From 4ef110fd2c501b718344c72d495ad7e16d2bd465 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sat, 30 Dec 2023 23:25:20 +0100 Subject: T5474: establish common file name pattern for XML conf mode commands We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in --- interface-definitions/bcast-relay.xml.in | 46 - interface-definitions/cron.xml.in | 72 -- interface-definitions/dhcp-relay.xml.in | 126 --- interface-definitions/dhcp-server.xml.in | 456 -------- interface-definitions/dhcpv6-relay.xml.in | 82 -- interface-definitions/dhcpv6-server.xml.in | 375 ------ interface-definitions/dns-domain-name.xml.in | 107 -- interface-definitions/dns-dynamic.xml.in | 213 ---- interface-definitions/dns-forwarding.xml.in | 703 ------------ interface-definitions/flow-accounting-conf.xml.in | 437 ------- interface-definitions/https.xml.in | 220 ---- interface-definitions/igmp-proxy.xml.in | 97 -- interface-definitions/interfaces-bonding.xml.in | 286 ----- interface-definitions/interfaces-bridge.xml.in | 226 ---- interface-definitions/interfaces-dummy.xml.in | 57 - interface-definitions/interfaces-ethernet.xml.in | 217 ---- interface-definitions/interfaces-geneve.xml.in | 60 - interface-definitions/interfaces-input.xml.in | 27 - interface-definitions/interfaces-l2tpv3.xml.in | 131 --- interface-definitions/interfaces-loopback.xml.in | 35 - interface-definitions/interfaces-macsec.xml.in | 153 --- interface-definitions/interfaces-openvpn.xml.in | 809 ------------- interface-definitions/interfaces-pppoe.xml.in | 153 --- .../interfaces-pseudo-ethernet.xml.in | 68 -- interface-definitions/interfaces-sstpc.xml.in | 47 - interface-definitions/interfaces-tunnel.xml.in | 281 ----- .../interfaces-virtual-ethernet.xml.in | 48 - interface-definitions/interfaces-vti.xml.in | 32 - interface-definitions/interfaces-vxlan.xml.in | 133 --- interface-definitions/interfaces-wireguard.xml.in | 129 --- interface-definitions/interfaces-wireless.xml.in | 832 -------------- interface-definitions/interfaces-wwan.xml.in | 48 - interface-definitions/interfaces_bonding.xml.in | 286 +++++ interface-definitions/interfaces_bridge.xml.in | 226 ++++ interface-definitions/interfaces_dummy.xml.in | 57 + interface-definitions/interfaces_ethernet.xml.in | 217 ++++ interface-definitions/interfaces_geneve.xml.in | 60 + interface-definitions/interfaces_input.xml.in | 27 + interface-definitions/interfaces_l2tpv3.xml.in | 131 +++ interface-definitions/interfaces_loopback.xml.in | 35 + interface-definitions/interfaces_macsec.xml.in | 153 +++ interface-definitions/interfaces_openvpn.xml.in | 809 +++++++++++++ interface-definitions/interfaces_pppoe.xml.in | 153 +++ .../interfaces_pseudo-ethernet.xml.in | 68 ++ interface-definitions/interfaces_sstpc.xml.in | 47 + interface-definitions/interfaces_tunnel.xml.in | 281 +++++ .../interfaces_virtual-ethernet.xml.in | 48 + interface-definitions/interfaces_vti.xml.in | 32 + interface-definitions/interfaces_vxlan.xml.in | 133 +++ interface-definitions/interfaces_wireguard.xml.in | 129 +++ interface-definitions/interfaces_wireless.xml.in | 832 ++++++++++++++ interface-definitions/interfaces_wwan.xml.in | 48 + interface-definitions/lldp.xml.in | 188 --- .../load-balancing-haproxy.xml.in | 254 ----- interface-definitions/load-balancing-wan.xml.in | 399 ------- .../load-balancing_reverse-proxy.xml.in | 254 +++++ interface-definitions/load-balancing_wan.xml.in | 399 +++++++ interface-definitions/ntp.xml.in | 67 -- interface-definitions/policy-local-route.xml.in | 156 --- interface-definitions/policy-route.xml.in | 117 -- interface-definitions/policy_local-route.xml.in | 156 +++ interface-definitions/policy_route.xml.in | 117 ++ interface-definitions/protocols-babel.xml.in | 254 ----- interface-definitions/protocols-bfd.xml.in | 85 -- interface-definitions/protocols-bgp.xml.in | 16 - interface-definitions/protocols-eigrp.xml.in | 17 - interface-definitions/protocols-failover.xml.in | 135 --- interface-definitions/protocols-isis.xml.in | 16 - interface-definitions/protocols-mpls.xml.in | 560 --------- interface-definitions/protocols-multicast.xml.in | 94 -- interface-definitions/protocols-nhrp.xml.in | 138 --- interface-definitions/protocols-ospf.xml.in | 16 - interface-definitions/protocols-ospfv3.xml.in | 16 - interface-definitions/protocols-pim.xml.in | 210 ---- interface-definitions/protocols-pim6.xml.in | 179 --- interface-definitions/protocols-rip.xml.in | 258 ----- interface-definitions/protocols-ripng.xml.in | 155 --- interface-definitions/protocols-rpki.xml.in | 95 -- .../protocols-segment-routing.xml.in | 137 --- interface-definitions/protocols-static-arp.xml.in | 51 - interface-definitions/protocols-static.xml.in | 44 - interface-definitions/protocols_babel.xml.in | 254 +++++ interface-definitions/protocols_bfd.xml.in | 85 ++ interface-definitions/protocols_bgp.xml.in | 16 + interface-definitions/protocols_eigrp.xml.in | 17 + interface-definitions/protocols_failover.xml.in | 135 +++ interface-definitions/protocols_igmp-proxy.xml.in | 97 ++ interface-definitions/protocols_isis.xml.in | 16 + interface-definitions/protocols_mpls.xml.in | 560 +++++++++ interface-definitions/protocols_nhrp.xml.in | 138 +++ interface-definitions/protocols_ospf.xml.in | 16 + interface-definitions/protocols_ospfv3.xml.in | 16 + interface-definitions/protocols_pim.xml.in | 210 ++++ interface-definitions/protocols_pim6.xml.in | 179 +++ interface-definitions/protocols_rip.xml.in | 258 +++++ interface-definitions/protocols_ripng.xml.in | 155 +++ interface-definitions/protocols_rpki.xml.in | 95 ++ .../protocols_segment-routing.xml.in | 137 +++ interface-definitions/protocols_static.xml.in | 44 + interface-definitions/protocols_static_arp.xml.in | 51 + .../protocols_static_multicast.xml.in | 94 ++ interface-definitions/salt-minion.xml.in | 74 -- interface-definitions/service-aws-glb.xml.in | 127 --- interface-definitions/service-config-sync.xml.in | 104 -- .../service-conntrack-sync.xml.in | 173 --- .../service-console-server.xml.in | 100 -- interface-definitions/service-event-handler.xml.in | 70 -- .../service-ids-ddos-protection.xml.in | 167 --- interface-definitions/service-ipoe-server.xml.in | 190 ---- interface-definitions/service-mdns-repeater.xml.in | 82 -- .../service-monitoring-telegraf.xml.in | 284 ----- .../service-monitoring-zabbix-agent.xml.in | 193 ---- interface-definitions/service-pppoe-server.xml.in | 281 ----- interface-definitions/service-router-advert.xml.in | 369 ------ interface-definitions/service-sla.xml.in | 36 - interface-definitions/service-upnp.xml.in | 228 ---- interface-definitions/service-webproxy.xml.in | 654 ----------- interface-definitions/service_aws_glb.xml.in | 127 +++ .../service_broadcast-relay.xml.in | 46 + interface-definitions/service_config-sync.xml.in | 104 ++ .../service_conntrack-sync.xml.in | 173 +++ .../service_console-server.xml.in | 100 ++ interface-definitions/service_dhcp-relay.xml.in | 126 +++ interface-definitions/service_dhcp-server.xml.in | 456 ++++++++ interface-definitions/service_dhcpv6-relay.xml.in | 82 ++ interface-definitions/service_dhcpv6-server.xml.in | 375 ++++++ interface-definitions/service_dns_dynamic.xml.in | 213 ++++ .../service_dns_forwarding.xml.in | 703 ++++++++++++ interface-definitions/service_event-handler.xml.in | 70 ++ interface-definitions/service_https.xml.in | 220 ++++ .../service_ids_ddos-protection.xml.in | 167 +++ interface-definitions/service_ipoe-server.xml.in | 190 ++++ interface-definitions/service_lldp.xml.in | 188 +++ interface-definitions/service_mdns_repeater.xml.in | 82 ++ .../service_monitoring_telegraf.xml.in | 284 +++++ .../service_monitoring_zabbix-agent.xml.in | 193 ++++ interface-definitions/service_ntp.xml.in | 67 ++ interface-definitions/service_pppoe-server.xml.in | 281 +++++ interface-definitions/service_router-advert.xml.in | 369 ++++++ interface-definitions/service_salt-minion.xml.in | 74 ++ interface-definitions/service_sla.xml.in | 36 + interface-definitions/service_snmp.xml.in | 598 ++++++++++ interface-definitions/service_ssh.xml.in | 270 +++++ interface-definitions/service_tftp-server.xml.in | 32 + interface-definitions/service_upnp.xml.in | 228 ++++ interface-definitions/service_webproxy.xml.in | 654 +++++++++++ interface-definitions/snmp.xml.in | 598 ---------- interface-definitions/ssh.xml.in | 270 ----- .../system-acceleration-qat.xml.in | 21 - interface-definitions/system-config-mgmt.xml.in | 82 -- interface-definitions/system-conntrack.xml.in | 513 --------- interface-definitions/system-console.xml.in | 91 -- interface-definitions/system-frr.xml.in | 91 -- interface-definitions/system-ip.xml.in | 114 -- interface-definitions/system-ipv6.xml.in | 50 - interface-definitions/system-lcd.xml.in | 70 -- interface-definitions/system-login-banner.xml.in | 32 - interface-definitions/system-login.xml.in | 302 ----- interface-definitions/system-logs.xml.in | 92 -- interface-definitions/system-option.xml.in | 171 --- interface-definitions/system-proxy.xml.in | 25 - interface-definitions/system-sflow.xml.in | 113 -- interface-definitions/system-sysctl.xml.in | 40 - interface-definitions/system-syslog.xml.in | 155 --- interface-definitions/system-time-zone.xml.in | 19 - interface-definitions/system-update-check.xml.in | 22 - interface-definitions/system_acceleration.xml.in | 21 + .../system_config-management.xml.in | 82 ++ interface-definitions/system_conntrack.xml.in | 513 +++++++++ interface-definitions/system_console.xml.in | 91 ++ interface-definitions/system_domain-name.xml.in | 15 + interface-definitions/system_domain-search.xml.in | 18 + .../system_flow-accounting.xml.in | 437 +++++++ interface-definitions/system_frr.xml.in | 91 ++ interface-definitions/system_host-name.xml.in | 16 + interface-definitions/system_ip.xml.in | 114 ++ interface-definitions/system_ipv6.xml.in | 50 + interface-definitions/system_lcd.xml.in | 70 ++ interface-definitions/system_login.xml.in | 302 +++++ interface-definitions/system_login_banner.xml.in | 32 + interface-definitions/system_logs.xml.in | 92 ++ interface-definitions/system_name-server.xml.in | 33 + interface-definitions/system_option.xml.in | 171 +++ interface-definitions/system_proxy.xml.in | 25 + interface-definitions/system_sflow.xml.in | 113 ++ .../system_static-host-mapping.xml.in | 53 + interface-definitions/system_sysctl.xml.in | 40 + interface-definitions/system_syslog.xml.in | 155 +++ interface-definitions/system_task-scheduler.xml.in | 72 ++ interface-definitions/system_time-zone.xml.in | 19 + interface-definitions/system_update-check.xml.in | 22 + interface-definitions/tftp-server.xml.in | 32 - interface-definitions/vpn-ipsec.xml.in | 1194 -------------------- interface-definitions/vpn-l2tp.xml.in | 163 --- interface-definitions/vpn-openconnect.xml.in | 392 ------- interface-definitions/vpn-pptp.xml.in | 143 --- interface-definitions/vpn-sstp.xml.in | 64 -- interface-definitions/vpn_ipsec.xml.in | 1194 ++++++++++++++++++++ interface-definitions/vpn_l2tp.xml.in | 163 +++ interface-definitions/vpn_openconnect.xml.in | 392 +++++++ interface-definitions/vpn_pptp.xml.in | 143 +++ interface-definitions/vpn_sstp.xml.in | 64 ++ 202 files changed, 18382 insertions(+), 18354 deletions(-) delete mode 100644 interface-definitions/bcast-relay.xml.in delete mode 100644 interface-definitions/cron.xml.in delete mode 100644 interface-definitions/dhcp-relay.xml.in delete mode 100644 interface-definitions/dhcp-server.xml.in delete mode 100644 interface-definitions/dhcpv6-relay.xml.in delete mode 100644 interface-definitions/dhcpv6-server.xml.in delete mode 100644 interface-definitions/dns-domain-name.xml.in delete mode 100644 interface-definitions/dns-dynamic.xml.in delete mode 100644 interface-definitions/dns-forwarding.xml.in delete mode 100644 interface-definitions/flow-accounting-conf.xml.in delete mode 100644 interface-definitions/https.xml.in delete mode 100644 interface-definitions/igmp-proxy.xml.in delete mode 100644 interface-definitions/interfaces-bonding.xml.in delete mode 100644 interface-definitions/interfaces-bridge.xml.in delete mode 100644 interface-definitions/interfaces-dummy.xml.in delete mode 100644 interface-definitions/interfaces-ethernet.xml.in delete mode 100644 interface-definitions/interfaces-geneve.xml.in delete mode 100644 interface-definitions/interfaces-input.xml.in delete mode 100644 interface-definitions/interfaces-l2tpv3.xml.in delete mode 100644 interface-definitions/interfaces-loopback.xml.in delete mode 100644 interface-definitions/interfaces-macsec.xml.in delete mode 100644 interface-definitions/interfaces-openvpn.xml.in delete mode 100644 interface-definitions/interfaces-pppoe.xml.in delete mode 100644 interface-definitions/interfaces-pseudo-ethernet.xml.in delete mode 100644 interface-definitions/interfaces-sstpc.xml.in delete mode 100644 interface-definitions/interfaces-tunnel.xml.in delete mode 100644 interface-definitions/interfaces-virtual-ethernet.xml.in delete mode 100644 interface-definitions/interfaces-vti.xml.in delete mode 100644 interface-definitions/interfaces-vxlan.xml.in delete mode 100644 interface-definitions/interfaces-wireguard.xml.in delete mode 100644 interface-definitions/interfaces-wireless.xml.in delete mode 100644 interface-definitions/interfaces-wwan.xml.in create mode 100644 interface-definitions/interfaces_bonding.xml.in create mode 100644 interface-definitions/interfaces_bridge.xml.in create mode 100644 interface-definitions/interfaces_dummy.xml.in create mode 100644 interface-definitions/interfaces_ethernet.xml.in create mode 100644 interface-definitions/interfaces_geneve.xml.in create mode 100644 interface-definitions/interfaces_input.xml.in create mode 100644 interface-definitions/interfaces_l2tpv3.xml.in create mode 100644 interface-definitions/interfaces_loopback.xml.in create mode 100644 interface-definitions/interfaces_macsec.xml.in create mode 100644 interface-definitions/interfaces_openvpn.xml.in create mode 100644 interface-definitions/interfaces_pppoe.xml.in create mode 100644 interface-definitions/interfaces_pseudo-ethernet.xml.in create mode 100644 interface-definitions/interfaces_sstpc.xml.in create mode 100644 interface-definitions/interfaces_tunnel.xml.in create mode 100644 interface-definitions/interfaces_virtual-ethernet.xml.in create mode 100644 interface-definitions/interfaces_vti.xml.in create mode 100644 interface-definitions/interfaces_vxlan.xml.in create mode 100644 interface-definitions/interfaces_wireguard.xml.in create mode 100644 interface-definitions/interfaces_wireless.xml.in create mode 100644 interface-definitions/interfaces_wwan.xml.in delete mode 100644 interface-definitions/lldp.xml.in delete mode 100644 interface-definitions/load-balancing-haproxy.xml.in delete mode 100644 interface-definitions/load-balancing-wan.xml.in create mode 100644 interface-definitions/load-balancing_reverse-proxy.xml.in create mode 100644 interface-definitions/load-balancing_wan.xml.in delete mode 100644 interface-definitions/ntp.xml.in delete mode 100644 interface-definitions/policy-local-route.xml.in delete mode 100644 interface-definitions/policy-route.xml.in create mode 100644 interface-definitions/policy_local-route.xml.in create mode 100644 interface-definitions/policy_route.xml.in delete mode 100644 interface-definitions/protocols-babel.xml.in delete mode 100644 interface-definitions/protocols-bfd.xml.in delete mode 100644 interface-definitions/protocols-bgp.xml.in delete mode 100644 interface-definitions/protocols-eigrp.xml.in delete mode 100644 interface-definitions/protocols-failover.xml.in delete mode 100644 interface-definitions/protocols-isis.xml.in delete mode 100644 interface-definitions/protocols-mpls.xml.in delete mode 100644 interface-definitions/protocols-multicast.xml.in delete mode 100644 interface-definitions/protocols-nhrp.xml.in delete mode 100644 interface-definitions/protocols-ospf.xml.in delete mode 100644 interface-definitions/protocols-ospfv3.xml.in delete mode 100644 interface-definitions/protocols-pim.xml.in delete mode 100644 interface-definitions/protocols-pim6.xml.in delete mode 100644 interface-definitions/protocols-rip.xml.in delete mode 100644 interface-definitions/protocols-ripng.xml.in delete mode 100644 interface-definitions/protocols-rpki.xml.in delete mode 100644 interface-definitions/protocols-segment-routing.xml.in delete mode 100644 interface-definitions/protocols-static-arp.xml.in delete mode 100644 interface-definitions/protocols-static.xml.in create mode 100644 interface-definitions/protocols_babel.xml.in create mode 100644 interface-definitions/protocols_bfd.xml.in create mode 100644 interface-definitions/protocols_bgp.xml.in create mode 100644 interface-definitions/protocols_eigrp.xml.in create mode 100644 interface-definitions/protocols_failover.xml.in create mode 100644 interface-definitions/protocols_igmp-proxy.xml.in create mode 100644 interface-definitions/protocols_isis.xml.in create mode 100644 interface-definitions/protocols_mpls.xml.in create mode 100644 interface-definitions/protocols_nhrp.xml.in create mode 100644 interface-definitions/protocols_ospf.xml.in create mode 100644 interface-definitions/protocols_ospfv3.xml.in create mode 100644 interface-definitions/protocols_pim.xml.in create mode 100644 interface-definitions/protocols_pim6.xml.in create mode 100644 interface-definitions/protocols_rip.xml.in create mode 100644 interface-definitions/protocols_ripng.xml.in create mode 100644 interface-definitions/protocols_rpki.xml.in create mode 100644 interface-definitions/protocols_segment-routing.xml.in create mode 100644 interface-definitions/protocols_static.xml.in create mode 100644 interface-definitions/protocols_static_arp.xml.in create mode 100644 interface-definitions/protocols_static_multicast.xml.in delete mode 100644 interface-definitions/salt-minion.xml.in delete mode 100644 interface-definitions/service-aws-glb.xml.in delete mode 100644 interface-definitions/service-config-sync.xml.in delete mode 100644 interface-definitions/service-conntrack-sync.xml.in delete mode 100644 interface-definitions/service-console-server.xml.in delete mode 100644 interface-definitions/service-event-handler.xml.in delete mode 100644 interface-definitions/service-ids-ddos-protection.xml.in delete mode 100644 interface-definitions/service-ipoe-server.xml.in delete mode 100644 interface-definitions/service-mdns-repeater.xml.in delete mode 100644 interface-definitions/service-monitoring-telegraf.xml.in delete mode 100644 interface-definitions/service-monitoring-zabbix-agent.xml.in delete mode 100644 interface-definitions/service-pppoe-server.xml.in delete mode 100644 interface-definitions/service-router-advert.xml.in delete mode 100644 interface-definitions/service-sla.xml.in delete mode 100644 interface-definitions/service-upnp.xml.in delete mode 100644 interface-definitions/service-webproxy.xml.in create mode 100644 interface-definitions/service_aws_glb.xml.in create mode 100644 interface-definitions/service_broadcast-relay.xml.in create mode 100644 interface-definitions/service_config-sync.xml.in create mode 100644 interface-definitions/service_conntrack-sync.xml.in create mode 100644 interface-definitions/service_console-server.xml.in create mode 100644 interface-definitions/service_dhcp-relay.xml.in