summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/firewall.xml.in181
-rw-r--r--interface-definitions/include/firewall/icmp-type-name.xml.i142
-rw-r--r--interface-definitions/include/firewall/icmpv6-type-name.xml.i73
-rw-r--r--interface-definitions/include/nat-port.xml.i7
-rw-r--r--interface-definitions/include/nat-translation-port.xml.i3
-rw-r--r--interface-definitions/service_upnp.xml.in246
6 files changed, 365 insertions, 287 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 987ccaca6..f38bcfd9c 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -329,182 +329,31 @@
<help>ICMPv6 type and code information</help>
</properties>
<children>
- <leafNode name="type">
+ <leafNode name="code">
<properties>
- <help>ICMP type-name</help>
- <completionHelp>
- <list>any echo-reply pong destination-unreachable network-unreachable host-unreachable protocol-unreachable port-unreachable fragmentation-needed source-route-failed network-unknown host-unknown network-prohibited host-prohibited TOS-network-unreachable TOS-host-unreachable communication-prohibited host-precedence-violation precedence-cutoff source-quench redirect network-redirect host-redirect TOS-network-redirect TOS host-redirect echo-request ping router-advertisement router-solicitation time-exceeded ttl-exceeded ttl-zero-during-transit ttl-zero-during-reassembly parameter-problem ip-header-bad required-option-missing timestamp-request timestamp-reply address-mask-request address-mask-reply packet-too-big</list>
- </completionHelp>
- <valueHelp>
- <format>any</format>
- <description>Any ICMP type/code</description>
- </valueHelp>
- <valueHelp>
- <format>echo-reply</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>pong</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>destination-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>network-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
+ <help>ICMPv6 code (0-255)</help>
<valueHelp>
- <format>host-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>protocol-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>port-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>fragmentation-needed</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>source-route-failed</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>network-unknown</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>host-unknown</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>network-prohibited</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>host-prohibited</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>TOS-network-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>TOS-host-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>communication-prohibited</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>host-precedence-violation</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>precedence-cutoff</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>source-quench</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>redirect</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>network-redirect</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>host-redirect</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>TOS-network-redirect</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>TOS host-redirect</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>echo-request</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>ping</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>router-advertisement</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>router-solicitation</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>time-exceeded</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>ttl-exceeded</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>ttl-zero-during-transit</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>ttl-zero-during-reassembly</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>parameter-problem</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>ip-header-bad</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>required-option-missing</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>timestamp-request</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>timestamp-reply</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>address-mask-request</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>address-mask-reply</format>
- <description>ICMP type/code name</description>
+ <format>u32:0-255</format>
+ <description>ICMPv6 code (0-255)</description>
</valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-255"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="type">
+ <properties>
+ <help>ICMPv6 type (0-255)</help>
<valueHelp>
- <format>packet-too-big</format>
- <description>ICMP type/code name</description>
+ <format>u32:0-255</format>
+ <description>ICMPv6 type (0-255)</description>
</valueHelp>
<constraint>
- <regex>^(any|echo-reply|pong|destination-unreachable|network-unreachable|host-unreachable|protocol-unreachable|port-unreachable|fragmentation-needed|source-route-failed|network-unknown|host-unknown|network-prohibited|host-prohibited|TOS-network-unreachable|TOS-host-unreachable|communication-prohibited|host-precedence-violation|precedence-cutoff|source-quench|redirect|network-redirect|host-redirect|TOS-network-redirect|TOS host-redirect|echo-request|ping|router-advertisement|router-solicitation|time-exceeded|ttl-exceeded|ttl-zero-during-transit|ttl-zero-during-reassembly|parameter-problem|ip-header-bad|required-option-missing|timestamp-request|timestamp-reply|address-mask-request|address-mask-reply|packet-too-big)$</regex>
