summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/firewall.xml.in142
-rw-r--r--interface-definitions/include/bgp/protocol-common-config.xml.i1
-rw-r--r--interface-definitions/include/firewall/ipv4-hook-forward.xml.i1
-rw-r--r--interface-definitions/include/firewall/ipv4-hook-input.xml.i1
-rw-r--r--interface-definitions/include/firewall/ipv4-hook-output.xml.i1
-rw-r--r--interface-definitions/include/firewall/ipv6-hook-forward.xml.i1
-rw-r--r--interface-definitions/include/firewall/ipv6-hook-input.xml.i1
-rw-r--r--interface-definitions/include/firewall/ipv6-hook-output.xml.i1
-rw-r--r--interface-definitions/include/version/cluster-version.xml.i2
-rw-r--r--interface-definitions/include/version/interfaces-version.xml.i2
-rw-r--r--interface-definitions/include/version/openvpn-version.xml.i3
-rw-r--r--interface-definitions/interfaces-bridge.xml.in3
-rw-r--r--interface-definitions/interfaces-openvpn.xml.in24
-rw-r--r--interface-definitions/interfaces-vxlan.xml.in2
-rw-r--r--interface-definitions/policy-local-route.xml.in5
-rw-r--r--interface-definitions/xml-component-version.xml.in1
16 files changed, 168 insertions, 23 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 81e6b89ea..0bb14a1b3 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -355,6 +355,148 @@
#include <include/firewall/ipv6-custom-name.xml.i>
</children>
</node>
+ <tagNode name="zone">
+ <properties>
+ <help>Zone-policy</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Zone name</description>
+ </valueHelp>
+ <constraint>
+ <regex>[a-zA-Z0-9][\w\-\.]*</regex>
+ </constraint>
+ </properties>
+ <children>
+ #include <include/generic-description.xml.i>
+ #include <include/firewall/enable-default-log.xml.i>
+ <leafNode name="default-action">
+ <properties>
+ <help>Default-action for traffic coming into this zone</help>
+ <completionHelp>
+ <list>drop reject</list>
+ </completionHelp>
+ <valueHelp>
+ <format>drop</format>
+ <description>Drop silently</description>
+ </valueHelp>
+ <valueHelp>
+ <format>reject</format>
+ <description>Drop and notify source</description>
+ </valueHelp>
+ <constraint>
+ <regex>(drop|reject)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>drop</defaultValue>
+ </leafNode>
+ <tagNode name="from">
+ <properties>
+ <help>Zone from which to filter traffic</help>
+ <completionHelp>
+ <path>zone-policy zone</path>
+ </completionHelp>
+ </properties>
+ <children>
+ <node name="firewall">
+ <properties>
+ <help>Firewall options</help>
+ </properties>
+ <children>
+ <leafNode name="ipv6-name">
+ <properties>
+ <help>IPv6 firewall ruleset</help>
+ <completionHelp>
+ <path>firewall ipv6 name</path>
+ </completionHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="name">
+ <properties>
+ <help>IPv4 firewall ruleset</help>
+ <completionHelp>
+ <path>firewall ipv4 name</path>
+ </completionHelp>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </tagNode>
+ <leafNode name="interface">
+ <properties>
+ <help>Interface associated with zone</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Interface associated with zone</description>
+ </valueHelp>
+ <valueHelp>
+ <format>vrf</format>
+ <description>VRF associated with zone</description>
+ </valueHelp>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces</script>
+ <path>vrf name</path>
+ </completionHelp>
+ <multi/>
+ </properties>
+ </leafNode>
+ <node name="intra-zone-filtering">
+ <properties>
+ <help>Intra-zone filtering</help>
+ </properties>
+ <children>
+ <leafNode name="action">
+ <properties>
+ <help>Action for intra-zone traffic</help>
+ <completionHelp>
+ <list>accept drop</list>
+ </completionHelp>
+ <valueHelp>
+ <format>accept</format>
+ <description>Accept traffic</description>
+ </valueHelp>
+ <valueHelp>
+ <format>drop</format>
+ <description>Drop silently</description>
+ </valueHelp>
+ <constraint>
+ <regex>(accept|drop)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ <node name="firewall">
+ <properties>
+ <help>Use the specified firewall chain</help>
+ </properties>
+ <children>
+ <leafNode name="ipv6-name">
+ <properties>
+ <help>IPv6 firewall ruleset</help>
+ <completionHelp>
+ <path>firewall ipv6 name</path>
+ </completionHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="name">
+ <properties>
+ <help>IPv4 firewall ruleset</help>
+ <completionHelp>
+ <path>firewall ipv4 name</path>
+ </completionHelp>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ <leafNode name="local-zone">
+ <properties>
+ <help>Zone to be local-zone</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i
index 504385b53..3d9333639 100644
--- a/interface-definitions/include/bgp/protocol-common-config.xml.i
+++ b/interface-definitions/include/bgp/protocol-common-config.xml.i
@@ -343,6 +343,7 @@
#include <include/route-map.xml.i>
</children>