create mode 100644 interface-definitions/service_dhcp-server.xml.in create mode 100644 interface-definitions/service_dhcpv6-relay.xml.in create mode 100644 interface-definitions/service_dhcpv6-server.xml.in create mode 100644 interface-definitions/service_dns_dynamic.xml.in create mode 100644 interface-definitions/service_dns_forwarding.xml.in create mode 100644 interface-definitions/service_event-handler.xml.in create mode 100644 interface-definitions/service_https.xml.in create mode 100644 interface-definitions/service_ids_ddos-protection.xml.in create mode 100644 interface-definitions/service_ipoe-server.xml.in create mode 100644 interface-definitions/service_lldp.xml.in create mode 100644 interface-definitions/service_mdns_repeater.xml.in create mode 100644 interface-definitions/service_monitoring_telegraf.xml.in create mode 100644 interface-definitions/service_monitoring_zabbix-agent.xml.in create mode 100644 interface-definitions/service_ntp.xml.in create mode 100644 interface-definitions/service_pppoe-server.xml.in create mode 100644 interface-definitions/service_router-advert.xml.in create mode 100644 interface-definitions/service_salt-minion.xml.in create mode 100644 interface-definitions/service_sla.xml.in create mode 100644 interface-definitions/service_snmp.xml.in create mode 100644 interface-definitions/service_ssh.xml.in create mode 100644 interface-definitions/service_tftp-server.xml.in create mode 100644 interface-definitions/service_upnp.xml.in create mode 100644 interface-definitions/service_webproxy.xml.in delete mode 100644 interface-definitions/snmp.xml.in delete mode 100644 interface-definitions/ssh.xml.in delete mode 100644 interface-definitions/system-acceleration-qat.xml.in delete mode 100644 interface-definitions/system-config-mgmt.xml.in delete mode 100644 interface-definitions/system-conntrack.xml.in delete mode 100644 interface-definitions/system-console.xml.in delete mode 100644 interface-definitions/system-frr.xml.in delete mode 100644 interface-definitions/system-ip.xml.in delete mode 100644 interface-definitions/system-ipv6.xml.in delete mode 100644 interface-definitions/system-lcd.xml.in delete mode 100644 interface-definitions/system-login-banner.xml.in delete mode 100644 interface-definitions/system-login.xml.in delete mode 100644 interface-definitions/system-logs.xml.in delete mode 100644 interface-definitions/system-option.xml.in delete mode 100644 interface-definitions/system-proxy.xml.in delete mode 100644 interface-definitions/system-sflow.xml.in delete mode 100644 interface-definitions/system-sysctl.xml.in delete mode 100644 interface-definitions/system-syslog.xml.in delete mode 100644 interface-definitions/system-time-zone.xml.in delete mode 100644 interface-definitions/system-update-check.xml.in create mode 100644 interface-definitions/system_acceleration.xml.in create mode 100644 interface-definitions/system_config-management.xml.in create mode 100644 interface-definitions/system_conntrack.xml.in create mode 100644 interface-definitions/system_console.xml.in create mode 100644 interface-definitions/system_domain-name.xml.in create mode 100644 interface-definitions/system_domain-search.xml.in create mode 100644 interface-definitions/system_flow-accounting.xml.in create mode 100644 interface-definitions/system_frr.xml.in create mode 100644 interface-definitions/system_host-name.xml.in create mode 100644 interface-definitions/system_ip.xml.in create mode 100644 interface-definitions/system_ipv6.xml.in create mode 100644 interface-definitions/system_lcd.xml.in create mode 100644 interface-definitions/system_login.xml.in create mode 100644 interface-definitions/system_login_banner.xml.in create mode 100644 interface-definitions/system_logs.xml.in create mode 100644 interface-definitions/system_name-server.xml.in create mode 100644 interface-definitions/system_option.xml.in create mode 100644 interface-definitions/system_proxy.xml.in create mode 100644 interface-definitions/system_sflow.xml.in create mode 100644 interface-definitions/system_static-host-mapping.xml.in create mode 100644 interface-definitions/system_sysctl.xml.in create mode 100644 interface-definitions/system_syslog.xml.in create mode 100644 interface-definitions/system_task-scheduler.xml.in create mode 100644 interface-definitions/system_time-zone.xml.in create mode 100644 interface-definitions/system_update-check.xml.in delete mode 100644 interface-definitions/tftp-server.xml.in delete mode 100644 interface-definitions/vpn-ipsec.xml.in delete mode 100644 interface-definitions/vpn-l2tp.xml.in delete mode 100644 interface-definitions/vpn-openconnect.xml.in delete mode 100644 interface-definitions/vpn-pptp.xml.in delete mode 100644 interface-definitions/vpn-sstp.xml.in create mode 100644 interface-definitions/vpn_ipsec.xml.in create mode 100644 interface-definitions/vpn_l2tp.xml.in create mode 100644 interface-definitions/vpn_openconnect.xml.in create mode 100644 interface-definitions/vpn_pptp.xml.in create mode 100644 interface-definitions/vpn_sstp.xml.in (limited to 'interface-definitions') diff --git a/interface-definitions/bcast-relay.xml.in b/interface-definitions/bcast-relay.xml.in deleted file mode 100644 index e2993f3f3..000000000 --- a/interface-definitions/bcast-relay.xml.in +++ /dev/null @@ -1,46 +0,0 @@ - - - - - - - UDP broadcast relay service - 990 - - - #include - - - Unique ID for each UDP port to forward - - u32:1-99 - Broadcast relay instance ID - - - - - - - #include - - - Set source IP of forwarded packets, otherwise original senders address is used - - ipv4 - Optional source address for forwarded packets - - - - - - - #include - #include - #include - - - - - - - diff --git a/interface-definitions/cron.xml.in b/interface-definitions/cron.xml.in deleted file mode 100644 index 58dcf64ac..000000000 --- a/interface-definitions/cron.xml.in +++ /dev/null @@ -1,72 +0,0 @@ - - - - - - - Task scheduler settings - - - - - Scheduled task - - txt - Task name - - 999 - - - - - UNIX crontab time specification string - - - - - Execution interval - - <minutes> - Execution interval in minutes - - - <minutes>m - Execution interval in minutes - - - <hours>h - Execution interval in hours - - - <days>d - Execution interval in days - - - [1-9]([0-9]*)([mhd]{0,1}) - - - - - - Executable path and arguments - - - - - Path to executable - - - - - Arguments passed to the executable - - - - - - - - - - - diff --git a/interface-definitions/dhcp-relay.xml.in b/interface-definitions/dhcp-relay.xml.in deleted file mode 100644 index 42715c9bb..000000000 --- a/interface-definitions/dhcp-relay.xml.in +++ /dev/null @@ -1,126 +0,0 @@ - - - - - - - - Host Configuration Protocol (DHCP) relay agent - 910 - - - #include - #include - - - Interface for DHCP Relay Agent to listen for requests - - - - - txt - Interface name - - - #include - - - - - - - Interface for DHCP Relay Agent forward requests out - - - - - txt - Interface name - - - #include - - - - - - - Relay options - - - - - Policy to discard packets that have reached specified hop-count - - u32:1-255 - Hop count - - - - - hop-count must be a value between 1 and 255 - - 10 - - - - Maximum packet size to send to a DHCPv4/BOOTP server - - u32:64-1400 - Maximum packet size - - - - - max-size must be a value between 64 and 1400 - - 576 - - - - Policy to handle incoming DHCPv4 packets which already contain relay agent options - - append replace forward discard - - - append - append own relay options to packet - - - replace - replace existing agent option field - - - forward - forward packet unchanged - - - discard - discard packet (default action if giaddr not set in packet) - - - (append|replace|forward|discard) - - - forward - - - - - - DHCP server address - - ipv4 - DHCP server IPv4 address - - - - - - - - - - - - diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in deleted file mode 100644 index 8aaeeb29d..000000000 --- a/interface-definitions/dhcp-server.xml.in +++ /dev/null @@ -1,456 +0,0 @@ - - - - - - - - Dynamic Host Configuration Protocol (DHCP) for DHCP server - 911 - - - #include - - - Dynamically update Domain Name System (RFC4702) - - - - - - DHCP failover configuration - - - #include - - - IPv4 remote address used for connectio - - ipv4 - IPv4 address of failover peer - - - - - - - - - Peer name used to identify connection - - [-_a-zA-Z0-9.]+ - - Invalid failover peer name. May only contain letters, numbers and .-_ - - - - - Failover hierarchy - - primary secondary - - - primary - Configure this server to be the primary node - - - secondary - Configure this server to be the secondary node - - - (primary|secondary) - - Invalid DHCP failover peer status - - - #include - #include - - - - - Updating /etc/hosts file (per client lease) - - - - #include - - - Name of DHCP shared network - - [-_a-zA-Z0-9.]+ - - Invalid shared network name. May only contain letters, numbers and .