</help>
+ <completionHelp>
+ <list>any</list>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/ipv4-address-prefix.xml.i b/interface-definitions/include/ipv4-address-prefix.xml.i
new file mode 100644
index 000000000..f5be6f1fe
--- /dev/null
+++ b/interface-definitions/include/ipv4-address-prefix.xml.i
@@ -0,0 +1,19 @@
+<!-- include start from ipv4-address-prefix.xml.i -->
+<leafNode name="address">
+ <properties>
+ <help>IP address, prefix</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address to match</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IPv4 prefix to match</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="ipv4-prefix"/>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/nat.xml.in b/interface-definitions/nat.xml.in
index 9295b631f..501ff05d3 100644
--- a/interface-definitions/nat.xml.in
+++ b/interface-definitions/nat.xml.in
@@ -14,15 +14,7 @@
#include <include/nat-rule.xml.i>
<tagNode name="rule">
<children>
- <leafNode name="inbound-interface">
- <properties>
- <help>Inbound interface of NAT traffic</help>
- <completionHelp>
- <list>any</list>
- <script>${vyos_completion_dir}/list_interfaces.py</script>
- </completionHelp>
- </properties>
- </leafNode>
+ #include <include/inbound-interface.xml.i>
<node name="translation">
<properties>
<help>Inside NAT IP (destination NAT only)</help>
@@ -65,6 +57,17 @@
<children>
#include <include/nat-rule.xml.i>
<tagNode name="rule">
+ <properties>
+ <help>Rule number for NAT</help>
+ <valueHelp>
+ <format>u32:1-999999</format>
+ <description>Number of NAT rule</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-999999"/>
+ </constraint>
+ <constraintErrorMessage>NAT rule number must be between 1 and 999999</constraintErrorMessage>
+ </properties>
<children>
#include <include/nat-interface.xml.i>
<node name="translation">
@@ -110,6 +113,38 @@
</tagNode>
</children>
</node>
+ <node name="static">
+ <properties>
+ <help>Static NAT (one-to-one)</help>
+ </properties>
+ <children>
+ <tagNode name="rule">
+ <properties>
+ <help>Rule number for NAT</help>
+ </properties>
+ <children>
+ #include <include/generic-description.xml.i>
+ <node name="destination">
+ <properties>
+ <help>NAT destination parameters</help>
+ </properties>
+ <children>
+ #include <include/ipv4-address-prefix.xml.i>
+ </children>
+ </node>
+ #include <include/inbound-interface.xml.i>
+ <node name="translation">
+ <properties>
+ <help>Translation address or prefix</help>
+ </properties>
+ <children>
+ #include <include/ipv4-address-prefix.xml.i>
+ </children>
+ </node>
+ </children>
+ </tagNode>
+ </children>
+ </node>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/policy-route.xml.in b/interface-definitions/policy-route.xml.in
index a10c9b08f..c2a9a8d94 100644
--- a/interface-definitions/policy-route.xml.in
+++ b/interface-definitions/policy-route.xml.in
@@ -12,7 +12,7 @@
</properties>
<children>
#include <include/generic-description.xml.i>
- #include <include/firewall/name-default-log.xml.i>
+ #include <include/firewall/enable-default-log.xml.i>
<tagNode name="rule">
<properties>
<help>Policy rule number</help>
@@ -61,7 +61,7 @@
</properties>
<children>
#include <include/generic-description.xml.i>
- #include <include/firewall/name-default-log.xml.i>
+ #include <include/firewall/enable-default-log.xml.i>
<tagNode name="rule">
<properties>
<help>Policy rule number</help>
diff --git a/interface-definitions/protocols-rpki.xml.in b/interface-definitions/protocols-rpki.xml.in
index 68762ff9a..4535d3990 100644
--- a/interface-definitions/protocols-rpki.xml.in
+++ b/interface-definitions/protocols-rpki.xml.in
@@ -12,15 +12,15 @@
<help>RPKI cache server address</help>
<valueHelp>
<format>ipv4</format>
- <description>IP address of NTP server</description>
+ <description>IP address of RPKI server</description>
</valueHelp>
<valueHelp>
<format>ipv6</format>
- <description>IPv6 address of NTP server</description>
+ <description>IPv6 address of RPKI server</description>
</valueHelp>
<valueHelp>
<format>hostname</format>
- <description>Fully qualified domain name of NTP server</description>
+ <description>Fully qualified domain name of RPKI server</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
diff --git a/interface-definitions/zone-policy.xml.in b/interface-definitions/zone-policy.xml.in
index dca4c59d1..dc3408c3d 100644
--- a/interface-definitions/zone-policy.xml.in
+++ b/interface-definitions/zone-policy.xml.in
@@ -19,7 +19,7 @@
</properties>
<children>
#include <include/generic-description.xml.i>
- #include <include/firewall/name-default-log.xml.i>
+ #include <include/firewall/enable-default-log.xml.i>
<leafNode name="default-action">
<properties>
<help>Default-action for traffic coming into this zone</help>
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-04 01:13:13 +0000