From 19d38aa98cd656a2d4c558f6c99635b3d662b9cb Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Mon, 11 Apr 2022 17:52:30 +0000 Subject: Firewall: T990: Add snat and dst connection status on firewall --- .../include/firewall/common-rule.xml.i | 60 ++++++---------------- 1 file changed, 17 insertions(+), 43 deletions(-) (limited to 'interface-definitions/include/firewall') diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i index 6e61de848..e74ce4ee4 100644 --- a/interface-definitions/include/firewall/common-rule.xml.i +++ b/interface-definitions/include/firewall/common-rule.xml.i @@ -95,51 +95,25 @@ - + - Connection status in conntrack + Connection status + + dnat snat + + + dnat + Match connections that are subject to destination NAT + + + snat + Match connections that are subject to source NAT + + + ^(dnat|snat)$ + - - - - Set when connection needs DNAT in original direction - - enable disable - - - enable - Enable - - - disable - Disable - - - ^(enable|disable)$ - - - - - - Set when connection needs SNAT in original direction - - enable disable - - - enable - Enable - - - disable - Disable - - - ^(enable|disable)$ - - - - - + Protocol to match (protocol name, number, or "all") -- cgit v1.2.3