From 0d4d4dd840e06c18250d73f27de61261ff141944 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 3 Dec 2019 22:01:19 +0100 Subject: T1843: run interface-definitions though GCC preprocessor A lot of XML code is duplicated (VLAN, interface address) for instance. Such XML definitions should be moved to feature.xml.i files and then just pulled in via GCC preprocessor #include definition in e.g. bond or ethernet definitions. This will give us the ability to single-source repeating node definitions as: * Interface Address * Interface Description * Interface Disable * VLAN (both vif-s and vif-c) The .in suffix of the interface-definitions is a marker that those files are input files to the GCC preprocessor. They will be rendered into proper XML files in the build directory. Some node definitions have been reworder to remove escaped double quote occurances which would have been warned about by the GCC preprocessor. --- interface-definitions/arp.xml | 37 - interface-definitions/arp.xml.in | 37 + interface-definitions/bcast-relay.xml | 80 -- interface-definitions/bcast-relay.xml.in | 80 ++ interface-definitions/beep-on-boot.xml | 21 - interface-definitions/beep-on-boot.xml.in | 21 + interface-definitions/cron.xml | 75 -- interface-definitions/cron.xml.in | 75 ++ interface-definitions/dhcp-relay.xml | 98 --- interface-definitions/dhcp-relay.xml.in | 98 +++ interface-definitions/dhcp-server.xml | 467 ----------- interface-definitions/dhcp-server.xml.in | 467 +++++++++++ interface-definitions/dhcpv6-relay.xml | 80 -- interface-definitions/dhcpv6-relay.xml.in | 80 ++ interface-definitions/dhcpv6-server.xml | 328 -------- interface-definitions/dhcpv6-server.xml.in | 328 ++++++++ interface-definitions/dns-domain-name.xml | 115 --- interface-definitions/dns-domain-name.xml.in | 115 +++ interface-definitions/dns-dynamic.xml | 230 ------ interface-definitions/dns-dynamic.xml.in | 230 ++++++ interface-definitions/dns-forwarding.xml | 177 ---- interface-definitions/dns-forwarding.xml.in | 177 ++++ interface-definitions/firewall-options.xml | 55 -- interface-definitions/firewall-options.xml.in | 55 ++ interface-definitions/https.xml | 135 --- interface-definitions/https.xml.in | 134 +++ interface-definitions/igmp-proxy.xml | 100 --- interface-definitions/igmp-proxy.xml.in | 100 +++ interface-definitions/intel_qat.xml | 22 - interface-definitions/intel_qat.xml.in | 21 + interface-definitions/interfaces-bonding.xml | 693 ---------------- interface-definitions/interfaces-bonding.xml.in | 693 ++++++++++++++++ interface-definitions/interfaces-bridge.xml | 274 ------ interface-definitions/interfaces-bridge.xml.in | 274 ++++++ interface-definitions/interfaces-dummy.xml | 55 -- interface-definitions/interfaces-dummy.xml.in | 55 ++ interface-definitions/interfaces-ethernet.xml | 904 -------------------- interface-definitions/interfaces-ethernet.xml.in | 904 ++++++++++++++++++++ interface-definitions/interfaces-geneve.xml | 118 --- interface-definitions/interfaces-geneve.xml.in | 118 +++ interface-definitions/interfaces-loopback.xml | 46 -- interface-definitions/interfaces-loopback.xml.in | 46 ++ interface-definitions/interfaces-openvpn.xml | 677 --------------- interface-definitions/interfaces-openvpn.xml.in | 677 +++++++++++++++ interface-definitions/interfaces-vxlan.xml | 151 ---- interface-definitions/interfaces-vxlan.xml.in | 151 ++++ interface-definitions/interfaces-wireguard.xml | 150 ---- interface-definitions/interfaces-wireguard.xml.in | 150 ++++ interface-definitions/interfaces-wireless.xml | 963 ---------------------- interface-definitions/interfaces-wireless.xml.in | 963 ++++++++++++++++++++++ interface-definitions/ipoe-server.xml | 378 --------- interface-definitions/ipoe-server.xml.in | 378 +++++++++ interface-definitions/ipsec-settings.xml | 24 - interface-definitions/ipsec-settings.xml.in | 24 + interface-definitions/l2tp-server.xml | 586 ------------- interface-definitions/l2tp-server.xml.in | 586 +++++++++++++ interface-definitions/mdns-repeater.xml | 38 - interface-definitions/mdns-repeater.xml.in | 38 + interface-definitions/ntp.xml | 83 -- interface-definitions/ntp.xml.in | 83 ++ interface-definitions/pppoe-server.xml | 616 -------------- interface-definitions/pppoe-server.xml.in | 616 ++++++++++++++ interface-definitions/pptp-server.xml | 254 ------ interface-definitions/pptp-server.xml.in | 254 ++++++ interface-definitions/protocols-bfd.xml | 140 ---- interface-definitions/protocols-bfd.xml.in | 140 ++++ interface-definitions/snmp.xml | 606 -------------- interface-definitions/snmp.xml.in | 606 ++++++++++++++ interface-definitions/ssh.xml | 182 ---- interface-definitions/ssh.xml.in | 182 ++++ interface-definitions/sstp.xml | 416 ---------- interface-definitions/sstp.xml.in | 416 ++++++++++ interface-definitions/system-proxy.xml | 43 - interface-definitions/system-proxy.xml.in | 43 + interface-definitions/system-syslog.xml | 945 --------------------- interface-definitions/system-syslog.xml.in | 945 +++++++++++++++++++++ interface-definitions/tftp-server.xml | 57 -- interface-definitions/tftp-server.xml.in | 57 ++ interface-definitions/vrrp.xml | 255 ------ interface-definitions/vrrp.xml.in | 255 ++++++ 80 files changed, 10672 insertions(+), 10674 deletions(-) delete mode 100644 interface-definitions/arp.xml create mode 100644 interface-definitions/arp.xml.in delete mode 100644 interface-definitions/bcast-relay.xml create mode 100644 interface-definitions/bcast-relay.xml.in delete mode 100644 interface-definitions/beep-on-boot.xml create mode 100644 interface-definitions/beep-on-boot.xml.in delete mode 100644 interface-definitions/cron.xml create mode 100644 interface-definitions/cron.xml.in delete mode 100644 interface-definitions/dhcp-relay.xml create mode 100644 interface-definitions/dhcp-relay.xml.in delete mode 100644 interface-definitions/dhcp-server.xml create mode 100644 interface-definitions/dhcp-server.xml.in delete mode 100644 interface-definitions/dhcpv6-relay.xml create mode 100644 interface-definitions/dhcpv6-relay.xml.in delete mode 100644 interface-definitions/dhcpv6-server.xml create mode 100644 interface-definitions/dhcpv6-server.xml.in delete mode 100644 interface-definitions/dns-domain-name.xml create mode 100644 interface-definitions/dns-domain-name.xml.in delete mode 100644 interface-definitions/dns-dynamic.xml create mode 100644 interface-definitions/dns-dynamic.xml.in delete mode 100644 interface-definitions/dns-forwarding.xml create mode 100644 interface-definitions/dns-forwarding.xml.in delete mode 100644 interface-definitions/firewall-options.xml create mode 100644 interface-definitions/firewall-options.xml.in delete mode 100644 interface-definitions/https.xml create mode 100644 interface-definitions/https.xml.in delete mode 100644 interface-definitions/igmp-proxy.xml create mode 100644 interface-definitions/igmp-proxy.xml.in delete mode 100644 interface-definitions/intel_qat.xml create mode 100644 interface-definitions/intel_qat.xml.in delete mode 100644 interface-definitions/interfaces-bonding.xml create mode 100644 interface-definitions/interfaces-bonding.xml.in delete mode 100644 interface-definitions/interfaces-bridge.xml create mode 100644 interface-definitions/interfaces-bridge.xml.in delete mode 100644 interface-definitions/interfaces-dummy.xml create mode 100644 interface-definitions/interfaces-dummy.xml.in delete mode 100644 interface-definitions/interfaces-ethernet.xml create mode 100644 interface-definitions/interfaces-ethernet.xml.in delete mode 100644 interface-definitions/interfaces-geneve.xml create mode 100644 interface-definitions/interfaces-geneve.xml.in delete mode 100644 interface-definitions/interfaces-loopback.xml create mode 100644 interface-definitions/interfaces-loopback.xml.in delete mode 100644 interface-definitions/interfaces-openvpn.xml create mode 100644 interface-definitions/interfaces-openvpn.xml.in delete mode 100644 interface-definitions/interfaces-vxlan.xml create mode 100644 interface-definitions/interfaces-vxlan.xml.in delete mode 100644 interface-definitions/interfaces-wireguard.xml create mode 100644 interface-definitions/interfaces-wireguard.xml.in delete mode 100644 interface-definitions/interfaces-wireless.xml create mode 100644 interface-definitions/interfaces-wireless.xml.in delete mode 100644 interface-definitions/ipoe-server.xml create mode 100644 interface-definitions/ipoe-server.xml.in delete mode 100644 interface-definitions/ipsec-settings.xml create mode 100644 interface-definitions/ipsec-settings.xml.in delete mode 100644 interface-definitions/l2tp-server.xml create mode 100644 interface-definitions/l2tp-server.xml.in delete mode 100644 interface-definitions/mdns-repeater.xml create mode 100644 interface-definitions/mdns-repeater.xml.in delete mode 100644 interface-definitions/ntp.xml create mode 100644 interface-definitions/ntp.xml.in delete mode 100644 interface-definitions/pppoe-server.xml create mode 100644 interface-definitions/pppoe-server.xml.in delete mode 100644 interface-definitions/pptp-server.xml create mode 100644 interface-definitions/pptp-server.xml.in delete mode 100644 interface-definitions/protocols-bfd.xml create mode 100644 interface-definitions/protocols-bfd.xml.in delete mode 100644 interface-definitions/snmp.xml create mode 100644 interface-definitions/snmp.xml.in delete mode 100644 interface-definitions/ssh.xml create mode 100644 interface-definitions/ssh.xml.in delete mode 100644 interface-definitions/sstp.xml create mode 100644 interface-definitions/sstp.xml.in delete mode 100644 interface-definitions/system-proxy.xml create mode 100644 interface-definitions/system-proxy.xml.in delete mode 100644 interface-definitions/system-syslog.xml create mode 100644 interface-definitions/system-syslog.xml.in delete mode 100644 interface-definitions/tftp-server.xml create mode 100644 interface-definitions/tftp-server.xml.in delete mode 100644 interface-definitions/vrrp.xml create mode 100644 interface-definitions/vrrp.xml.in (limited to 'interface-definitions') diff --git a/interface-definitions/arp.xml b/interface-definitions/arp.xml deleted file mode 100644 index b72f025a8..000000000 --- a/interface-definitions/arp.xml +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - - - Static ARP translation - - ipv4 - IPv4 destination address - - - - - - - - - mac address to translate to - - h:h:h:h:h:h - Hardware (MAC) address - - - - - - - - - - - - - diff --git a/interface-definitions/arp.xml.in b/interface-definitions/arp.xml.in new file mode 100644 index 000000000..b72f025a8 --- /dev/null +++ b/interface-definitions/arp.xml.in @@ -0,0 +1,37 @@ + + + + + + + + + Static ARP translation + + ipv4 + IPv4 destination address + + + + + + + + + mac address to translate to + + h:h:h:h:h:h + Hardware (MAC) address + + + + + + + + + + + + + diff --git a/interface-definitions/bcast-relay.xml b/interface-definitions/bcast-relay.xml deleted file mode 100644 index 96ce16639..000000000 --- a/interface-definitions/bcast-relay.xml +++ /dev/null @@ -1,80 +0,0 @@ - - - - - - - - UDP broadcast relay service - 990 - - - - - Globally disable broadcast relay service - - - - - - Unique ID for each UDP port to forward - - 1-99 - Numerical ID # - - - - - - - - - Disable broadcast relay service instance - - - - - - Set source IP of forwarded packets, otherwise original senders address is used - - ipv4 - Optional source address for forwarded packets - - - - - - - - - Description - - - - - Interface to repeat UDP broadcasts to [REQUIRED] - - - - - - - - - Destination or source port to listen and retransmit on [REQUIRED] - - 1-65535 - UDP port to listen on - - - - - - - - - - - - - diff --git a/interface-definitions/bcast-relay.xml.in b/interface-definitions/bcast-relay.xml.in new file mode 100644 index 000000000..96ce16639 --- /dev/null +++ b/interface-definitions/bcast-relay.xml.in @@ -0,0 +1,80 @@ + + + + + + + + UDP broadcast relay service + 990 + + + + + Globally disable broadcast relay service + + + + + + Unique ID for each UDP port to forward + + 1-99 + Numerical ID # + + + + + + + + + Disable broadcast relay service instance + + + + + + Set source IP of forwarded packets, otherwise original senders address is used + + ipv4 + Optional source address for forwarded packets + + + + + + + + + Description + + + + + Interface to repeat UDP broadcasts to [REQUIRED] + + + + + + + + + Destination or source port to listen and retransmit on [REQUIRED] + + 1-65535 + UDP port to listen on + + + + + + + + + + + + + diff --git a/interface-definitions/beep-on-boot.xml b/interface-definitions/beep-on-boot.xml deleted file mode 100644 index 0da7d0de4..000000000 --- a/interface-definitions/beep-on-boot.xml +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - - - - - - - plays sound via system speaker when you can login - - 9999 - - - - - - - diff --git a/interface-definitions/beep-on-boot.xml.in b/interface-definitions/beep-on-boot.xml.in new file mode 100644 index 000000000..0da7d0de4 --- /dev/null +++ b/interface-definitions/beep-on-boot.xml.in @@ -0,0 +1,21 @@ + + + + + + + + + + + + plays sound via system speaker when you can login + + 9999 + + + + + + + diff --git a/interface-definitions/cron.xml b/interface-definitions/cron.xml deleted file mode 100644 index 2d4921bf0..000000000 --- a/interface-definitions/cron.xml +++ /dev/null @@ -1,75 +0,0 @@ - - - - - - - - - - Task scheduler settings - - - - - Scheduled task - - <string> - Task name - - 999 - - - - - UNIX crontab time specification string - - - - - Execution interval - - <minutes> - Execution interval in minutes - - - <minutes>m - Execution interval in minutes - - - <hours>h - Execution interval in hours - - - <days>d - Execution interval in days - - - [1-9]([0-9]*)([mhd]{0,1}) - - - - - - Executable path and arguments - - - - - Path to executable - - - - - Arguments passed to the executable - - - - - - - - - - - diff --git a/interface-definitions/cron.xml.in b/interface-definitions/cron.xml.in new file mode 100644 index 000000000..2d4921bf0 --- /dev/null +++ b/interface-definitions/cron.xml.in @@ -0,0 +1,75 @@ + + + + + + + + + + Task scheduler settings + + + + + Scheduled task + + <string> + Task name + + 999 + + + + + UNIX crontab time specification string + + + + + Execution interval + + <minutes> + Execution interval in minutes + + + <minutes>m + Execution interval in minutes + + + <hours>h + Execution interval in hours + + + <days>d + Execution interval in days + + + [1-9]([0-9]*)([mhd]{0,1}) + + + + + + Executable path and arguments + + + + + Path to executable + + + + + Arguments passed to the executable + + + + + + + + + + + diff --git a/interface-definitions/dhcp-relay.xml b/interface-definitions/dhcp-relay.xml deleted file mode 100644 index b83402aa1..000000000 --- a/interface-definitions/dhcp-relay.xml +++ /dev/null @@ -1,98 +0,0 @@ - - - - - - - - Host Configuration Protocol (DHCP) relay agent - 910 - - - - - DHCP relay interface [REQUIRED] - - - - - - - - - Relay options - - - - - Policy to discard packets that have reached specified hop-count - - 1-255 - Hop count (default: 10) - - - - - hop-count must be a value between 1 and 255 - - - - - Maximum packet size to send to a DHCPv4/BOOTP server - - 64-1400 - Maximum packet size (default: 576) - - - - - max-size must be a value between 64 and 1400 - - - - - Policy to handle incoming DHCPv4 packets which already contain relay agent options (default: forward) - - append replace forward discard - - - append - append own relay options to packet - - - replace - replace existing agent option field - - - forward - forward packet unchanged - - - discard - discard packet (default action if giaddr not set in packet) - - - (append|replace|forward|discard) - - - - - - - - DHCP server address - - ipv4 - DHCP server IPv4 address - - - - - - - - - - - - diff --git a/interface-definitions/dhcp-relay.xml.in b/interface-definitions/dhcp-relay.xml.in new file mode 100644 index 000000000..b83402aa1 --- /dev/null +++ b/interface-definitions/dhcp-relay.xml.in @@ -0,0 +1,98 @@ + + + + + + + + Host Configuration Protocol (DHCP) relay agent + 910 + + + + + DHCP relay interface [REQUIRED] + + + + + + + + + Relay options + + + + + Policy to discard packets that have reached specified hop-count + + 1-255 + Hop count (default: 10) + + + + + hop-count must be a value between 1 and 255 + + + + + Maximum packet size to send to a DHCPv4/BOOTP server + + 64-1400 + Maximum packet size (default: 576) + + + + + max-size must be a value between 64 and 1400 + + + + + Policy to handle incoming DHCPv4 packets which already contain relay agent options (default: forward) + + append replace forward discard + + + append + append own relay options to packet + + + replace + replace existing agent option field + + + forward + forward packet unchanged + + + discard + discard packet (default action if giaddr not set in packet) + + + (append|replace|forward|discard) + + + + + + + + DHCP server address + + ipv4 + DHCP server IPv4 address + + + + + + + + + + + + diff --git a/interface-definitions/dhcp-server.xml b/interface-definitions/dhcp-server.xml deleted file mode 100644 index 7d42294e8..000000000 --- a/interface-definitions/dhcp-server.xml +++ /dev/null @@ -1,467 +0,0 @@ - - - - - - - - Dynamic Host Configuration Protocol (DHCP) for DHCP server - 911 - - - - - Option to disable DHCP server - - - - - - DHCP server to dynamically update the Domain Name System (DNS) - - - - - - Additional global parameters for DHCP server. You must - use the syntax of dhcpd.conf in this text-field. Using this - without proper knowledge may result in a crashed DHCP server. - Check system log to look for errors. - - - - - - Enable DHCP server updating /etc/hosts (per client lease) - - - - - - Instruct server to use host declaration name for forward DNS name - - - - - - DHCP shared network name [REQUIRED] - - [-_a-zA-Z0-9.]+ - - Invalid shared network name. May only contain letters, numbers and .-_ - - - - - Option to make DHCP server authoritative for this physical network - - - - - - Shared-network-name description - - - - - Option to disable DHCP configuration for shared-network - - - - - - Additional shared-network parameters for DHCP server. - You must use the syntax of dhcpd.conf in this text-field. - Using this without proper knowledge may result in a crashed - DHCP server. Check system log to look for errors. - - - - - - DHCP subnet for shared network - - ipv4net - IPv4 address and prefix length - - - - - - - - - Bootstrap file name - - - - - Server (IP address or domain name) from which the initial - boot file is to be loaded - - - - - Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used. - - 0-32 - DHCP client prefix length must be 0 to 32 - - - - - DHCP client prefix length must be 0 to 32 - - - - - IP address of default router - - ipv4 - Default router IPv4 address - - - - - - - - - DNS server IPv4 address - - ipv4 - DNS server IPv4 address - - - - - - - - - - Client domain name - - - - - Client domain search - - - - - - IP address to exclude from DHCP lease range - - ipv4 - IPv4 address to exclude from lease range - - - - - - - - - - DHCP failover parameters - - - - - IP address for failover peer to connect [REQUIRED] - - ipv4 - IPv4 address to exclude from lease range - - - - - - - - - DHCP failover peer name [REQUIRED] - - [-_a-zA-Z0-9.]+ - - Invalid failover peer name. May only contain letters, numbers and .-_ - - - - - IP address of failover peer [REQUIRED] - - ipv4 - IPv4 address of failover peer - - - - - - - - - DHCP failover peer status (primary|secondary) [REQUIRED] - - primary secondary - - - (primary|secondary) - - Invalid DHCP failover peer status - - - - - - - Enable IP forwarding on client - - - - - - Lease timeout in seconds (default: 86400) - - 0-4294967295 - DHCP lease time in seconds - - - - - DHCP lease time must be between 0 and 4294967295 (49 days) - - - - - IP address of NTP server - - ipv4 - NTP server IPv4 address - - - - - - - - - - IP address of POP3 server - - ipv4 - POP3 server IPv4 address - - - - - - - - - - Address for DHCP server identifier - - ipv4 - DHCP server identifier IPv4 address - - - - - - - - - IP address of SMTP server - - ipv4 - SMTP server IPv4 address - - - - - - - - - - DHCP lease range - - [-_a-zA-Z0-9.]+ - - Invalid DHCP lease range name. May only contain letters, numbers and .-_ - - - - - First IP address for DHCP lease range - - ipv4 - IPv4 start address of pool - - - - - - - - - Last IP address for DHCP lease range - - ipv4 - IPv4 end address of pool - - - - - - - - - - - Name of static mapping - - [-_a-zA-Z0-9.]+ - - Invalid static mapping name. May only contain letters, numbers and .-_ - - - - - Option to disable static mapping - - - - - - Fixed IP address of static mapping - - ipv4 - IPv4 address used in static mapping - - - - - - - - - MAC address of static mapping [REQUIRED] - - h:h:h:h:h:h - MAC address used in static mapping [REQUIRED] - - - - - - Additional static-mapping parameters for DHCP server. - Will be placed inside the "host" block of the mapping. - You must use the syntax of dhcpd.conf in this text-field. - Using this without proper knowledge may result in a crashed - DHCP server. Check system log to look for errors. - - - - - - - - Classless static route - - - - - Destination subnet [REQUIRED] - - ipv4net - IPv4 address and prefix length - - - - - - - - - IP address of router to be used to reach the destination subnet [REQUIRED] - - ipv4 - IPv4 address of router - - - - - - - - - - - Additional subnet parameters for DHCP server. You must - use the syntax of dhcpd.conf in this text-field. Using this - without proper knowledge may result in a crashed DHCP server. - Check system log to look for errors. - - - - - - TFTP server name - - - - - Offset of the client's subnet in seconds from Coordinated Universal Time (UTC) - - [-]N - Time offset (number, may be negative) - - - -?[0-9]+ - - Invalid time offset value - - - - - IP address of time server - - ipv4 - Time server IPv4 address - - - - - - - - - - IP address for Windows Internet Name Service (WINS) server - - ipv4 - WINS server IPv4 address - - - - - - - - - - Web Proxy Autodiscovery (WPAD) URL - - - - - - - - - - - diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in new file mode 100644 index 000000000..e8bdff3df --- /dev/null +++ b/interface-definitions/dhcp-server.xml.in @@ -0,0 +1,467 @@ + + + + + + + + Dynamic Host Configuration Protocol (DHCP) for DHCP server + 911 + + + + + Option to disable DHCP server + + + + + + DHCP server to dynamically update the Domain Name System (DNS) + + + + + + Additional global parameters for DHCP server. You must + use the syntax of dhcpd.conf in this text-field. Using this + without proper knowledge may result in a crashed DHCP server. + Check system log to look for errors. + + + + + + Enable DHCP server updating /etc/hosts (per client lease) + + + + + + Instruct server to use host declaration name for forward DNS name + + + + + + DHCP shared network name [REQUIRED] + + [-_a-zA-Z0-9.]+ + + Invalid shared network name. May only contain letters, numbers and .-_ + + + + + Option to make DHCP server authoritative for this physical network + + + + + + Shared-network-name description + + + + + Option to disable DHCP configuration for shared-network + + + + + + Additional shared-network parameters for DHCP server. + You must use the syntax of dhcpd.conf in this text-field. + Using this without proper knowledge may result in a crashed + DHCP server. Check system log to look for errors. + + + + + + DHCP subnet for shared network + + ipv4net + IPv4 address and prefix length + + + + + + + + + Bootstrap file name + + + + + Server (IP address or domain name) from which the initial + boot file is to be loaded + + + + + Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used. + + 0-32 + DHCP client prefix length must be 0 to 32 + + + + + DHCP client prefix length must be 0 to 32 + + + + + IP address of default router + + ipv4 + Default router IPv4 address + + + + + + + + + DNS server IPv4 address + + ipv4 + DNS server IPv4 address + + + + + + + + + + Client domain name + + + + + Client domain search + + + + + + IP address to exclude from DHCP lease range + + ipv4 + IPv4 address to exclude from lease range + + + + + + + + + + DHCP failover parameters + + + + + IP address for failover peer to connect [REQUIRED] + + ipv4 + IPv4 address to exclude from lease range + + + + + + + + + DHCP failover peer name [REQUIRED] + + [-_a-zA-Z0-9.]+ + + Invalid failover peer name. May only contain letters, numbers and .-_ + + + + + IP address of failover peer [REQUIRED] + + ipv4 + IPv4 address of failover peer + + + + + + + + + DHCP failover peer status (primary|secondary) [REQUIRED] + + primary secondary + + + (primary|secondary) + + Invalid DHCP failover peer status + + + + + + + Enable IP forwarding on client + + + + + + Lease timeout in seconds (default: 86400) + + 0-4294967295 + DHCP lease time in seconds + + + + + DHCP lease time must be between 0 and 4294967295 (49 days) + + + + + IP address of NTP server + + ipv4 + NTP server IPv4 address + + + + + + + + + + IP address of POP3 server + + ipv4 + POP3 server IPv4 address + + + + + + + + + + Address for DHCP server identifier + + ipv4 + DHCP server identifier IPv4 address + + + + + + + + + IP address of SMTP server + + ipv4 + SMTP server IPv4 address + + + + + + + + + + DHCP lease range + + [-_a-zA-Z0-9.]+ + + Invalid DHCP lease range name. May only contain letters, numbers and .-_ + + + + + First IP address for DHCP lease range + + ipv4 + IPv4 start address of pool + + + + + + + + + Last IP address for DHCP lease range + + ipv4 + IPv4 end address of pool + + + + + + + + + + + Name of static mapping + + [-_a-zA-Z0-9.]+ + + Invalid static mapping name. May only contain letters, numbers and .