diff options
Diffstat (limited to 'interface-definitions')
-rw-r--r-- | interface-definitions/container.xml.in | 8 | ||||
-rw-r--r-- | interface-definitions/firewall.xml.in | 26 | ||||
-rw-r--r-- | interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i | 2 | ||||
-rw-r--r-- | interface-definitions/nat_cgnat.xml.in | 197 |
4 files changed, 221 insertions, 12 deletions
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in index 94f2e92f5..e7dacea36 100644 --- a/interface-definitions/container.xml.in +++ b/interface-definitions/container.xml.in @@ -25,7 +25,7 @@ <properties> <help>Grant individual Linux capability to container instance</help> <completionHelp> - <list>net-admin net-bind-service net-raw setpcap sys-admin sys-module sys-time</list> + <list>net-admin net-bind-service net-raw setpcap sys-admin sys-module sys-nice sys-time</list> </completionHelp> <valueHelp> <format>net-admin</format> @@ -52,11 +52,15 @@ <description>Load, unload and delete kernel modules</description> </valueHelp> <valueHelp> + <format>sys-nice</format> + <description>Permission to set process nice value</description> + </valueHelp> + <valueHelp> <format>sys-time</format> <description>Permission to set system clock</description> </valueHelp> <constraint> - <regex>(net-admin|net-bind-service|net-raw|setpcap|sys-admin|sys-module|sys-time)</regex> + <regex>(net-admin|net-bind-service|net-raw|setpcap|sys-admin|sys-module|sys-nice|sys-time)</regex> </constraint> <multi/> </properties> diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index 3219471b1..24e63c5ec 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -56,8 +56,9 @@ <properties> <help>Firewall address-group</help> <constraint> - <regex>[a-zA-Z0-9][\w\-\.]*</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> + <constraintErrorMessage>Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot</constraintErrorMessage> </properties> <children> <leafNode name="address"> @@ -96,7 +97,7 @@ <constraint> <regex>[a-zA-Z_][a-zA-Z0-9]?[\w\-\.]*</regex> </constraint> - <constraintErrorMessage>Name of domain-group can only contain alpha-numeric letters, hyphen, underscores and not start with numeric</constraintErrorMessage> + <constraintErrorMessage>Name of domain-group can only contain alphanumeric letters, hyphen, underscores and not start with numeric</constraintErrorMessage> </properties> <children> <leafNode name="address"> @@ -124,8 +125,9 @@ <properties> <help>Firewall dynamic address group</help> <constraint> - <regex>[a-zA-Z0-9][\w\-\.]*</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> + <constraintErrorMessage>Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot</constraintErrorMessage> </properties> <children> #include <include/generic-description.xml.i> @@ -148,8 +150,9 @@ <properties> <help>Firewall interface-group</help> <constraint> - <regex>[a-zA-Z0-9][\w\-\.]*</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> + <constraintErrorMessage>Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot</constraintErrorMessage> </properties> <children> <leafNode name="interface"> @@ -177,8 +180,9 @@ <properties> <help>Firewall ipv6-address-group</help> <constraint> - <regex>[a-zA-Z0-9][\w\-\.]*</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> + <constraintErrorMessage>Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot</constraintErrorMessage> </properties> <children> <leafNode name="address"> @@ -215,8 +219,9 @@ <properties> <help>Firewall ipv6-network-group</help> <constraint> - <regex>[a-zA-Z0-9][\w\-\.]*</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> + <constraintErrorMessage>Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot</constraintErrorMessage> </properties> <children> #include <include/generic-description.xml.i> @@ -248,8 +253,9 @@ <properties> <help>Firewall mac-group</help> <constraint> - <regex>[a-zA-Z0-9][\w\-\.]*</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> + <constraintErrorMessage>Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot</constraintErrorMessage> </properties> <children> #include <include/generic-description.xml.i> @@ -281,8 +287,9 @@ <properties> <help>Firewall network-group</help> <constraint> - <regex>[a-zA-Z0-9][\w\-\.]*</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> + <constraintErrorMessage>Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot</constraintErrorMessage> </properties> <children> #include <include/generic-description.xml.i> @@ -314,8 +321,9 @@ <properties> <help>Firewall port-group</help> <constraint> - <regex>[a-zA-Z0-9][\w\-\.]*</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> + <constraintErrorMessage>Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot</constraintErrorMessage> </properties> <children> #include <include/generic-description.xml.i> diff --git a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i index 7aeb85260..34c94e53c 100644 --- a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i +++ b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i @@ -1,3 +1,3 @@ <!-- include start from constraint/alpha-numeric-hyphen-underscore-dot.xml.i --> -<regex>[-_a-zA-Z0-9.]+</regex> +<regex>[-_a-zA-Z0-9][\w\-\.\+]*</regex> <!-- include end --> diff --git a/interface-definitions/nat_cgnat.xml.in b/interface-definitions/nat_cgnat.xml.in new file mode 100644 index 000000000..caa26b4d9 --- /dev/null +++ b/interface-definitions/nat_cgnat.xml.in @@ -0,0 +1,197 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="nat"> + <children> + <node name="cgnat" owner="${vyos_conf_scripts_dir}/nat_cgnat.py"> + <properties> + <help>Carrier-grade NAT (CGNAT) parameters</help> + <priority>221</priority> + </properties> + <children> + <node name="pool"> + <properties> + <help>External and internal pool parameters</help> + </properties> + <children> + <tagNode name="external"> + <properties> + <help>External pool name</help> + <valueHelp> + <format>txt</format> + <description>External pool name</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Name of pool can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> + <children> + <leafNode name="external-port-range"> + <properties> + <help>Port range</help> + <valueHelp> + <format>range</format> + <description>Numbered port range (e.g., 1001-1005)</description> + </valueHelp> + <constraint> + <validator name="port-range"/> + </constraint> + </properties> + <defaultValue>1024-65535</defaultValue> + </leafNode> + <node name="per-user-limit"> + <properties> + <help>Per user limits for the pool</help> + </properties> + <children> + <leafNode name="port"> + <properties> + <help>Ports per user</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>2000</defaultValue> + </leafNode> + </children> + </node> + <tagNode name="range"> + <properties> + <help>Range of IP addresses</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix</description> + </valueHelp> + <valueHelp> + <format>ipv4range</format> + <description>IPv4 address range</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + <validator name="ipv4-host"/> + <validator name="ipv4-range"/> + </constraint> + </properties> + <children> + <leafNode name="seq"> + <properties> + <help>Sequence</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Sequence number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Sequence number must be between 1 and 999999</constraintErrorMessage> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + <tagNode name="internal"> + <properties> + <help>Internal pool name</help> + <valueHelp> + <format>txt</format> + <description>Internal pool name</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Name of pool can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> + <children> + <leafNode name="range"> + <properties> + <help>Range of IP addresses</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix</description> + </valueHelp> + <valueHelp> + <format>ipv4range</format> + <description>IPv4 address range</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + <validator name="ipv4-host"/> + <validator name="ipv4-range"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + <tagNode name="rule"> + <properties> + <help>Rule</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this CGNAT rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + <node name="source"> + <properties> + <help>Source parameters</help> + </properties> + <children> + <leafNode name="pool"> + <properties> + <help>Source internal pool</help> + <completionHelp> + <path>nat cgnat pool internal</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Source internal pool name</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Name of pool can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + <node name="translation"> + <properties> + <help>Translation parameters</help> + </properties> + <children> + <leafNode name="pool"> + <properties> + <help>Translation external pool</help> + <completionHelp> + <path>nat cgnat pool external</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Translation external pool name</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Name of pool can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> |