<validator name="numeric" argument="--range 0-255"/>
</constraint>
</properties>
</leafNode>
+ #include <include/firewall/icmpv6-type-name.xml.i>
</children>
</node>
</children>
diff --git a/interface-definitions/include/firewall/icmp-type-name.xml.i b/interface-definitions/include/firewall/icmp-type-name.xml.i
index b45fb619b..f57def3e1 100644
--- a/interface-definitions/include/firewall/icmp-type-name.xml.i
+++ b/interface-definitions/include/firewall/icmp-type-name.xml.i
@@ -3,170 +3,70 @@
<properties>
<help>ICMP type-name</help>
<completionHelp>
- <list>any echo-reply pong destination-unreachable network-unreachable host-unreachable protocol-unreachable port-unreachable fragmentation-needed source-route-failed network-unknown host-unknown network-prohibited host-prohibited TOS-network-unreachable TOS-host-unreachable communication-prohibited host-precedence-violation precedence-cutoff source-quench redirect network-redirect host-redirect TOS-network-redirect TOS host-redirect echo-request ping router-advertisement router-solicitation time-exceeded ttl-exceeded ttl-zero-during-transit ttl-zero-during-reassembly parameter-problem ip-header-bad required-option-missing timestamp-request timestamp-reply address-mask-request address-mask-reply</list>
+ <list>echo-reply destination-unreachable source-quench redirect echo-request router-advertisement router-solicitation time-exceeded parameter-problem timestamp-request timestamp-reply info-request info-reply address-mask-request address-mask-reply</list>
</completionHelp>
<valueHelp>
- <format>any</format>
- <description>Any ICMP type/code</description>
- </valueHelp>
- <valueHelp>
<format>echo-reply</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>pong</format>
- <description>ICMP type/code name</description>
+ <description>ICMP type 0: echo-reply</description>
</valueHelp>
<valueHelp>
<format>destination-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>network-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>host-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>protocol-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>port-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>fragmentation-needed</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>source-route-failed</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>network-unknown</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>host-unknown</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>network-prohibited</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>host-prohibited</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>TOS-network-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>TOS-host-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>communication-prohibited</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>host-precedence-violation</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>precedence-cutoff</format>
- <description>ICMP type/code name</description>
+ <description>ICMP type 3: destination-unreachable</description>
</valueHelp>
<valueHelp>
<format>source-quench</format>
- <description>ICMP type/code name</description>
+ <description>ICMP type 4: source-quench</description>
</valueHelp>
<valueHelp>
<format>redirect</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>network-redirect</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>host-redirect</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>TOS-network-redirect</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>TOS host-redirect</format>
- <description>ICMP type/code name</description>
+ <description>ICMP type 5: redirect</description>
</valueHelp>
<valueHelp>
<format>echo-request</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>ping</format>
- <description>ICMP type/code name</description>
+ <description>ICMP type 8: echo-request</description>
</valueHelp>
<valueHelp>
<format>router-advertisement</format>
- <description>ICMP type/code name</description>
+ <description>ICMP type 9: router-advertisement</description>
</valueHelp>
<valueHelp>
<format>router-solicitation</format>
- <description>ICMP type/code name</description>
+ <description>ICMP type 10: router-solicitation</description>
</valueHelp>
<valueHelp>
<format>time-exceeded</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>ttl-exceeded</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>ttl-zero-during-transit</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>ttl-zero-during-reassembly</format>
- <description>ICMP type/code name</description>
+ <description>ICMP type 11: time-exceeded</description>
</valueHelp>
<valueHelp>
<format>parameter-problem</format>
- <description>ICMP type/code name</description>
+ <description>ICMP type 12: parameter-problem</description>
</valueHelp>
<valueHelp>
- <format>ip-header-bad</format>
- <description>ICMP type/code name</description>
+ <format>timestamp-request</format>
+ <description>ICMP type 13: timestamp-request</description>
</valueHelp>
<valueHelp>
- <format>required-option-missing</format>
- <description>ICMP type/code name</description>
+ <format>timestamp-reply</format>
+ <description>ICMP type 14: timestamp-reply</description>
</valueHelp>
<valueHelp>
- <format>timestamp-request</format>
- <description>ICMP type/code name</description>
+ <format>info-request</format>
+ <description>ICMP type 15: info-request</description>
</valueHelp>
<valueHelp>
- <format>timestamp-reply</format>
- <description>ICMP type/code name</description>
+ <format>info-reply</format>
+ <description>ICMP type 16: info-reply</description>
</valueHelp>
<valueHelp>