-_ + + + + + Option to disable static mapping + + + + + + Fixed IP address of static mapping + + ipv4 + IPv4 address used in static mapping + + + + + + + + + MAC address of static mapping [REQUIRED] + + h:h:h:h:h:h + MAC address used in static mapping [REQUIRED] + + + + + + Additional static-mapping parameters for DHCP server. + Will be placed inside the "host" block of the mapping. + You must use the syntax of dhcpd.conf in this text-field. + Using this without proper knowledge may result in a crashed + DHCP server. Check system log to look for errors. + + + + + + + + Classless static route + + + + + Destination subnet [REQUIRED] + + ipv4net + IPv4 address and prefix length + + + + + + + + + IP address of router to be used to reach the destination subnet [REQUIRED] + + ipv4 + IPv4 address of router + + + + + + + + + + + Additional subnet parameters for DHCP server. You must + use the syntax of dhcpd.conf in this text-field. Using this + without proper knowledge may result in a crashed DHCP server. + Check system log to look for errors. + + + + + + TFTP server name + + + + + Client subnet offset in seconds from Coordinated Universal Time (UTC) + + [-]N + Time offset (number, may be negative) + + + -?[0-9]+ + + Invalid time offset value + + + + + IP address of time server + + ipv4 + Time server IPv4 address + + + + + + + + + + IP address for Windows Internet Name Service (WINS) server + + ipv4 + WINS server IPv4 address + + + + + + + + + + Web Proxy Autodiscovery (WPAD) URL + + + + + + + + + + + diff --git a/interface-definitions/dhcpv6-relay.xml b/interface-definitions/dhcpv6-relay.xml deleted file mode 100644 index 0beb09d05..000000000 --- a/interface-definitions/dhcpv6-relay.xml +++ /dev/null @@ -1,80 +0,0 @@ - - - - - - - - DHCPv6 Relay Agent parameters - 900 - - - - - Interface for DHCPv6 Relay Agent to listen for requests - - - - - - - - IPv6 address on listen-interface listen for requests on - - ipv6 - IPv6 address on listen interface - - - - - - - - - - - Maximum hop count for which requests will be processed - - 1-255 - Hop count (default: 10) - - - - - max-hop-count must be a value between 1 and 255 - - - - - Interface for DHCPv6 Relay Agent forward requests out - - - - - - - - IPv6 address to forward requests to - - ipv6 - IPv6 address of the DHCP server - - - - - - - - - - - - Option to set DHCPv6 interface-ID option - - - - - - - - diff --git a/interface-definitions/dhcpv6-relay.xml.in b/interface-definitions/dhcpv6-relay.xml.in new file mode 100644 index 000000000..0beb09d05 --- /dev/null +++ b/interface-definitions/dhcpv6-relay.xml.in @@ -0,0 +1,80 @@ + + + + + + + + DHCPv6 Relay Agent parameters + 900 + + + + + Interface for DHCPv6 Relay Agent to listen for requests + + + + + + + + IPv6 address on listen-interface listen for requests on + + ipv6 + IPv6 address on listen interface + + + + + + + + + + + Maximum hop count for which requests will be processed + + 1-255 + Hop count (default: 10) + + + + + max-hop-count must be a value between 1 and 255 + + + + + Interface for DHCPv6 Relay Agent forward requests out + + + + + + + + IPv6 address to forward requests to + + ipv6 + IPv6 address of the DHCP server + + + + + + + + + + + + Option to set DHCPv6 interface-ID option + + + + + + + + diff --git a/interface-definitions/dhcpv6-server.xml b/interface-definitions/dhcpv6-server.xml deleted file mode 100644 index 28b56a64d..000000000 --- a/interface-definitions/dhcpv6-server.xml +++ /dev/null @@ -1,328 +0,0 @@ - - - - - - - - DHCP for IPv6 (DHCPv6) server - 900 - - - - - Option to disable DHCPv6 server - - - - - - Preference of this DHCPv6 server compared with others - - 0-255 - DHCPv6 server preference (0-255) - - - - - Preference must be between 0 and 255 - - - - - DHCPv6 shared network name [REQUIRED] - - [-_a-zA-Z0-9.]+ - - Invalid DHCPv6 shared network name. May only contain letters, numbers and .-_ - - - - - Option to disable DHCPv6 configuration for shared-network - - - - - - IPv6 DHCP subnet for this shared network [REQUIRED] - - ipv6net - IPv6 address and prefix length - - - - - - - - - Parameters setting ranges for assigning IPv6 addresses - - - - - IPv6 prefix defining range of addresses to assign - - ipv6net - IPv6 address and prefix length - - - - - - - - - Address range will be used for temporary addresses - - - - - - - - First in range of consecutive IPv6 addresses to assign - - ipv6 - IPv6 address - - - - - - - - - Last in range of consecutive IPv6 addresses - - ipv6 - IPv6 address - - - - - - - - - - - - - Domain name for client to search - - [-_a-zA-Z0-9.]+ - - Invalid domain name. May only contain letters, numbers and .-_ - - - - - - Parameters relating to the lease time - - - - - Default time (in seconds) that will be assigned to a lease - - - - - Maximum time (in seconds) that will be assigned to a lease - - - - - Minimum time (in seconds) that will be assigned to a lease - - - - - - - IPv6 address of a Recursive DNS Server - - ipv6 - IPv6 address of DNS name server - - - - - - - - - - NIS domain name for client to use - - [-_a-zA-Z0-9.]+ - - Invalid NIS domain name - - - - - IPv6 address of a NIS Server - - ipv6 - IPv6 address of NIS server - - - - - - - - - - NIS+ domain name for client to use - - [-_a-zA-Z0-9.]+ - - Invalid NIS+ domain name. May only contain letters, numbers and .-_ - - - - - IPv6 address of a NIS+ Server - - ipv6 - IPv6 address of NIS+ server - - - - - - - - - - Parameters relating to IPv6 prefix delegation - - - - - First in range of IPv6 addresses to be used in prefix delegation - - ipv6 - IPv6 address used in prefix delegation - - - - - - - - - Length in bits of prefixes to be delegated - - 0-255 - DHCPv6 server preference (0-255) - - - - - Preference must be between 0 and 255 - - - - - Last in range of IPv6 addresses to be used in prefix delegation - - ipv6 - IPv6 address used in prefix delegation - - - - - - - - - - - - - IPv6 address of SIP server - - ipv6 - IPv6 address of SIP server - - - - - - - - - - SIP server name - - [-_a-zA-Z0-9.]+ - - Invalid SIP server name. May only contain letters, numbers and .-_ - - - - - - IPv6 address of an SNTP server for client to use - - - - - - - - - Name of static mapping - - [-_a-zA-Z0-9.]+ - - Invalid static mapping name. May only contain letters, numbers and .-_ - - - - - Option to disable static mapping - - - - - - Client identifier (DUID) for this static mapping - - h[[:h]...] - DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id) - - - ([0-9A-Fa-f]{1,2}[:])*([0-9A-Fa-f]{1,2}) - - Invalid DUID. Must be in the format h[[:h]...] where each \"h\" is 1 to 2 hex characters. - - - - - Client IPv6 address for this static mapping - - ipv6 - IPv6 address for this static mapping - - - - - - - - - - - - - - - - - diff --git a/interface-definitions/dhcpv6-server.xml.in b/interface-definitions/dhcpv6-server.xml.in new file mode 100644 index 000000000..7d4c0de23 --- /dev/null +++ b/interface-definitions/dhcpv6-server.xml.in @@ -0,0 +1,328 @@ + + + + + + + + DHCP for IPv6 (DHCPv6) server + 900 + + + + + Option to disable DHCPv6 server + + + + + + Preference of this DHCPv6 server compared with others + + 0-255 + DHCPv6 server preference (0-255) + + + + + Preference must be between 0 and 255 + + + + + DHCPv6 shared network name [REQUIRED] + + [-_a-zA-Z0-9.]+ + + Invalid DHCPv6 shared network name. May only contain letters, numbers and .-_ + + + + + Option to disable DHCPv6 configuration for shared-network + + + + + + IPv6 DHCP subnet for this shared network [REQUIRED] + + ipv6net + IPv6 address and prefix length + + + + + + + + + Parameters setting ranges for assigning IPv6 addresses + + + + + IPv6 prefix defining range of addresses to assign + + ipv6net + IPv6 address and prefix length + + + + + + + + + Address range will be used for temporary addresses + + + + + + + + First in range of consecutive IPv6 addresses to assign + + ipv6 + IPv6 address + + + + + + + + + Last in range of consecutive IPv6 addresses + + ipv6 + IPv6 address + + + + + + + + + + + + + Domain name for client to search + + [-_a-zA-Z0-9.]+ + + Invalid domain name. May only contain letters, numbers and .-_ + + + + + + Parameters relating to the lease time + + + + + Default time (in seconds) that will be assigned to a lease + + + + + Maximum time (in seconds) that will be assigned to a lease + + + + + Minimum time (in seconds) that will be assigned to a lease + + + + + + + IPv6 address of a Recursive DNS Server + + ipv6 + IPv6 address of DNS name server + + + + + + + + + + NIS domain name for client to use + + [-_a-zA-Z0-9.]+ + + Invalid NIS domain name + + + + + IPv6 address of a NIS Server + + ipv6 + IPv6 address of NIS server + + + + + + + + + + NIS+ domain name for client to use + + [-_a-zA-Z0-9.]+ + + Invalid NIS+ domain name. May only contain letters, numbers and .-_ + + + + + IPv6 address of a NIS+ Server + + ipv6 + IPv6 address of NIS+ server + + + + + + + + + + Parameters relating to IPv6 prefix delegation + + + + + First in range of IPv6 addresses to be used in prefix delegation + + ipv6 + IPv6 address used in prefix delegation + + + + + + + + + Length in bits of prefixes to be delegated + + 0-255 + DHCPv6 server preference (0-255) + + + + + Preference must be between 0 and 255 + + + + + Last in range of IPv6 addresses to be used in prefix delegation + + ipv6 + IPv6 address used in prefix delegation + + + + + + + + + + + + + IPv6 address of SIP server + + ipv6 + IPv6 address of SIP server + + + + + + + + + + SIP server name + + [-_a-zA-Z0-9.]+ + + Invalid SIP server name. May only contain letters, numbers and .-_ + + + + + + IPv6 address of an SNTP server for client to use + + + + + + + + + Name of static mapping + + [-_a-zA-Z0-9.]+ + + Invalid static mapping name. May only contain letters, numbers and .-_ + + + + + Option to disable static mapping + + + + + + Client identifier (DUID) for this static mapping + + h[[:h]...] + DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id) + + + ([0-9A-Fa-f]{1,2}[:])*([0-9A-Fa-f]{1,2}) + + Invalid DUID, must be in the format h[[:h]...] + + + + + Client IPv6 address for this static mapping + + ipv6 + IPv6 address for this static mapping + + + + + + + + + + + + + + + + + diff --git a/interface-definitions/dns-domain-name.xml b/interface-definitions/dns-domain-name.xml deleted file mode 100644 index c16f0b02a..000000000 --- a/interface-definitions/dns-domain-name.xml +++ /dev/null @@ -1,115 +0,0 @@ - - - - - - - - Domain Name Server (DNS) - 400 - - ipv4 - Domain Name Server (DNS) address - - - ipv6 - Domain Name Server (DNS) address - - - - - - - - - - - System host name (default: vyos) - - [A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9] - - - - - - System domain name - - [A-Za-z0-9][-.A-Za-z0-9]* - - - - - - Domain Name Server (DNS) domain completion order - 400 - - - - - DNS domain completion order - - ^[-a-zA-Z0-9.]+$ - - Invalid domain name - - - - - - - - Disable DHCP updates of DNS settings - 300 - - - - - - Map host names to addresses - 400 - - - - - - Host name for static address mapping - - ^[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]$ - - invalid hostname - - - - - Alias for this address - - ^.{1,63}$ - - invalid alias hostname, needs to be between 1 and 63 charactes - - - - - - IP Address [REQUIRED] - - ipv4 - IPv4 address - - - ipv6 - IPv6 address - - - - - - - - - - - - - - diff --git a/interface-definitions/dns-domain-name.xml.in b/interface-definitions/dns-domain-name.xml.in new file mode 100644 index 000000000..c16f0b02a --- /dev/null +++ b/interface-definitions/dns-domain-name.xml.in @@ -0,0 +1,115 @@ + + + + + + + + Domain Name Server (DNS) + 400 + + ipv4 + Domain Name Server (DNS) address + + + ipv6 + Domain Name Server (DNS) address + + + + + + + + + + + System host name (default: vyos) + + [A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9] + + + + + + System domain name + + [A-Za-z0-9][-.A-Za-z0-9]* + + + + + + Domain Name Server (DNS) domain completion order + 400 + + + + + DNS domain completion order + + ^[-a-zA-Z0-9.]+$ + + Invalid domain name + + + + + + + + Disable DHCP updates of DNS settings + 300 + + + + + + Map host names to addresses + 400 + + + + + + Host name for static address mapping + + ^[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]$ + + invalid hostname + + + + + Alias for this address + + ^.{1,63}$ + + invalid alias hostname, needs to be between 1 and 63 charactes + + + + + + IP Address [REQUIRED] + + ipv4 + IPv4 address + + + ipv6 + IPv6 address + + + + + + + + + + + + + + diff --git a/interface-definitions/dns-dynamic.xml b/interface-definitions/dns-dynamic.xml deleted file mode 100644 index 8e7e77475..000000000 --- a/interface-definitions/dns-dynamic.xml +++ /dev/null @@ -1,230 +0,0 @@ - - - - - - - - Domain Name System related services - - - - - Dynamic DNS - 919 - - - - - Interface to send DDNS updates for [REQUIRED] - - - - - - - - RFC2136 Update name - - - - - File containing the secret key shared with remote DNS server [REQUIRED] - - file - File in /config/auth directory - - - - - - Record to be updated [REQUIRED] - - - - - - Server to be updated [REQUIRED] - - - - - Time To Live (default: 600) - - 1-86400 - DNS forwarding cache size - - - - - - - - - Zone to be updated [REQUIRED] - - - - - - - Service being used for Dynamic DNS [REQUIRED] - - custom afraid changeip cloudflare dnspark dslreports dyndns easydns namecheap noip sitelutions zoneedit - - - custom - Custom or predefined service - - - afraid - - - - changeip - - - - cloudflare - - - - dnspark - - - - dslreports - - - - dyndns - - - - easydns - - - - namecheap - - - - noip - - - - sitelutions - - - - zoneedit - - - - - - - Hostname registered with DDNS service [REQUIRED] - - - - - - Login for DDNS service [REQUIRED] - - - - - Password for DDNS service [REQUIRED] - - - - - ddclient protocol used for DDNS service [REQUIRED FOR CUSTOM] - - protocol - ddclient protocol - - - changeip - - - - cloudflare - - - - dnspark - - - - dslreports1 - - - - dyndns2 - - - - easydns - - - - namecheap - - - - noip - - - - sitelutions - - - - zoneedit1 - - - - - - - Server to send DDNS update to [REQUIRED FOR CUSTOM] - - IPv4 - IP address of DDNS server - - - FQDN - Hostname of DDNS server - - - - - - - - Web check used for obtaining the external IP address - - - - - Skip everything before this on the given URL - - - - - URL to obtain the current external IP address - - - - - - - - - - - - - diff --git a/interface-definitions/dns-dynamic.xml.in b/interface-definitions/dns-dynamic.xml.in new file mode 100644 index 000000000..8e7e77475 --- /dev/null +++ b/interface-definitions/dns-dynamic.xml.in @@ -0,0 +1,230 @@ + + + + + + + + Domain Name System related services + + + + + Dynamic DNS + 919 + + + + + Interface to send DDNS updates for [REQUIRED] + + + + + + + + RFC2136 Update name + + + + + File containing the secret key shared with remote DNS server [REQUIRED] + + file + File in /config/auth directory + + + + + + Record to be updated [REQUIRED] + + + + + + Server to be updated [REQUIRED] + + + + + Time To Live (default: 600) + + 1-86400 + DNS forwarding cache size + + + + + + + + + Zone to be updated [REQUIRED] + + + + + + + Service being used for Dynamic DNS [REQUIRED] + + custom afraid changeip cloudflare dnspark dslreports dyndns easydns namecheap noip sitelutions zoneedit + + + custom + Custom or predefined service + + + afraid + + + + changeip + + + + cloudflare + + + + dnspark + + + + dslreports + + + + dyndns + + + + easydns + + + + namecheap + + + + noip + + + + sitelutions + + + + zoneedit + + + + + + + Hostname registered with DDNS service [REQUIRED] + + + + + + Login for DDNS service [REQUIRED] + + + + + Password for DDNS service [REQUIRED] + + + + + ddclient protocol used for DDNS service [REQUIRED FOR CUSTOM] + + protocol + ddclient protocol + + + changeip + + + + cloudflare + + + + dnspark + + + + dslreports1 + + + + dyndns2 + + + + easydns + + + + namecheap + + + + noip + + + + sitelutions + + + + zoneedit1 + + + + + + + Server to send DDNS update to [REQUIRED FOR CUSTOM] + + IPv4 + IP address of DDNS server + + + FQDN + Hostname of DDNS server + + + + + + + + Web check used for obtaining the external IP address + + + + + Skip everything before this on the given URL + + + + + URL to obtain the current external IP address + + + + + + + + + + + + + diff --git a/interface-definitions/dns-forwarding.xml b/interface-definitions/dns-forwarding.xml deleted file mode 100644 index a88c174e3..000000000 --- a/interface-definitions/dns-forwarding.xml +++ /dev/null @@ -1,177 +0,0 @@ - - - - - - - - Domain Name System related services - - - - - DNS forwarding - 918 - - - - - DNS forwarding cache size - - 0-10000 - DNS forwarding cache size - - - - - - - - - Use DNS servers received from DHCP server for specified interface - - - - - - - - - DNSSEC mode - - off process-no-validate process log-fail validate - - - off - No DNSSEC processing whatsoever! - - - process-no-validate - Respond with DNSSEC records to clients that ask for it. Don't do any validation. - - - process - Respond with DNSSEC records to clients that ask for it. Validation for clients that request it. - - - log-fail - Similar behaviour to process, but validate RRSIGs on responses and log bogus responses. - - - validate - Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses. - - - (off|process-no-validate|process|log-fail|validate) - - - - - - Domain to forward to a custom DNS server - - - - - Domain Name Server (DNS) to forward queries to - - ipv4 - Domain Name Server (DNS) IPv4 address - - - ipv6 - Domain Name Server (DNS) IPv6 address - - - - - - - - - - - - - Do not use local /etc/hosts file in name resolution - - - - - - Networks allowed to query this server - - ipv4net - IP address and prefix length - - - ipv6net - IPv6 address and prefix length - - - - - - - - - - Addresses to listen for DNS queries [REQUIRED] - - ipv4 - Domain Name Server (DNS) IPv4 address - - - ipv6 - Domain Name Server (DNS) IPv6 address - - - - - - - - - - - Maximum amount of time negative entries are cached - - 0-7200 - Seconds to cache NXDOMAIN entries - - - - - - - - - Domain Name Servers (DNS) addresses [OPTIONAL] - - ipv4 - Domain Name Server (DNS) IPv4 address - - - ipv6 - Domain Name Server (DNS) IPv6 address - - - - - - - - - - - Use system name servers - - - - - - - - - - diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in new file mode 100644 index 000000000..8b89bf758 --- /dev/null +++ b/interface-definitions/dns-forwarding.xml.in @@ -0,0 +1,177 @@ + + + + + + + + Domain Name System related services + + + + + DNS forwarding + 918 + + + + + DNS forwarding cache size + + 0-10000 + DNS forwarding cache size + + + + + + + + + Use DNS servers received from DHCP server for specified interface + + + + + + + + + DNSSEC mode + + off process-no-validate process log-fail validate + + + off + No DNSSEC processing whatsoever! + + + process-no-validate + Respond with DNSSEC records to clients that ask for it. No validation done at all! + + + process + Respond with DNSSEC records to clients that ask for it. Validation for clients that request it. + + + log-fail + Similar behaviour to process, but validate RRSIGs on responses and log bogus responses. + + + validate + Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses. + + + (off|process-no-validate|process|log-fail|validate) + + + + + + Domain to forward to a custom DNS server + + + + + Domain Name Server (DNS) to forward queries to + + ipv4 + Domain Name Server (DNS) IPv4 address + + + ipv6 + Domain Name Server (DNS) IPv6 address + + + + + + + + + + + + + Do not use local /etc/hosts file in name resolution + + + + + + Networks allowed to query this server + + ipv4net + IP address and prefix length + + + ipv6net + IPv6 address and prefix length + + + + + + + + + + Addresses to listen for DNS queries [REQUIRED] + + ipv4 + Domain Name Server (DNS) IPv4 address + + + ipv6 + Domain Name Server (DNS) IPv6 address + + + + + + + + + + + Maximum amount of time negative entries are cached + + 0-7200 + Seconds to cache NXDOMAIN entries + + + + + + + + + Domain Name Servers (DNS) addresses [OPTIONAL] + + ipv4 + Domain Name Server (DNS) IPv4 address + + + ipv6 + Domain Name Server (DNS) IPv6 address + + + + + + + + + + + Use system name servers + + + + + + + + + + diff --git a/interface-definitions/firewall-options.xml b/interface-definitions/firewall-options.xml deleted file mode 100644 index 2936cc703..000000000 --- a/interface-definitions/firewall-options.xml +++ /dev/null @@ -1,55 +0,0 @@ - - - - - - - Firewall options/Packet manipulation - 990 - - - - - Interface clamping options - - - - - - - - Disable this rule - - - - - - Adjust MSS for IPv4 transit packets - - 500-1460 - TCP Maximum segment size in bytes - - - - - - - - - Adjust MSS for IPv6 transit packets - - 1280-1492 - TCP Maximum segment size in bytes - - - - - - - - - - - - - diff --git a/interface-definitions/firewall-options.xml.in b/interface-definitions/firewall-options.xml.in new file mode 100644 index 000000000..2936cc703 --- /dev/null +++ b/interface-definitions/firewall-options.xml.in @@ -0,0 +1,55 @@ + + + + + + + Firewall options/Packet manipulation + 990 + + + + + Interface clamping options + + + + + + + + Disable this rule + + + + + + Adjust MSS for IPv4 transit packets + + 500-1460 + TCP Maximum segment size in bytes + + + + + + + + + Adjust MSS for IPv6 transit packets + + 1280-1492 + TCP Maximum segment size in bytes + + + + + + + + + + + + + diff --git a/interface-definitions/https.xml b/interface-definitions/https.xml deleted file mode 100644 index d9874a1f9..000000000 --- a/interface-definitions/https.xml +++ /dev/null @@ -1,135 +0,0 @@ - - - - - - - - HTTPS configuration - 1001 - - - - - Addresses to listen for HTTPS requests - - ipv4 - HTTPS IPv4 address - - - ipv6 - HTTPS IPv6 address - - - '*' - any - - - - - ^\*$ - - - - - - Port to listen for HTTPS requests; default 443 - - 1-65535 - Numeric IP port - - - - - - - - - Server names: exact, wildcard, regex, or '_' (any) - - - - - - - - TLS certificates - - - - - Use an automatically generated self-signed certificate - - - - - - Lifetime in days; default is 365 - - 1-65535 - Number of days - - - - - - - - - - VyOS HTTP API configuration - 1002 - - - - - Port for HTTP API service - - 1-65535 - Numeric IP port - - - - - - - - - HTTP API keys - - - - - HTTP API id - - - - - HTTP API plaintext key - - - - - - - - - Enforce strict path checking - - - - - - Debug - - - - - - - - - - - - diff --git a/interface-definitions/https.xml.in b/interface-definitions/https.xml.in new file mode 100644 index 000000000..923aac811 --- /dev/null +++ b/interface-definitions/https.xml.in @@ -0,0 +1,134 @@ + + + + + + + + HTTPS configuration + 1001 + + + + + Addresses to listen for HTTPS requests + + ipv4 + HTTPS IPv4 address + + + ipv6 + HTTPS IPv6 address + + + '*' + any + + + + + ^\*$ + + + + + + Port to listen for HTTPS requests; default 443 + + 1-65535 + Numeric IP port + + + + + + + + + Server names: exact, wildcard, regex, or '_' (any) + + + + + + + + TLS certificates + + + + + Use an automatically generated self-signed certificate + + + + + + Lifetime in days; default is 365 + + 1-65535 + Number of days + + + + + + + + + + VyOS HTTP API configuration + 1002 + + + + + Port for HTTP API service + + 1-65535 + Numeric IP port + + + + + + + + + HTTP API keys + + + + + HTTP API id + + + + + HTTP API plaintext key + + + + + + + + + Enforce strict path checking + + + + + + Debug + + + + + + + + + + + diff --git a/interface-definitions/igmp-proxy.xml b/interface-definitions/igmp-proxy.xml deleted file mode 100644 index ab56019b4..000000000 --- a/interface-definitions/igmp-proxy.xml +++ /dev/null @@ -1,100 +0,0 @@ - - - - - - - - Internet Group Management Protocol (IGMP) proxy parameters - 740 - - - - - Option to disable IGMP proxy - - - - - - Option to disable "quickleave" - - - - - - Interface for IGMP proxy [REQUIRED] - - - - - - - - Allowed unicast sources for multicast traffic to be proxy'ed - - ipv4net - IPv4 network - - - - - - - - - - Role of this IGMP interface - - upstream downstream disabled - - - upstream - Upstream interface (only 1 allowed) - - - downstream - Downstream interface(s) (default) - - - disabled - Disabled interface - - - (upstream|downstream|disabled) - - - - - - TTL threshold - - 1-255 - TTL threshold for the interfaces (default: 1) - - - - - threshold must be between 1 and 255 - - - - - Group to whitelist - - ipv4net - IPv4 network - - - - - - - - - - - - - - diff --git a/interface-definitions/igmp-proxy.xml.in b/interface-definitions/igmp-proxy.xml.in new file mode 100644 index 000000000..74fec6b48 --- /dev/null +++ b/interface-definitions/igmp-proxy.xml.in @@ -0,0 +1,100 @@ + + + + + + + + Internet Group Management Protocol (IGMP) proxy parameters + 740 + + + + + Option to disable IGMP proxy + + + + + + Option to disable "quickleave" + + + + + + Interface for IGMP proxy [REQUIRED] + + + + + + + + Unicast source networks allowed for multicast traffic to be proxyed + + ipv4net + IPv4 network + + + + + + + + + + Role of this IGMP interface + + upstream downstream disabled + + + upstream + Upstream interface (only 1 allowed) + + + downstream + Downstream interface(s) (default) + + + disabled + Disabled interface + + + (upstream|downstream|disabled) + + + + + + TTL threshold + + 1-255 + TTL threshold for the interfaces (default: 1) + + + + + threshold must be between 1 and 255 + + + + + Group to whitelist + + ipv4net + IPv4 network + + + + + + + + + + + + + + diff --git a/interface-definitions/intel_qat.xml b/interface-definitions/intel_qat.xml deleted file mode 100644 index 5e4d5b190..000000000 --- a/interface-definitions/intel_qat.xml +++ /dev/null @@ -1,22 +0,0 @@ - - - - - - - Acceleration components - 50 - - - - - Enable Intel QAT (Quick Assist Technology) for cryptographic acceleration - - - - - - - - - diff --git a/interface-definitions/intel_qat.xml.in