summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/container.xml.in8
-rw-r--r--interface-definitions/firewall.xml.in26
-rw-r--r--interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i2
-rw-r--r--interface-definitions/nat_cgnat.xml.in197
4 files changed, 221 insertions, 12 deletions
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in
index 94f2e92f5..e7dacea36 100644
--- a/interface-definitions/container.xml.in
+++ b/interface-definitions/container.xml.in
@@ -25,7 +25,7 @@
<properties>
<help>Grant individual Linux capability to container instance</help>
<completionHelp>
- <list>net-admin net-bind-service net-raw setpcap sys-admin sys-module sys-time</list>
+ <list>net-admin net-bind-service net-raw setpcap sys-admin sys-module sys-nice sys-time</list>
</completionHelp>
<valueHelp>
<format>net-admin</format>
@@ -52,11 +52,15 @@
<description>Load, unload and delete kernel modules</description>
</valueHelp>
<valueHelp>
+ <format>sys-nice</format>
+ <description>Permission to set process nice value</description>
+ </valueHelp>
+ <valueHelp>
<format>sys-time</format>
<description>Permission to set system clock</description>
</valueHelp>
<constraint>
- <regex>(net-admin|net-bind-service|net-raw|setpcap|sys-admin|sys-module|sys-time)</regex>
+ <regex>(net-admin|net-bind-service|net-raw|setpcap|sys-admin|sys-module|sys-nice|sys-time)</regex>
</constraint>
<multi/>
</properties>
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 3219471b1..24e63c5ec 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -56,8 +56,9 @@
<properties>
<help>Firewall address-group</help>
<constraint>
- <regex>[a-zA-Z0-9][\w\-\.]*</regex>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
</constraint>
+ <constraintErrorMessage>Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot</constraintErrorMessage>
</properties>
<children>
<leafNode name="address">
@@ -96,7 +97,7 @@
<constraint>
<regex>[a-zA-Z_][a-zA-Z0-9]?[\w\-\.]*</regex>
</constraint>
- <constraintErrorMessage>Name of domain-group can only contain alpha-numeric letters, hyphen, underscores and not start with numeric</constraintErrorMessage>
+ <constraintErrorMessage>Name of domain-group can only contain alphanumeric letters, hyphen, underscores and not start with numeric</constraintErrorMessage>
</properties>
<children>
<leafNode name="address">
@@ -124,8 +125,9 @@
<properties>
<help>Firewall dynamic address group</help>
<constraint>
- <regex>[a-zA-Z0-9][\w\-\.]*</regex>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
</constraint>
+ <constraintErrorMessage>Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot</constraintErrorMessage>
</properties>
<children>
#include <include/generic-description.xml.i>
@@ -148,8 +150,9 @@
<properties>
<help>Firewall interface-group</help>
<constraint>
- <regex>[a-zA-Z0-9][\w\-\.]*</regex>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
</constraint>
+ <constraintErrorMessage>Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot</constraintErrorMessage>
</properties>
<children>
<leafNode name="interface">
@@ -177,8 +180,9 @@
<properties>
<help>Firewall ipv6-address-group</help>
<constraint>
- <regex>[a-zA-Z0-9][\w\-\.]*</regex>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
</constraint>
+ <constraintErrorMessage>Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot</constraintErrorMessage>
</properties>
<children>
<leafNode name="address">
@@ -215,8 +219,9 @@
<properties>
<help>Firewall ipv6-network-group</help>
<constraint>
- <regex>[a-zA-Z0-9][\w\-\.]*</regex>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
</constraint>
+ <constraintErrorMessage>Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot</constraintErrorMessage>
</properties>
<children>
#include <include/generic-description.xml.i>
@@ -248,8 +253,9 @@
<properties>
<help>Firewall mac-group</help>
<constraint>
- <regex>[a-zA-Z0-9][\w\-\.]*</regex>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
</constraint>
+ <constraintErrorMessage>Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot</constraintErrorMessage>
</properties>
<children>
#include <include/generic-description.xml.i>
@@ -281,8 +287,9 @@
<properties>
<help>Firewall network-group</help>
<constraint>
- <regex>[a-zA-Z0-9][\w\-\.]*</regex>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
</constraint>
+ <constraintErrorMessage>Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot</constraintErrorMessage>
</properties>
<children>
#include <include/generic-description.xml.i>
@@ -314,8 +321,9 @@
<properties>
<help>Firewall port-group</help>
<constraint>
- <regex>[a-zA-Z0-9][\w\-\.]*</regex>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
</constraint>
+ <constraintErrorMessage>Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot</constraintErrorMessage>
</properties>
<children>
#include <include/generic-description.xml.i>
diff --git a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i
index 7aeb85260..34c94e53c 100644
