From 1d65ce9558b7c814295474a7cdf648866b612ff6 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Tue, 25 Jan 2022 19:09:08 +0000 Subject: nat: T4138: Add port-range validation for NAT Add port-validators for NAT rules that prevent to set incorrect port-ranges (21-5) and incorrect ports (70000) --- interface-definitions/include/nat-port.xml.i | 7 +++++++ interface-definitions/include/nat-translation-port.xml.i | 3 +++ 2 files changed, 10 insertions(+) diff --git a/interface-definitions/include/nat-port.xml.i b/interface-definitions/include/nat-port.xml.i index 7aabc33c3..5f762cfb3 100644 --- a/interface-definitions/include/nat-port.xml.i +++ b/interface-definitions/include/nat-port.xml.i @@ -2,6 +2,10 @@ Port number + + txt + Named port (any name in /etc/services, e.g., http) + u32:1-65535 Numeric IP port @@ -14,6 +18,9 @@ \n\nMultiple destination ports can be specified as a comma-separated list.\nThe whole list can also be negated using '!'.\nFor example: '!22,telnet,http,123,1001-1005' + + + diff --git a/interface-definitions/include/nat-translation-port.xml.i b/interface-definitions/include/nat-translation-port.xml.i index 6e507353c..6f17df3d9 100644 --- a/interface-definitions/include/nat-translation-port.xml.i +++ b/interface-definitions/include/nat-translation-port.xml.i @@ -10,6 +10,9 @@ range Numbered port range (e.g., 1001-1005) + + + -- cgit v1.2.3