b/interface-definitions/intel_qat.xml.in new file mode 100644 index 000000000..812484184 --- /dev/null +++ b/interface-definitions/intel_qat.xml.in @@ -0,0 +1,21 @@ + + + + + + + Acceleration components + 50 + + + + + Enable Intel QAT (Quick Assist Technology) for cryptographic acceleration + + + + + + + + diff --git a/interface-definitions/interfaces-bonding.xml b/interface-definitions/interfaces-bonding.xml deleted file mode 100644 index 821dd15fa..000000000 --- a/interface-definitions/interfaces-bonding.xml +++ /dev/null @@ -1,693 +0,0 @@ - - - - - - - Bonding interface name - 320 - - bond[0-9]+$ - - Bonding interface must be named bondN - - bondN - Bonding interface name - - - - - - IP address - - dhcp dhcpv6 - - - ipv4net - IPv4 address and prefix length - - - ipv6net - IPv6 address and prefix length - - - dhcp - Dynamic Host Configuration Protocol - - - dhcpv6 - Dynamic Host Configuration Protocol for IPv6 - - - - (dhcp|dhcpv6) - - - - - - - ARP link monitoring parameters - - - - - ARP link monitoring interval - - 0-4294967295 - Specifies the ARP link monitoring frequency in milliseconds - - - - - - - - - IP address used for ARP monitoring - - ipv4 - Network Time Protocol (NTP) IPv4 address - - - - - - - - - - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - - - - DHCP options - - - - - DHCP client identifier - - - - - DHCP client host name (overrides the system host name) - - - - - DHCP client vendor type - - - - - - - DHCPv6 options - 319 - - - - - Acquire only config parameters, no address - - - - - - IPv6 "temporary" address - - - - - - - - Ignore link state changes - - - - - - Disable this bridge interface - - - - - - Bonding transmit hash policy - - layer2 layer2+3 layer3+4 - - - layer2 - use MAC addresses to generate the hash (802.3ad, default) - - - layer2+3 - combine MAC address and IP address to make hash - - - layer3+4 - combine IP address and port to make hash - - - (layer2\+3|layer3\+4|layer2) - - hash-policy must be layer2 layer2+3 or layer3+4 - - - - - - - ARP cache entry timeout in seconds - - 1-86400 - ARP cache entry timout in seconds (default 30) - - - - - ARP cache entry timeout must be between 1 and 86400 seconds - - - - - Enable proxy-arp on this interface - - - - - - Enable private VLAN proxy ARP on this interface - - - - - - - - Media Access Control (MAC) address - - h:h:h:h:h:h - Hardware (MAC) address - - - - - - - - - Bonding mode - - 802.3ad active-backup broadcast round-robin transmit-load-balance adaptive-load-balance xor-hash - - - 802.3ad - IEEE 802.3ad Dynamic link aggregation (Default) - - - active-backup - Fault tolerant: only one slave in the bond is active - - - broadcast - Fault tolerant: transmits everything on all slave interfaces - - - round-robin - Load balance: transmit packets in sequential order - - - transmit-load-balance - Load balance: adapts based on transmit load and speed - - - adaptive-load-balance - Load balance: adapts based on transmit and receive plus ARP - - - xor-hash - Distribute based on MAC address - - - (802.3ad|active-backup|broadcast|round-robin|transmit-load-balance|adaptive-load-balance|xor-hash) - - mode must be 802.3ad, active-backup, broadcast, round-robin, transmit-load-balance, adaptive-load-balance, or xor - - - - - Bridge member interfaces - - - - - Member interface name - - - - - - - - - - - Maximum Transmission Unit (MTU) - - 68-9000 - Maximum Transmission Unit - - - - - MTU must be between 68 and 9000 - - - - - Primary device interface - - - - - - - - QinQ TAG-S Virtual Local Area Network (VLAN) ID - - - - VLAN ID must be between 0 and 4094 - - - - - IP address - - dhcp dhcpv6 - - - ipv4net - IPv4 address and prefix length - - - ipv6net - IPv6 address and prefix length - - - dhcp - Dynamic Host Configuration Protocol - - - dhcpv6 - Dynamic Host Configuration Protocol for IPv6 - - - - (dhcp|dhcpv6) - - - - - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - - - - DHCP options - - - - - DHCP client identifier - - - - - DHCP client host name (overrides the system host name) - - - - - DHCP client vendor type - - - - - - - DHCPv6 options - 319 - - - - - Acquire only config parameters, no address - - - - - - IPv6 "temporary" address - - - - - - - - Ignore link state changes - - - - - - Disable this bridge interface - - - - - - Set Ethertype - - 0x88A8 0x8100 - - - 0x88A8 - 802.1ad - - - 0x8100 - 802.1q - - - (0x88A8|0x8100) - - Ethertype must be 0x88A8 or 0x8100 - - - - - Media Access Control (MAC) address - - h:h:h:h:h:h - Hardware (MAC) address - - - - - - - - - Maximum Transmission Unit (MTU) - - 68-9000 - Maximum Transmission Unit - - - - - MTU must be between 68 and 9000 - - - - - QinQ TAG-C Virtual Local Area Network (VLAN) ID - - - - VLAN ID must be between 0 and 4094 - - - - - IP address - - dhcp dhcpv6 - - - ipv4net - IPv4 address and prefix length - - - ipv6net - IPv6 address and prefix length - - - dhcp - Dynamic Host Configuration Protocol - - - dhcpv6 - Dynamic Host Configuration Protocol for IPv6 - - - - (dhcp|dhcpv6) - - - - - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - - - - DHCP options - - - - - DHCP client identifier - - - - - DHCP client host name (overrides the system host name) - - - - - DHCP client vendor type - - - - - - - DHCPv6 options - 319 - - - - - Acquire only config parameters, no address - - - - - - IPv6 "temporary" address - - - - - - - - Ignore link state changes - - - - - - Disable this bridge interface - - - - - - Media Access Control (MAC) address - - h:h:h:h:h:h - Hardware (MAC) address - - - - - - - - - Maximum Transmission Unit (MTU) - - 68-9000 - Maximum Transmission Unit - - - - - MTU must be between 68 and 9000 - - - - - - - - - Virtual Local Area Network (VLAN) ID - - - - VLAN ID must be between 0 and 4094 - - - - - IP address - - dhcp dhcpv6 - - - ipv4net - IPv4 address and prefix length - - - ipv6net - IPv6 address and prefix length - - - dhcp - Dynamic Host Configuration Protocol - - - dhcpv6 - Dynamic Host Configuration Protocol for IPv6 - - - - (dhcp|dhcpv6) - - - - - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - - - - DHCP options - - - - - DHCP client identifier - - - - - DHCP client host name (overrides the system host name) - - - - - DHCP client vendor type - - - - - - - DHCPv6 options - 319 - - - - - Acquire only config parameters, no address - - - - - - IPv6 "temporary" address - - - - - - - - Ignore link state changes - - - - - - Disable this bridge interface - - - - - - Media Access Control (MAC) address - - h:h:h:h:h:h - Hardware (MAC) address - - - - - - - - - Maximum Transmission Unit (MTU) - - 68-9000 - Maximum Transmission Unit - - - - - MTU must be between 68 and 9000 - - - - - - - - - diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in new file mode 100644 index 000000000..821dd15fa --- /dev/null +++ b/interface-definitions/interfaces-bonding.xml.in @@ -0,0 +1,693 @@ + + + + + + + Bonding interface name + 320 + + bond[0-9]+$ + + Bonding interface must be named bondN + + bondN + Bonding interface name + + + + + + IP address + + dhcp dhcpv6 + + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + dhcp + Dynamic Host Configuration Protocol + + + dhcpv6 + Dynamic Host Configuration Protocol for IPv6 + + + + (dhcp|dhcpv6) + + + + + + + ARP link monitoring parameters + + + + + ARP link monitoring interval + + 0-4294967295 + Specifies the ARP link monitoring frequency in milliseconds + + + + + + + + + IP address used for ARP monitoring + + ipv4 + Network Time Protocol (NTP) IPv4 address + + + + + + + + + + + + Interface description + + ^.{1,256}$ + + Interface description too long (limit 256 characters) + + + + + DHCP options + + + + + DHCP client identifier + + + + + DHCP client host name (overrides the system host name) + + + + + DHCP client vendor type + + + + + + + DHCPv6 options + 319 + + + + + Acquire only config parameters, no address + + + + + + IPv6 "temporary" address + + + + + + + + Ignore link state changes + + + + + + Disable this bridge interface + + + + + + Bonding transmit hash policy + + layer2 layer2+3 layer3+4 + + + layer2 + use MAC addresses to generate the hash (802.3ad, default) + + + layer2+3 + combine MAC address and IP address to make hash + + + layer3+4 + combine IP address and port to make hash + + + (layer2\+3|layer3\+4|layer2) + + hash-policy must be layer2 layer2+3 or layer3+4 + + + + + + + ARP cache entry timeout in seconds + + 1-86400 + ARP cache entry timout in seconds (default 30) + + + + + ARP cache entry timeout must be between 1 and 86400 seconds + + + + + Enable proxy-arp on this interface + + + + + + Enable private VLAN proxy ARP on this interface + + + + + + + + Media Access Control (MAC) address + + h:h:h:h:h:h + Hardware (MAC) address + + + + + + + + + Bonding mode + + 802.3ad active-backup broadcast round-robin transmit-load-balance adaptive-load-balance xor-hash + + + 802.3ad + IEEE 802.3ad Dynamic link aggregation (Default) + + + active-backup + Fault tolerant: only one slave in the bond is active + + + broadcast + Fault tolerant: transmits everything on all slave interfaces + + + round-robin + Load balance: transmit packets in sequential order + + + transmit-load-balance + Load balance: adapts based on transmit load and speed + + + adaptive-load-balance + Load balance: adapts based on transmit and receive plus ARP + + + xor-hash + Distribute based on MAC address + + + (802.3ad|active-backup|broadcast|round-robin|transmit-load-balance|adaptive-load-balance|xor-hash) + + mode must be 802.3ad, active-backup, broadcast, round-robin, transmit-load-balance, adaptive-load-balance, or xor + + + + + Bridge member interfaces + + + + + Member interface name + + + + + + + + + + + Maximum Transmission Unit (MTU) + + 68-9000 + Maximum Transmission Unit + + + + + MTU must be between 68 and 9000 + + + + + Primary device interface + + + + + + + + QinQ TAG-S Virtual Local Area Network (VLAN) ID + + + + VLAN ID must be between 0 and 4094 + + + + + IP address + + dhcp dhcpv6 + + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + dhcp + Dynamic Host Configuration Protocol + + + dhcpv6 + Dynamic Host Configuration Protocol for IPv6 + + + + (dhcp|dhcpv6) + + + + + + + Interface description + + ^.{1,256}$ + + Interface description too long (limit 256 characters) + + + + + DHCP options + + + + + DHCP client identifier + + + + + DHCP client host name (overrides the system host name) + + + + + DHCP client vendor type + + + + + + + DHCPv6 options + 319 + + + + + Acquire only config parameters, no address + + + + + + IPv6 "temporary" address + + + + + + + + Ignore link state changes + + + + + + Disable this bridge interface + + + + + + Set Ethertype + + 0x88A8 0x8100 + + + 0x88A8 + 802.1ad + + + 0x8100 + 802.1q + + + (0x88A8|0x8100) + + Ethertype must be 0x88A8 or 0x8100 + + + + + Media Access Control (MAC) address + + h:h:h:h:h:h + Hardware (MAC) address + + + + + + + + + Maximum Transmission Unit (MTU) + + 68-9000 + Maximum Transmission Unit + + + + + MTU must be between 68 and 9000 + + + + + QinQ TAG-C Virtual Local Area Network (VLAN) ID + + + + VLAN ID must be between 0 and 4094 + + + + + IP address + + dhcp dhcpv6 + + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + dhcp + Dynamic Host Configuration Protocol + + + dhcpv6 + Dynamic Host Configuration Protocol for IPv6 + + + + (dhcp|dhcpv6) + + + + + + + Interface description + + ^.{1,256}$ + + Interface description too long (limit 256 characters) + + + + + DHCP options + + + + + DHCP client identifier + + + + + DHCP client host name (overrides the system host name) + + + + + DHCP client vendor type + + + + + + + DHCPv6 options + 319 + + + + + Acquire only config parameters, no address + + + + + + IPv6 "temporary" address + + + + + + + + Ignore link state changes + + + + + + Disable this bridge interface + + + + + + Media Access Control (MAC) address + + h:h:h:h:h:h + Hardware (MAC) address + + + + + + + + + Maximum Transmission Unit (MTU) + + 68-9000 + Maximum Transmission Unit + + + + + MTU must be between 68 and 9000 + + + + + + + + + Virtual Local Area Network (VLAN) ID + + + + VLAN ID must be between 0 and 4094 + + + + + IP address + + dhcp dhcpv6 + + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + dhcp + Dynamic Host Configuration Protocol + + + dhcpv6 + Dynamic Host Configuration Protocol for IPv6 + + + + (dhcp|dhcpv6) + + + + + + + Interface description + + ^.{1,256}$ + + Interface description too long (limit 256 characters) + + + + + DHCP options + + + + + DHCP client identifier + + + + + DHCP client host name (overrides the system host name) + + + + + DHCP client vendor type + + + + + + + DHCPv6 options + 319 + + + + + Acquire only config parameters, no address + + + + + + IPv6 "temporary" address + + + + + + + + Ignore link state changes + + + + + + Disable this bridge interface + + + + + + Media Access Control (MAC) address + + h:h:h:h:h:h + Hardware (MAC) address + + + + + + + + + Maximum Transmission Unit (MTU) + + 68-9000 + Maximum Transmission Unit + + + + + MTU must be between 68 and 9000 + + + + + + + + + diff --git a/interface-definitions/interfaces-bridge.xml b/interface-definitions/interfaces-bridge.xml deleted file mode 100644 index 40505d7de..000000000 --- a/interface-definitions/interfaces-bridge.xml +++ /dev/null @@ -1,274 +0,0 @@ - - - - - - - Bridge interface name - 470 - - ^br[0-9]+$ - - Bridge interface must be named brN - - brN - Bridge interface name - - - - - - IP address - - dhcp dhcpv6 - - - ipv4net - IPv4 address and prefix length - - - ipv6net - IPv6 address and prefix length - - - dhcp - Dynamic Host Configuration Protocol - - - dhcpv6 - Dynamic Host Configuration Protocol for IPv6 - - - - (dhcp|dhcpv6) - - - - - - - MAC address aging interval - - 0 - Disable MAC address learning (always flood) - - - 10-1000000 - MAC address aging time in seconds (default: 300) - - - - - - - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - - - - DHCP options - - - - - DHCP client identifier - - - - - DHCP client host name (overrides the system host name) - - - - - DHCP client vendor type - - - - - - - DHCPv6 options - 319 - - - - - Acquire only config parameters, no address - - - - - - IPv6 "temporary" address - - - - - - - - Ignore link state changes - - - - - - Disable this bridge interface - - - - - - Forwarding delay - - 0-200 - Spanning Tree Protocol forwarding delay in seconds (default 15) - - - - - Forwarding delay must be between 0 and 200 seconds - - - - - Hello packet advertisment interval - - 1-10 - Spanning Tree Protocol hello advertisement interval in seconds (default 2) - - - - - Bridge Hello interval must be between 1 and 10 seconds - - - - - Internet Group Management Protocol (IGMP) settings - - - - - Enable IGMP querier - - - - - - - - - - ARP cache entry timeout in seconds - - 1-86400 - ARP cache entry timout in seconds (default 30) - - - - - ARP cache entry timeout must be between 1 and 86400 seconds - - - - - - - Media Access Control (MAC) address - - h:h:h:h:h:h - Hardware (MAC) address - - - - - - - - - Interval at which neighbor bridges are removed - - 1-40 - Bridge maximum aging time in seconds (default 20) - - - - - Bridge max aging value must be between 1 and 40 seconds - - - - - Bridge member interfaces - - - - - Member interface name - - - - - - - - Bridge port cost - - 1-65535 - Path cost value for Spanning Tree Protocol - - - - - Path cost value must be between 1 and 65535 - - - - - Bridge port priority - - 0-63 - Bridge port priority - - - - - Port priority value must be between 0 and 63 - - - - - - - - - Priority for this bridge - - 0-65535 - Bridge priority (default 32768) - - - - - Bridge priority must be between 0 and 65535 (multiples of 4096) - - - - - Enable spanning tree protocol - - - - - - - - diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in new file mode 100644 index 000000000..40505d7de --- /dev/null +++ b/interface-definitions/interfaces-bridge.xml.in @@ -0,0 +1,274 @@ + + + + + + + Bridge interface name + 470 + + ^br[0-9]+$ + + Bridge interface must be named brN + + brN + Bridge interface name + + + + + + IP address + + dhcp dhcpv6 + + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + dhcp + Dynamic Host Configuration Protocol + + + dhcpv6 + Dynamic Host Configuration Protocol for IPv6 + + + + (dhcp|dhcpv6) + + + + + + + MAC address aging interval + + 0 + Disable MAC address learning (always flood) + + + 10-1000000 + MAC address aging time in seconds (default: 300) + + + + + + + + + Interface description + + ^.{1,256}$ + + Interface description too long (limit 256 characters) + + + + + DHCP options + + + + + DHCP client identifier + + + + + DHCP client host name (overrides the system host name) + + + + + DHCP client vendor type + + + + + + + DHCPv6 options + 319 + + + + + Acquire only config parameters, no address + + + + + + IPv6 "temporary" address + + + + + + + + Ignore link state changes + + + + + + Disable this bridge interface + + + + + + Forwarding delay + + 0-200 + Spanning Tree Protocol forwarding delay in seconds (default 15) + + + + + Forwarding delay must be between 0 and 200 seconds + + + + + Hello packet advertisment interval + + 1-10 + Spanning Tree Protocol hello advertisement interval in seconds (default 2) + + + + + Bridge Hello interval must be between 1 and 10 seconds + + + + + Internet Group Management Protocol (IGMP) settings + + + + + Enable IGMP querier + + + + + + + + + + ARP cache entry timeout in seconds + + 1-86400 + ARP cache entry timout in seconds (default 30) + + + + + ARP cache entry timeout must be between 1 and 86400 seconds + + + + + + + Media Access Control (MAC) address + + h:h:h:h:h:h + Hardware (MAC) address + + + + + + + + + Interval at which neighbor bridges are removed + + 1-40 + Bridge maximum aging time in seconds (default 20) + + + + + Bridge max aging value must be between 1 and 40 seconds + + + + + Bridge member interfaces + + + + + Member interface name + + + + + + + + Bridge port cost + + 1-65535 + Path cost value for Spanning Tree Protocol + + + + + Path cost value must be between 1 and 65535 + + + + + Bridge port priority + + 0-63 + Bridge port priority + + + + + Port priority value must be between 0 and 63 + + + + + + + + + Priority for this bridge + + 0-65535 + Bridge priority (default 32768) + + + + + Bridge priority must be between 0 and 65535 (multiples of 4096) + + + + + Enable spanning tree protocol + + + + + + + + diff --git a/interface-definitions/interfaces-dummy.xml b/interface-definitions/interfaces-dummy.xml deleted file mode 100644 index 3bc4330e4..000000000 --- a/interface-definitions/interfaces-dummy.xml +++ /dev/null @@ -1,55 +0,0 @@ - - - - - - - Dummy interface name - 300 - - dum[0-9]+$ - - Dummy interface must be named dumN - - dumN - Dummy interface name - - - - - - IP address - - ipv4net - IPv4 address and prefix length - - - ipv6net - IPv6 address and prefix length - - - - - - - - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - - - - Disable interface - - - - - - - - diff --git a/interface-definitions/interfaces-dummy.xml.in b/interface-definitions/interfaces-dummy.xml.in new file mode 100644 index 000000000..3bc4330e4 --- /dev/null +++ b/interface-definitions/interfaces-dummy.xml.in @@ -0,0 +1,55 @@ + + + + + + + Dummy interface name + 300 + + dum[0-9]+$ + + Dummy interface must be named dumN + + dumN + Dummy interface name + + + + + + IP address + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + + + + + + + + Interface description + + ^.{1,256}$ + + Interface description too long (limit 256 characters) + + + + + Disable interface + + + + + + + + diff --git a/interface-definitions/interfaces-ethernet.xml b/interface-definitions/interfaces-ethernet.xml deleted file mode 100644 index f51bb3d87..000000000 --- a/interface-definitions/interfaces-ethernet.xml +++ /dev/null @@ -1,904 +0,0 @@ - - - - - - - Ethernet interface name - 318 - - ((eth|lan)[0-9]+|(eno|ens|enp|enx).+)$ - - Invalid Ethernet interface name - - ethN - Ethernet interface name - - - en[ospx]N - Ethernet interface name - - - - - - IP address - - dhcp dhcpv6 - - - ipv4net - IPv4 address and prefix length - - - ipv6net - IPv6 address and prefix length - - - dhcp - Dynamic Host Configuration Protocol - - - dhcpv6 - Dynamic Host Configuration Protocol for IPv6 - - - - (dhcp|dhcpv6) - - - - - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - - - - DHCP options - - - - - DHCP client identifier - - - - - DHCP client host name (overrides system host name) - - - - - DHCP client vendor type - - - - - - - DHCPv6 options - 319 - - - - - Acquire only config parameters, no address - - - - - - IPv6 "temporary" address - - - - - - - - Disable Ethernet flow control (pause frames) - - - - - - Ignore link state changes - - - - - - Disable this bridge interface - - - - - - Duplex mode - - auto half full - - - auto - Auto negotiation (default) - - - half - Half duplex - - - full - Full duplex - - - (auto|half|full) - - duplex must be auto, half or full - - - - - Media Access Control (MAC) address - - h:h:h:h:h:h - Hardware (MAC) address - - - - - - - - - - - ARP cache entry timeout in seconds - - 1-86400 - ARP cache entry timout in seconds (default 30) - - - - - ARP cache entry timeout must be between 1 and 86400 seconds - - - - - Enable proxy-arp on this interface - - - - - - Enable private VLAN proxy ARP on this interface - - - - - - - - Media Access Control (MAC) address - - h:h:h:h:h:h - Hardware (MAC) address - - - - - - - - - Maximum Transmission Unit (MTU) - - 68-9000 - Maximum Transmission Unit - - - - - MTU must be between 68 and 9000 - - - - - Configurable offload options - - - - - Configure GRO (generic receive offload) - - on off - - - on - Enable GRO (generic receive offload) - - - off - Disable GRO (generic receive offload) - - - (on|off) - - Must be either 'on' or 'off' - - - - - Configure GSO (generic segmentation offload) - - on off - - - on - Enable GSO (generic segmentation offload) - - - off - Disable GSO (generic segmentation offload) - - - (on|off) - - Must be either 'on' or 'off' - - - - - Configure scatter-gather option - - on off - - - on - Enable scatter-gather - - - off - Disable scatter-gather - - - (on|off) - - Must be either 'on' or 'off' - - - - - Configure TSO (TCP segmentation offloading) - - on off - - - on - Enable TSO (TCP segmentation offloading) - - - off - Disable TSO (TCP segmentation offloading) - - - (on|off) - - Must be either 'on' or 'off' - - - - - Configure UDP fragmentation offloading - - on off - - - on - Enable UDP fragmentation offloading - - - off - Disable UDP fragmentation offloading - - - (on|off) - - Must be either 'on' or 'off' - - - - - - - CPU interrupt affinity mask - - auto 10 100 1000 2500 5000 10000 - - - auto - Auto negotiation (default) - - - hex - Bitmask representing CPUs that this NIC will interrupt - - - hex,hex - Bitmasks representing CPUs for interrupt and receive processing - - - (auto) - [0-9a-f]+(|,[0-9a-f]+)$ - - IRQ affinity mask must be hex value or auto - - - - - Link speed - - auto 10 100 1000 2500 5000 10000 25000 40000 50000 100000 - - - auto - Auto negotiation (default) - - - 10 - 10 Mbit/sec - - - 100 - 100 Mbit/sec - - - 1000 - 1 Gbit/sec - - - 2500 - 2.5 Gbit/sec - - - 5000 - 5 Gbit/sec - - - 10000 - 10 Gbit/sec - - - 25000 - 25 Gbit/sec - - - 40000 - 40 Gbit/sec - - - 50000 - 50 Gbit/sec - - - 100000 - 100 Gbit/sec - - - (auto|10|100|1000|2500|5000|10000|25000|40000|50000|100000) - - Speed must be auto, 10, 100, 1000, 2500, 5000, 10000, 25000, 40000, 50000 or 100000 - - - - - QinQ TAG-S Virtual Local Area Network (VLAN) ID - - 0-4094 - QinQ TAG-S Virtual Local Area Network (VLAN) ID - - - - - VLAN ID must be between 0 and 4094 - - - - - IP address - - dhcp dhcpv6 - - - ipv4net - IPv4 address and prefix length - - - ipv6net - IPv6 address and prefix length - - - dhcp - Dynamic Host Configuration Protocol - - - dhcpv6 - Dynamic Host Configuration Protocol for IPv6 - - - - (dhcp|dhcpv6) - - - - - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - - - - DHCP options - - - - - DHCP client identifier - - - - - DHCP client host name (overrides system host name) - - - - - DHCP client vendor type - - - - - - - DHCPv6 options - 319 - - - - - Acquire only config parameters, no address - - - - - - IPv6 "temporary" address - - - - - - - - Ignore link state changes - - - - - - Disable this bridge interface - - - - - - Set Ethertype - - 0x88A8 0x8100 - - - 0x88A8 - 802.1ad - - - 0x8100 - 802.1q - - - (0x88A8|0x8100) - - Ethertype must be 0x88A8 or 0x8100 - - - - - - - Enable proxy-arp on this interface - - - - - - Enable private VLAN proxy ARP on this interface - - - - - - - - Media Access Control (MAC) address - - h:h:h:h:h:h - Hardware (MAC) address - - - - - - - - - Maximum Transmission Unit (MTU) - - 68-9000 - Maximum Transmission Unit - - - - - MTU must be between 68 and 9000 - - - - - QinQ TAG-C Virtual Local Area Network (VLAN) ID - - 0-4094 - QinQ TAG-C Virtual Local Area Network (VLAN) ID - - - - - VLAN ID must be between 0 and 4094 - - - - - IP address - - dhcp dhcpv6 - - - ipv4net - IPv4 address and prefix length - - - ipv6net - IPv6 address and prefix length - - - dhcp - Dynamic Host Configuration Protocol - - - dhcpv6 - Dynamic Host Configuration Protocol for IPv6 - - - - (dhcp|dhcpv6) - - - - - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - - - - DHCP options - - - - - DHCP client identifier - - - - - DHCP client host name (overrides system host name) - - - - - DHCP client vendor type - - - - - - - DHCPv6 options - 319 - - - - - Acquire only config parameters, no address - - - - - - IPv6 "temporary" address - - - - - - - - Ignore link state changes - - - - - - Disable this bridge interface - - - - - - - - Enable proxy-arp on this interface - - - - - - Enable private VLAN proxy ARP on this interface - - - - - - - - Media Access Control (MAC) address - - h:h:h:h:h:h - Hardware (MAC) address - - - - - - - - - Maximum Transmission Unit (MTU) - - 68-9000 - Maximum Transmission Unit - - - - - MTU must be between 68 and 9000 - - - - - - - - - Virtual Local Area Network (VLAN) ID - - 0-4094 - Virtual Local Area Network (VLAN) ID - - - - - VLAN ID must be between 0 and 4094 - - - - - IP address - - dhcp dhcpv6 - - - ipv4net - IPv4 address and prefix length - - - ipv6net - IPv6 address and prefix length - - - dhcp - Dynamic Host Configuration Protocol - - - dhcpv6 - Dynamic Host Configuration Protocol for IPv6 - - - - (dhcp|dhcpv6) - - - - - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - - - - DHCP options - - - - - DHCP client identifier - - - - - DHCP client host name (overrides system host name) - - - - - DHCP client vendor type - - - - - - - DHCPv6 options - 319 - - - - - Acquire only config parameters, no address - - - - - - IPv6 "temporary" address - - - - - - - - Ignore link state changes - - - - - - Disable this bridge interface - - - - - - VLAN egress QoS - - - - - [:0-7 ]+$ - - QoS mapping should be in the format of \"0:7 2:3\" with numbers 0-9 - - - - - VLAN ingress QoS - - - - - [:0-7 ]+$ - - QoS mapping should be in the format of \"0:7 2:3\" with numbers 0-9 - - - - - - - ARP cache entry timeout in seconds - - 1-86400 - ARP cache entry timout in seconds (default 30) - - - - - ARP cache entry timeout must be between 1 and 86400 seconds - - - - - Enable proxy-arp on this interface - - - - - - Enable private VLAN proxy ARP on this interface - - - - - - - - Media Access Control (MAC) address - - h:h:h:h:h:h - Hardware (MAC) address - - - - - - - - - Maximum Transmission Unit (MTU) - - 68-9000 - Maximum Transmission Unit - - - - - MTU must be between 68 and 9000 - - - - - - - - - diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in new file mode 100644 index 000000000..2c89c3604 --- /dev/null +++ b/interface-definitions/interfaces-ethernet.xml.in @@ -0,0 +1,904 @@ + + + + + + + Ethernet interface name + 318 + + ((eth|lan)[0-9]+|(eno|ens|enp|enx).