</tagNode>
+ #include <include/bgp/afi-maximum-paths.xml.i>
</children>
</node>
<node name="ipv4-flowspec">
diff --git a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i
index 70c0adb77..100f1c3d9 100644
--- a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i
+++ b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i
@@ -10,6 +10,7 @@
</properties>
<children>
#include <include/firewall/default-action-base-chains.xml.i>
+ #include <include/firewall/enable-default-log.xml.i>
#include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
diff --git a/interface-definitions/include/firewall/ipv4-hook-input.xml.i b/interface-definitions/include/firewall/ipv4-hook-input.xml.i
index 32b0ec94f..22546640b 100644
--- a/interface-definitions/include/firewall/ipv4-hook-input.xml.i
+++ b/interface-definitions/include/firewall/ipv4-hook-input.xml.i
@@ -10,6 +10,7 @@
</properties>
<children>
#include <include/firewall/default-action-base-chains.xml.i>
+ #include <include/firewall/enable-default-log.xml.i>
#include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
diff --git a/interface-definitions/include/firewall/ipv4-hook-output.xml.i b/interface-definitions/include/firewall/ipv4-hook-output.xml.i
index d50d1e93b..80c30cdeb 100644
--- a/interface-definitions/include/firewall/ipv4-hook-output.xml.i
+++ b/interface-definitions/include/firewall/ipv4-hook-output.xml.i
@@ -10,6 +10,7 @@
</properties>
<children>
#include <include/firewall/default-action-base-chains.xml.i>
+ #include <include/firewall/enable-default-log.xml.i>
#include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
diff --git a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i
index d83827161..fb38267eb 100644
--- a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i
+++ b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i
@@ -10,6 +10,7 @@
</properties>
<children>
#include <include/firewall/default-action-base-chains.xml.i>
+ #include <include/firewall/enable-default-log.xml.i>
#include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
diff --git a/interface-definitions/include/firewall/ipv6-hook-input.xml.i b/interface-definitions/include/firewall/ipv6-hook-input.xml.i
index e34958f28..49d4493cc 100644
--- a/interface-definitions/include/firewall/ipv6-hook-input.xml.i
+++ b/interface-definitions/include/firewall/ipv6-hook-input.xml.i
@@ -10,6 +10,7 @@
</properties>
<children>
#include <include/firewall/default-action-base-chains.xml.i>
+ #include <include/firewall/enable-default-log.xml.i>
#include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
diff --git a/interface-definitions/include/firewall/ipv6-hook-output.xml.i b/interface-definitions/include/firewall/ipv6-hook-output.xml.i
index eb4ea7ac3..452b9027f 100644
--- a/interface-definitions/include/firewall/ipv6-hook-output.xml.i
+++ b/interface-definitions/include/firewall/ipv6-hook-output.xml.i
@@ -10,6 +10,7 @@
</properties>
<children>
#include <include/firewall/default-action-base-chains.xml.i>
+ #include <include/firewall/enable-default-log.xml.i>
#include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
diff --git a/interface-definitions/include/version/cluster-version.xml.i b/interface-definitions/include/version/cluster-version.xml.i
index 621996df4..402fe36c5 100644
--- a/interface-definitions/include/version/cluster-version.xml.i
+++ b/interface-definitions/include/version/cluster-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/cluster-version.xml.i -->
-<syntaxVersion component='cluster' version='1'></syntaxVersion>
+<syntaxVersion component='cluster' version='2'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/interfaces-version.xml.i b/interface-definitions/include/version/interfaces-version.xml.i
index 3d11ce888..854e60f4e 100644
--- a/interface-definitions/include/version/interfaces-version.xml.i
+++ b/interface-definitions/include/version/interfaces-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/interfaces-version.xml.i -->
-<syntaxVersion component='interfaces' version='30'></syntaxVersion>
+<syntaxVersion component='interfaces' version='32'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/openvpn-version.xml.i b/interface-definitions/include/version/openvpn-version.xml.i
new file mode 100644
index 000000000..b4dd742a3
--- /dev/null
+++ b/interface-definitions/include/version/openvpn-version.xml.i
@@ -0,0 +1,3 @@
+<!-- include start from include/version/openvpn-version.xml.i -->
+<syntaxVersion component='openvpn' version='1'></syntaxVersion>
+<!-- include end -->
diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in
index fcfb8686c..db3762065 100644
--- a/interface-definitions/interfaces-bridge.xml.in
+++ b/interface-definitions/interfaces-bridge.xml.in
@@ -123,6 +123,9 @@