<format>address-mask-request</format>
- <description>ICMP type/code name</description>
+ <description>ICMP type 17: address-mask-request</description>
</valueHelp>
<valueHelp>
<format>address-mask-reply</format>
- <description>ICMP type/code name</description>
+ <description>ICMP type 18: address-mask-reply</description>
</valueHelp>
<constraint>
- <regex>^(any|echo-reply|pong|destination-unreachable|network-unreachable|host-unreachable|protocol-unreachable|port-unreachable|fragmentation-needed|source-route-failed|network-unknown|host-unknown|network-prohibited|host-prohibited|TOS-network-unreachable|TOS-host-unreachable|communication-prohibited|host-precedence-violation|precedence-cutoff|source-quench|redirect|network-redirect|host-redirect|TOS-network-redirect|TOS host-redirect|echo-request|ping|router-advertisement|router-solicitation|time-exceeded|ttl-exceeded|ttl-zero-during-transit|ttl-zero-during-reassembly|parameter-problem|ip-header-bad|required-option-missing|timestamp-request|timestamp-reply|address-mask-request|address-mask-reply)$</regex>
+ <regex>^(echo-reply|destination-unreachable|source-quench|redirect|echo-request|router-advertisement|router-solicitation|time-exceeded|parameter-problem|timestamp-request|timestamp-reply|info-request|info-reply|address-mask-request|address-mask-reply)$</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/firewall/icmpv6-type-name.xml.i b/interface-definitions/include/firewall/icmpv6-type-name.xml.i
new file mode 100644
index 000000000..b13cf02c4
--- /dev/null
+++ b/interface-definitions/include/firewall/icmpv6-type-name.xml.i
@@ -0,0 +1,73 @@
+<!-- include start from firewall/icmpv6-type-name.xml.i -->
+<leafNode name="type-name">
+ <properties>
+ <help>ICMPv6 type-name</help>
+ <completionHelp>
+ <list>destination-unreachable packet-too-big time-exceeded echo-request echo-reply mld-listener-query mld-listener-report mld-listener-reduction nd-router-solicit nd-router-advert nd-neighbor-solicit nd-neighbor-advert nd-redirect parameter-problem router-renumbering</list>
+ </completionHelp>
+ <valueHelp>
+ <format>destination-unreachable</format>
+ <description>ICMPv6 type 1: destination-unreachable</description>
+ </valueHelp>
+ <valueHelp>
+ <format>packet-too-big</format>
+ <description>ICMPv6 type 2: packet-too-big</description>
+ </valueHelp>
+ <valueHelp>
+ <format>time-exceeded</format>
+ <description>ICMPv6 type 3: time-exceeded</description>
+ </valueHelp>
+ <valueHelp>
+ <format>echo-request</format>
+ <description>ICMPv6 type 128: echo-request</description>
+ </valueHelp>
+ <valueHelp>
+ <format>echo-reply</format>
+ <description>ICMPv6 type 129: echo-reply</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mld-listener-query</format>
+ <description>ICMPv6 type 130: mld-listener-query</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mld-listener-report</format>
+ <description>ICMPv6 type 131: mld-listener-report</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mld-listener-reduction</format>
+ <description>ICMPv6 type 132: mld-listener-reduction</description>
+ </valueHelp>
+ <valueHelp>
+ <format>nd-router-solicit</format>
+ <description>ICMPv6 type 133: nd-router-solicit</description>
+ </valueHelp>
+ <valueHelp>
+ <format>nd-router-advert</format>
+ <description>ICMPv6 type 134: nd-router-advert</description>
+ </valueHelp>
+ <valueHelp>
+ <format>nd-neighbor-solicit</format>
+ <description>ICMPv6 type 135: nd-neighbor-solicit</description>
+ </valueHelp>
+ <valueHelp>
+ <format>nd-neighbor-advert</format>
+ <description>ICMPv6 type 136: nd-neighbor-advert</description>
+ </valueHelp>
+ <valueHelp>
+ <format>nd-redirect</format>
+ <description>ICMPv6 type 137: nd-redirect</description>
+ </valueHelp>
+ <valueHelp>
+ <format>parameter-problem</format>
+ <description>ICMPv6 type 4: parameter-problem</description>
+ </valueHelp>
+ <valueHelp>
+ <format>router-renumbering</format>
+ <description>ICMPv6 type 138: router-renumbering</description>
+ </valueHelp>
+ <constraint>
+ <regex>^(destination-unreachable|packet-too-big|time-exceeded|echo-request|echo-reply|mld-listener-query|mld-listener-report|mld-listener-reduction|nd-router-solicit|nd-router-advert|nd-neighbor-solicit|nd-neighbor-advert|nd-redirect|parameter-problem|router-renumbering)$</regex>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/nat-port.xml.i b/interface-definitions/include/nat-port.xml.i
index 7aabc33c3..5f762cfb3 100644
--- a/interface-definitions/include/nat-port.xml.i
+++ b/interface-definitions/include/nat-port.xml.i
@@ -3,6 +3,10 @@
<properties>
<help>Port number</help>
<valueHelp>
+ <format>txt</format>
+ <description>Named port (any name in /etc/services, e.g., http)</description>
+ </valueHelp>
+ <valueHelp>
<format>u32:1-65535</format>
<description>Numeric IP port</description>
</valueHelp>
@@ -14,6 +18,9 @@
<format/>
<description>\n\nMultiple destination ports can be specified as a comma-separated list.\nThe whole list can also be negated using '!'.\nFor example: '!22,telnet,http,123,1001-1005'</description>
</valueHelp>
+ <constraint>
+ <validator name="port-multi"/>
+ </constraint>
</properties>
</leafNode>
<!-- include end -->
diff --git a/interface-definitions/include/nat-translation-port.xml.i b/interface-definitions/include/nat-translation-port.xml.i
index 6e507353c..6f17df3d9 100644
--- a/interface-definitions/include/nat-translation-port.xml.i
+++ b/interface-definitions/include/nat-translation-port.xml.i
@@ -10,6 +10,9 @@
<format>range</format>
<description>Numbered port range (e.g., 1001-1005)</description>
</valueHelp>
+ <constraint>
+ <validator name="port-range"/>
+ </constraint>