+)$ + + Invalid Ethernet interface name + + ethN + Ethernet interface name + + + en[ospx]N + Ethernet interface name + + + + + + IP address + + dhcp dhcpv6 + + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + dhcp + Dynamic Host Configuration Protocol + + + dhcpv6 + Dynamic Host Configuration Protocol for IPv6 + + + + (dhcp|dhcpv6) + + + + + + + Interface description + + ^.{1,256}$ + + Interface description too long (limit 256 characters) + + + + + DHCP options + + + + + DHCP client identifier + + + + + DHCP client host name (overrides system host name) + + + + + DHCP client vendor type + + + + + + + DHCPv6 options + 319 + + + + + Acquire only config parameters, no address + + + + + + IPv6 "temporary" address + + + + + + + + Disable Ethernet flow control (pause frames) + + + + + + Ignore link state changes + + + + + + Disable this bridge interface + + + + + + Duplex mode + + auto half full + + + auto + Auto negotiation (default) + + + half + Half duplex + + + full + Full duplex + + + (auto|half|full) + + duplex must be auto, half or full + + + + + Media Access Control (MAC) address + + h:h:h:h:h:h + Hardware (MAC) address + + + + + + + + + + + ARP cache entry timeout in seconds + + 1-86400 + ARP cache entry timout in seconds (default 30) + + + + + ARP cache entry timeout must be between 1 and 86400 seconds + + + + + Enable proxy-arp on this interface + + + + + + Enable private VLAN proxy ARP on this interface + + + + + + + + Media Access Control (MAC) address + + h:h:h:h:h:h + Hardware (MAC) address + + + + + + + + + Maximum Transmission Unit (MTU) + + 68-9000 + Maximum Transmission Unit + + + + + MTU must be between 68 and 9000 + + + + + Configurable offload options + + + + + Configure GRO (generic receive offload) + + on off + + + on + Enable GRO (generic receive offload) + + + off + Disable GRO (generic receive offload) + + + (on|off) + + Must be either 'on' or 'off' + + + + + Configure GSO (generic segmentation offload) + + on off + + + on + Enable GSO (generic segmentation offload) + + + off + Disable GSO (generic segmentation offload) + + + (on|off) + + Must be either 'on' or 'off' + + + + + Configure scatter-gather option + + on off + + + on + Enable scatter-gather + + + off + Disable scatter-gather + + + (on|off) + + Must be either 'on' or 'off' + + + + + Configure TSO (TCP segmentation offloading) + + on off + + + on + Enable TSO (TCP segmentation offloading) + + + off + Disable TSO (TCP segmentation offloading) + + + (on|off) + + Must be either 'on' or 'off' + + + + + Configure UDP fragmentation offloading + + on off + + + on + Enable UDP fragmentation offloading + + + off + Disable UDP fragmentation offloading + + + (on|off) + + Must be either 'on' or 'off' + + + + + + + CPU interrupt affinity mask + + auto 10 100 1000 2500 5000 10000 + + + auto + Auto negotiation (default) + + + hex + Bitmask representing CPUs that this NIC will interrupt + + + hex,hex + Bitmasks representing CPUs for interrupt and receive processing + + + (auto) + [0-9a-f]+(|,[0-9a-f]+)$ + + IRQ affinity mask must be hex value or auto + + + + + Link speed + + auto 10 100 1000 2500 5000 10000 25000 40000 50000 100000 + + + auto + Auto negotiation (default) + + + 10 + 10 Mbit/sec + + + 100 + 100 Mbit/sec + + + 1000 + 1 Gbit/sec + + + 2500 + 2.5 Gbit/sec + + + 5000 + 5 Gbit/sec + + + 10000 + 10 Gbit/sec + + + 25000 + 25 Gbit/sec + + + 40000 + 40 Gbit/sec + + + 50000 + 50 Gbit/sec + + + 100000 + 100 Gbit/sec + + + (auto|10|100|1000|2500|5000|10000|25000|40000|50000|100000) + + Speed must be auto, 10, 100, 1000, 2500, 5000, 10000, 25000, 40000, 50000 or 100000 + + + + + QinQ TAG-S Virtual Local Area Network (VLAN) ID + + 0-4094 + QinQ TAG-S Virtual Local Area Network (VLAN) ID + + + + + VLAN ID must be between 0 and 4094 + + + + + IP address + + dhcp dhcpv6 + + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + dhcp + Dynamic Host Configuration Protocol + + + dhcpv6 + Dynamic Host Configuration Protocol for IPv6 + + + + (dhcp|dhcpv6) + + + + + + + Interface description + + ^.{1,256}$ + + Interface description too long (limit 256 characters) + + + + + DHCP options + + + + + DHCP client identifier + + + + + DHCP client host name (overrides system host name) + + + + + DHCP client vendor type + + + + + + + DHCPv6 options + 319 + + + + + Acquire only config parameters, no address + + + + + + IPv6 "temporary" address + + + + + + + + Ignore link state changes + + + + + + Disable this bridge interface + + + + + + Set Ethertype + + 0x88A8 0x8100 + + + 0x88A8 + 802.1ad + + + 0x8100 + 802.1q + + + (0x88A8|0x8100) + + Ethertype must be 0x88A8 or 0x8100 + + + + + + + Enable proxy-arp on this interface + + + + + + Enable private VLAN proxy ARP on this interface + + + + + + + + Media Access Control (MAC) address + + h:h:h:h:h:h + Hardware (MAC) address + + + + + + + + + Maximum Transmission Unit (MTU) + + 68-9000 + Maximum Transmission Unit + + + + + MTU must be between 68 and 9000 + + + + + QinQ TAG-C Virtual Local Area Network (VLAN) ID + + 0-4094 + QinQ TAG-C Virtual Local Area Network (VLAN) ID + + + + + VLAN ID must be between 0 and 4094 + + + + + IP address + + dhcp dhcpv6 + + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + dhcp + Dynamic Host Configuration Protocol + + + dhcpv6 + Dynamic Host Configuration Protocol for IPv6 + + + + (dhcp|dhcpv6) + + + + + + + Interface description + + ^.{1,256}$ + + Interface description too long (limit 256 characters) + + + + + DHCP options + + + + + DHCP client identifier + + + + + DHCP client host name (overrides system host name) + + + + + DHCP client vendor type + + + + + + + DHCPv6 options + 319 + + + + + Acquire only config parameters, no address + + + + + + IPv6 "temporary" address + + + + + + + + Ignore link state changes + + + + + + Disable this bridge interface + + + + + + + + Enable proxy-arp on this interface + + + + + + Enable private VLAN proxy ARP on this interface + + + + + + + + Media Access Control (MAC) address + + h:h:h:h:h:h + Hardware (MAC) address + + + + + + + + + Maximum Transmission Unit (MTU) + + 68-9000 + Maximum Transmission Unit + + + + + MTU must be between 68 and 9000 + + + + + + + + + Virtual Local Area Network (VLAN) ID + + 0-4094 + Virtual Local Area Network (VLAN) ID + + + + + VLAN ID must be between 0 and 4094 + + + + + IP address + + dhcp dhcpv6 + + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + dhcp + Dynamic Host Configuration Protocol + + + dhcpv6 + Dynamic Host Configuration Protocol for IPv6 + + + + (dhcp|dhcpv6) + + + + + + + Interface description + + ^.{1,256}$ + + Interface description too long (limit 256 characters) + + + + + DHCP options + + + + + DHCP client identifier + + + + + DHCP client host name (overrides system host name) + + + + + DHCP client vendor type + + + + + + + DHCPv6 options + 319 + + + + + Acquire only config parameters, no address + + + + + + IPv6 "temporary" address + + + + + + + + Ignore link state changes + + + + + + Disable this bridge interface + + + + + + VLAN egress QoS + + + + + [:0-7 ]+$ + + QoS mapping should be in the format of '0:7 2:3' with numbers 0-9 + + + + + VLAN ingress QoS + + + + + [:0-7 ]+$ + + QoS mapping should be in the format of '0:7 2:3' with numbers 0-9 + + + + + + + ARP cache entry timeout in seconds + + 1-86400 + ARP cache entry timout in seconds (default 30) + + + + + ARP cache entry timeout must be between 1 and 86400 seconds + + + + + Enable proxy-arp on this interface + + + + + + Enable private VLAN proxy ARP on this interface + + + + + + + + Media Access Control (MAC) address + + h:h:h:h:h:h + Hardware (MAC) address + + + + + + + + + Maximum Transmission Unit (MTU) + + 68-9000 + Maximum Transmission Unit + + + + + MTU must be between 68 and 9000 + + + + + + + + + diff --git a/interface-definitions/interfaces-geneve.xml b/interface-definitions/interfaces-geneve.xml deleted file mode 100644 index e65ce6826..000000000 --- a/interface-definitions/interfaces-geneve.xml +++ /dev/null @@ -1,118 +0,0 @@ - - - - - - - Generic Network Virtualization Encapsulation (GENEVE) - 460 - - gnv[0-9]+$ - - GENEVE interface must be named gnvN - - gnvN - GENEVE interface name - - - - - - IP address - - ipv4net - IPv4 address and prefix length - - - ipv6net - IPv6 address and prefix length - - - - - - - - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - - - - Disable interface - - - - - - IPv4 routing parameters - - - - - ARP cache entry timeout in seconds - - 1-86400 - ARP cache entry timout in seconds (default 30) - - - - - ARP cache entry timeout must be between 1 and 86400 seconds - - - - - Enable proxy-arp on this interface - - - - - - - - Maximum Transmission Unit (MTU) - - 1450-9000 - Maximum Transmission Unit - - - - - MTU must be between 1500 and 9000 - - - - - Remote address of GENEVE tunnel - - ipv4 - Remote address of GENEVE tunnel - - - - - - - - - Virtual Network Identifier - - 0-16777214 - GENEVE virtual network identifier - - - - - - - - - - - diff --git a/interface-definitions/interfaces-geneve.xml.in b/interface-definitions/interfaces-geneve.xml.in new file mode 100644 index 000000000..e65ce6826 --- /dev/null +++ b/interface-definitions/interfaces-geneve.xml.in @@ -0,0 +1,118 @@ + + + + + + + Generic Network Virtualization Encapsulation (GENEVE) + 460 + + gnv[0-9]+$ + + GENEVE interface must be named gnvN + + gnvN + GENEVE interface name + + + + + + IP address + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + + + + + + + + Interface description + + ^.{1,256}$ + + Interface description too long (limit 256 characters) + + + + + Disable interface + + + + + + IPv4 routing parameters + + + + + ARP cache entry timeout in seconds + + 1-86400 + ARP cache entry timout in seconds (default 30) + + + + + ARP cache entry timeout must be between 1 and 86400 seconds + + + + + Enable proxy-arp on this interface + + + + + + + + Maximum Transmission Unit (MTU) + + 1450-9000 + Maximum Transmission Unit + + + + + MTU must be between 1500 and 9000 + + + + + Remote address of GENEVE tunnel + + ipv4 + Remote address of GENEVE tunnel + + + + + + + + + Virtual Network Identifier + + 0-16777214 + GENEVE virtual network identifier + + + + + + + + + + + diff --git a/interface-definitions/interfaces-loopback.xml b/interface-definitions/interfaces-loopback.xml deleted file mode 100644 index 0f003bc64..000000000 --- a/interface-definitions/interfaces-loopback.xml +++ /dev/null @@ -1,46 +0,0 @@ - - - - - - - Loopback interface - 300 - - lo$ - - Loopback interface must be named lo - - lo - Loopback interface - - - - - - IP address - - ipv4net - IPv4 address and prefix length - - - ipv6net - IPv6 address and prefix length - - - - - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - - - - - - diff --git a/interface-definitions/interfaces-loopback.xml.in b/interface-definitions/interfaces-loopback.xml.in new file mode 100644 index 000000000..0f003bc64 --- /dev/null +++ b/interface-definitions/interfaces-loopback.xml.in @@ -0,0 +1,46 @@ + + + + + + + Loopback interface + 300 + + lo$ + + Loopback interface must be named lo + + lo + Loopback interface + + + + + + IP address + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + + + + + Interface description + + ^.{1,256}$ + + Interface description too long (limit 256 characters) + + + + + + + diff --git a/interface-definitions/interfaces-openvpn.xml b/interface-definitions/interfaces-openvpn.xml deleted file mode 100644 index 2c2556f45..000000000 --- a/interface-definitions/interfaces-openvpn.xml +++ /dev/null @@ -1,677 +0,0 @@ - - - - - - - OpenVPN tunnel interface name - 460 - - ^vtun[0-9]+$ - - OpenVPN tunnel interface must be named vtunN - - vtunN - OpenVPN interface name - - - - - - Authentication options - - - - - OpenVPN password used for authentication - - - - - OpenVPN username used for authentication - - - - - - - Description - - - - - OpenVPN interface device-type - - tun tap - - - tun - TUN device, required for OSI layer 3 - - - tap - TAP device, required for OSI layer 2 - - - (tun|tap) - - - - - - Disable interface - - - - - - Data Encryption settings - - - - - Standard Data Encryption Algorithm - - des 3des bf128 bf256 aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm - - - des - DES algorithm - - - 3des - DES algorithm with triple encryption - - - bf128 - Blowfish algorithm with 128-bit key - - - bf256 - Blowfish algorithm with 256-bit key - - - aes128 - AES algorithm with 128-bit key CBC - - - aes128gcm - AES algorithm with 128-bit key GCM - - - aes192 - AES algorithm with 192-bit key CBC - - - aes192gcm - AES algorithm with 192-bit key GCM - - - aes256 - AES algorithm with 256-bit key CBC - - - aes256gcm - AES algorithm with 256-bit key GCM - - - (des|3des|bf128|bf256|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm) - - - - - - Cipher negotiation list for use in server or client mode - - des 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm - - - des - DES algorithm - - - 3des - DES algorithm with triple encryption - - - aes128 - AES algorithm with 128-bit key CBC - - - aes128gcm - AES algorithm with 128-bit key GCM - - - aes192 - AES algorithm with 192-bit key CBC - - - aes192gcm - AES algorithm with 192-bit key GCM - - - aes256 - AES algorithm with 256-bit key CBC - - - aes256gcm - AES algorithm with 256-bit key GCM - - - (des|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm) - - - - - - - Disable support for ncp-ciphers - - - - - - - - Hashing Algorithm - - md5 sha1 sha256 sha384 sha512 - - - md5 - MD5 algorithm - - - sha1 - SHA-1 algorithm - - - sha256 - SHA-256 algorithm - - - sha384 - SHA-384 algorithm - - - sha512 - SHA-512 algorithm - - - (md5|sha1|sha256|sha384|sha512) - - - - - - Keepalive helper options - - - - - Maximum number of keepalive packet failures [default 6] - - 0-1000 - Maximum number of keepalive packet failures - - - - - - - - - Keepalive packet interval (seconds) [default 10] - - 0-600 - Keepalive packet interval (seconds) - - - - - - - - - - - Local IP address of tunnel - - - - - - - - Subnet-mask for local IP address of tunnel - - - - - - - - - - Local IP address to accept connections (all if not set) - - ipv4 - Local IPv4 address - - - - - - - - - Local port number to accept connections - - 1-65535 - Numeric IP port - - - - - - - - - OpenVPN mode of operation - - site-to-site client server - - - site-to-site - Site-to-site mode - - - client - Client in client-server mode - - - server - Server in client-server mode - - - (site-to-site|client|server) - - - - - - Additional OpenVPN options. You must - use the syntax of openvpn.conf in this text-field. Using this - without proper knowledge may result in a crashed OpenVPN server. - Check system log to look for errors. - - - - - - Do not close and reopen interface (TUN/TAP device) on client restarts - - - - - - OpenVPN communication protocol - - udp tcp-passive tcp-active - - - udp - Site-to-site mode - - - tcp-passive - TCP and accepts connections passively - - - tcp-active - TCP and initiates connections actively - - - (udp|tcp-passive|tcp-active) - - - - - - IP address of remote end of tunnel - - ipv4 - Remote end IPv4 address - - - - - - - - - Remote host to connect to (dynamic if not set) - - ipv4 - IP address of remote host - - - txt - Hostname of remote host - - - - - - - Remote port number to connect to - - 1-65535 - Numeric IP port - - - - - - - - - OpenVPN tunnel to be used as the default route - - - - - Tunnel endpoints are on the same subnet - - - - - - - Server-mode options - - - - - Client-specific settings - - name - Client common-name in the certificate - - - - - - Option to disable client connection - - - - - - IP address of the client - - ipv4 - Client IPv4 address - - - - - - - - - Route to be pushed to the client - - ipv4net - IPv4 network and prefix length - - - - - - - - - - Subnet belonging to the client - - ipv4net - IPv4 network and prefix length belonging to the client - - - - - - - - - - - - DNS suffix to be pushed to all clients - - txt - Domain Name Server suffix - - - - - - Number of maximum client connections - - 1-4096 - Number of concurrent clients - - - - - - - - - Domain Name Server (DNS) - - ipv4 - DNS server IPv4 address - - - - - - - - - - Route to be pushed to all clients - - ipv4net - IPv4 network and prefix length - - - - - - - - - - Reject connections from clients that are not explicitly configured - - - - - Server-mode subnet (from which client IPs are allocated) - - ipv4net - IPv4 address and prefix length - - - - - - - - - Topology for clients - - point-to-point subnet - - - point-to-point - Point-to-point topology - - - subnet - Subnet topology - - - (subnet|point-to-point) - - - - - - - - File containing the secret key shared with remote end of tunnel - - file - File in /config/auth directory - - - - - - - - - Transport Layer Security (TLS) options - - - - - File containing tls static key for tls-auth - - file - File in /config/auth directory - - - - - - - - - File containing certificate for Certificate Authority (CA) - - file - File in /config/auth directory - - - - - - - - - File containing certificate for this host - - file - File in /config/auth directory - - - - - - - - - File containing certificate revocation list (CRL) for this host - - file - File in /config/auth directory - - - - - - - - - File containing Diffie Hellman parameters (server only) - - file - File in /config/auth directory - - - - - - - - - File containing this host's private key - - file - File in /config/auth directory - - - - - - - - - Specify the minimum required TLS version - - 1.0 1.1 1.2 - - - 1.0 - TLS v1.0 - - - 1.1 - TLS v1.1 - - - 1.2 - TLS v1.2 - - - (1.0|1.1|1.2) - - - - - - File containing this host's private key - - active passive - - - active - Initiate TLS negotiation actively - - - passive - Waiting for TLS connections passively - - - (active|passive) - - - - - - - - Use fast LZO compression on this TUN/TAP interface - - - - - - - - diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in new file mode 100644 index 000000000..ca97ad4ec --- /dev/null +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -0,0 +1,677 @@ + + + + + + + OpenVPN tunnel interface name + 460 + + ^vtun[0-9]+$ + + OpenVPN tunnel interface must be named vtunN + + vtunN + OpenVPN interface name + + + + + + Authentication options + + + + + OpenVPN password used for authentication + + + + + OpenVPN username used for authentication + + + + + + + Description + + + + + OpenVPN interface device-type + + tun tap + + + tun + TUN device, required for OSI layer 3 + + + tap + TAP device, required for OSI layer 2 + + + (tun|tap) + + + + + + Disable interface + + + + + + Data Encryption settings + + + + + Standard Data Encryption Algorithm + + des 3des bf128 bf256 aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm + + + des + DES algorithm + + + 3des + DES algorithm with triple encryption + + + bf128 + Blowfish algorithm with 128-bit key + + + bf256 + Blowfish algorithm with 256-bit key + + + aes128 + AES algorithm with 128-bit key CBC + + + aes128gcm + AES algorithm with 128-bit key GCM + + + aes192 + AES algorithm with 192-bit key CBC + + + aes192gcm + AES algorithm with 192-bit key GCM + + + aes256 + AES algorithm with 256-bit key CBC + + + aes256gcm + AES algorithm with 256-bit key GCM + + + (des|3des|bf128|bf256|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm) + + + + + + Cipher negotiation list for use in server or client mode + + des 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm + + + des + DES algorithm + + + 3des + DES algorithm with triple encryption + + + aes128 + AES algorithm with 128-bit key CBC + + + aes128gcm + AES algorithm with 128-bit key GCM + + + aes192 + AES algorithm with 192-bit key CBC + + + aes192gcm + AES algorithm with 192-bit key GCM + + + aes256 + AES algorithm with 256-bit key CBC + + + aes256gcm + AES algorithm with 256-bit key GCM + + + (des|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm) + + + + + + + Disable support for ncp-ciphers + + + + + + + + Hashing Algorithm + + md5 sha1 sha256 sha384 sha512 + + + md5 + MD5 algorithm + + + sha1 + SHA-1 algorithm + + + sha256 + SHA-256 algorithm + + + sha384 + SHA-384 algorithm + + + sha512 + SHA-512 algorithm + + + (md5|sha1|sha256|sha384|sha512) + + + + + + Keepalive helper options + + + + + Maximum number of keepalive packet failures [default 6] + + 0-1000 + Maximum number of keepalive packet failures + + + + + + + + + Keepalive packet interval (seconds) [default 10] + + 0-600 + Keepalive packet interval (seconds) + + + + + + + + + + + Local IP address of tunnel + + + + + + + + Subnet-mask for local IP address of tunnel + + + + + + + + + + Local IP address to accept connections (all if not set) + + ipv4 + Local IPv4 address + + + + + + + + + Local port number to accept connections + + 1-65535 + Numeric IP port + + + + + + + + + OpenVPN mode of operation + + site-to-site client server + + + site-to-site + Site-to-site mode + + + client + Client in client-server mode + + + server + Server in client-server mode + + + (site-to-site|client|server) + + + + + + Additional OpenVPN options. You must + use the syntax of openvpn.conf in this text-field. Using this + without proper knowledge may result in a crashed OpenVPN server. + Check system log to look for errors. + + + + + + Do not close and reopen interface (TUN/TAP device) on client restarts + + + + + + OpenVPN communication protocol + + udp tcp-passive tcp-active + + + udp + Site-to-site mode + + + tcp-passive + TCP and accepts connections passively + + + tcp-active + TCP and initiates connections actively + + + (udp|tcp-passive|tcp-active) + + + + + + IP address of remote end of tunnel + + ipv4 + Remote end IPv4 address + + + + + + + + + Remote host to connect to (dynamic if not set) + + ipv4 + IP address of remote host + + + txt + Hostname of remote host + + + + + + + Remote port number to connect to + + 1-65535 + Numeric IP port + + + + + + + + + OpenVPN tunnel to be used as the default route + + + + + Tunnel endpoints are on the same subnet + + + + + + + Server-mode options + + + + + Client-specific settings + + name + Client common-name in the certificate + + + + + + Option to disable client connection + + + + + + IP address of the client + + ipv4 + Client IPv4 address + + + + + + + + + Route to be pushed to the client + + ipv4net + IPv4 network and prefix length + + + + + + + + + + Subnet belonging to the client + + ipv4net + IPv4 network and prefix length belonging to the client + + + + + + + + + + + + DNS suffix to be pushed to all clients + + txt + Domain Name Server suffix + + + + + + Number of maximum client connections + + 1-4096 + Number of concurrent clients + + + + + + + + + Domain Name Server (DNS) + + ipv4 + DNS server IPv4 address + + + + + + + + + + Route to be pushed to all clients + + ipv4net + IPv4 network and prefix length + + + + + + + + + + Reject connections from clients that are not explicitly configured + + + + + Server-mode subnet (from which client IPs are allocated) + + ipv4net + IPv4 address and prefix length + + + + + + + + + Topology for clients + + point-to-point subnet + + + point-to-point + Point-to-point topology + + + subnet + Subnet topology + + + (subnet|point-to-point) + + + + + + + + File containing the secret key shared with remote end of tunnel + + file + File in /config/auth directory + + + + + + + + + Transport Layer Security (TLS) options + + + + + File containing tls static key for tls-auth + + file + File in /config/auth directory + + + + + + + + + File containing certificate for Certificate Authority (CA) + + file + File in /config/auth directory + + + + + + + + + File containing certificate for this host + + file + File in /config/auth directory + + + + + + + + + File containing certificate revocation list (CRL) for this host + + file + File in /config/auth directory + + + + + + + + + File containing Diffie Hellman parameters (server only) + + file + File in /config/auth directory + + + + + + + + + Private key for this host + + file + File in /config/auth directory + + + + + + + + + Specify the minimum required TLS version + + 1.0 1.1 1.2 + + + 1.0 + TLS v1.0 + + + 1.1 + TLS v1.1 + + + 1.2 + TLS v1.2 + + + (1.0|1.1|1.2) + + + + + + Private key for this host + + active passive + + + active + Initiate TLS negotiation actively + + + passive + Waiting for TLS connections passively + + + (active|passive) + + + + + + + + Use fast LZO compression on this TUN/TAP interface + + + + + + + + diff --git a/interface-definitions/interfaces-vxlan.xml b/interface-definitions/interfaces-vxlan.xml deleted file mode 100644 index f93711741..000000000 --- a/interface-definitions/interfaces-vxlan.xml +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - Virtual extensible LAN interface (VXLAN) - 460 - - vxlan[0-9]+$ - - VXLAN interface must be named vxlanN - - vxlanN - VXLAN interface name - - - - - - IP address - - ipv4net - IPv4 address and prefix length - - - ipv6net - IPv6 address and prefix length - - - - - - - - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - - - - Disable interface - - - - - - Multicast group address for VXLAN interface - - ipv4 - Multicast group address - - - - - - - - - - - ARP cache entry timeout in seconds - - 1-86400 - ARP cache entry timout in seconds (default 30) - - - - - ARP cache entry timeout must be between 1 and 86400 seconds - - - - - Enable proxy-arp on this interface - - - - - - - - Underlay device of VXLAN interface - - interface - Interface used for VXLAN underlay - - - - - - - - - Maximum Transmission Unit (MTU) - - 1450-9000 - Maximum Transmission Unit - - - - - MTU must be between 1450 and 9000 - - - - - Remote address of VXLAN tunnel - - ipv4 - Remote address of VXLAN tunnel - - - - - - - - - Destination port of VXLAN tunnel (default: 8472) - - 1-65535 - Numeric IP port - - - - - - - - - Virtual Network Identifier - - 0-16777214 - VXLAN virtual network identifier - - - - - - - - - - - diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in new file mode 100644 index 000000000..f93711741 --- /dev/null +++ b/interface-definitions/interfaces-vxlan.xml.in @@ -0,0 +1,151 @@ + + + + + + + Virtual extensible LAN interface (VXLAN) + 460 + + vxlan[0-9]+$ + + VXLAN interface must be named vxlanN + + vxlanN + VXLAN interface name + + + + + + IP address + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + + + + + + + + Interface description + + ^.