-_ - - - - - Option to make DHCP server authoritative for this physical network - - - - #include - #include - #include - #include - #include - #include - - - DHCP subnet for shared network - - ipv4net - IPv4 address and prefix length - - - - - Invalid IPv4 subnet definition - - - - - Bootstrap file name - - [[:ascii:]]{1,253} - - - - - - Server from which the initial boot file is to be loaded - - ipv4 - Bootfile server IPv4 address - - - hostname - Bootfile server FQDN - - - - - - - - - - Bootstrap file size - - u32:1-16 - Bootstrap file size in 512 byte blocks - - - - - - - #include - - - Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used. - - u32:0-32 - DHCP client prefix length must be 0 to 32 - - - - - DHCP client prefix length must be 0 to 32 - - - - - IP address of default router - - ipv4 - Default router IPv4 address - - - - - - - #include - #include - #include - #include - - - IP address to exclude from DHCP lease range - - ipv4 - IPv4 address to exclude from lease range - - - - - - - - - - Enable IP forwarding on client - - - - - - Lease timeout in seconds - - u32 - DHCP lease time in seconds - - - - - DHCP lease time must be between 0 and 4294967295 (49 days) - - 86400 - - #include - - - IP address of POP3 server - - ipv4 - POP3 server IPv4 address - - - - - - - - - - Address for DHCP server identifier - - ipv4 - DHCP server identifier IPv4 address - - - - - - - - - IP address of SMTP server - - ipv4 - SMTP server IPv4 address - - - - - - - - - - DHCP lease range - - [-_a-zA-Z0-9.]+ - - Invalid range name, may only be alphanumeric, dot and hyphen - - - - - First IP address for DHCP lease range - - ipv4 - IPv4 start address of pool - - - - - - - - - Last IP address for DHCP lease range - - ipv4 - IPv4 end address of pool - - - - - - - - - - - Hostname for static mapping reservation - - - - Invalid static mapping hostname - - - #include - - - Fixed IP address of static mapping - - ipv4 - IPv4 address used in static mapping - - - - - - - #include - #include - - - - - Classless static route destination subnet - - ipv4net - IPv4 address and prefix length - - - - - - - - - IP address of router to be used to reach the destination subnet - - ipv4 - IPv4 address of router - - - - - - - - - - - Disable IPv4 on IPv6 only hosts (RFC 8925) - - u32 - Seconds - - - - - Seconds must be between 0 and 4294967295 (49 days) - - - - - TFTP server name - - ipv4 - TFTP server IPv4 address - - - hostname - TFTP server FQDN - - - - - - - - - - Client subnet offset in seconds from Coordinated Universal Time (UTC) - - [-]N - Time offset (number, may be negative) - - - -?[0-9]+ - - Invalid time offset value - - - - - IP address of time server - - ipv4 - Time server IPv4 address - - - - - - - - - - Time zone to send to clients. Uses RFC4833 options 100 and 101 - - - - - - - - - - - Vendor Specific Options - - - - - Ubiquiti specific parameters - - - - - Address of UniFi controller - - ipv4 - IP address of UniFi controller - - - - - - - - - - - - - IP address for Windows Internet Name Service (WINS) server - - ipv4 - WINS server IPv4 address - - - - - - - - - - Web Proxy Autodiscovery (WPAD) URL - - - - - - - - - - - diff --git a/interface-definitions/dhcpv6-relay.xml.in b/interface-definitions/dhcpv6-relay.xml.in deleted file mode 100644 index a80317609..000000000 --- a/interface-definitions/dhcpv6-relay.xml.in +++ /dev/null @@ -1,82 +0,0 @@ - - - - - - - - DHCPv6 Relay Agent parameters - 900 - - - #include - - - Interface for DHCPv6 Relay Agent to listen for requests - - - - - - - - IPv6 address on listen-interface listen for requests on - - ipv6 - IPv6 address on listen interface - - - - - - - - - - - Maximum hop count for which requests will be processed - - u32:1-255 - Hop count - - - - - max-hop-count must be a value between 1 and 255 - - 10 - - - - Interface for DHCPv6 Relay Agent forward requests out - - - - - - - - IPv6 address to forward requests to - - ipv6 - IPv6 address of the DHCP server - - - - - - - - - - - - Option to set DHCPv6 interface-ID option - - - - - - - - diff --git a/interface-definitions/dhcpv6-server.xml.in b/interface-definitions/dhcpv6-server.xml.in deleted file mode 100644 index 10fdbf3f7..000000000 --- a/interface-definitions/dhcpv6-server.xml.in +++ /dev/null @@ -1,375 +0,0 @@ - - - - - - - DHCP for IPv6 (DHCPv6) server - 900 - - - #include - - - Additional global parameters for DHCPv6 server - - - #include - - - - - Preference of this DHCPv6 server compared with others - - u32:0-255 - DHCPv6 server preference (0-255) - - - - - Preference must be between 0 and 255 - - - - - DHCPv6 shared network name - - [-_a-zA-Z0-9.]+ - - Invalid DHCPv6 shared network name. May only contain letters, numbers and .-_ - - - #include - #include - - - Optional interface for this shared network to accept requests from - - - - - txt - Interface name - - - #include - - - - - - Common options to distribute to all clients, including stateless clients - - - - - Time (in seconds) that stateless clients should wait between refreshing the information they were given - - u32:1-4294967295 - DHCPv6 information refresh time - - - - - - - #include - #include - - - - - IPv6 DHCP subnet for this shared network - - ipv6net - IPv6 address and prefix length - - - - - - - - - Parameters setting ranges for assigning IPv6 addresses - - - - - IPv6 prefix defining range of addresses to assign - - ipv6net - IPv6 address and prefix length - - - - - - - - - - First in range of consecutive IPv6 addresses to assign - - ipv6 - IPv6 address - - - - - - - - - Last in range of consecutive IPv6 addresses - - ipv6 - IPv6 address - - - - - - - - - - - #include - #include - - - Parameters relating to the lease time - - - - - Default time (in seconds) that will be assigned to a lease - - u32:1-4294967295 - DHCPv6 valid lifetime - - - - - - - - - Maximum time (in seconds) that will be assigned to a lease - - u32:1-4294967295 - Maximum lease time in seconds - - - - - - - - - Minimum time (in seconds) that will be assigned to a lease - - u32:1-4294967295 - Minimum lease time in seconds - - - - - - - - - #include - - - NIS domain name for client to use - - [-_a-zA-Z0-9.]+ - - Invalid NIS domain name - - - - - IPv6 address of a NIS Server - - ipv6 - IPv6 address of NIS server - - - - - - - - - - NIS+ domain name for client to use - - [-_a-zA-Z0-9.]+ - - Invalid NIS+ domain name. May only contain letters, numbers and .-_ - - - - - IPv6 address of a NIS+ Server - - ipv6 - IPv6 address of NIS+ server - - - - - - - - - - Parameters relating to IPv6 prefix delegation - - - - - IPv6 prefix to be used in prefix delegation - - ipv6 - IPv6 prefix used in prefix delegation - - - - - - - - - Length in bits of prefix - - u32:32-64 - Prefix length (32-64) - - - - - Prefix length must be between 32 and 64 - - - - - Length in bits of prefixes to be delegated - - u32:32-64 - Delegated prefix length (32-64) - - - - - Delegated prefix length must be between 32 and 96 - - - - - - - - - IPv6 address of SIP server - - ipv6 - IPv6 address of SIP server - - - hostname - FQDN of SIP server - - - - - - - - - - - IPv6 address of an SNTP server for client to use - - - - - - - - - Hostname for static mapping reservation - - - - Invalid static mapping hostname - - - #include - #include - #include - - - Client IPv6 address for this static mapping - - ipv6 - IPv6 address for this static mapping - - - - - - - - - Client IPv6 prefix for this static mapping - - ipv6net - IPv6 prefix for this static mapping - - - - - - - - - - - Vendor Specific Options - - - - - Cisco specific parameters - - - - - TFTP server name - - ipv6 - TFTP server IPv6 address - - - - - - - - - - - - - - - - - - - - diff --git a/interface-definitions/dns-domain-name.xml.in b/interface-definitions/dns-domain-name.xml.in deleted file mode 100644 index b5b3692b1..000000000 --- a/interface-definitions/dns-domain-name.xml.in +++ /dev/null @@ -1,107 +0,0 @@ - - - - - - - System Domain Name Servers (DNS) - 400 - - - - - ipv4 - Domain Name Server IPv4 address - - - ipv6 - Domain Name Server IPv6 address - - - txt - Use Domain Name Server from DHCP interface - - - - - #include - - - - - - - System host name (default: vyos) - - #include - - - - - - System domain name - - - - - - - - Domain Name Server (DNS) domain completion order - 400 - - - - Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and period. - - - - - - Map host names to addresses - 400 - - - - - Host name for static address mapping - - #include - - Host-name must be alphanumeric and can contain hyphens - - - - - Alias for this address - - .{1,63} - - invalid alias hostname, needs to be between 1 and 63 charactes - - - - - - IP Address - - ipv4 - IPv4 address - - - ipv6 - IPv6 address - - - - - - - - - - - - - - diff --git a/interface-definitions/dns-dynamic.xml.in b/interface-definitions/dns-dynamic.xml.in deleted file mode 100644 index d296a6694..000000000 --- a/interface-definitions/dns-dynamic.xml.in +++ /dev/null @@ -1,213 +0,0 @@ - - - - - - - Domain Name System (DNS) related services - - - - - Dynamic DNS - 990 - - - - - Dynamic DNS configuration - - txt - Dynamic DNS service name - - - #include - - Dynamic DNS service name must be alphanumeric and can contain hyphens and underscores - - - #include - - - ddclient protocol used for Dynamic DNS service - - - - - - - - - - - Obtain IP address to send Dynamic DNS update for - - txt - Use interface to obtain the IP address - - - web - Use HTTP(S) web request to obtain the IP address - - - - web - - - #include - web - - - - - - Options when using HTTP(S) web request to obtain the IP address - - - #include - - - Pattern to skip from the HTTP(S) respose - - txt - Pattern to skip from the HTTP(S) respose to extract the external IP address - - - - - - - - IP address version to use - - _ipv4 - Use only IPv4 address - - - _ipv6 - Use only IPv6 address - - - both - Use both IPv4 and IPv6 address - - - ipv4 ipv6 both - - - (ipv[46]|both) - - IP Version must be literal 'ipv4', 'ipv6' or 'both' - - ipv4 - - - - Hostname to register with Dynamic DNS service - - #include - (\@|\*)[-.A-Za-z0-9]* - - Host-name must be alphanumeric, can contain hyphens and can be prefixed with '@' or '*' - - - - - - Remote Dynamic DNS server to send updates to - - ipv4 - IPv4 address of the remote server - - - ipv6 - IPv6 address of the remote server - - - hostname - Fully qualified domain name of the remote server - - - - - - Remote