diff options
Diffstat (limited to 'interface-definitions')
| -rw-r--r-- | interface-definitions/container.xml.in | 2 | ||||
| -rw-r--r-- | interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i | 14 | ||||
| -rw-r--r-- | interface-definitions/include/auth-local-users.xml.i | 68 | ||||
| -rw-r--r-- | interface-definitions/include/firewall/common-rule.xml.i | 26 | ||||
| -rw-r--r-- | interface-definitions/include/ipsec/local-address.xml.i | 1 | ||||
| -rw-r--r-- | interface-definitions/policy-local-route.xml.in | 4 | ||||
| -rw-r--r-- | interface-definitions/policy.xml.in | 38 | ||||
| -rw-r--r-- | interface-definitions/service_conntrack-sync.xml.in | 3 | ||||
| -rw-r--r-- | interface-definitions/ssh.xml.in | 72 | ||||
| -rw-r--r-- | interface-definitions/vpn_openconnect.xml.in | 76 | ||||
| -rw-r--r-- | interface-definitions/vrf.xml.in | 16 |
11 files changed, 248 insertions, 72 deletions
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in index 85231b50c..51171d881 100644 --- a/interface-definitions/container.xml.in +++ b/interface-definitions/container.xml.in @@ -1,6 +1,6 @@ <?xml version="1.0"?> <interfaceDefinition> - <node name="container" owner="${vyos_conf_scripts_dir}/containers.py"> + <node name="container" owner="${vyos_conf_scripts_dir}/container.py"> <properties> <help>Container applications</help> <priority>1280</priority> diff --git a/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i b/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i index be49fce5a..f44920c3f 100644 --- a/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i +++ b/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i @@ -21,6 +21,20 @@ <valueless /> </properties> </leafNode> + <leafNode name="multiplier"> + <properties> + <help>Shaper multiplier</help> + <valueHelp> + <format><0.001-1000></format> + <description>Shaper multiplier</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0.001-1000 --float"/> + </constraint> + <constraintErrorMessage>Multiplier needs to be between 0.001 and 1000</constraintErrorMessage> + </properties> + <defaultValue>1</defaultValue> + </leafNode> </children> </node> <!-- include end --> diff --git a/interface-definitions/include/auth-local-users.xml.i b/interface-definitions/include/auth-local-users.xml.i index cb456eecf..9fb507474 100644 --- a/interface-definitions/include/auth-local-users.xml.i +++ b/interface-definitions/include/auth-local-users.xml.i @@ -19,74 +19,6 @@ <help>Password used for authentication</help> </properties> </leafNode> - <node name="otp"> - <properties> - <help>2FA OTP authentication parameters</help> - </properties> - <children> - <leafNode name="key"> - <properties> - <help>Token Key Secret key for the token algorithm (see RFC 4226)</help> - <valueHelp> - <format>txt</format> - <description>OTP key in hex-encoded format</description> - </valueHelp> - <constraint> - <regex>[a-fA-F0-9]{20,10000}</regex> - </constraint> - <constraintErrorMessage>Key name must only include hex characters and be at least 20 characters long</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="otp-length"> - <properties> - <help>Number of digits in OTP code</help> - <valueHelp> - <format>u32:6-8</format> - <description>Number of digits in OTP code</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 6-8"/> - </constraint> - <constraintErrorMessage>Number of digits in OTP code must be between 6 and 8</constraintErrorMessage> - </properties> - <defaultValue>6</defaultValue> - </leafNode> - <leafNode name="interval"> - <properties> - <help>Time tokens interval in seconds</help> - <valueHelp> - <format>u32:5-86400</format> - <description>Time tokens interval in seconds.</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 5-86400"/> - </constraint> - <constraintErrorMessage>Time token interval must be between 5 and 86400 seconds</constraintErrorMessage> - </properties> - <defaultValue>30</defaultValue> - </leafNode> - <leafNode name="token-type"> - <properties> - <help>Token type</help> - <valueHelp> - <format>hotp-time</format> - <description>Time-based OTP algorithm</description> - </valueHelp> - <valueHelp> - <format>hotp-event</format> - <description>Event-based OTP algorithm</description> - </valueHelp> - <constraint> - <regex>(hotp-time|hotp-event)</regex> - </constraint> - <completionHelp> - <list>hotp-time