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces --bridgeable</script>
</completionHelp>
+ <constraint>
+ #include <include/constraint/interface-name.xml.i>
+ </constraint>
</properties>
<children>
<leafNode name="native-vlan">
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in
index 831659250..b8b04334c 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces-openvpn.xml.in
@@ -48,29 +48,17 @@
<properties>
<help>Standard Data Encryption Algorithm</help>
<completionHelp>
- <list>none des 3des bf128 bf256 aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list>
+ <list>none 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list>
</completionHelp>
<valueHelp>
<format>none</format>
<description>Disable encryption</description>
</valueHelp>
<valueHelp>
- <format>des</format>
- <description>DES algorithm</description>
- </valueHelp>
- <valueHelp>
<format>3des</format>
<description>DES algorithm with triple encryption</description>
</valueHelp>
<valueHelp>
- <format>bf128</format>
- <description>Blowfish algorithm with 128-bit key</description>
- </valueHelp>
- <valueHelp>
- <format>bf256</format>
- <description>Blowfish algorithm with 256-bit key</description>
- </valueHelp>
- <valueHelp>
<format>aes128</format>
<description>AES algorithm with 128-bit key CBC</description>
</valueHelp>
@@ -95,7 +83,7 @@
<description>AES algorithm with 256-bit key GCM</description>
</valueHelp>
<constraint>
- <regex>(none|des|3des|bf128|bf256|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex>
+ <regex>(none|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex>
</constraint>
</properties>
</leafNode>
@@ -103,17 +91,13 @@
<properties>
<help>Cipher negotiation list for use in server or client mode</help>
<completionHelp>
- <list>none des 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list>
+ <list>none 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list>
</completionHelp>
<valueHelp>
<format>none</format>
<description>Disable encryption</description>
</valueHelp>
<valueHelp>
- <format>des</format>
- <description>DES algorithm</description>
- </valueHelp>
- <valueHelp>
<format>3des</format>
<description>DES algorithm with triple encryption</description>
</valueHelp>
@@ -142,7 +126,7 @@
<description>AES algorithm with 256-bit key GCM</description>
</valueHelp>
<constraint>
- <regex>(none|des|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex>
+ <regex>(none|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex>
</constraint>
<multi/>
</properties>
diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in
index b246d9a09..3fae17178 100644
--- a/interface-definitions/interfaces-vxlan.xml.in
+++ b/interface-definitions/interfaces-vxlan.xml.in
@@ -93,7 +93,7 @@
</node>
#include <include/port-number.xml.i>
<leafNode name="port">
- <defaultValue>8472</defaultValue>
+ <defaultValue>4789</defaultValue>
</leafNode>
#include <include/source-address-ipv4-ipv6.xml.i>
#include <include/source-interface.xml.i>
diff --git a/interface-definitions/policy-local-route.xml.in b/interface-definitions/policy-local-route.xml.in
index 6827bd64e..15be099c9 100644
--- a/interface-definitions/policy-local-route.xml.in
+++ b/interface-definitions/policy-local-route.xml.in
@@ -60,6 +60,7 @@
</properties>
<children>
#include <include/policy/local-route_rule_ipv4_address.xml.i>
+ #include <include/port-number.xml.i>
</children>
</node>
<node name="destination">
@@ -68,6 +69,7 @@
</properties>
<children>
#include <include/policy/local-route_rule_ipv4_address.xml.i>
+ #include <include/port-number.xml.i>
</children>
</node>
#include <include/interface/inbound-interface.xml.i>
@@ -125,12 +127,14 @@
</constraint>
</properties>
</leafNode>
+ #include <include/policy/local-route_rule_protocol.xml.i>
<node name="source">
<properties>
<help>Source parameters</help>
</properties>
<children>
#include <include/policy/local-route_rule_ipv6_address.xml.i>
+ #include <include/port-number.xml.i>
</children>
</node>
<node name="destination">
@@ -139,6 +143,7 @@
</properties>
<children>
#include <include/policy/local-route_rule_ipv6_address.xml.i>
+ #include <include/port-number.xml.i>
</children>
</node>
#include <include/interface/inbound-interface.xml.i>
diff --git a/interface-definitions/xml-component-version.xml.in b/interface-definitions/xml-component-version.xml.in
index 8c9e816d1..cae3423dc 100644
--- a/interface-definitions/xml-component-version.xml.in
+++ b/interface-definitions/xml-component-version.xml.in
@@ -19,6 +19,7 @@
#include <include/version/ids-version.xml.i>
#include <include/version/ipoe-server-version.xml.i>
#include <include/version/ipsec-version.xml.i>
+ #include <include/version/openvpn-version.xml.i>
#include <include/version/isis-version.xml.i>
#include <include/version/l2tp-version.xml.i>
#include <include/version/lldp-version.xml.i>