{1,256}$ + + Interface description too long (limit 256 characters) + + + + + Disable interface + + + + + + Multicast group address for VXLAN interface + + ipv4 + Multicast group address + + + + + + + + + + + ARP cache entry timeout in seconds + + 1-86400 + ARP cache entry timout in seconds (default 30) + + + + + ARP cache entry timeout must be between 1 and 86400 seconds + + + + + Enable proxy-arp on this interface + + + + + + + + Underlay device of VXLAN interface + + interface + Interface used for VXLAN underlay + + + + + + + + + Maximum Transmission Unit (MTU) + + 1450-9000 + Maximum Transmission Unit + + + + + MTU must be between 1450 and 9000 + + + + + Remote address of VXLAN tunnel + + ipv4 + Remote address of VXLAN tunnel + + + + + + + + + Destination port of VXLAN tunnel (default: 8472) + + 1-65535 + Numeric IP port + + + + + + + + + Virtual Network Identifier + + 0-16777214 + VXLAN virtual network identifier + + + + + + + + + + + diff --git a/interface-definitions/interfaces-wireguard.xml b/interface-definitions/interfaces-wireguard.xml deleted file mode 100644 index 0c32a3bc1..000000000 --- a/interface-definitions/interfaces-wireguard.xml +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - WireGuard interface name - 459 - - - ^wg[0-9]{1,4} - - illegal interface name - - wgN - WireGuard interface name - - - - - - IP address - - - - - ipv4net - IPv4 address and prefix length - - - ipv6net - IPv6 address and prefix length - - - - - - - description - - ^.{1,100}$ - - interface description is too long (limit 100 characters) - - - - - disables interface - - - - - - Local port number to accept connections - - - - - - - - interface mtu size(default: 1420) - - - - - - - - A 32-bit fwmark value set on all outgoing packets - - number - value which marks the packet for QoS/shaper - - - - - - - - - Private key to use on that interface - - - - - - - - peer alias - - [^ ]{1,100}$ - - peer alias too long (limit 100 characters) - - - - - disables peer - - - - - - base64 encoded public key - - ^[0-9a-zA-Z\+/]{43}=$ - - Key is not valid 44-character (32-bytes) base64 - - - - - base64 encoded preshared key - - ^[0-9a-zA-Z\+/]{43}=$ - - Key is not valid 44-character (32-bytes) base64 - - - - - IP addresses allowed to traverse the peer - - - - - - - - - - Remote endpoint (IP:port) - - - - - how often send keep alives in seconds - - - - - - - - - - - - diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in new file mode 100644 index 000000000..0c32a3bc1 --- /dev/null +++ b/interface-definitions/interfaces-wireguard.xml.in @@ -0,0 +1,150 @@ + + + + + + + WireGuard interface name + 459 + + + ^wg[0-9]{1,4} + + illegal interface name + + wgN + WireGuard interface name + + + + + + IP address + + + + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + + + + + description + + ^.{1,100}$ + + interface description is too long (limit 100 characters) + + + + + disables interface + + + + + + Local port number to accept connections + + + + + + + + interface mtu size(default: 1420) + + + + + + + + A 32-bit fwmark value set on all outgoing packets + + number + value which marks the packet for QoS/shaper + + + + + + + + + Private key to use on that interface + + + + + + + + peer alias + + [^ ]{1,100}$ + + peer alias too long (limit 100 characters) + + + + + disables peer + + + + + + base64 encoded public key + + ^[0-9a-zA-Z\+/]{43}=$ + + Key is not valid 44-character (32-bytes) base64 + + + + + base64 encoded preshared key + + ^[0-9a-zA-Z\+/]{43}=$ + + Key is not valid 44-character (32-bytes) base64 + + + + + IP addresses allowed to traverse the peer + + + + + + + + + + Remote endpoint (IP:port) + + + + + how often send keep alives in seconds + + + + + + + + + + + + diff --git a/interface-definitions/interfaces-wireless.xml b/interface-definitions/interfaces-wireless.xml deleted file mode 100644 index 6bc49dddb..000000000 --- a/interface-definitions/interfaces-wireless.xml +++ /dev/null @@ -1,963 +0,0 @@ - - - - - - - Wireless network interface (WiFi/WLAN) - 400 - - wlan[0-9]+$ - - Wireless interface must be named wlanN - - wlanN - Wireless (WiFi/WLAN) interface name - - - - - - IP address - - dhcp dhcpv6 - - - ipv4net - IPv4 address and prefix length - - - ipv6net - IPv6 address and prefix length - - - dhcp - Dynamic Host Configuration Protocol - - - dhcpv6 - Dynamic Host Configuration Protocol for IPv6 - - - - (dhcp|dhcpv6) - - - - - - - HT and VHT capabilities for your card - - - - - HT (High Throughput) settings - - - - - 40MHz intolerance, use 20MHz only! - - - - - - Enable WMM-PS unscheduled automatic power aave delivery [U-APSD] - - - - - - Supported channel set width - - ht20 ht40+ ht40- - - - ht20 - Supported channel set width both 20 MHz only - - - ht40+ - Supported channel set width both 20 MHz and 40 MHz with secondary channel above primary channel - - - ht40- - Supported channel set width both 20 MHz and 40 MHz with secondary channel below primary channel - - - (ht20|ht40\+|ht40-) - - - - - - - Enable HT-delayed block ack - - - - - - Enable DSSS_CCK-40 - - - - - - Enable HT-greenfield - - - - - - Enable LDPC coding capability - - - - - - Enable L-SIG TXOP protection capability - - - - - - Set maximum A-MSDU length - - 3839 7935 - - - 3839 - Set maximum A-MSDU length to 3839 octets - - - 7935 - Set maximum A-MSDU length to 7935 octets - - - (3839|7935) - - - - - - - Short GI capabilities - - 20 40 - - - 20 - Short GI for 20 MHz - - - 40 - Short GI for 40 MHz - - - (20|40) - - - - - - - Spatial Multiplexing Power Save (SMPS) settings - - static dynamic - - - static - STATIC Spatial Multiplexing (SM) Power Save - - - dynamic - DYNAMIC Spatial Multiplexing (SM) Power Save - - - (static|dynamic) - - - - - - - Support for sending and receiving PPDU using STBC (Space Time Block Coding) - - - - - Enable receiving PPDU using STBC (Space Time Block Coding) - - [1-3]+ - Number of spacial streams that can use RX STBC - - - [1-3]+ - - Invalid capability item - - - - - Enable sending PPDU using STBC (Space Time Block Coding) - - - - - - - - - - Require stations to support HT PHY (reject association if they do not) - - - - - - - - - Require stations to support VHT PHY (reject association if they do not) - - - - - - - - - VHT (Very High Throughput) settings - - - - - Number of antennas on this card - - 1-9 - Number of antennas for this card - - - - - - - - - Set if antenna pattern does not change during the lifetime of an association - - - - - - Beamforming capabilities - - single-user-beamformer single-user-beamformee multi-user-beamformer multi-user-beamformee - - - single-user-beamformer - Support for operation as single user beamformer - - - single-user-beamformee - Support for operation as single user beamformee - - - multi-user-beamformer - Support for operation as multi user beamformer - - - multi-user-beamformee - Support for operation as multi user beamformee - - - (single-user-beamformer|single-user-beamformee|multi-user-beamformer|multi-user-beamformee) - - - - - - - VHT operating channel center frequency - - - - - VHT operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes) - - <34-173> - 5Ghz (802.11 a/h/j/n/ac) center channel index (use 42 for primary 80MHz channel 36) - - - - - Channel center value must be between 34 and 173 - - - - - VHT operating channel center frequency - center freq 2 (for use with the 80+80 mode) - - 34-173 - 5Ghz (802.11 a/h/j/n/ac) center channel index (use 58 for primary 80MHz channel 52) - - - - - Channel center value must be between 34 and 173 - - - - - - - VHT operating Channel width - - 0 1 2 3 - - - 0 - 20 or 40 MHz channel width (default) - - - 1 - 80 MHz channel width - - - 2 - 160 MHz channel width - - - 3 - 80+80 MHz channel width - - - - - - - - - Enable LDPC (Low Density Parity Check) coding capability - - - - - - VHT link adaptation capabilities - - single-user-beamformer single-user-beamformee multi-user-beamformer multi-user-beamformee - - - unsolicited - Station provides only unsolicited VHT MFB - - - both - Station can provide VHT MFB in response to VHT MRQ and unsolicited VHT MFB - - - (unsolicited|both) - - Invalid capability item - - - - - Set the maximum length of A-MPDU pre-EOF padding that the station can receive - - <0-7> - Maximum length of A-MPDU pre-EOF padding = 2 pow(13 + x) -1 octets - - - - - - - - - Increase Maximum MPDU length to 7991 or 11454 octets (otherwise: 3895 octets) - - 7991 11454 - - - 7991 - ncrease Maximum MPDU length to 7991 octets - - - 11454 - ncrease Maximum MPDU length to 11454 octets - - - (7991|11454) - - - - - - Short GI capabilities - - 80 160 - - - 80 - Short GI for 80 MHz - - - 160 - Short GI for 160 MHz - - - (80|160) - - - - - - - Support for sending and receiving PPDU using STBC (Space Time Block Coding) - - - - - Enable receiving PPDU using STBC (Space Time Block Coding) - - [1-4]+ - Number of spacial streams that can use RX STBC - - - [1-4]+ - - Invalid capability item - - - - - Enable sending PPDU using STBC (Space Time Block Coding) - - - - - - - - Enable VHT TXOP Power Save Mode - - - - - - Station supports receiving VHT variant HT Control field - - - - - - - - - - Wireless radio channel (use 0 for ACS auto channel selection) - - <1-14> - 2.4Ghz (802.11 b/g/n) Channel - - - <0,34-173> - 5Ghz (802.11 a/h/j/n/ac) Channel - - - - - - - - - Interface description - - .{1,256}$ - - Interface description too long (limit 256 characters) - - - - - DHCP options - - - - - DHCP client identifier - - - - - DHCP client host name (overrides system host name) - - - - - DHCP client vendor type - - - - - - - DHCPv6 options - 319 - - - - - Acquire only config parameters, no address - - - - - - IPv6 "temporary" address - - - - - - - - Disable broadcast of SSID from access-point - - - - - Ignore link state changes - - - - - - Disable this bridge interface - - - - - - Disassociate stations based on excessive transmission failures - - - - - - Media Access Control (MAC) address - - h:h:h:h:h:h - Hardware (MAC) address - - - - - - - - - Isolate stations on the AP so they cannot see each other - - - - - - Media Access Control (MAC) address - - h:h:h:h:h:h - Hardware (MAC) address - - - - - - - - - Maximum number of wireless radio stations. Excess stations will be rejected upon authentication request. - - <1-2007> - Number of allowed stations - - - - - Number of stations must be between 1 and 2007 - - - - - Management Frame Protection (MFP) according to IEEE 802.11w - - disabled optional required - - - disabled - no MFP (hostapd default) - - - optional - MFP optional - - - required - MFP enforced - - - (disabled|optional|required) - - - - - - Wireless radio mode - - a b g n ac - - - a - 802.11a - 54 Mbits/sec - - - b - 802.11b - 11 Mbits/sec - - - g - 802.11g - 54 Mbits/sec (default) - - - n - 802.11n - 600 Mbits/sec - - - ac - 802.11ac - 1300 Mbits/sec - - - (a|b|g|n|ac) - - - - - - Wireless physical device - - - - - - - - Transmission power reduction in dBm - - <0-255> - TX power reduction in dBm - - - - - dBm value must be between 0 and 255 - - - - - Wireless security settings - - - - - Wired Equivalent Privacy (WEP) parameters - - - - - WEP encryption key - - <hexdigits> - Wired Equivalent Privacy key - - - ([a-fA-F0-9]{10}|[a-fA-F0-9]{26}|[a-fA-F0-9]{32}) - - Invalid WEP key - - - - - - - - Wifi Protected Access (WPA) parameters - - - - - Cipher suite for WPA - - TKIP CCMP - - - CCMP - AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] - - - TKIP - Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] - - - (CCMP|TKIP) - - Invalid WEP key - - - - - - WPA mode - - wpa wpa2 both - - - wpa - WPA (IEEE 802.11i/D3.0) - - - wpa2 - WPA2 (full IEEE 802.11i/RSN) - - - both - Allow both WPA and WPA2 - - - (wpa|wpa2|both) - - Unknown WPA mode - - - - - WPA personal shared pass phrase. If you are - using special characters in the WPA passphrase then single - quotes are required. - - <text> - Passphrase of at least 8 but not more than 63 printable characters - - - .{8,63}$ - - Invalid WPA pass phrase, must be 8 to 63 printable characters! - - - - - RADIUS specific configuration - - - - - RADIUS client forced local IP address - - ipv4 - IPv4 address of RADIUS server - - - - - - IP address of RADIUS server - - ipv4 - IPv4 address of RADIUS server - - - - - - Enable RADIUS server to receive accounting info - - - - - - RADIUS server port (default: 1812) - - 1-65535 - RADIUS server port - - - - - - - - - RADIUS shared secret key - - - - - - - - - - - - - Wireless access-point service set identifier (SSID) - - .{1,32}$ - - Invalid SSID - - - - - Wireless device type for this interface - - access-point station monitor - - - access-point - Access-point forwards packets between other nodes - - - station - Connects to another access point - - - monitor - Passively monitor all packets on the frequency/channel - - - (access-point|station|monitor) - - Type must be access-point, station or monitor - - - - - Virtual Local Area Network (VLAN) ID - - - - VLAN ID must be between 0 and 4094 - - - - - IP address - - dhcp dhcpv6 - - - ipv4net - IPv4 address and prefix length - - - ipv6net - IPv6 address and prefix length - - - dhcp - Dynamic Host Configuration Protocol - - - dhcpv6 - Dynamic Host Configuration Protocol for IPv6 - - - - (dhcp|dhcpv6) - - - - - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - - - - DHCPv6 options - - - - - Acquire only config parameters, no address - - - - - - IPv6 "temporary" address - - - - - - - - Ignore link state changes - - - - - - Disable this bridge interface - - - - - - Media Access Control (MAC) address - - h:h:h:h:h:h - Hardware (MAC) address - - - - - - - - - - - - - - - - - Wireless regulatory domain (mandatory) - 305 - - US EU JP DE UK CN - - - <code%gt; - Country code (ISO/IEC 3166-1) - - - [A-Z][A-Z]$ - - invalid country code - - - - - diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in new file mode 100644 index 000000000..6bc49dddb --- /dev/null +++ b/interface-definitions/interfaces-wireless.xml.in @@ -0,0 +1,963 @@ + + + + + + + Wireless network interface (WiFi/WLAN) + 400 + + wlan[0-9]+$ + + Wireless interface must be named wlanN + + wlanN + Wireless (WiFi/WLAN) interface name + + + + + + IP address + + dhcp dhcpv6 + + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + dhcp + Dynamic Host Configuration Protocol + + + dhcpv6 + Dynamic Host Configuration Protocol for IPv6 + + + + (dhcp|dhcpv6) + + + + + + + HT and VHT capabilities for your card + + + + + HT (High Throughput) settings + + + + + 40MHz intolerance, use 20MHz only! + + + + + + Enable WMM-PS unscheduled automatic power aave delivery [U-APSD] + + + + + + Supported channel set width + + ht20 ht40+ ht40- + + + ht20 + Supported channel set width both 20 MHz only + + + ht40+ + Supported channel set width both 20 MHz and 40 MHz with secondary channel above primary channel + + + ht40- + Supported channel set width both 20 MHz and 40 MHz with secondary channel below primary channel + + + (ht20|ht40\+|ht40-) + + + + + + + Enable HT-delayed block ack + + + + + + Enable DSSS_CCK-40 + + + + + + Enable HT-greenfield + + + + + + Enable LDPC coding capability + + + + + + Enable L-SIG TXOP protection capability + + + + + + Set maximum A-MSDU length + + 3839 7935 + + + 3839 + Set maximum A-MSDU length to 3839 octets + + + 7935 + Set maximum A-MSDU length to 7935 octets + + + (3839|7935) + + + + + + + Short GI capabilities + + 20 40 + + + 20 + Short GI for 20 MHz + + + 40 + Short GI for 40 MHz + + + (20|40) + + + + + + + Spatial Multiplexing Power Save (SMPS) settings + + static dynamic + + + static + STATIC Spatial Multiplexing (SM) Power Save + + + dynamic + DYNAMIC Spatial Multiplexing (SM) Power Save + + + (static|dynamic) + + + + + + + Support for sending and receiving PPDU using STBC (Space Time Block Coding) + + + + + Enable receiving PPDU using STBC (Space Time Block Coding) + + [1-3]+ + Number of spacial streams that can use RX STBC + + + [1-3]+ + + Invalid capability item + + + + + Enable sending PPDU using STBC (Space Time Block Coding) + + + + + + + + + + Require stations to support HT PHY (reject association if they do not) + + + + + + + + + Require stations to support VHT PHY (reject association if they do not) + + + + + + + + + VHT (Very High Throughput) settings + + + + + Number of antennas on this card + + 1-9 + Number of antennas for this card + + + + + + + + + Set if antenna pattern does not change during the lifetime of an association + + + + + + Beamforming capabilities + + single-user-beamformer single-user-beamformee multi-user-beamformer multi-user-beamformee + + + single-user-beamformer + Support for operation as single user beamformer + + + single-user-beamformee + Support for operation as single user beamformee + + + multi-user-beamformer + Support for operation as multi user beamformer + + + multi-user-beamformee + Support for operation as multi user beamformee + + + (single-user-beamformer|single-user-beamformee|multi-user-beamformer|multi-user-beamformee) + + + + + + + VHT operating channel center frequency + + + + + VHT operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes) + + <34-173> + 5Ghz (802.11 a/h/j/n/ac) center channel index (use 42 for primary 80MHz channel 36) + + + + + Channel center value must be between 34 and 173 + + + + + VHT operating channel center frequency - center freq 2 (for use with the 80+80 mode) + + 34-173 + 5Ghz (802.11 a/h/j/n/ac) center channel index (use 58 for primary 80MHz channel 52) + + + + + Channel center value must be between 34 and 173 + + + + + + + VHT operating Channel width + + 0 1 2 3 + + + 0 + 20 or 40 MHz channel width (default) + + + 1 + 80 MHz channel width + + + 2 + 160 MHz channel width + + + 3 + 80+80 MHz channel width + + + + + + + + + Enable LDPC (Low Density Parity Check) coding capability + + + + + + VHT link adaptation capabilities + + single-user-beamformer single-user-beamformee multi-user-beamformer multi-user-beamformee + + + unsolicited + Station provides only unsolicited VHT MFB + + + both + Station can provide VHT MFB in response to VHT MRQ and unsolicited VHT MFB + + + (unsolicited|both) + + Invalid capability item + + + + + Set the maximum length of A-MPDU pre-EOF padding that the station can receive + + <0-7> + Maximum length of A-MPDU pre-EOF padding = 2 pow(13 + x) -1 octets + + + + + + + + + Increase Maximum MPDU length to 7991 or 11454 octets (otherwise: 3895 octets) + + 7991 11454 + + + 7991 + ncrease Maximum MPDU length to 7991 octets + + + 11454 + ncrease Maximum MPDU length to 11454 octets + + + (7991|11454) + + + + + + Short GI capabilities + + 80 160 + + + 80 + Short GI for 80 MHz + + + 160 + Short GI for 160 MHz + + + (80|160) + + + + + + + Support for sending and receiving PPDU using STBC (Space Time Block Coding) + + + + + Enable receiving PPDU using STBC (Space Time Block Coding) + + [1-4]+ + Number of spacial streams that can use RX STBC + + + [1-4]+ + + Invalid capability item + + + + + Enable sending PPDU using STBC (Space Time Block Coding) + + + + + + + + Enable VHT TXOP Power Save Mode + + + + + + Station supports receiving VHT variant HT Control field + + + + + + + + + + Wireless radio channel (use 0 for ACS auto channel selection) + + <1-14> + 2.4Ghz (802.11 b/g/n) Channel + + + <0,34-173> + 5Ghz (802.11 a/h/j/n/ac) Channel + + + + + + + + + Interface description + + .{1,256}$ + + Interface description too long (limit 256 characters) + + + + + DHCP options + + + + + DHCP client identifier + + + + + DHCP client host name (overrides system host name) + + + + + DHCP client vendor type + + + + + + + DHCPv6 options + 319 + + + + + Acquire only config parameters, no address + + + + + + IPv6 "temporary" address + + + + + + + + Disable broadcast of SSID from access-point + + + + + Ignore link state changes + + + + + + Disable this bridge interface + + + + + + Disassociate stations based on excessive transmission failures + + + + + + Media Access Control (MAC) address + + h:h:h:h:h:h + Hardware (MAC) address + + + + + + + + + Isolate stations on the AP so they cannot see each other + + + + + + Media Access Control (MAC) address + + h:h:h:h:h:h + Hardware (MAC) address + + + + + + + + + Maximum number of wireless radio stations. Excess stations will be rejected upon authentication request. + + <1-2007> + Number of allowed stations + + + + + Number of stations must be between 1 and 2007 + + + + + Management Frame Protection (MFP) according to IEEE 802.11w + + disabled optional required + + + disabled + no MFP (hostapd default) + + + optional + MFP optional + + + required + MFP enforced + + + (disabled|optional|required) + + + + + + Wireless radio mode + + a b g n ac + + + a + 802.11a - 54 Mbits/sec + + + b + 802.11b - 11 Mbits/sec + + + g + 802.11g - 54 Mbits/sec (default) + + + n + 802.11n - 600 Mbits/sec + + + ac + 802.11ac - 1300 Mbits/sec + + + (a|b|g|n|ac) + + + + + + Wireless physical device + + + + + + + + Transmission power reduction in dBm + + <0-255> + TX power reduction in dBm + + + + + dBm value must be between 0 and 255 + + + + + Wireless security settings + + + + + Wired Equivalent Privacy (WEP) parameters + + + + + WEP encryption key + + <hexdigits> + Wired Equivalent Privacy key + + + ([a-fA-F0-9]{10}|[a-fA-F0-9]{26}|[a-fA-F0-9]{32}) + + Invalid WEP key + + + + + + + + Wifi Protected Access (WPA) parameters + + + + + Cipher suite for WPA + + TKIP CCMP + + + CCMP + AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] + + + TKIP + Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] + + + (CCMP|TKIP) + + Invalid WEP key + + + + + + WPA mode + + wpa wpa2 both + + + wpa + WPA (IEEE 802.11i/D3.0) + + + wpa2 + WPA2 (full IEEE 802.11i/RSN) + + + both + Allow both WPA and WPA2 + + + (wpa|wpa2|both) + + Unknown WPA mode + + + + + WPA personal shared pass phrase. If you are + using special characters in the WPA passphrase then single + quotes are required. + + <text> + Passphrase of at least 8 but not more than 63 printable characters + + + .{8,63}$ + + Invalid WPA pass phrase, must be 8 to 63 printable characters! + + + + + RADIUS specific configuration + + + + + RADIUS client forced local IP address + + ipv4 + IPv4 address of RADIUS server + + + + + + IP address of RADIUS server + + ipv4 + IPv4 address of RADIUS server + + + + + + Enable RADIUS server to receive accounting info + + + + + + RADIUS server port (default: 1812) + + 1-65535 + RADIUS server port + + + + + + + + + RADIUS shared secret key + + + + + + + + + + + + + Wireless access-point service set identifier (SSID) + + .{1,32}$ + + Invalid SSID + + + + + Wireless device type for this interface + + access-point station monitor + + + access-point + Access-point forwards packets between other nodes + + + station + Connects to another access point + + + monitor + Passively monitor all packets on the frequency/channel + + + (access-point|station|monitor) + + Type must be access-point, station or monitor + + + + + Virtual Local Area Network (VLAN) ID + + + + VLAN ID must be between 0 and 4094 + + + + + IP address + + dhcp dhcpv6 + + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + dhcp + Dynamic Host Configuration Protocol + + + dhcpv6 + Dynamic Host Configuration Protocol for IPv6 + + + + (dhcp|dhcpv6) + + + + + + + Interface description + + ^.