server must be IP address or fully qualified domain name - - - - - DNS zone to be updated - - txt - Name of DNS zone - - - - - - - #include - #include - - - File containing TSIG authentication key for RFC2136 nsupdate on remote DNS server - - filename - File in /config/auth directory - - - - - - - #include - - - Time in seconds to wait between update attempts - - u32:60-86400 - Time in seconds - - - - - Wait time must be between 60 and 86400 seconds - - - - - Time in seconds for the hostname to be marked expired in cache - - u32:300-2160000 - Time in seconds - - - - - Expiry time must be between 300 and 2160000 seconds - - - - - - - Interval in seconds to wait between Dynamic DNS updates - - u32:60-3600 - Time in seconds - - - - - Interval must be between 60 and 3600 seconds - - 300 - - #include - - - - - - - diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in deleted file mode 100644 index 5ca02acef..000000000 --- a/interface-definitions/dns-forwarding.xml.in +++ /dev/null @@ -1,703 +0,0 @@ - - - - - - - - Domain Name System (DNS) related services - - - - - DNS forwarding - 918 - - - - - DNS forwarding cache size - - u32:0-2147483647 - DNS forwarding cache size - - - - - - 10000 - - - - Interfaces whose DHCP client nameservers to forward requests to - - - - - - - - - Help to communicate between IPv6-only client and IPv4-only server - - ipv6net - IPv6 address and /96 only prefix length - - - - - - - - - DNSSEC mode - - off process-no-validate process log-fail validate - - - off - No DNSSEC processing whatsoever! - - - process-no-validate - Respond with DNSSEC records to clients that ask for it. No validation done at all! - - - process - Respond with DNSSEC records to clients that ask for it. Validation for clients that request it. - - - log-fail - Similar behaviour to process, but validate RRSIGs on responses and log bogus responses. - - - validate - Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses. - - - (off|process-no-validate|process|log-fail|validate) - - - process-no-validate - - - - Domain to forward to a custom DNS server - - txt - An absolute DNS domain name - - - - - - - #include - - - Add NTA (negative trust anchor) for this domain (must be set if the domain does not support DNSSEC) - - - - - - Set the "recursion desired" bit in requests to the upstream nameserver - - - - - - - - Domain to host authoritative records for - - txt - An absolute DNS domain name - - - - - - - - - DNS zone records - - - - - A record - - txt - A DNS name relative to the root record - - - @ - Root record - - - any - Wildcard record (any subdomain) - - - ([-_a-zA-Z0-9.]{1,63}|@|any)(?<!\.) - - - - - - IPv4 address - - ipv4 - IPv4 address - - - - - - - - #include - - 300 - - #include - - - - - AAAA record - - txt - A DNS name relative to the root record - - - @ - Root record - - - any - Wildcard record (any subdomain) - - - ([-_a-zA-Z0-9.]{1,63}|@|any)(?<!\.) - - - - - - IPv6 address - - ipv6 - IPv6 address - - - - - - - - #include - - 300 - - #include - - - - - CNAME record - - txt - A DNS name relative to the root record - - - @ - Root record - - - ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) - - - - - - Target DNS name - - name.example.com - Absolute DNS name - - - [-_a-zA-Z0-9.]{1,63}(?<!\.) - - - - #include - - 300 - - #include - - - - - MX record - - txt - A DNS name relative to the root record - - - @ - Root record - - - ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) - - - - - - Mail server - - name.example.com - Absolute DNS name - - - [-_a-zA-Z0-9.]{1,63}(?<!\.) - - - - - - Server priority - - u32:1-999 - Server priority (lower numbers are higher priority) - - - - - - 10 - - - - #include - - 300 - - #include - - - - - NS record - - txt - A DNS name relative to the root record - - - ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) - - - - - - Target DNS server authoritative for subdomain - - nsXX.example.com - Absolute DNS name - - - [-_a-zA-Z0-9.]{1,63}(?<!\.) - - - - #include - - 300 - - #include - - - - - PTR record - - txt - A DNS name relative to the root record - - - @ - Root record - - - ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) - - - - - - Target DNS name - - name.example.com - Absolute DNS name - - - [-_a-zA-Z0-9.]{1,63}(?<!\.) - - - - #include - - 300 - - #include - - - - - TXT record - - txt - A DNS name relative to the root record - - - @ - Root record - - - ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) - - - - - - Record contents - - txt - Record contents - - - - - #include - - 300 - - #include - - - - - SPF record - - txt - A DNS name relative to the root record - - - @ - Root record - - - ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) - - - - - - Record contents - - txt - Record contents - - - - #include - - 300 - - #include - - - - - SRV record - - txt - A DNS name relative to the root record - - - @ - Root record - - - ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) - - - - - - Service entry - - u32:0-65535 - Entry number - - - - - - - - - Server hostname - - name.example.com - Absolute DNS name - - - [-_a-zA-Z0-9.]{1,63}(?<!\.) - - - - - - Port number - - u32:0-65535 - TCP/UDP port number - - - - - - - - - Entry priority - - u32:0-65535 - Entry priority (lower numbers are higher priority) - - - - - - 10 - - - - Entry weight - - u32:0-65535 - Entry weight - - - - - - 0 - - - - #include - - 300 - - #include - - - - - NAPTR record - - txt - A DNS name relative to the root record - - - @ - Root record - - - ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) - - - - - - NAPTR rule - - u32:0-65535 - Rule number - - - - - - - - - Rule order - - u32:0-65535 - Rule order (lower order is evaluated first) - - - - - - - - - Rule preference - - u32:0-65535 - Rule preference - - - - - - 0 - - - - S flag - - - - - - A flag - - - - - - U flag - - - - - - P flag - - - - - - Service type - - [a-zA-Z][a-zA-Z0-9]{0,31}(\+[a-zA-Z][a-zA-Z0-9]{0,31})? - - - - - - Regular expression - - - - - Replacement DNS name - - name.example.com - Absolute DNS name - - - [-_a-zA-Z0-9.]{1,63}(?<!\.) - - - - - - #include - - 300 - - #include - - - - - #include - - - - - Do not use local /etc/hosts file in name resolution - - - - - - Makes the server authoritatively not aware of RFC1918 addresses - - - - - - Networks allowed to query this server - - ipv4net - IP address and prefix length - - - ipv6net - IPv6 address and prefix length - - - - - - - - #include - #include - - 53 - - - - Maximum amount of time negative entries are cached - - u32:0-7200 - Seconds to cache NXDOMAIN entries - - - - - - 3600 - - - - Number of milliseconds to wait for a remote authoritative server to respond - - u32:10-60000 - Network timeout in milliseconds - - - - - - 1500 - - #include - #include - - 0.0.0.0 :: - - - - Use system name servers - - - - - - - - - - diff --git a/interface-definitions/flow-accounting-conf.xml.in b/interface-definitions/flow-accounting-conf.xml.in deleted file mode 100644 index 40a9bb423..000000000 --- a/interface-definitions/flow-accounting-conf.xml.in +++ /dev/null @@ -1,437 +0,0 @@ - - - - - - - - Flow accounting settings - 990 - - - - - Buffer size - - u32 - Buffer size in MiB - - - - - - 10 - - - - Specifies the maximum number of bytes to capture for each packet - - u32:128-750 - Packet length in bytes - - - - - - 128 - - - - Enable egress flow accounting - - - - - - Disable in memory table plugin - - - - - - Syslog facility for flow-accounting - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - Routing protocols (local7) - - - security - Authentication and authorization - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - all - Authentication and authorization - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - - - #include - - - NetFlow settings - - - - - NetFlow engine-id - - 0-255 or 0-255:0-255 - NetFlow engine-id for v5 - - - u32 - NetFlow engine-id for v9 / IPFIX - - - (\d|[1-9]\d{1,8}|[1-3]\d{9}|4[01]\d{8}|42[0-8]\d{7}|429[0-3]\d{6}|4294[0-8]\d{5}|42949[0-5]\d{4}|429496[0-6]\d{3}|4294967[01]\d{2}|42949672[0-8]\d|429496729[0-5])$|^(\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]):(\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]) - - - - - - NetFlow maximum flows - - u32 - NetFlow maximum flows - - - - - - - - - NetFlow sampling-rate - - u32 - Sampling rate (1 in N packets) - - - - - - - #include - - - NetFlow version to export - - 5 9 10 - - - 5 - NetFlow version 5 - - - 9 - NetFlow version 9 - - - 10 - Internet Protocol Flow Information Export (IPFIX) - - - 9 - - - - NetFlow destination server - - ipv4 - IPv4 server to export NetFlow - - - ipv6 - IPv6 server to export NetFlow - - - - - - - - - NetFlow port number - - u32:1025-65535 - NetFlow port number - - - - - - 2055 - - - - - - NetFlow timeout values - - - - - Expiry scan interval - - u32:0-2147483647 - Expiry scan interval - - - - - - 60 - - - - Generic flow timeout value - - u32:0-2147483647 - Generic flow timeout in seconds - - - - - - 3600 - - - - ICMP timeout value - - u32:0-2147483647 - ICMP timeout in seconds - - - - - - 300 - - - - Max active timeout value - - u32:0-2147483647 - Max active timeout in seconds - - - - - - 604800 - - - - TCP finish timeout value - - u32:0-2147483647 - TCP FIN timeout in seconds - - - - - - 300 - - - - TCP generic timeout value - - u32:0-2147483647 - TCP generic timeout in seconds - - - - - - 3600 - - - - TCP reset timeout value - - u32:0-2147483647 - TCP RST timeout in seconds - - - - - - 120 - - - - UDP timeout value - - u32:0-2147483647 - UDP timeout in seconds - - - - - - 300 - - - - - - - - sFlow settings - - - - - sFlow agent IPv4 address - - auto - - - - ipv4 - sFlow IPv4 