--- a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i
+++ b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i
@@ -1,3 +1,3 @@
<!-- include start from constraint/alpha-numeric-hyphen-underscore-dot.xml.i -->
-<regex>[-_a-zA-Z0-9.]+</regex>
+<regex>[-_a-zA-Z0-9][\w\-\.\+]*</regex>
<!-- include end -->
diff --git a/interface-definitions/nat_cgnat.xml.in b/interface-definitions/nat_cgnat.xml.in
new file mode 100644
index 000000000..caa26b4d9
--- /dev/null
+++ b/interface-definitions/nat_cgnat.xml.in
@@ -0,0 +1,197 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="nat">
+ <children>
+ <node name="cgnat" owner="${vyos_conf_scripts_dir}/nat_cgnat.py">
+ <properties>
+ <help>Carrier-grade NAT (CGNAT) parameters</help>
+ <priority>221</priority>
+ </properties>
+ <children>
+ <node name="pool">
+ <properties>
+ <help>External and internal pool parameters</help>
+ </properties>
+ <children>
+ <tagNode name="external">
+ <properties>
+ <help>External pool name</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>External pool name</description>
+ </valueHelp>
+ <constraint>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+ </constraint>
+ <constraintErrorMessage>Name of pool can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="external-port-range">
+ <properties>
+ <help>Port range</help>
+ <valueHelp>
+ <format>range</format>
+ <description>Numbered port range (e.g., 1001-1005)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="port-range"/>
+ </constraint>
+ </properties>
+ <defaultValue>1024-65535</defaultValue>
+ </leafNode>
+ <node name="per-user-limit">
+ <properties>
+ <help>Per user limits for the pool</help>
+ </properties>
+ <children>
+ <leafNode name="port">
+ <properties>
+ <help>Ports per user</help>
+ <valueHelp>
+ <format>u32:1-65535</format>
+ <description>Numeric IP port</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+ <defaultValue>2000</defaultValue>
+ </leafNode>
+ </children>
+ </node>
+ <tagNode name="range">
+ <properties>
+ <help>Range of IP addresses</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IPv4 prefix</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv4range</format>
+ <description>IPv4 address range</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-prefix"/>
+ <validator name="ipv4-host"/>
+ <validator name="ipv4-range"/>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="seq">
+ <properties>
+ <help>Sequence</help>
+ <valueHelp>
+ <format>u32:1-999999</format>
+ <description>Sequence number</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-999999"/>
+ </constraint>
+ <constraintErrorMessage>Sequence number must be between 1 and 999999</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </tagNode>
+ <tagNode name="internal">
+ <properties>
+ <help>Internal pool name</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Internal pool name</description>
+ </valueHelp>
+ <constraint>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+ </constraint>
+ <constraintErrorMessage>Name of pool can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="range">
+ <properties>
+ <help>Range of IP addresses</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IPv4 prefix</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv4range</format>
+ <description>IPv4 address range</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-prefix"/>
+ <validator name="ipv4-host"/>
+ <validator name="ipv4-range"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ <tagNode name="rule">
+ <properties>
+ <help>Rule</help>
+ <valueHelp>
+ <format>u32:1-999999</format>
+ <description>Number for this CGNAT rule</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-999999"/>
+ </constraint>
+ <constraintErrorMessage>Rule number must be between 1 and 999999</constraintErrorMessage>
+ </properties>
+ <children>
+ <node name="source">
+ <properties>
+ <help>Source parameters</help>
+ </properties>
+ <children>
+ <leafNode name="pool">
+ <properties>
+ <help>Source internal pool</help>
+ <completionHelp>
+ <path>nat cgnat pool internal</path>
+ </completionHelp>
+ <valueHelp>
+ <format>txt</format>
+ <description>Source internal pool name</description>
+ </valueHelp>
+ <constraint>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+ </constraint>
+ <constraintErrorMessage>Name of pool can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <node name="translation">
+ <properties>
+ <help>Translation parameters</help>
+ </properties>
+ <children>
+ <leafNode name="pool">
+ <properties>
+ <help>Translation external pool</help>
+ <completionHelp>
+ <path>nat cgnat pool external</path>
+ </completionHelp>
+ <valueHelp>
+ <format>txt</format>
+ <description>Translation external pool name</description>
+ </valueHelp>
+ <constraint>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+ </constraint>
+ <constraintErrorMessage>Name of pool can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>