{1,256}$ + + Interface description too long (limit 256 characters) + + + + + DHCPv6 options + + + + + Acquire only config parameters, no address + + + + + + IPv6 "temporary" address + + + + + + + + Ignore link state changes + + + + + + Disable this bridge interface + + + + + + Media Access Control (MAC) address + + h:h:h:h:h:h + Hardware (MAC) address + + + + + + + + + + + + + + + + + Wireless regulatory domain (mandatory) + 305 + + US EU JP DE UK CN + + + <code%gt; + Country code (ISO/IEC 3166-1) + + + [A-Z][A-Z]$ + + invalid country code + + + + + diff --git a/interface-definitions/ipoe-server.xml b/interface-definitions/ipoe-server.xml deleted file mode 100644 index 48f3e0fd9..000000000 --- a/interface-definitions/ipoe-server.xml +++ /dev/null @@ -1,378 +0,0 @@ - - - - - - - Internet Protocol over Ethernet (IPoE) Server - 900 - - - - - Network interface to server IPoE - - - - - - - - Network Layer IPoE serves on - - L2 L3 - - - ^(L2|L3) - - - L2 - client share the same subnet - - - L3 - clients are behind this router - - - - - - Enables clients to share the same network or each client has its own vlan - - shared vlan - - - ^(shared|vlan) - - - shared - Multiple clients share the same network - - - vlan - One VLAN per client - - - - - - Client address pool - - ipv4net - IPv4 address and prefix length - - - - - - - - - DHCP requests will be forwarded - - - - - DHCP Server the request will be redirected to. - - ipv4 - IPv4 address of the DHCP Server - - - - - - - - - address of the relay agent (Relay Agent IP Address) - - - - - - - VLAN monitor for the automatic creation of vlans (user per vlan) - - - - VLAN ID needs to be between 1 and 4096 - - - - - - VLAN monitor for the automatic creation of vlans (user per vlan) - - (409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2})-(409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2}) - - - - - - - - - DNS servers offered via internal DHCP - - - - - IP address of the primary DNS server - - - - - - - - IP address of the secondary DNS server - - - - - - - - - - DNSv6 servers offered via internal DHCPv6 - - - - - IP address of the primary DNS server - - - - - - - - IP address of the secondary DNS server - - - - - - - - IP address of the tertiary DNS server - - - - - - - - - - Pool of client IPv6 addresses - - - - - Format: ipv6prefix/mask,prefix_len (e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients) - - - - - - Format: ipv6prefix/mask,prefix_len (delegates prefix to clients via DHCPv6 prefix delegation - - - - - - - - Client authentication methods - - - - - Authetication mode - - local radius noauth - - - ^(local|radius|noauth) - - - local - Authentication based on local definition - - - radius - Authentication based on a RADIUS server - - - noauth - Authentication disabled - - - - - - Network interface the client mac will appear on - - - - - - - - Client mac address allowed to receive an IP address - - h:h:h:h:h:h - Hardware (MAC) address - - - - - - - - - Upload/Download speed limits - - - - - Upload bandwidth limit in kbits/sec - - - - - - - - Download bandwidth limit in kbits/sec - - - - - - - - - - VLAN-ID of the client network - - - - VLAN ID needs to be between 1 and 4096 - - - - - - - - - IP address of RADIUS server - - ipv4 - IP address of RADIUS server - - - - - - Key for accessing the specified server - - - - - Maximum number of simultaneous requests to server (default: unlimited) - - - - - If server doesn't responds mark it as unavailable for this amount of time in seconds - - - - - - - RADIUS settings - - - - - Timeout to wait response from server (seconds) - - - - - Timeout to wait reply for Interim-Update packets. (default 3 seconds) - - - - - Maximum number of tries to send Access-Request/Accounting-Request queries - - - - - Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests. - - - - - Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address. - - ipv4 - IPv4 address of the DAE Server - - - - - - - - - IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA) - - - - - IP address for Dynamic Authorization Extension server (DM/CoA) - - ipv4 - IPv4 address of the DAE Server - - - - - - - - - Port for Dynamic Authorization Extension server (DM/CoA) - - 1-65535 - port number - - - - - - - - - Secret for Dynamic Authorization Extension server (DM/CoA) - - - - - - - - - - - - - diff --git a/interface-definitions/ipoe-server.xml.in b/interface-definitions/ipoe-server.xml.in new file mode 100644 index 000000000..5fee02614 --- /dev/null +++ b/interface-definitions/ipoe-server.xml.in @@ -0,0 +1,378 @@ + + + + + + + Internet Protocol over Ethernet (IPoE) Server + 900 + + + + + Network interface to server IPoE + + + + + + + + Network Layer IPoE serves on + + L2 L3 + + + ^(L2|L3) + + + L2 + client share the same subnet + + + L3 + clients are behind this router + + + + + + Enables clients to share the same network or each client has its own vlan + + shared vlan + + + ^(shared|vlan) + + + shared + Multiple clients share the same network + + + vlan + One VLAN per client + + + + + + Client address pool + + ipv4net + IPv4 address and prefix length + + + + + + + + + DHCP requests will be forwarded + + + + + DHCP Server the request will be redirected to. + + ipv4 + IPv4 address of the DHCP Server + + + + + + + + + address of the relay agent (Relay Agent IP Address) + + + + + + + VLAN monitor for the automatic creation of vlans (user per vlan) + + + + VLAN ID needs to be between 1 and 4096 + + + + + + VLAN monitor for the automatic creation of vlans (user per vlan) + + (409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2})-(409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2}) + + + + + + + + + DNS servers offered via internal DHCP + + + + + IP address of the primary DNS server + + + + + + + + IP address of the secondary DNS server + + + + + + + + + + DNSv6 servers offered via internal DHCPv6 + + + + + IP address of the primary DNS server + + + + + + + + IP address of the secondary DNS server + + + + + + + + IP address of the tertiary DNS server + + + + + + + + + + Pool of client IPv6 addresses + + + + + Format: ipv6prefix/mask,prefix_len (e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients) + + + + + + Format: ipv6prefix/mask,prefix_len (delegates prefix to clients via DHCPv6 prefix delegation + + + + + + + + Client authentication methods + + + + + Authetication mode + + local radius noauth + + + ^(local|radius|noauth) + + + local + Authentication based on local definition + + + radius + Authentication based on a RADIUS server + + + noauth + Authentication disabled + + + + + + Network interface the client mac will appear on + + + + + + + + Client mac address allowed to receive an IP address + + h:h:h:h:h:h + Hardware (MAC) address + + + + + + + + + Upload/Download speed limits + + + + + Upload bandwidth limit in kbits/sec + + + + + + + + Download bandwidth limit in kbits/sec + + + + + + + + + + VLAN-ID of the client network + + + + VLAN ID needs to be between 1 and 4096 + + + + + + + + + IP address of RADIUS server + + ipv4 + IP address of RADIUS server + + + + + + Key for accessing the specified server + + + + + Maximum number of simultaneous requests to server (default: unlimited) + + + + + If server does not respond, mark it unavailable for this time (seconds) + + + + + + + RADIUS settings + + + + + Timeout to wait response from server (seconds) + + + + + Timeout to wait reply for Interim-Update packets. (default 3 seconds) + + + + + Maximum number of tries to send Access-Request/Accounting-Request queries + + + + + Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests. + + + + + Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address. + + ipv4 + IPv4 address of the DAE Server + + + + + + + + + IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA) + + + + + IP address for Dynamic Authorization Extension server (DM/CoA) + + ipv4 + IPv4 address of the DAE Server + + + + + + + + + Port for Dynamic Authorization Extension server (DM/CoA) + + 1-65535 + port number + + + + + + + + + Secret for Dynamic Authorization Extension server (DM/CoA) + + + + + + + + + + + + + diff --git a/interface-definitions/ipsec-settings.xml b/interface-definitions/ipsec-settings.xml deleted file mode 100644 index bc54baa27..000000000 --- a/interface-definitions/ipsec-settings.xml +++ /dev/null @@ -1,24 +0,0 @@ - - - - - - - - - Global IPsec settings - - - - - - Do not automatically install routes to remote networks - - - - - - - - - diff --git a/interface-definitions/ipsec-settings.xml.in b/interface-definitions/ipsec-settings.xml.in new file mode 100644 index 000000000..bc54baa27 --- /dev/null +++ b/interface-definitions/ipsec-settings.xml.in @@ -0,0 +1,24 @@ + + + + + + + + + Global IPsec settings + + + + + + Do not automatically install routes to remote networks + + + + + + + + + diff --git a/interface-definitions/l2tp-server.xml b/interface-definitions/l2tp-server.xml deleted file mode 100644 index e76b92b23..000000000 --- a/interface-definitions/l2tp-server.xml +++ /dev/null @@ -1,586 +0,0 @@ - - - - - - - L2TP Virtual Private Network (VPN) - - - - - Remote access L2TP VPN - - - - - Maximum Transmission Unit (MTU) - - - - - - - - External IP address to which VPN clients will connect - - - - - - - - Nexthop IP address for reaching the VPN clients - - - - - - - - IPv4 Domain Name Service (DNS) server - - - - - Primary DNS server - - ipv4 - IPv4 address - - - - - - - - - Secondary DNS server - - ipv4 - IPv4 address - - - - - - - - - - - IPv6 Domain Name Service (DNS) server - - ipv6 - IPv6 DNS address - - - - - - - - - - L2TP Network Server (LNS) - - - - - Tunnel password used to authenticate the client (LAC) - - - - - - - Disable Compression Control Protocol (CCP) - - - - - - Internet Protocol Security (IPsec) for remote access L2TP VPN - - - - - IPsec authentication settings - - - - - Authentication mode for IPsec - - pre-shared-secret - Use pre-shared secret for IPsec authentication - - - x509 - Use X.509 certificate for IPsec authentication - - - ^(pre-shared-secret|x509) - - - pre-shared-secret x509 - - - - - - Pre-shared secret for IPsec - - - - - X.509 certificate - - - - - File containing the X.509 certificate for the Certificate Authority (CA) - - <text> - File in /config/auth - - - - - - File containing the X.509 Certificate Revocation List (CRL) - - <text> - File in /config/auth - - - - - - File containing the X.509 certificate for the remote access VPN server (this host) - - <text> - File in /config/auth - - - - - - File containing the private key for the X.509 certificate for the remote access VPN server (this host) - - <text> - File in /config/auth - - - - - - Password that protects the private key - - - - - - - - - IKE lifetime - - <30-86400> - IKE lifetime in seconds (default 3600) - - - - - - - - - ESP lifetime - - <30-86400> - IKE lifetime in seconds (default 3600) - - - - - - - - - - - Windows Internet Name Service (WINS) server settings - - - - - Primary WINS server - - - - - - - - Secondary WINS server - - - - - - - - - - Pool of client IP addresses (must be within a /24) - - - - - First IP address in the pool (will be used as gateway address) - - - - - - - - Last IP address in the pool - - - - - - - - Client IP subnet (CIDR notation) - - - - Not a valid CIDR formatted prefix - - ipv4net - IPv4 subnet address - - - - - - - - - Pool of client IPv6 addresses - - - - - IPV6 prefix delegation - - ipv6prefix/mask,prefix_len - e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients - - - - - - - DHCPv6 prefix delegation - rfc3633 - - ipv6prefix/mask,prefix_len - Delegate to clients through DHCPv6 prefix delegation - rfc3633 - - - - - - - - - Description for L2TP remote-access settings - - - - - DHCP interface to listen on - - - - - PPP idle timeout - - <30-86400> - PPP idle timeout in seconds (default 1800) - - - - - - - - - Authentication for remote access L2TP VPN - - - - - Authentication protocol for remote access peer L2TP VPN - - pap - Require the peer to authenticate itself using PAP [Password Authentication Protocol]. - - - chap - Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. - - - mschap - Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. - - - mschap-v2 - Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2]. - - - ^(pap|chap|mschap|mschap-v2) - - - pap chap mschap mschap-v2 - - - - - - - Specifies mppe negotioation preference. (default require mppe 128-bit stateless - - deny - deny mppe - - - prefer - ask client for mppe, if it rejects don't fail - - - require - ask client for mppe, if it rejects drop connection - - - ^(deny|prefer|require) - - - deny prefer require - - - - - - Authentication mode for remote access L2TP VPN - - local - Use local username/password configuration - - - radius - Use a RADIUS server to autenticate users - - - ^(local|radius) - - - local radius - - - - - - Local user authentication for remote access L2TP VPN - - - - - User name for authentication - - - - - Option to disable a L2TP Server user - - - - - - Password for authentication - - - - - Static client IP address - - - - - Upload/Download speed limits - - - - - Upload bandwidth limit in kbits/sec - - - - - - - - Download bandwidth limit in kbits/sec - - - - - - - - - - - - - - RADIUS specific configuration - - - - - IP address of RADIUS server - - ipv4 - IPv4 address of RADIUS server - - - - - - Key for accessing the specified server - - - - - Maximum number of simultaneous requests to server (default: unlimited) - - - - - If server doesn't responds mark it as unavailable for this amount of time in seconds - - - - - - - Local RADIUS client address from which packets are sent. - - <x.x.x.x> - Local RADIUS client address from which packets are sent - - - - - - Timeout to wait response from server (seconds) - - - - - Timeout to wait reply for Interim-Update packets. (default 3 seconds) - - - - - Maximum number of tries to send Access-Request/Accounting-Request queries - - - - - Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests. - - - - - IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA) - - - - - IP address for Dynamic Authorization Extension server (DM/CoA) - - - - - Port for Dynamic Authorization Extension server (DM/CoA) - - - - - Secret for Dynamic Authorization Extension server (DM/CoA) - - - - - - - Upload/Download speed limits - - - - - Specifies which radius attribute contains rate information. (default is Filter-Id) - - - - - Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius) - - - - - Enables Bandwidth shaping via RADIUS - - - - - - - - - - - - Advanced protocol options - - - - - LCP echo-requests/sec - - - - - - - - Maximum number of Echo-Requests may be sent without valid reply - - - - - - - - - - - - - - diff --git a/interface-definitions/l2tp-server.xml.in b/interface-definitions/l2tp-server.xml.in new file mode 100644 index 000000000..4e3a49b24 --- /dev/null +++ b/interface-definitions/l2tp-server.xml.in @@ -0,0 +1,586 @@ + + + + + + + L2TP Virtual Private Network (VPN) + + + + + Remote access L2TP VPN + + + + + Maximum Transmission Unit (MTU) + + + + + + + + External IP address to which VPN clients will connect + + + + + + + + Nexthop IP address for reaching the VPN clients + + + + + + + + IPv4 Domain Name Service (DNS) server + + + + + Primary DNS server + + ipv4 + IPv4 address + + + + + + + + + Secondary DNS server + + ipv4 + IPv4 address + + + + + + + + + + + IPv6 Domain Name Service (DNS) server + + ipv6 + IPv6 DNS address + + + + + + + + + + L2TP Network Server (LNS) + + + + + Tunnel password used to authenticate the client (LAC) + + + + + + + Disable Compression Control Protocol (CCP) + + + + + + Internet Protocol Security (IPsec) for remote access L2TP VPN + + + + + IPsec authentication settings + + + + + Authentication mode for IPsec + + pre-shared-secret + Use pre-shared secret for IPsec authentication + + + x509 + Use X.509 certificate for IPsec authentication + + + ^(pre-shared-secret|x509) + + + pre-shared-secret x509 + + + + + + Pre-shared secret for IPsec + + + + + X.509 certificate + + + + + File containing the X.509 certificate for the Certificate Authority (CA) + + <text> + File in /config/auth + + + + + + File containing the X.509 Certificate Revocation List (CRL) + + <text> + File in /config/auth + + + + + + File containing the X.509 certificate for the remote access VPN server (this host) + + <text> + File in /config/auth + + + + + + File containing the private key for the X.509 certificate for the remote access VPN server (this host) + + <text> + File in /config/auth + + + + + + Password that protects the private key + + + + + + + + + IKE lifetime + + <30-86400> + IKE lifetime in seconds (default 3600) + + + + + + + + + ESP lifetime + + <30-86400> + IKE lifetime in seconds (default 3600) + + + + + + + + + + + Windows Internet Name Service (WINS) server settings + + + + + Primary WINS server + + + + + + + + Secondary WINS server + + + + + + + + + + Pool of client IP addresses (must be within a /24) + + + + + First IP address in the pool (will be used as gateway address) + + + + + + + + Last IP address in the pool + + + + + + + + Client IP subnet (CIDR notation) + + + + Not a valid CIDR formatted prefix + + ipv4net + IPv4 subnet address + + + + + + + + + Pool of client IPv6 addresses + + + + + IPV6 prefix delegation + + ipv6prefix/mask,prefix_len + e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients + + + + + + + DHCPv6 prefix delegation - rfc3633 + + ipv6prefix/mask,prefix_len + Delegate to clients through DHCPv6 prefix delegation - rfc3633 + + + + + + + + + Description for L2TP remote-access settings + + + + + DHCP interface to listen on + + + + + PPP idle timeout + + <30-86400> + PPP idle timeout in seconds (default 1800) + + + + + + + + + Authentication for remote access L2TP VPN + + + + + Authentication protocol for remote access peer L2TP VPN + + pap + Require the peer to authenticate itself using PAP [Password Authentication Protocol]. + + + chap + Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. + + + mschap + Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. + + + mschap-v2 + Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2]. + + + ^(pap|chap|mschap|mschap-v2) + + + pap chap mschap mschap-v2 + + + + + + + Specifies mppe negotioation preference. (default require mppe 128-bit stateless + + deny + deny mppe + + + prefer + Ask client for mppe, if it rejects do not fail + + + require + ask client for mppe, if it rejects drop connection + + + ^(deny|prefer|require) + + + deny prefer require + + + + + + Authentication mode for remote access L2TP VPN + + local + Use local username/password configuration + + + radius + Use a RADIUS server to autenticate users + + + ^(local|radius) + + + local radius + + + + + + Local user authentication for remote access L2TP VPN + + + + + User name for authentication + + + + + Option to disable a L2TP Server user + + + + + + Password for authentication + + + + + Static client IP address + + + + + Upload/Download speed limits + + + + + Upload bandwidth limit in kbits/sec + + + + + + + + Download bandwidth limit in kbits/sec + + + + + + + + + + + + + + RADIUS specific configuration + + + + + IP address of RADIUS server + + ipv4 + IPv4 address of RADIUS server + + + + + + Key for accessing the specified server + + + + + Maximum number of simultaneous requests to server (default: unlimited) + + + + + If server doesn not responds mark it unavailable for this time (seconds) + + + + + + + Local RADIUS client address from which packets are sent. + + <x.x.x.x> + Local RADIUS client address from which packets are sent + + + + + + Timeout to wait response from server (seconds) + + + + + Timeout to wait reply for Interim-Update packets. (default 3 seconds) + + + + + Maximum number of tries to send Access-Request/Accounting-Request queries + + + + + Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests. + + + + + IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA) + + + + + IP address for Dynamic Authorization Extension server (DM/CoA) + + + + + Port for Dynamic Authorization Extension server (DM/CoA) + + + + + Secret for Dynamic Authorization Extension server (DM/CoA) + + + + + + + Upload/Download speed limits + + + + + Specifies which radius attribute contains rate information. (default is Filter-Id) + + + + + Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius) + + + + + Enables Bandwidth shaping via RADIUS + + + + + + + + + + + + Advanced protocol options + + + + + LCP echo-requests/sec + + + + + + + + Maximum number of Echo-Requests may be sent without valid reply + + + + + + + + + + + + + + diff --git a/interface-definitions/mdns-repeater.xml b/interface-definitions/mdns-repeater.xml deleted file mode 100644 index a59321294..000000000 --- a/interface-definitions/mdns-repeater.xml +++ /dev/null @@ -1,38 +0,0 @@ - - - - - - - - Multicast DNS (mDNS) parameters - - - - - mDNS repeater configuration - 990 - - - - - Disable mDNS repeater service - - - - - - Interface to repeat mDNS advertisements [REQUIRED] - - - - - - - - - - - - - diff --git a/interface-definitions/mdns-repeater.xml.in b/interface-definitions/mdns-repeater.xml.in new file mode 100644 index 000000000..a59321294 --- /dev/null +++ b/interface-definitions/mdns-repeater.xml.in @@ -0,0 +1,38 @@ + + + + + + + + Multicast DNS (mDNS) parameters + + + + + mDNS repeater configuration + 990 + + + + + Disable mDNS repeater service + + + + + + Interface to repeat mDNS advertisements [REQUIRED] + + + + + + + + + + + + + diff --git a/interface-definitions/ntp.xml b/interface-definitions/ntp.xml deleted file mode 100644 index 945345898..000000000 --- a/interface-definitions/ntp.xml +++ /dev/null @@ -1,83 +0,0 @@ - - - - - - - - Network Time Protocol (NTP) configuration - 400 - - - - - Network Time Protocol (NTP) server - - - - - Marks the server as unused - - - - - - Specifies the association as preemptable rather than the default persistent - - - - - - Marks the server as preferred - - - - - - - - Network Time Protocol (NTP) server options - - - - - IP address - - ipv4net - IP address and prefix length - - - ipv6net - IPv6 address and prefix length - - - - - - - - - - - - Addresses to listen for NTP queries - - ipv4 - Network Time Protocol (NTP) IPv4 address - - - ipv6 - Network Time Protocol (NTP) IPv6 address - - - - - - - - - - - - - diff --git a/interface-definitions/ntp.xml.in b/interface-definitions/ntp.xml.in new file mode 100644 index 000000000..945345898 --- /dev/null +++ b/interface-definitions/ntp.xml.in @@ -0,0 +1,83 @@ + + + + + + + + Network Time Protocol (NTP) configuration + 400 + + + + + Network Time Protocol (NTP) server + + + + + Marks the server as unused + + + + + + Specifies the association as preemptable rather than the default persistent + + + + + + Marks the server as preferred + + + + + + + + Network Time Protocol (NTP) server options + + + + + IP address + + ipv4net + IP address and prefix length + + + ipv6net + IPv6 address and prefix length + + + + + + + + + + + + Addresses to listen for NTP queries + + ipv4 + Network Time Protocol (NTP) IPv4 address + + + ipv6 + Network Time Protocol (NTP) IPv6 address + + + + + + + + + + + + + diff --git a/interface-definitions/pppoe-server.xml b/interface-definitions/pppoe-server.xml deleted file mode 100644 index c2feef65b..000000000 --- a/interface-definitions/pppoe-server.xml +++ /dev/null @@ -1,616 +0,0 @@ - - - - - - - Point to Point over Ethernet (PPPoE) Server - 900 - - - - - Enable SNMP - - - - - enable SNMP master agent mode - - - - - - - - Access concentrator name - - ^[a-zA-Z0-9]{1,100} - - access-concentrator name limited to alphanumerical characters only (max. 100) - - - - - Authentication for remote access PPPoE Server - - - - - Local user authentication for PPPoE server - - - - - User name for authentication - - - - - Option to disable a PPPoE Server user - - - - - Password for authentication - - - - - Static client IP address - - - - - Upload/Download speed limits - - - - - Upload bandwidth limit in kbits/sec - - - - - - - - Download bandwidth limit in kbits/sec - - - - - - - - - - - - - - Authentication mode for PPPoE Server - - local - Use local username/password configuration - - - radius - Use a RADIUS server to autenticate users - - - ^(local|radius) - - - local radius - - - - - - IP address of RADIUS server - - ipv4 - IP address of RADIUS server - - - - - - Key for accessing the specified server - - - - - Maximum number of simultaneous requests to server (default: unlimited) - - - - - If server doesn't responds mark it as unavailable for this amount of time in seconds - - - - - - - RADIUS settings - - - - - Timeout to wait response from server (seconds) - - - - - Timeout to wait reply for Interim-Update packets. (default 3 seconds) - - - - - Maximum number of tries to send Access-Request/Accounting-Request queries - - - - - Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests. - - - - - Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address. - - - - - IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA) - - - - - IP address for Dynamic Authorization Extension server (DM/CoA) - - - - - Port for Dynamic Authorization Extension server (DM/CoA) - - - - - Secret for Dynamic Authorization Extension server (DM/CoA) - - - - - - - Upload/Download speed limits - - - - - Specifies which radius attribute contains rate information. (default is Filter-Id) - - - - - Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius) - - - - - Enables Bandwidth shaping via RADIUS - - - - - - - - - - - - Pool of client IP addresses (must be within a /24) - - - - - First IP address in the pool - - - - - - - - Last IP address in the pool - - - - - - - - Client IP subnet (CIDR notation) - - - - Not a valid CIDR formatted prefix - - - - - - - - Pool of client IPv6 addresses - - - - - Format: ipv6prefix/mask,prefix_len (e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients) - - - - - - Format: ipv6prefix/mask,prefix_len (delegate to clients through DHCPv6 prefix delegation - rfc3633) - - - - - - - - IPv4 Domain Name Service (DNS) server - - - - - Primary DNS server - - ipv4 - IPv4 address - - - - - - - - - Secondary DNS server - - ipv4 - IPv4 address - - - - - - - - - - - IPv6 Domain Name Service (DNS) server - - - - - - ipv6 - IPv6 address - - Primary DNS server - - - - - - - - - ipv6 - IPv6 address - - Secondary DNS server - - - - - - - - - ipv6 - IPv6 address - - Tertiary DNS server - - - - - - - - - - - interface(s) to listen on - - - - - - - - VLAN monitor for the automatic creation of vlans (user per vlan) - - - - VLAN ID needs to be between 1 and 4096 - - - - - - VLAN monitor for the automatic creation of vlans (user per vlan) - - (409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2})-(409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2}) - - - - - - - - - local gateway address - - - - - - - - Maximum Transmission Unit (MTU) - default 1492 - - - - - - - - Limits the connection rate from a single source - - - - - Acceptable rate of connections (e.g. 1/min, 60/sec) - - ^[0-9]+\/(min|sec)$ - - illegal value - - - - - Burst count - - - - - Timeout in seconds - - - - - - - Service name - - ^[a-zA-Z0-9\-]{1,100} - - servicename can contain aplhanumerical characters and dashes only (max. 100) - - - - - Windows Internet Name Service (WINS) server settings - - - - - Primary WINS server - - - - - - - - Secondary WINS server - - - - - - - - - - Advanced protocol options - - - - - Minimum acceptable MTU (68-65535) - - - - - - - - Preferred MRU (68-65535) - - - - - - - - CCP negotiation (default disabled) - - - - - - Specifies MPPE negotiation preference. (default prefer mppe) - - - - - Ask client for MPPE, if it rejects then drop the connection - - - - - - Ask client for MPPE, if it rejects don't fail - - - - - - Deny MPPE - - - - - - - - LCP echo-requests/sec - - - - - - - - Maximum number of Echo-Requests may be sent without valid reply - - - - - - - - Timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and "lcp-echo-failure" is not used. - - - - - - - - IPv4 (IPCP) negotiation algorithm - - ^(deny|allow|prefer|require) - - invalid value - - deny - Don't negotiate IPv4 - - - allow - Negotiate IPv4 only if client requests - - - prefer - Ask client for IPv4 negotiation, don't fail if it rejects - - - require - Require IPv4 negotiation - - - - - - IPv6 (IPCP6) negotiation algorithm - - ^(deny|allow|prefer|require) - - invalid value - - deny - Don't negotiate IPv6 - - - allow - Negotiate IPv6 only if client requests - - - prefer - Ask client for IPv6 negotiation, don't fail if it rejects - - - require - Require IPv6 negotiation - - - - - - Fixed or random interface identifier for IPv6 - - random - Random interface identifier for IPv6 - - - x:x:x:x - specify interface identifier for IPv6 - - - - - - Peer interface identifier for IPv6 - - x:x:x:x - Interface identifier for IPv6 - - - random - Use a random interface identifier for IPv6 - - - ipv4 - Calculate interface identifier from IPv4 address, for example 192:168:0:1 - - - calling-sid - Calculate interface identifier from calling-station-id - - - - - - Accept peer's interface identifier - - - - - - - - - - diff --git a/interface-definitions/pppoe-server.xml.in b/interface-definitions/pppoe-server.xml.in new file mode 100644 index 000000000..6e99c2fd7 --- /dev/null +++ b/interface-definitions/pppoe-server.xml.in @@ -0,0 +1,616 @@ + + + + + + + Point to Point over Ethernet (PPPoE) Server + 900 + + + + + Enable SNMP + + + + + enable SNMP master agent mode + + + + + + + + Access concentrator name + + ^[a-zA-Z0-9]{1,100} + + access-concentrator name limited to alphanumerical characters only (max. 100) + + + + + Authentication for remote access PPPoE Server + + + + + Local user authentication for PPPoE server + + + + + User name for authentication + + + + + Option to disable a PPPoE Server user + + + + + Password for authentication + + + + + Static client IP address + + + + + Upload/Download speed limits + + + + + Upload bandwidth limit in kbits/sec + + + + + + + + Download bandwidth limit in kbits/sec + + + + + + + + + + + + + + Authentication mode for PPPoE Server + + local + Use local username/password configuration + + + radius + Use a RADIUS server to autenticate users + + + ^(local|radius) + + + local radius + + + + + + IP address of RADIUS server + + ipv4 + IP address of RADIUS server + + + + + + Key for accessing the specified server + + + + + Maximum number of simultaneous requests to server (default: unlimited) + + + + + If server does not responds mark it as unavailable for this amount of time in seconds + + + + + + + RADIUS settings + + + + + Timeout to wait response from server (seconds) + + + + + Timeout to wait reply for Interim-Update packets. (default 3 seconds) + + + + + Maximum number of tries to send Access-Request/Accounting-Request queries + + + + + Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests. + + + + + Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address. + + + + + IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA) + + + + + IP address for Dynamic Authorization Extension server (DM/CoA) + + + + + Port for Dynamic Authorization Extension server (DM/CoA) + + + + + Secret for Dynamic Authorization Extension server (DM/CoA) + + + + + + + Upload/Download speed limits + + + + + Specifies which radius attribute contains rate information. (default is Filter-Id) + + + + + Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius) + + + + + Enables Bandwidth shaping via RADIUS + + + + + + + + + + + + Pool of client IP addresses (must be within a /24) + + + + + First IP address in the pool + + + + + + + + Last IP address in the pool + + + + + + + + Client IP subnet (CIDR notation) + + + + Not a valid CIDR formatted prefix + + + + + + + + Pool of client IPv6 addresses + + + + + Format: ipv6prefix/mask,prefix_len (e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients) + + + + + + Format: ipv6prefix/mask,prefix_len (delegate to clients through DHCPv6 prefix delegation - rfc3633) + + + + + + + + IPv4 Domain Name Service (DNS) server + + + + + Primary DNS server + + ipv4 + IPv4 address + + + + + + + + + Secondary DNS server + + ipv4 + IPv4 address + + + + + + + + + + + IPv6 Domain Name Service (DNS) server + + + + + + ipv6 + IPv6 address + + Primary DNS server + + + + + + + + + ipv6 + IPv6 address + + Secondary DNS server + + + + + + + + + ipv6 + IPv6 address + + Tertiary DNS server + + + + + + + + + + + interface(s) to listen on + + + + + + + + VLAN monitor for the automatic creation of vlans (user per vlan) + + + + VLAN ID needs to be between 1 and 4096 + + + + + + VLAN monitor for the automatic creation of vlans (user per vlan) + + (409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2})-(409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2}) + + + + + + + + + local gateway address + + + + + + + + Maximum Transmission Unit (MTU) - default 1492 + + + + + + + + Limits the connection rate from a single source + + + + + Acceptable rate of connections (e.g. 1/min, 60/sec) + + ^[0-9]+\/(min|sec)$ + + illegal value + + + + + Burst count + + + + + Timeout in seconds + + + + + + + Service name + + ^[a-zA-Z0-9\-]{1,100} + + servicename can contain aplhanumerical characters and dashes only (max. 100) + + + + + Windows Internet Name Service (WINS) server settings + + + + + Primary WINS server + + + + + + + + Secondary WINS server + + + + + + + + + + Advanced protocol options + + + + + Minimum acceptable MTU (68-65535) + + + + + + + + Preferred MRU (68-65535) + + + + + + + + CCP negotiation (default disabled) + + + + + + Specifies MPPE negotiation preference. (default prefer mppe) + + + + + Ask client for MPPE, if it rejects then drop the connection + + + + + + Ask client for MPPE, if it rejects do not fail + + + + + + Deny MPPE + + + + + + + + LCP echo-requests/sec + + + + + + + + Maximum number of Echo-Requests may be sent without valid reply + + + + + + + + Timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and "lcp-echo-failure" is not used. + + + + + + + + IPv4 (IPCP) negotiation algorithm + + ^(deny|allow|prefer|require) + + invalid value + + deny + Do not negotiate IPv4 + + + allow + Negotiate IPv4 only if client requests + + + prefer + Ask client for IPv4 negotiation, do not fail if it rejects + + + require + Require IPv4 negotiation + + + + + + IPv6 (IPCP6) negotiation algorithm + + ^(deny|allow|prefer|require) + + invalid value + + deny + Do not negotiate IPv6 + + + allow + Negotiate IPv6 only if client requests + + + prefer + Ask client for IPv6 negotiation, do not fail if it rejects + + + require + Require IPv6 negotiation + + + + + + Fixed or random interface identifier for IPv6 + + random + Random interface identifier for IPv6 + + + x:x:x:x + specify interface identifier for IPv6 + + + + + + Peer interface identifier for IPv6 + + x:x:x:x + Interface identifier for IPv6 + + + random + Use a random interface identifier for IPv6 + + + ipv4 + Calculate interface identifier from IPv4 address, for example 192:168:0:1 + + + calling-sid + Calculate interface identifier from calling-station-id + + + + + + Accept peer interface identifier + + + + + + + + + + diff --git a/interface-definitions/pptp-server.xml b/interface-definitions/pptp-server.xml deleted file mode 100644 index 5d16f8b9f..000000000 --- a/interface-definitions/pptp-server.xml +++ /dev/null @@ -1,254 +0,0 @@ - - - - - - - Point to Point Tunneling Protocol (PPTP) Virtual Private Network (VPN) - - - - - Remote access PPTP VPN - - - - - Maximum Transmission Unit (MTU) - - - - - - - - External IP address to which VPN clients will connect - - - - - - - - IPv4 Domain Name Service (DNS) server - - - - - Primary DNS server - - ipv4 - IPv4 address - - - - - - - - - Secondary DNS server - - ipv4 - IPv4 address - - - - - - - - - - - Windows Internet Name Service (WINS) server settings - - - - - Primary WINS server - - - - - - - - Secondary WINS server - - - - - - - - - - Pool of client IP addresses (must be within a /24) - - - - - First IP address in the pool (will be used as gateway address) - - - - - - - - Last IP address in the pool - - - - - - - - - - Gatway address uses as client tunnel termination point - - - - - - - - Authentication for remote access PPTP VPN - - - - - Authentication protocol for remote access peer PPTP VPN - - pap - Require the peer to authenticate itself using PAP [Password Authentication Protocol]. - - - chap - Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. - - - mschap - Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. - - - mschap-v2 - Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2]. - - - - - - Specifies mppe negotioation preference. (default require mppe 128-bit stateless - - deny - deny mppe - - - prefer - ask client for mppe, if it rejects don't fail - - - require - ask client for mppe, if it rejects drop connection - - - ^(deny|prefer|require) - - - deny prefer require - - - - - - Authentication mode for remote access PPTP VPN - - local - Use local username/password configuration - - - radius - Use a RADIUS server to autenticate users - - - ^(local|radius) - - - local radius - - - - - - Local user authentication for remote access PPTP VPN - - - - - User name for authentication - - - - - Option to disable a PPTP Server user - - - - - Password for authentication - - - - - Static client IP address - - - - - - - - - RADIUS specific configuration - - - - - IP address of radius server - - ipv4 - IP address of RADIUS server - - - - - - Key for accessing the specified server - - - - - Maximum number of simultaneous requests to server (default: unlimited) - - - - - If server doesn't responds mark it as unavailable for this amount of time in seconds - - - - - - - - - - - - - - - diff --git a/interface-definitions/pptp-server.xml.in b/interface-definitions/pptp-server.xml.in new file mode 100644 index 000000000..3b4ea4f17 --- /dev/null +++ b/interface-definitions/pptp-server.xml.in @@ -0,0 +1,254 @@ + + + + + + + Point to Point Tunneling Protocol (PPTP) Virtual Private Network (VPN) + + + + + Remote access PPTP VPN + + + + + Maximum Transmission Unit (MTU) + + + + + + + + External IP address to which VPN clients will connect + + + + + + + + IPv4 Domain Name Service (DNS) server + + + + + Primary DNS server + + ipv4 + IPv4 address + + + + + + + + + Secondary DNS server + + ipv4 + IPv4 address + + + + + + + + + + + Windows Internet Name Service (WINS) server settings + + + + + Primary WINS server + + + + + + + + Secondary WINS server + + + + + + + + + + Pool of client IP addresses (must be within a /24) + + + + + First IP address in the pool (will be used as gateway address) + + + + + + + + Last IP address in the pool + + + + + + + + + + Gatway address uses as client tunnel termination point + + + + + + + + Authentication for remote access PPTP VPN + + + + + Authentication protocol for remote access peer PPTP VPN + + pap + Require the peer to authenticate itself using PAP [Password Authentication Protocol]. + + + chap + Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. + + + mschap + Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. + + + mschap-v2 + Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2]. + + + + + + Specifies mppe negotioation preference. (default require mppe 128-bit stateless + + deny + deny mppe + + + prefer + ask client for mppe, if it rejects do not fail + + + require + ask client for mppe, if it rejects drop connection + + + ^(deny|prefer|require) + + + deny prefer require + + + + + + Authentication mode for remote access PPTP VPN + + local + Use local username/password configuration + + + radius + Use a RADIUS server to autenticate users + + + ^(local|radius) + + + local radius + + + + + + Local user authentication for remote access PPTP VPN + + + + + User name for authentication + + + + + Option to disable a PPTP Server user + + + + + Password for authentication + + + + + Static client IP address + + + + + + + + + RADIUS specific configuration + + + + + IP address of radius server + + ipv4 + IP address of RADIUS server + + + + + + Key for accessing the specified server + + + + + Maximum number of simultaneous requests to server (default: unlimited) + + + + + If server does not responds mark it as unavailable for this time (seconds) + + + + + + + + + + + + + + + diff --git a/interface-definitions/protocols-bfd.xml b/interface-definitions/protocols-bfd.xml deleted file mode 100644 index 62e2c87b9..000000000 --- a/interface-definitions/protocols-bfd.xml +++ /dev/null @@ -1,140 +0,0 @@ - - - - - - - - Bidirectional Forwarding Detection (BFD) - 820 - - - - - Configures a new BFD peer to listen and talk to - - ipv4 - BFD peer IPv4 address - - - ipv6 - BFD peer IPv6 address - - - - - - - - - - Bind listener to specifid interface/address, mandatory for IPv6 - - - - - Local interface to bind our peer listener to - - - - - - - - Local address to bind our peer listener to - - ipv4 - Local IPv4 address used to connect to the peer - - - ipv6 - Local IPv6 address used to connect to the peer - - - - - - - - - - - - Configure timer intervals - - - - - Minimum interval of receiving control packets - - 10-60000 - Interval in milliseconds - - - - - - - - - Minimum interval of transmitting control packets - - 10-60000 - Interval in milliseconds - - - - - - - - - Multiplier to determine packet loss - - 2-255 - Remote transmission interval will be multiplied by this value - - - - - - - - - Echo receive transmission interval - - 10-60000 - The minimal echo receive transmission interval that this system is capable of handling - - - - - - - - - - - Disable this peer - - - - - - Allow this BFD peer to not be directly connected - - - - - - Enables the echo transmission mode - - - - - - - - - - diff --git a/interface-definitions/protocols-bfd.xml.in b/interface-definitions/protocols-bfd.xml.in new file mode 100644 index 000000000..62e2c87b9 --- /dev/null +++ b/interface-definitions/protocols-bfd.xml.in @@ -0,0 +1,140 @@ + + + + + + + + Bidirectional Forwarding Detection (BFD) + 820 + + + + + Configures a new BFD peer to listen and talk to + + ipv4 + BFD peer IPv4 address + + + ipv6 + BFD peer IPv6 address + + + + + + + + + + Bind listener to specifid interface/address, mandatory for IPv6 + + + + + Local interface to bind our peer listener to + + + + + + + + Local address to bind our peer listener to + + ipv4 + Local IPv4 address used to connect to the peer + + + ipv6 + Local IPv6 address used to connect to the peer + + + + + + + + + + + + Configure timer intervals + + + + + Minimum interval of receiving control packets + + 10-60000 + Interval in milliseconds + + + + + + + + + Minimum interval of transmitting control packets + + 10-60000 + Interval in milliseconds + + + + + + + + + Multiplier to determine packet loss + + 2-255 + Remote transmission interval will be multiplied by this value + + + + + + + + + Echo receive transmission interval + + 10-60000 + The minimal echo receive transmission interval that this system is capable of handling + + + + + + + + + + + Disable this peer + + + + + + Allow this BFD peer to not be directly connected + + + + + + Enables the echo transmission mode + + + + + + + + + + diff --git a/interface-definitions/snmp.xml b/interface-definitions/snmp.xml deleted file mode 100644 index bdfbd4ab6..000000000 --- a/interface-definitions/snmp.xml +++ /dev/null @@ -1,606 +0,0 @@ - - - - - - - - Simple Network Management Protocol (SNMP) - 980 - - - - - Community name [REQUIRED] - - ^[a-zA-Z0-9\-_]{1,100} - - Community string is limited to alphanumerical characters only with a total lenght of 100 - - - - - Authorization type (default: 'ro') - - ro rw - - - ro - read only - - - rw - read write - - - (ro|rw) - - Authorization type must be either 'rw' or 'ro' - - - - - IP address of SNMP client allowed to contact system - - - - - - - - - - Subnet of SNMP client(s) allowed to contact system - - ipv4net - IP address and prefix length - - - ipv6net - IPv6 address and prefix length - - - - - - - - - - - - Contact information - - .{1,255} - - Contact information is limited to 255 characters or less - - - - - Description information - - .{1,255} - - Description is limited to 255 characters or less - - - - - IP address to listen for incoming SNMP requests - - ipv4 - IPv4 address to listen for incoming SNMP requests - - - ipv6 - IPv6 address to listen for incoming SNMP requests - - - - - - - - - - Port for SNMP service (default: '161') - - 1-65535 - Numeric IP port - - - - - Port number must be in range 1 to 65535 - - - - - - - Location information - - .{1,255} - - Location is limited to 255 characters or less - - - - - Register a subtree for SMUX-based processing - - oid - Object Identifier - - - - - - - SNMP trap source address - - - - - - - - - Address of trap target - - - - - - - - - Community used when sending trap information - - - - - Destination port used for trap notification - - 1-65535 - Numeric IP port - - - - - Port number must be in range 1 to 65535 - - - - - - - Simple Network Management Protocol (SNMP) v3 - - - - - Specifies the EngineID that uniquely identify an agent (e.g. 0xff42) - - ^(0x){0,1}([0-9a-f][0-9a-f]){1,18}$ - - ID must contain an even number (from 2 to 36) of hex digits - - - - - Specifies the group with name groupname - - - - - Define group access permission (default: 'ro') - - ro rw - - - ro - read only - - - rw - read write - - - (ro|rw) - - Authorization type must be either 'rw' or 'ro' - - - - - Security levels - - noauth auth priv2 - - - noauth - Messages not authenticated and not encrypted (noAuthNoPriv) - - - auth - Messages are authenticated but not encrypted (authNoPriv) - - - priv - Messages are authenticated and encrypted (authPriv) - - - (noauth|auth|priv) - - - - - - Defines the name of view - - service snmp v3 view - - - - - - - - Defines SNMP target for inform or traps for IP - - ipv4 - IP address of trap target - - - ipv6 - IPv6 address of trap target - - - - - - - - - - Defines the privacy - - - - - Defines the encrypted key for authentication - - ^0x[0-9a-f]*$ - - Key must start from '0x' and contain hex digits - - - - - Defines the clear text key for authentication - - ^.{8,}$ - - Key must contain 8 or more characters - - - - - Defines the protocol used for authentication (default: 'md5') - - md5 sha - - - md5 - Message Digest 5 - - - sha - Secure Hash Algorithm - - - (md5|sha) - - - - - - - - Specifies TCP/UDP port of destination SNMP traps/informs (default: '162') - - 1-65535 - Numeric IP port - - - - - Port number must be in range 1 to 65535 - - - - - Defines the privacy - - - - - Defines the encrypted key for privacy protocol - - ^0x[0-9a-f]*$ - - Key must start from '0x' and contain hex digits - - - - - Defines the clear text key for privacy protocol - - ^.{8,}$ - - Key must contain 8 or more characters - - - - - Defines the protocol for privacy (default: 'des') - - des aes - - - des - Data Encryption Standard - - - aes - Advanced Encryption Standard - - - (des|aes) - - - - - - - - Defines protocol for notification between TCP and UDP - - tcp udp - - - tcp - Use Transmission Control Protocol for notifications - - - udp - Use User Datagram Protocol for notifications - - - (tcp|udp) - - - - - - Specifies the type of notification between inform and trap (default: 'inform') - - inform trap - - - inform - Use INFORM - - - trap - Use TRAP - - - (inform|trap) - - - - - - Defines username for authentication - - service snmp v3 user - - - - - - - - Specifies the user with name username - - ^[^\(\)\|\-]+$ - - Illegal characters in name - - - - - Specifies the auth - - - - - Defines the encrypted key for authentication - - ^0x[0-9a-f]*$ - - Key must start from '0x' and contain hex digits - - - - - Defines the clear text key for authentication - - ^.{8,}$ - - Key must contain 8 or more characters - - - - - Defines the protocol used for authentication (default: 'md5') - - md5 sha - - - md5 - Message Digest 5 - - - sha - Secure Hash Algorithm - - - (md5|sha) - - - - - - - - Specifies group for user name - - service snmp v3 group - - - - - - Define users access permission (default: 'ro') - - ro rw - - - ro - read only - - - rw - read write - - - (ro|rw) - - Authorization type must be either 'rw' or 'ro' - - - - - Defines the privacy - - - - - Defines the encrypted key for privacy protocol - - ^0x[0-9a-f]*$ - - Key must start from '0x' and contain hex digits - - - - - Defines the clear text key for privacy protocol - - ^.{8,}$ - - Key must contain 8 or more characters - - - - - Defines the protocol for privacy (default: 'des') - - des aes - - - des - Data Encryption Standard - - - aes - Advanced Encryption Standard - - - (des|aes) - - - - - - - - - - Specifies the view with name viewname - - ^[^\(\)\|\-]+$ - - Illegal characters in name - - - - - Specifies the oid - - ^[0-9]+(\.[0-9]+)*$ - - OID must start from a number - - - - - Exclude is an optional argument - - - - - Defines a bit-mask that is indicating which subidentifiers of the associated subtree OID should be regarded as significant - - ^[0-9a-f]{2}([\.:][0-9a-f]{2})*$ - - MASK is a list of hex octets, separated by '.' or ':' - - - - - - - - - - - SNMP script extensions - - - - - Extension name - - - - - Script location and name - - - - - - - - - - - - - - diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/snmp.xml.in new file mode 100644 index 000000000..bdfbd4ab6 --- /dev/null +++ b/interface-definitions/snmp.xml.in @@ -0,0 +1,606 @@ + + + + + + + + Simple Network Management Protocol (SNMP) + 980 + + + + + Community name [REQUIRED] + + ^[a-zA-Z0-9\-_]{1,100} + + Community string is limited to alphanumerical characters only with a total lenght of 100 + + + + + Authorization type (default: 'ro') + + ro rw + + + ro + read only + + + rw + read write + + + (ro|rw) + + Authorization type must be either 'rw' or 'ro' + + + + + IP address of SNMP client allowed to contact system + + + + + + + + + + Subnet of SNMP client(s) allowed to contact system + + ipv4net + IP address and prefix length + + + ipv6net + IPv6 address and prefix length + + + + + + + + + + + + Contact information + + .{1,255} + + Contact information is limited to 255 characters or less + + + + + Description information + + .{1,255} + + Description is limited to 255 characters or less + + + + + IP address to listen for incoming SNMP requests + + ipv4 + IPv4 address to listen for incoming SNMP requests + + + ipv6 + IPv6 address to listen for incoming SNMP requests + + + + + + + + + + Port for SNMP service (default: '161') + + 1-65535 + Numeric IP port + + + + + Port number must be in range 1 to 65535 + + + + + + + Location information + + .{1,255} + + Location is limited to 255 characters or less + + + + + Register a subtree for SMUX-based processing + + oid + Object Identifier + + + + + + + SNMP trap source address + + + + + + + + + Address of trap target + + + + + + + + + Community used when sending trap information + + + + + Destination port used for trap notification + + 1-65535 + Numeric IP port + + + + + Port number must be in range 1 to 65535 + + + + + + + Simple Network Management Protocol (SNMP) v3 + + + + + Specifies the EngineID that uniquely identify an agent (e.g. 0xff42) + + ^(0x){0,1}([0-9a-f][0-9a-f]){1,18}$ + + ID must contain an even number (from 2 to 36) of hex digits + + + + + Specifies the group with name groupname + + + + + Define group access permission (default: 'ro') + + ro rw + + + ro + read only + + + rw + read write + + + (ro|rw) + + Authorization type must be either 'rw' or 'ro' + + + + + Security levels + + noauth auth priv2 + + + noauth + Messages not authenticated and not encrypted (noAuthNoPriv) + + + auth + Messages are authenticated but not encrypted (authNoPriv) + + + priv + Messages are authenticated and encrypted (authPriv) + + + (noauth|auth|priv) + + + + + + Defines the name of view + + service snmp v3 view + + + + + + + + Defines SNMP target for inform or traps for IP + + ipv4 + IP address of trap target + + + ipv6 + IPv6 address of trap target + + + + + + + + + + Defines the privacy + + + + + Defines the encrypted key for authentication + + ^0x[0-9a-f]*$ + + Key must start from '0x' and contain hex digits + + + + + Defines the clear text key for authentication + + ^.