agent address - - - - - - - - - sFlow sampling-rate - - u32 - Sampling rate (1 in N packets) - - - - - - - - - sFlow destination server - - ipv4 - IPv4 server to export sFlow - - - ipv6 - IPv6 server to export sFlow - - - - - - - - - sFlow port number - - u32:1025-65535 - sFlow port number - - - - - - 6343 - - - - #include - - - #include - - - - - diff --git a/interface-definitions/https.xml.in b/interface-definitions/https.xml.in deleted file mode 100644 index ca5a5f088..000000000 --- a/interface-definitions/https.xml.in +++ /dev/null @@ -1,220 +0,0 @@ - - - - - - - HTTPS configuration - 1001 - - - - - Identifier for virtual host - - [a-zA-Z0-9-_.:]{1,255} - - illegal characters in identifier or identifier longer than 255 characters - - - - - Address to listen for HTTPS requests - - - - - ipv4 - HTTPS IPv4 address - - - ipv6 - HTTPS IPv6 address - - - '*' - any - - - - \* - - - - #include - - 443 - - - - Server names: exact, wildcard, or regex - - - - #include - - - - - VyOS HTTP API configuration - - - - - HTTP API keys - - - - - HTTP API id - - - - - HTTP API plaintext key - - - - - - - - - Enforce strict path checking - - - - - - Debug - - - - - - - GraphQL support - - - - - Schema introspection - - - - - - GraphQL authentication - - - - - Authentication type - - key token - - - key - Use API keys - - - token - Use JWT token - - - (key|token) - - - key - - - - Token time to expire in seconds - - u32:60-31536000 - Token lifetime in seconds - - - - - - 3600 - - - - Length of shared secret in bytes - - u32:16-65535 - Byte length of generated shared secret - - - - - - 32 - - - - - - - - Set CORS options - - - - - Allow resource request from origin - - - - - - - - - - Restrict api proxy to subset of virtual hosts - - - - - Restrict proxy to virtual host(s) - - - - - - - - TLS certificates - - - #include - #include - - - Request or apply a letsencrypt certificate for domain-name - - - - - Domain name(s) for which to obtain certificate - - - - - - Email address to associate with certificate - - - - - - - #include - - - - - diff --git a/interface-definitions/igmp-proxy.xml.in b/interface-definitions/igmp-proxy.xml.in deleted file mode 100644 index 0eea85060..000000000 --- a/interface-definitions/igmp-proxy.xml.in +++ /dev/null @@ -1,97 +0,0 @@ - - - - - - - - Internet Group Management Protocol (IGMP) proxy parameters - 740 - - - #include - - - Option to disable "quickleave" - - - - - - Interface for IGMP proxy - - - - - - - - Unicast source networks allowed for multicast traffic to be proxyed - - ipv4net - IPv4 network - - - - - - - - - - IGMP interface role - - upstream downstream disabled - - - upstream - Upstream interface (only 1 allowed) - - - downstream - Downstream interface(s) - - - disabled - Disabled interface - - - (upstream|downstream|disabled) - - - downstream - - - - TTL threshold - - u32:1-255 - TTL threshold for the interfaces - - - - - Threshold must be between 1 and 255 - - 1 - - - - Group to whitelist - - ipv4net - IPv4 network - - - - - - - - - - - - - - diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in deleted file mode 100644 index 86c4776b6..000000000 --- a/interface-definitions/interfaces-bonding.xml.in +++ /dev/null @@ -1,286 +0,0 @@ - - - - - - - Bonding Interface/Link Aggregation - 320 - - bond[0-9]+ - - Bonding interface must be named bondN - - bondN - Bonding interface name - - - - #include - - - ARP link monitoring parameters - - - - - ARP link monitoring interval - - u32 - Specifies the ARP link monitoring frequency in milliseconds - - - - - - - - - IP address used for ARP monitoring - - ipv4 - Specify IPv4 address of ARP requests when interval is enabled - - - - - - - - - - #include - #include - #include - #include - #include - #include - #include - - - EVPN Multihoming - - - - - Preference value used for designated forwarder (DF) election - - u32:1-65535 - DF Preference value - - - - - - - - - Ethernet segment identifier - - u32:1-16777215 - Local discriminator - - - txt - 10-byte ID - 00:11:22:33:44:55:AA:BB:CC:DD - - - - ([0-9A-Fa-f][0-9A-Fa-f]:){9}[0-9A-Fa-f][0-9A-Fa-f] - - - - - - Ethernet segment system MAC - - macaddr - MAC address - - - - - - - - - Uplink to the VXLAN core - - - - - - - - Bonding transmit hash policy - - layer2 layer2+3 layer3+4 encap2+3 encap3+4 - - - layer2 - use MAC addresses to generate the hash - - - layer2+3 - combine MAC address and IP address to make hash - - - layer3+4 - combine IP address and port to make hash - - - encap2+3 - combine encapsulated MAC address and IP address to make hash - - - encap3+4 - combine encapsulated IP address and port to make hash - - - (layer2\+3|layer3\+4|layer2|encap2\+3|encap3\+4) - - hash-policy must be layer2 layer2+3 layer3+4 encap2+3 or encap3+4 - - layer2 - - #include - #include - #include - - - Specifies the MII link monitoring frequency in milliseconds - - u32:0 - Disable MII link monitoring - - - u32:50-1000 - MII link monitoring frequency in milliseconds - - - - - - 100 - - - - Minimum number of member interfaces required up before enabling bond - - u32:0-16 - Minimum number of member interfaces required up before enabling bond - - - - - - 0 - - - - Rate in which we will ask our link partner to transmit LACPDU packets - - slow fast - - - slow - Request partner to transmit LACPDUs every 30 seconds - - - fast - Request partner to transmit LACPDUs every 1 second - - - (slow|fast) - - - slow - - - - Bonding mode - - 802.3ad active-backup broadcast round-robin transmit-load-balance adaptive-load-balance xor-hash - - - 802.3ad - IEEE 802.3ad Dynamic link aggregation - - - active-backup - Fault tolerant: only one slave in the bond is active - - - broadcast - Fault tolerant: transmits everything on all slave interfaces - - - round-robin - Load balance: transmit packets in sequential order - - - transmit-load-balance - Load balance: adapts based on transmit load and speed - - - adaptive-load-balance - Load balance: adapts based on transmit and receive plus ARP - - - xor-hash - Distribute based on MAC address - - - (802.3ad|active-backup|broadcast|round-robin|transmit-load-balance|adaptive-load-balance|xor-hash) - - mode must be 802.3ad, active-backup, broadcast, round-robin, transmit-load-balance, adaptive-load-balance, or xor - - 802.3ad - - - - Bridge member interfaces - - - - - Member interface name - - - - - txt - Interface name - - - #include - - - - - - - #include - - - Primary device interface - - - - - txt - Interface name - - - #include - - - - #include - #include - #include - - - - - diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in deleted file mode 100644 index db3762065..000000000 --- a/interface-definitions/interfaces-bridge.xml.in +++ /dev/null @@ -1,226 +0,0 @@ - - - - - - - Bridge Interface - 310 - - br[0-9]+ - - Bridge interface must be named brN - - brN - Bridge interface name - - - - #include - - - MAC address aging interval - - u32:0 - Disable MAC address learning (always flood) - - - u32:10-1000000 - MAC address aging time in seconds - - - - - - 300 - - #include - #include - #include - #include - #include - #include - #include - - - Forwarding delay - - u32:0-200 - Spanning Tree Protocol forwarding delay in seconds - - - - - Forwarding delay must be between 0 and 200 seconds - - 14 - - - - Hello packet advertisement interval - - u32:1-10 - Spanning Tree Protocol hello advertisement interval in seconds - - - - - Bridge Hello interval must be between 1 and 10 seconds - - 2 - - - - Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) settings - - - - - Enable IGMP/MLD querier - - - - - - Enable IGMP/MLD snooping - - - - - - #include - #include - #include - #include - - - Enable VLAN aware bridge - - - - - - Interval at which neighbor bridges are removed - - u32:1-40 - Bridge maximum aging time in seconds - - - - - Bridge max aging value must be between 1 and 40 seconds - - 20 - - - - Bridge member interfaces - - - - - Member interface name - - - - - #include - - - - - - Specify VLAN id which should natively be present on the link - - u32:1-4094 - Virtual Local Area Network (VLAN) ID - - - - - VLAN ID must be between 1 and 4094 - - - - - Specify VLAN id which is allowed in this trunk interface - - <id> - VLAN id allowed to pass this interface - - - <idN>-<idM> - VLAN id range allowed on this interface (use '-' as delimiter) - - - - - not a valid VLAN ID value or range - - - - - - Bridge port cost - - u32:1-65535 - Path cost value for Spanning Tree Protocol - - - - - Path cost value must be between 1 and 65535 - - 100 - - - - Bridge port priority - - u32:0-63 - Bridge port priority - - - - - Port priority value must be between 0 and 63 - - 32 - - - - Port is isolated (also known as Private-VLAN) - - - - - - - - - - Priority for this bridge - - u32:0-65535 - Bridge priority - - - - - Bridge priority must be between 0 and 65535 (multiples of 4096) - - 32768 - - - - Enable spanning tree protocol - - - - #include - #include - - - - - diff --git a/interface-definitions/interfaces-dummy.xml.in b/interface-definitions/interfaces-dummy.xml.in deleted file mode 100644 index 00784fcdf..000000000 --- a/interface-definitions/interfaces-dummy.xml.in +++ /dev/null @@ -1,57 +0,0 @@ - - - - - - - Dummy Interface - 300 - - dum[0-9]+ - - Dummy interface must be named dumN - - dumN - Dummy interface name - - - - #include - #include - #include - - - IPv4 routing parameters - - - #include - #include - - - - - IPv6 routing parameters - - - #include - - - IPv6 address configuration modes - - - #include - #include - - - - - #include - #include - #include - #include - #include - - - - - diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in deleted file mode 100644 index 5aaa7095c..000000000 --- a/interface-definitions/interfaces-ethernet.xml.in +++ /dev/null @@ -1,217 +0,0 @@ - - - - - Network interfaces - - - - - Ethernet Interface - 318 - - ethN - Ethernet interface name - - - ((eth|lan)[0-9]+|(eno|ens|enp|enx).