</properties>
</leafNode>
<!-- include end -->
diff --git a/interface-definitions/service_upnp.xml.in b/interface-definitions/service_upnp.xml.in
new file mode 100644
index 000000000..8d0a14d4e
--- /dev/null
+++ b/interface-definitions/service_upnp.xml.in
@@ -0,0 +1,246 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="service">
+ <children>
+ <node name="upnp" owner="${vyos_conf_scripts_dir}/service_upnp.py">
+ <properties>
+ <help>Universal Plug and Play (UPnP) service</help>
+ <priority>900</priority>
+ </properties>
+ <children>
+ <leafNode name="friendly-name">
+ <properties>
+ <help>Name of this service</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Friendly name</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="wan-interface">
+ <properties>
+ <help>WAN network interface (REQUIRE)</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ <constraint>
+ <validator name="interface-name" />
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="wan-ip">
+ <properties>
+ <help>WAN network IP</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address" />
+ <validator name="ipv6-address" />
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="nat-pmp">
+ <properties>
+ <help>Enable NAT-PMP support</help>
+ <valueless />
+ </properties>
+ </leafNode>
+ <leafNode name="secure-mode">
+ <properties>
+ <help>Enable Secure Mode</help>
+ <valueless />
+ </properties>
+ </leafNode>
+ <leafNode name="presentation-url">
+ <properties>
+ <help>Presentation Url</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Presentation Url</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ <node name="pcp-lifetime">
+ <properties>
+ <help>PCP-base lifetime Option</help>
+ </properties>
+ <children>
+ <leafNode name="max">
+ <properties>
+ <help>Max lifetime time</help>
+ <constraint>
+ <validator name="numeric" />
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="min">
+ <properties>
+ <help>Min lifetime time</help>
+ <constraint>
+ <validator name="numeric" />
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="listen">
+ <properties>
+ <help>Local IP addresses for service to listen on</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ <valueHelp>
+ <format>&lt;interface&gt;</format>
+ <description>Monitor interface address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IP address to listen for incoming connections</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv4-prefix</format>
+ <description>IP prefix to listen for incoming connections</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IP address to listen for incoming connections</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6-prefix</format>
+ <description>IP prefix to listen for incoming connections</description>
+ </valueHelp>
+ <multi/>
+ <constraint>
+ <validator name="interface-name" />
+ <validator name="ipv4-address"/>
+ <validator name="ipv4-prefix"/>
+ <validator name="ipv6-address"/>
+ <validator name="ipv6-prefix"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <node name="stun">
+ <properties>
+ <help>Enable STUN probe support (can be used with NAT 1:1 support for WAN interfaces)</help>
+ </properties>
+ <children>
+ <leafNode name="host">
+ <properties>
+ <help>The STUN server address</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>The STUN server host address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>stun.stunprotocol.org</format>
+ <description>stunprotocol</description>
+ </valueHelp>
+ <valueHelp>
+ <format>stun.sipgate.net</format>
+ <description>sipgate</description>
+ </valueHelp>
+ <valueHelp>
+ <format>stun.xten.com</format>
+ <description>xten</description>
+ </valueHelp>
+ <valueHelp>
+ <format>txt</format>
+ <description>other STUN Server</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="port">
+ <properties>
+ <help>The STUN server port</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>The STUN server port</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <tagNode name="rules">
+ <properties>
+ <help>UPnP Rule</help>
+ <constraint>
+ <validator name="numeric" argument="--range 0-65535"/>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="disable">
+ <properties>
+ <help>Disable Rule</help>
+ <valueless />
+ </properties>
+ </leafNode>
+ <leafNode name="external-port-range">
+ <properties>
+ <help>Port range (REQUIRE)</help>
+ <valueHelp>
+ <format>&lt;port&gt;</format>
+ <description>single port</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;portN&gt;-&lt;portM&gt;</format>
+ <description>Port range (use '-' as delimiter)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="port-range"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="internal-port-range">
+ <properties>
+ <help>Port range (REQUIRE)</help>
+ <valueHelp>
+ <format>&lt;port&gt;</format>
+ <description>single port</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;portN&gt;-&lt;portM&gt;</format>
+ <description>Port range (use '-' as delimiter)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="port-range"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="ip">
+ <properties>
+ <help>The IP to which this rule applies (REQUIRE)</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>The IPv4 to which this rule applies</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address" />
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="action">
+ <properties>
+ <help>Actions against the rule (REQUIRE)</help>
+ <completionHelp>
+ <list>allow deny</list>
+ </completionHelp>
+ <constraint>
+ <regex>^(allow|deny)$</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-02 11:23:38 +0000