hotp-event</list> - </completionHelp> - </properties> - <defaultValue>hotp-time</defaultValue> - </leafNode> - </children> - </node> </children> </tagNode> </children> diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i index cbdfa9dc2..2a5137dbf 100644 --- a/interface-definitions/include/firewall/common-rule.xml.i +++ b/interface-definitions/include/firewall/common-rule.xml.i @@ -95,6 +95,32 @@ </constraint> </properties> </leafNode> +<node name="connection-status"> + <properties> + <help>Connection status</help> + </properties> + <children> + <leafNode name="nat"> + <properties> + <help>NAT connection status</help> + <completionHelp> + <list>destination source</list> + </completionHelp> + <valueHelp> + <format>destination</format> + <description>Match connections that are subject to destination NAT</description> + </valueHelp> + <valueHelp> + <format>source</format> + <description>Match connections that are subject to source NAT</description> + </valueHelp> + <constraint> + <regex>^(destination|source)$</regex> + </constraint> + </properties> + </leafNode> + </children> +</node> <leafNode name="protocol"> <properties> <help>Protocol to match (protocol name, number, or "all")</help> diff --git a/interface-definitions/include/ipsec/local-address.xml.i b/interface-definitions/include/ipsec/local-address.xml.i index dc5653ce7..9d267f3f7 100644 --- a/interface-definitions/include/ipsec/local-address.xml.i +++ b/interface-definitions/include/ipsec/local-address.xml.i @@ -4,6 +4,7 @@ <help>IPv4 or IPv6 address of a local interface to use for VPN</help> <completionHelp> <list>any</list> + <script>${vyos_completion_dir}/list_local_ips.sh --both</script> </completionHelp> <valueHelp> <format>ipv4</format> diff --git a/interface-definitions/policy-local-route.xml.in b/interface-definitions/policy-local-route.xml.in index 573a7963f..d969613b1 100644 --- a/interface-definitions/policy-local-route.xml.in +++ b/interface-definitions/policy-local-route.xml.in @@ -146,11 +146,11 @@ <properties> <help>Source address or prefix</help> <valueHelp> - <format>ipv4</format> + <format>ipv6</format> <description>Address to match against</description> </valueHelp> <valueHelp> - <format>ipv4net</format> + <format>ipv6net</format> <description>Prefix to match against</description> </valueHelp> <constraint> diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in index 1d5d7dd55..50b7cbc84 100644 --- a/interface-definitions/policy.xml.in +++ b/interface-definitions/policy.xml.in @@ -1070,6 +1070,44 @@ </constraint> </properties> </leafNode> + <node name="evpn"> + <properties> + <help>Ethernet Virtual Private Network</help> + </properties> + <children> + <node name="gateway"> + <properties> + <help>Set gateway IP for prefix advertisement route</help> + </properties> + <children> + <leafNode name="ipv4"> + <properties> + <help>Set gateway IPv4 address</help> + <valueHelp> + <format>ipv4</format> + <description>Gateway IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="ipv6"> + <properties> + <help>Set gateway IPv6 address</help> + <valueHelp> + <format>ipv6</format> + <description>Gateway IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> <node name="extcommunity"> <properties> <help>BGP extended community attribute</help> diff --git a/interface-definitions/service_conntrack-sync.xml.in b/interface-definitions/service_conntrack-sync.xml.in index 32efa7323..6fa6fc5f9 100644 --- a/interface-definitions/service_conntrack-sync.xml.in +++ b/interface-definitions/service_conntrack-sync.xml.in @@ -5,7 +5,8 @@ <node name="conntrack-sync" owner="${vyos_conf_scripts_dir}/conntrack_sync.py"> <properties> <help>Connection tracking synchronization</help> - <priority>995</priority> + <!