From 41133869c50cd691735a141722dbca72827191e5 Mon Sep 17 00:00:00 2001 From: sarthurdev <965089+sarthurdev@users.noreply.github.com> Date: Fri, 15 Sep 2023 18:31:17 +0200 Subject: firewall: T4502: Update to flowtable CLI `set firewall flowtable interface ` `set firewall flowtable offload [software|hardware]` `set firewall [ipv4|ipv6] forward filter rule N action offload` `set firewall [ipv4|ipv6] forward filter rule N offload-target ` --- .../include/firewall/action-forward.xml.i | 45 +++++++++++++++++++++ .../include/firewall/flow-offload.xml.i | 47 ---------------------- .../include/firewall/global-options.xml.i | 1 - .../include/firewall/ipv4-hook-forward.xml.i | 2 + .../include/firewall/ipv6-hook-forward.xml.i | 2 + .../include/firewall/offload-target.xml.i | 10 +++++ 6 files changed, 59 insertions(+), 48 deletions(-) create mode 100644 interface-definitions/include/firewall/action-forward.xml.i delete mode 100644 interface-definitions/include/firewall/flow-offload.xml.i create mode 100644 interface-definitions/include/firewall/offload-target.xml.i (limited to 'interface-definitions/include') diff --git a/interface-definitions/include/firewall/action-forward.xml.i b/interface-definitions/include/firewall/action-forward.xml.i new file mode 100644 index 000000000..f61e51887 --- /dev/null +++ b/interface-definitions/include/firewall/action-forward.xml.i @@ -0,0 +1,45 @@ + + + + Rule action + + accept continue jump reject return drop queue offload + + + accept + Accept matching entries + + + continue + Continue parsing next rule + + + jump + Jump to another chain + + + reject + Reject matching entries + + + return + Return from the current chain and continue at the next rule of the last chain + + + drop + Drop matching entries + + + queue + Enqueue packet to userspace + + + offload + Offload packet via flowtable + + + (accept|continue|jump|reject|return|drop|queue|offload) + + + + diff --git a/interface-definitions/include/firewall/flow-offload.xml.i b/interface-definitions/include/firewall/flow-offload.xml.i deleted file mode 100644 index 706836362..000000000 --- a/interface-definitions/include/firewall/flow-offload.xml.i +++ /dev/null @@ -1,47 +0,0 @@ - - - - Configurable flow offload options - - - - - Disable flow offload - - - - - - Software offload - - - - - Interfaces to enable - - - - - - - - - - - Hardware offload - - - - - Interfaces to enable - - - - - - - - - - - diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i index 03c07e657..e655cd6ac 100644 --- a/interface-definitions/include/firewall/global-options.xml.i +++ b/interface-definitions/include/firewall/global-options.xml.i @@ -271,7 +271,6 @@ disable - #include diff --git a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i index 08ee96419..70c0adb77 100644 --- a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i @@ -24,8 +24,10 @@ Firewall rule number must be between 1 and 999999 + #include #include #include + #include #include diff --git a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i index 20ab8dbe8..d83827161 100644 --- a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i @@ -24,8 +24,10 @@ Firewall rule number must be between 1 and 999999 + #include #include #include + #include #include diff --git a/interface-definitions/include/firewall/offload-target.xml.i b/interface-definitions/include/firewall/offload-target.xml.i new file mode 100644 index 000000000..940ed8091 --- /dev/null +++ b/interface-definitions/include/firewall/offload-target.xml.i @@ -0,0 +1,10 @@ + + + + Set flowtable offload target. Action offload must be defined to use this setting + + firewall flowtable + + + + -- cgit v1.2.3