From 9a5dfb4b7ec9e065a73511a38e1713aec03eee0e Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Fri, 28 Oct 2022 18:19:47 +0000
Subject: T4780: Firewall: add firewall groups in firewall. Extend matching
 criteria so this new group can be used in inbound and outbound matcher

---
 .../include/firewall/common-rule.xml.i             | 26 +++++++++++-----------
 .../include/firewall/match-interface.xml.i         | 18 +++++++++++++++
 .../include/version/firewall-version.xml.i         |  2 +-
 3 files changed, 32 insertions(+), 14 deletions(-)
 create mode 100644 interface-definitions/include/firewall/match-interface.xml.i

(limited to 'interface-definitions/include')

diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i
index a4f66f5cb..297e6fc1a 100644
--- a/interface-definitions/include/firewall/common-rule.xml.i
+++ b/interface-definitions/include/firewall/common-rule.xml.i
@@ -26,14 +26,22 @@
     </leafNode>
   </children>
 </node>
-<leafNode name="inbound-interface">
+<node name="inbound-interface">
   <properties>
     <help>Match inbound-interface</help>
-    <completionHelp>
-      <script>${vyos_completion_dir}/list_interfaces.py</script>
-    </completionHelp>
   </properties>
-</leafNode>
+  <children>
+    #include <include/firewall/match-interface.xml.i>
+  </children>
+</node>
+<node name="outbound-interface">
+  <properties>
+    <help>Match outbound-interface</help>
+  </properties>
+  <children>
+    #include <include/firewall/match-interface.xml.i>
+  </children>
+</node>
 <node name="ipsec">
   <properties>
     <help>Inbound IPsec packets</help>
@@ -130,14 +138,6 @@
     </leafNode>
   </children>
 </node>
-<leafNode name="outbound-interface">
-  <properties>
-    <help>Match outbound-interface</help>
-    <completionHelp>
-      <script>${vyos_completion_dir}/list_interfaces.py</script>
-    </completionHelp>
-  </properties>
-</leafNode>
 <leafNode name="protocol">
   <properties>
     <help>Protocol to match (protocol name, number, or "all")</help>
diff --git a/interface-definitions/include/firewall/match-interface.xml.i b/interface-definitions/include/firewall/match-interface.xml.i
new file mode 100644
index 000000000..675a87574
--- /dev/null
+++ b/interface-definitions/include/firewall/match-interface.xml.i
@@ -0,0 +1,18 @@
+<!-- include start from firewall/match-interface.xml.i -->
+<leafNode name="interface-name">
+  <properties>
+    <help>Match interface</help>
+    <completionHelp>
+      <script>${vyos_completion_dir}/list_interfaces.py</script>
+    </completionHelp>
+  </properties>
+</leafNode>
+<leafNode name="interface-group">
+  <properties>
+    <help>Match interface-group</help>
+    <completionHelp>
+      <path>firewall group interface-group</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
\ No newline at end of file
diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i
index 065925319..bc04f8d51 100644
--- a/interface-definitions/include/version/firewall-version.xml.i
+++ b/interface-definitions/include/version/firewall-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/firewall-version.xml.i -->
-<syntaxVersion component='firewall' version='8'></syntaxVersion>
+<syntaxVersion component='firewall' version='9'></syntaxVersion>
 <!-- include end -->
-- 
cgit v1.2.3