{8,}$ + + Key must contain 8 or more characters + + + + + Defines the protocol used for authentication (default: 'md5') + + md5 sha + + + md5 + Message Digest 5 + + + sha + Secure Hash Algorithm + + + (md5|sha) + + + + + + + + Specifies TCP/UDP port of destination SNMP traps/informs (default: '162') + + 1-65535 + Numeric IP port + + + + + Port number must be in range 1 to 65535 + + + + + Defines the privacy + + + + + Defines the encrypted key for privacy protocol + + ^0x[0-9a-f]*$ + + Key must start from '0x' and contain hex digits + + + + + Defines the clear text key for privacy protocol + + ^.{8,}$ + + Key must contain 8 or more characters + + + + + Defines the protocol for privacy (default: 'des') + + des aes + + + des + Data Encryption Standard + + + aes + Advanced Encryption Standard + + + (des|aes) + + + + + + + + Defines protocol for notification between TCP and UDP + + tcp udp + + + tcp + Use Transmission Control Protocol for notifications + + + udp + Use User Datagram Protocol for notifications + + + (tcp|udp) + + + + + + Specifies the type of notification between inform and trap (default: 'inform') + + inform trap + + + inform + Use INFORM + + + trap + Use TRAP + + + (inform|trap) + + + + + + Defines username for authentication + + service snmp v3 user + + + + + + + + Specifies the user with name username + + ^[^\(\)\|\-]+$ + + Illegal characters in name + + + + + Specifies the auth + + + + + Defines the encrypted key for authentication + + ^0x[0-9a-f]*$ + + Key must start from '0x' and contain hex digits + + + + + Defines the clear text key for authentication + + ^.{8,}$ + + Key must contain 8 or more characters + + + + + Defines the protocol used for authentication (default: 'md5') + + md5 sha + + + md5 + Message Digest 5 + + + sha + Secure Hash Algorithm + + + (md5|sha) + + + + + + + + Specifies group for user name + + service snmp v3 group + + + + + + Define users access permission (default: 'ro') + + ro rw + + + ro + read only + + + rw + read write + + + (ro|rw) + + Authorization type must be either 'rw' or 'ro' + + + + + Defines the privacy + + + + + Defines the encrypted key for privacy protocol + + ^0x[0-9a-f]*$ + + Key must start from '0x' and contain hex digits + + + + + Defines the clear text key for privacy protocol + + ^.{8,}$ + + Key must contain 8 or more characters + + + + + Defines the protocol for privacy (default: 'des') + + des aes + + + des + Data Encryption Standard + + + aes + Advanced Encryption Standard + + + (des|aes) + + + + + + + + + + Specifies the view with name viewname + + ^[^\(\)\|\-]+$ + + Illegal characters in name + + + + + Specifies the oid + + ^[0-9]+(\.[0-9]+)*$ + + OID must start from a number + + + + + Exclude is an optional argument + + + + + Defines a bit-mask that is indicating which subidentifiers of the associated subtree OID should be regarded as significant + + ^[0-9a-f]{2}([\.:][0-9a-f]{2})*$ + + MASK is a list of hex octets, separated by '.' or ':' + + + + + + + + + + + SNMP script extensions + + + + + Extension name + + + + + Script location and name + + + + + + + + + + + + + + diff --git a/interface-definitions/ssh.xml b/interface-definitions/ssh.xml deleted file mode 100644 index c0ce976d6..000000000 --- a/interface-definitions/ssh.xml +++ /dev/null @@ -1,182 +0,0 @@ - - - - - - - - Secure SHell (SSH) protocol - 500 - - - - - SSH user/group access controls. Directives are processed - in the following order: deny-users, allow-users, deny-groups and - allow-groups. - - - - - Allow user/group SSH access - - - - - Allow members of a group to login - - ^[a-z_][a-z0-9_-]{1,31}[$]? - - illegal characters or more than 32 characters - - - - - - Allow specific users to login - - ^[a-z_][a-z0-9_-]{1,31}[$]? - - illegal characters or more than 32 characters - - - - - - - - Deny user/group SSH access - - - - - Disallow members of a group to login - - ^[a-z_][a-z0-9_-]{1,31}[$]? - - illegal characters or more than 32 characters - - - - - - Disallow specific users to login - - ^[a-z_][a-z0-9_-]{1,31}[$]? - - illegal characters or more than 32 characters - - - - - - - - - - Allowed ciphers - - - - - - - - - Don't validate the remote host name with DNS - - - - - - Disable password-based authentication - - - - - - Allowed key exchange (KEX) algorithms - - - - - - - - - Local addresses SSH service should listen on - - ipv4 - IP address to listen for incoming connections - - - ipv6 - IPv6 address to listen for incoming connections - - - - - - - - - - - Log level - - QUIET - stay silent - - - FATAL - log fatals only - - - ERROR - log errors and fatals only - - - INFO - default log level - - - VERBOSE - enable logging of failed login attempts - - - - - - Allowed message authentication code (MAC) algorithms - - - - - - - - - Port for SSH service - - 1-65535 - Numeric IP port - - - - - - - - - - how often send keep alives in seconds - - - - - - - - - - diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in new file mode 100644 index 000000000..8dea94d05 --- /dev/null +++ b/interface-definitions/ssh.xml.in @@ -0,0 +1,182 @@ + + + + + + + + Secure SHell (SSH) protocol + 500 + + + + + SSH user/group access controls. Directives are processed + in the following order: deny-users, allow-users, deny-groups and + allow-groups. + + + + + Allow user/group SSH access + + + + + Allow members of a group to login + + ^[a-z_][a-z0-9_-]{1,31}[$]? + + illegal characters or more than 32 characters + + + + + + Allow specific users to login + + ^[a-z_][a-z0-9_-]{1,31}[$]? + + illegal characters or more than 32 characters + + + + + + + + Deny user/group SSH access + + + + + Disallow members of a group to login + + ^[a-z_][a-z0-9_-]{1,31}[$]? + + illegal characters or more than 32 characters + + + + + + Disallow specific users to login + + ^[a-z_][a-z0-9_-]{1,31}[$]? + + illegal characters or more than 32 characters + + + + + + + + + + Allowed ciphers + + + + + + + + + Disable IP Address to Hostname lookup + + + + + + Disable password-based authentication + + + + + + Allowed key exchange (KEX) algorithms + + + + + + + + + Local addresses SSH service should listen on + + ipv4 + IP address to listen for incoming connections + + + ipv6 + IPv6 address to listen for incoming connections + + + + + + + + + + + Log level + + QUIET + stay silent + + + FATAL + log fatals only + + + ERROR + log errors and fatals only + + + INFO + default log level + + + VERBOSE + enable logging of failed login attempts + + + + + + Allowed message authentication code (MAC) algorithms + + + + + + + + + Port for SSH service + + 1-65535 + Numeric IP port + + + + + + + + + + how often send keep alives in seconds + + + + + + + + + + diff --git a/interface-definitions/sstp.xml b/interface-definitions/sstp.xml deleted file mode 100644 index d944baaad..000000000 --- a/interface-definitions/sstp.xml +++ /dev/null @@ -1,416 +0,0 @@ - - - - - - - Secure Socket Tunneling Protocol (SSTP) Server - 900 - - - - - Authentication for remote access SSTP Server - - - - - Local user authentication for SSTP server - - - - - User name for authentication - - - - - Option to disable a SSTP Server user - - - - - - Password for authentication - - - - - Static client IP address - - - - - Upload/Download speed limits - - - - - Upload bandwidth limit in kbits/sec - - - - - - - - Download bandwidth limit in kbits/sec - - - - - - - - - - - - - - Authentication mode for SSTP Server - - local - Use local username/password configuration - - - radius - Use a RADIUS server to autenticate users - - - ^(local|radius) - - - local radius - - - - - - Authentication protocol for remote access peer SSTP VPN - - pap - Require the peer to authenticate itself using PAP [Password Authentication Protocol]. - - - chap - Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. - - - mschap - Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. - - - mschap-v2 - Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2]. - - - ^(pap|chap|mschap|mschap-v2) - - - pap chap mschap mschap-v2 - - - - - - - IP address of RADIUS server - - ipv4 - IP address of RADIUS server - - - - - - Key for accessing the specified server - - - - - Maximum number of simultaneous requests to server (default: unlimited) - - - - - If server doesn't responds mark it as unavailable for this amount of time in seconds - - - - - - - RADIUS settings - - - - - Timeout to wait response from server (seconds) - - - - - Timeout to wait reply for Interim-Update packets. (default 3 seconds) - - - - - Maximum number of tries to send Access-Request/Accounting-Request queries - - - - - Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests. - - - - - Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address. - - - - invalid IPv4 address - - ipv4 - NAS-IP-Address Attribute Value - - - - - - IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA) - - - - - IP address for Dynamic Authorization Extension server (DM/CoA) - - - - invalid IPv4 address - - ipv4 - Specifies IP address for Dynamic Authorization Extension server (DM/CoA) - - - - - - Port for Dynamic Authorization Extension server (DM/CoA) - - number - TCP port - - - - - - - - - Secret for Dynamic Authorization Extension server (DM/CoA) - - - - - - - Upload/Download speed limits - - - - - Specifies which radius attribute contains rate information. (default is Filter-Id) - - - - - Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius) - - - - - Enables Bandwidth shaping via RADIUS - - - - - - - - - - - - SSTP settings - - - - - SSL Certificate, SSL Key and CA (/config/user-data/sstp) - - - - - Certificate Authority certificate - - - - - - - - Server Certificate - - - - - - - - Privat Key of the Server Certificate - - - - - - - - - - - - Network settings - - - - - Client IP pools and gateway setting - - - - - Client IP subnet (CIDR notation) - - - - Not a valid CIDR formatted prefix - - - - - - Gateway IP address - - - - invalid IPv4 address - - ipv4 - Default Gateway send to the client - - - - - - - - DNS servers propagated to clients - - - - - Primary DNS Server - - ipv4 - IPv4 address - - - - - - - - - Secondary DNS Server - - ipv4 - IPv4 address - - - - - - - - - - - Maximum Transmission Unit (MTU) - - - - - - - - - - PPP (Point-to-Point Protocol) settings - - - - - Specifies mppe negotiation preferences - - require prefer deny - - - (^require|prefer|deny) - - - require - send mppe request, if client rejects, drop the connection - - - prefer - send mppe request, if client rejects continue - - - deny - drop all mppe - - - - - - LCP echo-requests/sec - - - - - - - - Maximum number of Echo-Requests may be sent without valid reply - - - - - - - - Timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and "lcp-echo-failure" is not used. - - - - - - - - - - - - diff --git a/interface-definitions/sstp.xml.in b/interface-definitions/sstp.xml.in new file mode 100644 index 000000000..290b45a98 --- /dev/null +++ b/interface-definitions/sstp.xml.in @@ -0,0 +1,416 @@ + + + + + + + Secure Socket Tunneling Protocol (SSTP) Server + 900 + + + + + Authentication for remote access SSTP Server + + + + + Local user authentication for SSTP server + + + + + User name for authentication + + + + + Option to disable a SSTP Server user + + + + + + Password for authentication + + + + + Static client IP address + + + + + Upload/Download speed limits + + + + + Upload bandwidth limit in kbits/sec + + + + + + + + Download bandwidth limit in kbits/sec + + + + + + + + + + + + + + Authentication mode for SSTP Server + + local + Use local username/password configuration + + + radius + Use a RADIUS server to autenticate users + + + ^(local|radius) + + + local radius + + + + + + Authentication protocol for remote access peer SSTP VPN + + pap + Require the peer to authenticate itself using PAP [Password Authentication Protocol]. + + + chap + Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. + + + mschap + Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. + + + mschap-v2 + Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2]. + + + ^(pap|chap|mschap|mschap-v2) + + + pap chap mschap mschap-v2 + + + + + + + IP address of RADIUS server + + ipv4 + IP address of RADIUS server + + + + + + Key for accessing the specified server + + + + + Maximum number of simultaneous requests to server (default: unlimited) + + + + + If server does not responds mark it as unavailable for this time (seconds) + + + + + + + RADIUS settings + + + + + Timeout to wait response from server (seconds) + + + + + Timeout to wait reply for Interim-Update packets. (default 3 seconds) + + + + + Maximum number of tries to send Access-Request/Accounting-Request queries + + + + + Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests. + + + + + Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address. + + + + invalid IPv4 address + + ipv4 + NAS-IP-Address Attribute Value + + + + + + IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA) + + + + + IP address for Dynamic Authorization Extension server (DM/CoA) + + + + invalid IPv4 address + + ipv4 + Specifies IP address for Dynamic Authorization Extension server (DM/CoA) + + + + + + Port for Dynamic Authorization Extension server (DM/CoA) + + number + TCP port + + + + + + + + + Secret for Dynamic Authorization Extension server (DM/CoA) + + + + + + + Upload/Download speed limits + + + + + Specifies which radius attribute contains rate information. (default is Filter-Id) + + + + + Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius) + + + + + Enables Bandwidth shaping via RADIUS + + + + + + + + + + + + SSTP settings + + + + + SSL Certificate, SSL Key and CA (/config/user-data/sstp) + + + + + Certificate Authority certificate + + + + + + + + Server Certificate + + + + + + + + Privat Key of the Server Certificate + + + + + + + + + + + + Network settings + + + + + Client IP pools and gateway setting + + + + + Client IP subnet (CIDR notation) + + + + Not a valid CIDR formatted prefix + + + + + + Gateway IP address + + + + invalid IPv4 address + + ipv4 + Default Gateway send to the client + + + + + + + + DNS servers propagated to clients + + + + + Primary DNS Server + + ipv4 + IPv4 address + + + + + + + + + Secondary DNS Server + + ipv4 + IPv4 address + + + + + + + + + + + Maximum Transmission Unit (MTU) + + + + + + + + + + PPP (Point-to-Point Protocol) settings + + + + + Specifies mppe negotiation preferences + + require prefer deny + + + (^require|prefer|deny) + + + require + send mppe request, if client rejects, drop the connection + + + prefer + send mppe request, if client rejects continue + + + deny + drop all mppe + + + + + + LCP echo-requests/sec + + + + + + + + Maximum number of Echo-Requests may be sent without valid reply + + + + + + + + Timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and "lcp-echo-failure" is not used. + + + + + + + + + + + + diff --git a/interface-definitions/system-proxy.xml b/interface-definitions/system-proxy.xml deleted file mode 100644 index f43702fc8..000000000 --- a/interface-definitions/system-proxy.xml +++ /dev/null @@ -1,43 +0,0 @@ - - - - - - - Sets a proxy for system wide use - - - - - Proxy URL - - ^http://[a-z0-9\.]+$ - - - - - - Proxy port - - - - - - - - Proxy username - - ^[a-z0-9-_\.]{1,100}$ - - - - - - Proxy password - - - - - - - diff --git a/interface-definitions/system-proxy.xml.in b/interface-definitions/system-proxy.xml.in new file mode 100644 index 000000000..4b21139a6 --- /dev/null +++ b/interface-definitions/system-proxy.xml.in @@ -0,0 +1,43 @@ + + + + + + + Sets a proxy for system wide use + + + + + Proxy URL + + http://[a-z0-9\.]+$ + + + + + + Proxy port + + + + + + + + Proxy username + + ^[a-z0-9-_\.]{1,100}$ + + + + + + Proxy password + + + + + + + diff --git a/interface-definitions/system-syslog.xml b/interface-definitions/system-syslog.xml deleted file mode 100644 index 8f4b105c8..000000000 --- a/interface-definitions/system-syslog.xml +++ /dev/null @@ -1,945 +0,0 @@ - - - - - - - System logging - 400 - - - - - Logging to specific user's terminal - - ^[a-z_][a-z0-9_-]{1,31}[$]? - - illegal characters in user - - username - user login name - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - Logging to a remote host - - - (?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$) - - Invalid host FQDN or IP address - - x.x.x.x or host.domain.tld - Remote host name or IP address - - - - - - Destination port - - 1-65535 - Destination port - - - - - Invalid destination port value - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - syslog communication protocol - - udp - send log messages to remote syslog server over udp - - - tcp - send log messages to remote syslog server over tcp - - - udp tcp - - - (udp|tcp) - - invalid protocol name - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - Logging to system standard location - - - - - Log file size and rotation characteristics - - - - - Number of saved files (default is 5) - - ^[0-9]+ - - illegal characters in number of files - - - - - Size of log files (in kbytes, default is 256) - - ^[0-9]+ - - illegal characters in size - - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - mark messages sent to syslog - - - - - time interval how often a mark message is being sent in seconds (default: 1200) - - - - - - - - - - uses FQDN for logging - - - - - - - - Logging to a file - - ^[a-zA-Z0-9\-_.]{1,255} - - illegal characters in filename or filename longer than 255 characters - - - - - Log file size and rotation characteristics - - - - - Number of saved files (default is 5) - - ^[0-9]+ - - illegal characters in number of files - - - - - Size of log files (in kbytes, default is 256) - - ^[0-9]+ - - illegal characters in size - - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - logging to serial console - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - - - diff --git a/interface-definitions/system-syslog.xml.in b/interface-definitions/system-syslog.xml.in new file mode 100644 index 000000000..cce79a4c2 --- /dev/null +++ b/interface-definitions/system-syslog.xml.in @@ -0,0 +1,945 @@ + + + + + + + System logging + 400 + + + + + Logging to specific terminal of given user + + ^[a-z_][a-z0-9_-]{1,31}[$]? + + illegal characters in user + + username + user login name + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + Logging to a remote host + + + (?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$) + + Invalid host FQDN or IP address + + x.x.x.x or host.domain.tld + Remote host name or IP address + + + + + + Destination port + + 1-65535 + Destination port + + + + + Invalid destination port value + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + syslog communication protocol + + udp + send log messages to remote syslog server over udp + + + tcp + send log messages to remote syslog server over tcp + + + udp tcp + + + (udp|tcp) + + invalid protocol name + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + Logging to system standard location + + + + + Log file size and rotation characteristics + + + + + Number of saved files (default is 5) + + ^[0-9]+ + + illegal characters in number of files + + + + + Size of log files (in kbytes, default is 256) + + ^[0-9]+ + + illegal characters in size + + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + mark messages sent to syslog + + + + + time interval how often a mark message is being sent in seconds (default: 1200) + + + + + + + + + + uses FQDN for logging + + + + + + + + Logging to a file + + ^[a-zA-Z0-9\-_.]{1,255} + + illegal characters in filename or filename longer than 255 characters + + + + + Log file size and rotation characteristics + + + + + Number of saved files (default is 5) + + ^[0-9]+ + + illegal characters in number of files + + + + + Size of log files (in kbytes, default is 256) + + ^[0-9]+ + + illegal characters in size + + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + logging to serial console + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + + + diff --git a/interface-definitions/tftp-server.xml b/interface-definitions/tftp-server.xml deleted file mode 100644 index 2874b034c..000000000 --- a/interface-definitions/tftp-server.xml +++ /dev/null @@ -1,57 +0,0 @@ - - - - - - - - Trivial File Transfer Protocol (TFTP) server - 990 - - - - - Folder containing files served by TFTP [REQUIRED] - - - - - Allow TFTP file uploads - - - - - - Port for TFTP service - - 1-65535 - Numeric IP port (default: 69) - - - - - - - - - Addresses for TFTP server to listen [REQUIRED] - - ipv4 - TFTP IPv4 listen address - - - ipv6 - TFTP IPv6 listen address - - - - - - - - - - - - - diff --git a/interface-definitions/tftp-server.xml.in b/interface-definitions/tftp-server.xml.in new file mode 100644 index 000000000..2874b034c --- /dev/null +++ b/interface-definitions/tftp-server.xml.in @@ -0,0 +1,57 @@ + + + + + + + + Trivial File Transfer Protocol (TFTP) server + 990 + + + + + Folder containing files served by TFTP [REQUIRED] + + + + + Allow TFTP file uploads + + + + + + Port for TFTP service + + 1-65535 + Numeric IP port (default: 69) + + + + + + + + + Addresses for TFTP server to listen [REQUIRED] + + ipv4 + TFTP IPv4 listen address + + + ipv6 + TFTP IPv6 listen address + + + + + + + + + + + + + diff --git a/interface-definitions/vrrp.xml b/interface-definitions/vrrp.xml deleted file mode 100644 index 2884ef613..000000000 --- a/interface-definitions/vrrp.xml +++ /dev/null @@ -1,255 +0,0 @@ - - - - - High availability settings - - - - - 800 - Virtual Router Redundancy Protocol settings - - - - - VRRP group - - - - - Network interface - - - - - - - - Advertise interval - - 1-255 - Advertise interval in seconds (default: 1) - - - - - - - - - VRRP authentication - - - - - VRRP password - - text - Password string (up to 8 characters) - - - .{1,8} - - Password must not be longer than 8 characters - - - - - Authentication type - - plaintext-password ah - - - (plaintext-password|ah) - - Authentication type must be plaintext-password or ah - - - - - - - Group description - - - - - - Disable VRRP group - - - - - Health check script - - - - - Health check failure count required for transition to fault (default: 3) - - - - - - - - Health check execution interval in seconds (default: 60) - - - - - - - - Health check script file - - - - - - - - - - VRRP hello source address (IPv4 or IPv6) - - - - - - <IPv4|IPv6> - IPv4 or IPv6 hello source address - - - - - - Unicast VRRP peer address (IPv4 or IPv6) - - - - - - <IPv4|IPv6> - IPv4 or IPv6 unicast peer address - - - - - - - Disable master preemption - - - - - Preempt delay (in seconds) - - - - - - - - Router priority - - - - - 1-255 - Router priority (default: 100) - - - - - - - Use VRRP virtual MAC address as per RFC3768 - - - - - VRRP transition scripts - - - - - Script to run on VRRP state transition to master - - - - - - - - Script to run on VRRP state transition to backup - - - - - - - - Script to run on VRRP state transition to fault - - - - - - - - - - - Virtual address (IPv4 or IPv6, but they must not be mixed in one group) - - - - - Virtual address must be a valid IPv4 or IPv6 address with prefix length (e.g. 192.0.2.3/24 or 2001:db8:ff::10/64) - - <IPv4|IPv6> - IPv4 or IPv6 virtual address - - - - - - Virtual router identifier - - - - - 1-255 - Virtual router identifier - - - - - - - - VRRP sync group - - - - - - Sync group member - - text - VRRP group name - - - high-availability vrrp group - - - - - - - - - - diff --git a/interface-definitions/vrrp.xml.in b/interface-definitions/vrrp.xml.in new file mode 100644 index 000000000..2884ef613 --- /dev/null +++ b/interface-definitions/vrrp.xml.in @@ -0,0 +1,255 @@ + + + + + High availability settings + + + + + 800 + Virtual Router Redundancy Protocol settings + + + + + VRRP group + + + + + Network interface + + + + + + + + Advertise interval + + 1-255 + Advertise interval in seconds (default: 1) + + + + + + + + + VRRP authentication + + + + + VRRP password + + text + Password string (up to 8 characters) + + + .{1,8} + + Password must not be longer than 8 characters + + + + + Authentication type + + plaintext-password ah + + + (plaintext-password|ah) + + Authentication type must be plaintext-password or ah + + + + + + + Group description + + + + + + Disable VRRP group + + + + + Health check script + + + + + Health check failure count required for transition to fault (default: 3) + + + + + + + + Health check execution interval in seconds (default: 60) + + + + + + + + Health check script file + + + + + + + + + + VRRP hello source address (IPv4 or IPv6) + + + + + + <IPv4|IPv6> + IPv4 or IPv6 hello source address + + + + + + Unicast VRRP peer address (IPv4 or IPv6) + + + + + + <IPv4|IPv6> + IPv4 or IPv6 unicast peer address + + + + + + + Disable master preemption + + + + + Preempt delay (in seconds) + + + + + + + + Router priority + + + + + 1-255 + Router priority (default: 100) + + + + + + + Use VRRP virtual MAC address as per RFC3768 + + + + + VRRP transition scripts + + + + + Script to run on VRRP state transition to master + + + + + + + + Script to run on VRRP state transition to backup + + + + + + + + Script to run on VRRP state transition to fault + + + + + + + + + + + Virtual address (IPv4 or IPv6, but they must not be mixed in one group) + + + + + Virtual address must be a valid IPv4 or IPv6 address with prefix length (e.g. 192.0.2.3/24 or 2001:db8:ff::10/64) + + <IPv4|IPv6> + IPv4 or IPv6 virtual address + + + + + + Virtual router identifier + + + + + 1-255 + Virtual router identifier + + + + + + + + VRRP sync group + + + + + + Sync group member + + text + VRRP group name + + + high-availability vrrp group + + + + + + + + + + -- cgit v1.2.3