+) - - Invalid Ethernet interface name - - - #include - #include - #include - #include - - - Disable Ethernet flow control (pause frames) - - - - #include - #include - - - Duplex mode - - auto half full - - - auto - Auto negotiation - - - half - Half duplex - - - full - Full duplex - - - (auto|half|full) - - duplex must be auto, half or full - - auto - - #include - #include - #include - #include - #include - #include - #include - - - Configurable offload options - - - - - Enable Generic Receive Offload - - - - - - Enable Generic Segmentation Offload - - - - - - Enable Hardware Flow Offload - - - - - - Enable Large Receive Offload - - - - - - Enable Receive Packet Steering - - - - - - Enable Receive Flow Steering - - - - - - Enable Scatter-Gather - - - - - - Enable TCP Segmentation Offloading - - - - - - - - Link speed - - auto 10 100 1000 2500 5000 10000 25000 40000 50000 100000 - - - auto - Auto negotiation - - - 10 - 10 Mbit/sec - - - 100 - 100 Mbit/sec - - - 1000 - 1 Gbit/sec - - - 2500 - 2.5 Gbit/sec - - - 5000 - 5 Gbit/sec - - - 10000 - 10 Gbit/sec - - - 25000 - 25 Gbit/sec - - - 40000 - 40 Gbit/sec - - - 50000 - 50 Gbit/sec - - - 100000 - 100 Gbit/sec - - - (auto|10|100|1000|2500|5000|10000|25000|40000|50000|100000) - - Speed must be auto, 10, 100, 1000, 2500, 5000, 10000, 25000, 40000, 50000 or 100000 - - auto - - - - Shared buffer between the device driver and NIC - - - - - RX ring buffer - - u32:80-16384 - ring buffer size - - - - - - - - - TX ring buffer - - u32:80-16384 - ring buffer size - - - - - - - - - #include - #include - #include - #include - - - - - diff --git a/interface-definitions/interfaces-geneve.xml.in b/interface-definitions/interfaces-geneve.xml.in deleted file mode 100644 index 29b563a09..000000000 --- a/interface-definitions/interfaces-geneve.xml.in +++ /dev/null @@ -1,60 +0,0 @@ - - - - - - - Generic Network Virtualization Encapsulation (GENEVE) Interface - 460 - - gnv[0-9]+ - - GENEVE interface must be named gnvN - - gnvN - GENEVE interface name - - - - #include - #include - #include - #include - #include - #include - #include - - - GENEVE tunnel parameters - - - - - IPv4 specific tunnel parameters - - - #include - #include - #include - #include - - - - - IPv6 specific tunnel parameters - - - #include - - - - - #include - #include - #include - #include - - - - - diff --git a/interface-definitions/interfaces-input.xml.in b/interface-definitions/interfaces-input.xml.in deleted file mode 100644 index d90cf936f..000000000 --- a/interface-definitions/interfaces-input.xml.in +++ /dev/null @@ -1,27 +0,0 @@ - - - - - - - Input Functional Block (IFB) interface name - - 310 - - ifb[0-9]+ - - Input interface must be named ifbN - - ifbN - Input interface name - - - - #include - #include - #include - - - - - diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces-l2tpv3.xml.in deleted file mode 100644 index 1f0dd3d19..000000000 --- a/interface-definitions/interfaces-l2tpv3.xml.in +++ /dev/null @@ -1,131 +0,0 @@ - - - - - - - Layer 2 Tunnel Protocol Version 3 (L2TPv3) Interface - 485 - - l2tpeth[0-9]+ - - L2TPv3 interface must be named l2tpethN - - l2tpethN - L2TPv3 interface name - - - - #include - #include - - - UDP destination port for L2TPv3 tunnel - - u32:1-65535 - Numeric IP port - - - - - - 5000 - - #include - - - Encapsulation type - - udp ip - - - udp - UDP encapsulation - - - ip - IP encapsulation - - - (udp|ip) - - Encapsulation must be UDP or IP - - udp - - #include - #include - #include - #include - #include - - 1488 - - - - Peer session identifier - - u32:1-429496729 - L2TPv3 peer session identifier - - - - - - - - - Peer tunnel identifier - - u32:1-429496729 - L2TPv3 peer tunnel identifier - - - - - - - #include - - - Session identifier - - u32:1-429496729 - L2TPv3 session identifier - - - - - - - - - UDP source port for L2TPv3 tunnel - - u32:1-65535 - Numeric IP port - - - - - - 5000 - - - - Local tunnel identifier - - u32:1-429496729 - L2TPv3 local tunnel identifier - - - - - - - #include - - - - - diff --git a/interface-definitions/interfaces-loopback.xml.in b/interface-definitions/interfaces-loopback.xml.in deleted file mode 100644 index fe0944467..000000000 --- a/interface-definitions/interfaces-loopback.xml.in +++ /dev/null @@ -1,35 +0,0 @@ - - - - - - - Loopback Interface - 300 - - lo - - Loopback interface must be named lo - - lo - Loopback interface - - - - #include - #include - - - IPv4 routing parameters - - - #include - - - #include - #include - - - - - diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in deleted file mode 100644 index 766b0bede..000000000 --- a/interface-definitions/interfaces-macsec.xml.in +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - MACsec Interface (802.1ae) - 461 - - macsec[0-9]+ - - MACsec interface must be named macsecN - - macsecN - MACsec interface name - - - - #include - #include - #include - #include - #include - #include - - - Security/Encryption Settings - - - - - Cipher suite used - - gcm-aes-128 gcm-aes-256 - - - gcm-aes-128 - Galois/Counter Mode of AES cipher with 128-bit key - - - gcm-aes-256 - Galois/Counter Mode of AES cipher with 256-bit key - - - (gcm-aes-128|gcm-aes-256) - - - - - - Enable optional MACsec encryption - - - - - - Use static keys for MACsec [static Secure Authentication Key (SAK) mode] - - - #include - - - MACsec peer name - - [^ ]{1,100} - - MACsec peer name exceeds limit of 100 characters - - - #include - #include - #include - - - - - - - MACsec Key Agreement protocol (MKA) - - - - - Secure Connectivity Association Key - - txt - 16-byte (128-bit) hex-string (32 hex-digits) for gcm-aes-128 or 32-byte (256-bit) hex-string (64 hex-digits) for gcm-aes-256 - - - [A-Fa-f0-9]{32} - [A-Fa-f0-9]{64} - - - - - - Secure Connectivity Association Key Name - - txt - 1..32-bytes (8..256 bit) hex-string (2..64 hex-digits) - - - [A-Fa-f0-9]{2,64} - - - - - - Priority of MACsec Key Agreement protocol (MKA) actor - - u32:0-255 - MACsec Key Agreement protocol (MKA) priority - - - - - - 255 - - - - - - IEEE 802.1X/MACsec replay protection window - - u32:0 - No replay window, strict check - - - u32:1-4294967295 - Number of packets that could be misordered - - - - - - - - - #include - #include - #include - - 1460 - - #include - #include - #include - - - - - diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in deleted file mode 100644 index b8b04334c..000000000 --- a/interface-definitions/interfaces-openvpn.xml.in +++ /dev/null @@ -1,809 +0,0 @@ - - - - - - - OpenVPN Tunnel Interface - 460 - - vtun[0-9]+ - - OpenVPN tunnel interface must be named vtunN - - vtunN - OpenVPN interface name - - - - #include - #include - - - OpenVPN interface device-type - - tun tap - - - tun - TUN device, required for OSI layer 3 - - - tap - TAP device, required for OSI layer 2 - - - (tun|tap) - - - tun - - #include - - - Data Encryption settings - - - - - Standard Data Encryption Algorithm - - none 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm - - - none - Disable encryption - - - 3des - DES algorithm with triple encryption - - - aes128 - AES algorithm with 128-bit key CBC - - - aes128gcm - AES algorithm with 128-bit key GCM - - - aes192 - AES algorithm with 192-bit key CBC - - - aes192gcm - AES algorithm with 192-bit key GCM - - - aes256 - AES algorithm with 256-bit key CBC - - - aes256gcm - AES algorithm with 256-bit key GCM - - - (none|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm) - - - - - - Cipher negotiation list for use in server or client mode - - none 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm - - - none - Disable encryption - - - 3des - DES algorithm with triple encryption - - - aes128 - AES algorithm with 128-bit key CBC - - - aes128gcm - AES algorithm with 128-bit key GCM - - - aes192 - AES algorithm with 192-bit key CBC - - - aes192gcm - AES algorithm with 192-bit key GCM - - - aes256 - AES algorithm with 256-bit key CBC - - - aes256gcm - AES algorithm with 256-bit key GCM - - - (none|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm) - - - - - - - #include - #include - #include - - - Hashing Algorithm - - md5 sha1 sha256 sha384 sha512 - - - md5 - MD5 algorithm - - - sha1 - SHA-1 algorithm - - - sha256 - SHA-256 algorithm - - - sha384 - SHA-384 algorithm - - - sha512 - SHA-512 algorithm - - - (md5|sha1|sha256|sha384|sha512) - - - - - - Keepalive helper options - - - - - Maximum number of keepalive packet failures - - u32:0-1000 - Maximum number of keepalive packet failures - - - - - - 60 - - - - Keepalive packet interval in seconds - - u32:0-600 - Keepalive packet interval (seconds) - - - - - - 10 - - - - - - Local IP address of tunnel (IPv4 or IPv6) - - - - - - - - Subnet-mask for local IP address of tunnel (IPv4 only) - - - - - - - - - - Local IP address to accept connections (all if not set) - - ipv4 - Local IPv4 address - - - ipv6 - Local IPv6 address - - - - - - - - - Local port number to accept connections - - u32:1-65535 - Numeric IP port - - - - - - - - - OpenVPN mode of operation - - site-to-site client server - - - site-to-site - Site-to-site mode - - - client - Client in client-server mode - - - server - Server in client-server mode - - - (site-to-site|client|server) - - - - - - Configurable offload options - - - - - Enable data channel offload on this interface - - - - - - - - Additional OpenVPN options. You must use the syntax of openvpn.conf in this text-field. Using