-- before VRRP / HA --> + <priority>799</priority> </properties> <children> <leafNode name="accept-protocol"> diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in index 8edbad110..126183162 100644 --- a/interface-definitions/ssh.xml.in +++ b/interface-definitions/ssh.xml.in @@ -61,6 +61,78 @@ <valueless/> </properties> </leafNode> + <node name="dynamic-protection"> + <properties> + <help>Allow dynamic protection</help> + </properties> + <children> + <leafNode name="block-time"> + <properties> + <help>Block source IP in seconds. Subsequent blocks increase by a factor of 1.5</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Time interval in seconds for blocking</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>120</defaultValue> + </leafNode> + <leafNode name="detect-time"> + <properties> + <help>Remember source IP in seconds before reset their score</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Time interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>1800</defaultValue> + </leafNode> + <leafNode name="threshold"> + <properties> + <help>Block source IP when their cumulative attack score exceeds threshold</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Threshold score</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>30</defaultValue> + </leafNode> + <leafNode name="allow-from"> + <properties> + <help>Always allow inbound connections from these systems</help> + <valueHelp> + <format>ipv4</format> + <description>Address to match against</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address to match against</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + <validator name="ip-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> <leafNode name="key-exchange"> <properties> <help>Allowed key exchange (KEX) algorithms</help> diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in index 7981c3fa2..21b47125d 100644 --- a/interface-definitions/vpn_openconnect.xml.in +++ b/interface-definitions/vpn_openconnect.xml.in @@ -51,6 +51,82 @@ </children> </node> #include <include/auth-local-users.xml.i> + <node name="local-users"> + <children> + <tagNode name="username"> + <children> + <node name="otp"> + <properties> + <help>2FA OTP authentication parameters</help> + </properties> + <children> + <leafNode name="key"> + <properties> + <help>Token Key Secret key for the token algorithm (see RFC 4226)</help> + <valueHelp> + <format>txt</format> + <description>OTP key in hex-encoded format</description> + </valueHelp> + <constraint> + <regex>[a-fA-F0-9]{20,10000}</regex> + </constraint> + <constraintErrorMessage>Key name must only include hex characters and be at least 20 characters long</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="otp-length"> + <properties> + <help>Number of digits in OTP code</help> + <valueHelp> + <format>u32:6-8</format> + <description>Number of digits in OTP code</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 6-8"/> + </constraint> + <constraintErrorMessage>Number of digits in OTP code must be between 6 and 8</constraintErrorMessage> + </properties> + <defaultValue>6</defaultValue> + </leafNode> + <leafNode name="interval"> + <properties> + <help>Time tokens interval in seconds</help> + <valueHelp> + <format>u32:5-86400</format> + <description>Time tokens interval in seconds.</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-86400"/> + </constraint> + <constraintErrorMessage>Time token interval must be between 5 and 86400 seconds</constraintErrorMessage> + </properties> + <defaultValue>30</defaultValue> + </leafNode> + <leafNode name="token-type"> + <properties> + <help>Token type</help> + <valueHelp> + <format>hotp-time</format> + <description>Time-based OTP algorithm</description> + </valueHelp> + <valueHelp> + <format>hotp-event</format> + <description>Event-based OTP algorithm</description> + </valueHelp> + <constraint> + <regex>(hotp-time|hotp-event)</regex> + </constraint> + <completionHelp> + <list>hotp-time hotp-event</list> + </completionHelp> + </properties> + <defaultValue>hotp-time</defaultValue> + </leafNode> + </children> + </node> + </children> + </tagNode> + </children> + </node> #include <include/radius-server-ipv4.xml.i> <node name="radius"> <children> diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in index 14c31fa8a..25a573887 100644 --- a/interface-definitions/vrf.xml.in +++ b/interface-definitions/vrf.xml.in @@ -28,6 +28,22 @@ <children> #include <include/interface/description.xml.i> #include <include/interface/disable.xml.i> + <node name="ip"> + <properties> + <help>IPv4 routing parameters</help> + </properties> + <children> + #include <include/interface/disable-forwarding.xml.i> + </children> + </node> + <node name="ipv6"> + <properties> + <help>IPv6 routing parameters</help> + </properties> + <children> + #include <include/interface/disable-forwarding.xml.i> + </children> + </node> <node name="protocols"> <properties> <help>Routing protocol parameters</help> |