this without proper knowledge may result in a crashed OpenVPN server. Check system log to look for errors. - - - - - - Do not close and reopen interface (TUN/TAP device) on client restarts - - - - - - OpenVPN communication protocol - - udp tcp-passive tcp-active - - - udp - UDP - - - tcp-passive - TCP and accepts connections passively - - - tcp-active - TCP and initiates connections actively - - - (udp|tcp-passive|tcp-active) - - - udp - - - - IP address of remote end of tunnel - - ipv4 - Remote end IPv4 address - - - ipv6 - Remote end IPv6 address - - - - - - - - - - Remote host to connect to (dynamic if not set) - - ipv4 - IPv4 address of remote host - - - ipv6 - IPv6 address of remote host - - - txt - Hostname of remote host - - - - - - - Remote port number to connect to - - u32:1-65535 - Numeric IP port - - - - - - - - - OpenVPN tunnel to be used as the default route - - - - - Tunnel endpoints are on the same subnet - - - - - - - Server-mode options - - - - - Client-specific settings - - name - Client common-name in the certificate - - - - #include - - - IP address of the client - - ipv4 - Client IPv4 address - - - ipv6 - Client IPv6 address - - - - - - - - - - Route to be pushed to the client - - ipv4net - IPv4 network and prefix length - - - ipv6net - IPv6 network and prefix length - - - - - - - - - - Subnet belonging to the client (iroute) - - ipv4net - IPv4 network and prefix length belonging to the client - - - ipv6net - IPv6 network and prefix length belonging to the client - - - - - - - - - - - - Pool of client IPv4 addresses - - - #include - - - First IP address in the pool - - - - - ipv4 - IPv4 address - - - - - - Last IP address in the pool - - - - - ipv4 - IPv4 address - - - - - - Subnet mask pushed to dynamic clients. If not set the server subnet mask will be used. Only used with topology subnet or device type tap. Not used with bridged interfaces. - - - - - ipv4 - IPv4 subnet mask - - - - - - - - Pool of client IPv6 addresses - - - - - Client IPv6 pool base address with optional prefix length - - ipv6net - Client IPv6 pool base address with optional prefix length (defaults: base = server subnet + 0x1000, prefix length = server prefix length) - - - - - - - #include - - - - - DNS suffix to be pushed to all clients - - txt - Domain Name Server suffix - - - - - - Number of maximum client connections - - u32:1-4096 - Number of concurrent clients - - - - - - - #include - - - Route to be pushed to all clients - - ipv4net - IPv4 network and prefix length - - - ipv6net - IPv6 network and prefix length - - - - - - - - - Set metric for this route - - u32:0-4294967295 - Metric for this route - - - - - - 0 - - - - - - Reject connections from clients that are not explicitly configured - - - - - - Server-mode subnet (from which client IPs are allocated) - - ipv4net - IPv4 network and prefix length - - - ipv6net - IPv6 network and prefix length - - - - - - - - - - Topology for clients - - net30 point-to-point subnet - - - net30 - net30 topology - - - point-to-point - Point-to-point topology - - - subnet - Subnet topology - - - (subnet|point-to-point|net30) - - - net30 - - - - multi-factor authentication - - - - - Time-based one-time passwords - - - - - Maximum allowed clock slop in seconds - - 1-65535 - Seconds - - - - - - 180 - - - - Time drift in seconds - - 1-65535 - Seconds - - - - - - 0 - - - - Step value for totp in seconds - - 1-65535 - Seconds - - - - - - 30 - - - - Number of digits to use for totp hash - - 1-65535 - Seconds - - - - - - 6 - - - - Expect password as result of a challenge response protocol - - disable enable - - - disable - Disable challenge-response - - - enable - Enable chalenge-response - - - (disable|enable) - - - enable - - - - - - - - - - Secret key shared with remote end of tunnel - - pki openvpn shared-secret - - - - - - Transport Layer Security (TLS) options - - - - - TLS shared secret key for tls-auth - - pki openvpn shared-secret - - - - #include - #include - - - Diffie Hellman parameters (server only) - - pki dh - - - - - - Static key to use to authenticate control channel - - pki openvpn shared-secret - - - - - - - Peer certificate SHA256 fingerprint - - [0-9a-fA-F]{2}:([0-9a-fA-F]{2}:){30}[0-9a-fA-F]{2} - - Peer certificate fingerprint must be a colon-separated SHA256 hex digest - - - - - Specify the minimum required TLS version - - 1.0 1.1 1.2 1.3 - - - 1.0 - TLS v1.0 - - - 1.1 - TLS v1.1 - - - 1.2 - TLS v1.2 - - - 1.3 - TLS v1.3 - - - (1.0|1.1|1.2|1.3) - - - - - - TLS negotiation role - - active passive - - - active - Initiate TLS negotiation actively - - - passive - Wait for incoming TLS connection - - - (active|passive) - - - - - - - - Use fast LZO compression on this TUN/TAP interface - - - - #include - #include - - - - - diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces-pppoe.xml.in deleted file mode 100644 index 4542b8b01..000000000 --- a/interface-definitions/interfaces-pppoe.xml.in +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - Point-to-Point Protocol over Ethernet (PPPoE) Interface - 322 - - pppoe[0-9]+ - - PPPoE interface must be named pppoeN - - pppoeN - PPPoE dialer interface name - - - - #include - #include - #include - #include - #include - #include - #include - #include - - - Delay before disconnecting idle session (in seconds) - - u32:0-86400 - Idle timeout in seconds - - - - - Timeout must be in range 0 to 86400 - - - - - PPPoE RFC2516 host-uniq tag - - txt - Host-uniq tag as byte string in HEX - - - ([a-fA-F0-9][a-fA-F0-9]){1,18} - - Host-uniq must be specified as hex-adecimal byte-string (even number of HEX characters) - - - - - Delay before re-dial to the access concentrator when PPP session terminated by peer (in seconds) - - u32:0-86400 - Holdoff time in seconds - - - - - Holdoff must be in range 0 to 86400 - - 30 - - - - IPv4 routing parameters - - - #include - #include - #include - - - - - IPv6 routing parameters - - - - - IPv6 address configuration modes - - - #include - - - #include - #include - - - #include - - - IPv4 address of local end of the PPPoE link - - ipv4 - Address of local end of the PPPoE link - - - - - - - #include - #include - - 1492 - - - - Maximum Receive Unit (MRU) (default: MTU value) - - u32:128-16384 - Maximum Receive Unit in byte - - - - - MRU must be between 128 and 16384 - - - #include - - - IPv4 address of remote end of the PPPoE link - - ipv4 - Address of remote end of the PPPoE link - - - - - - - - - Service name, only connect to access concentrators advertising this - - [a-zA-Z0-9]+ - - Service name must be alphanumeric only - - - #include - #include - - - - - diff --git a/interface-definitions/interfaces-pseudo-ethernet.xml.in b/interface-definitions/interfaces-pseudo-ethernet.xml.in deleted file mode 100644 index 5c73825c3..000000000 --- a/interface-definitions/interfaces-pseudo-ethernet.xml.in +++ /dev/null @@ -1,68 +0,0 @@ - - - - - - - Pseudo Ethernet Interface (Macvlan) - 321 - - peth[0-9]+ - - Pseudo Ethernet interface must be named pethN - - pethN - Pseudo Ethernet interface name - - - - #include - #include - #include - #include - #include - #include - #include - #include - #include - #include - #include - #include - - - Receive mode (default: private) - - private vepa bridge passthru - - - private - No communication with other pseudo-devices - - - vepa - Virtual Ethernet Port Aggregator reflective relay - - - bridge - Simple bridge between pseudo-devices - - - passthru - Promicious mode passthrough of underlying device - - - (private|vepa|bridge|passthru) - - mode must be private, vepa, bridge or passthru - - private - - #include - #include - #include - #include - - - - - diff --git a/interface-definitions/interfaces-sstpc.xml.in b/interface-definitions/interfaces-sstpc.xml.in deleted file mode 100644 index b569e9bde..000000000 --- a/interface-definitions/interfaces-sstpc.xml.in +++ /dev/null @@ -1,47 +0,0 @@ - - - - - - - Secure Socket Tunneling Protocol (SSTP) client Interface - 460 - - sstpc[0-9]+ - - Secure Socket Tunneling Protocol interface must be named sstpcN - - sstpcN - Secure Socket Tunneling Protocol interface name - - - - #include - #include - #include - #include - #include - #include - #include - - 1452 - - #include - #include - - 443 - - - - Secure Sockets Layer (SSL) configuration - - - #include - - - #include - - - - - diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in deleted file mode 100644 index 58f95dddb..000000000 --- a/interface-definitions/interfaces-tunnel.xml.in +++ /dev/null @@ -1,281 +0,0 @@ - - - - - - - Tunnel interface - 380 - - tun[0-9]+ - - tunnel interface must be named tunN - - tunN - Tunnel interface name - - - - #include - #include - #include - #include - #include - - 1476 - - #include - #include - #include - #include - #include - - - 6rd network prefix - - ipv6 - IPv6 address and prefix length - - - - - - - - - 6rd relay prefix - - ipv4net - IPv4 prefix of interface for 6rd - - - - - - - - - Encapsulation of this tunnel interface - - erspan gre gretap ip6erspan ip6gre ip6gretap ip6ip6 ipip ipip6 sit - - - erspan - Encapsulated Remote Switched Port Analyzer - - - gre - Generic Routing Encapsulation (network layer) - - - gretap - Generic Routing Encapsulation (datalink layer) - - - ip6erspan - Encapsulated Remote Switched Port Analyzer over IPv6 - - - ip6gre - GRE over IPv6 (network layer) - - - ip6gretap - GRE over IPv6 (datalink layer) - - - ip6ip6 - IPv6 in IPv6 encapsulation - - - ipip - IPv4 in IPv4 encapsulation - - - ipip6 - IPv4 in IP6 encapsulation - - - sit - Simple Internet Transition (IPv6 in IPv4) - - - (erspan|gre|gretap|ip6erspan|ip6gre|ip6gretap|ip6ip6|ipip|ipip6|sit) - - Invalid encapsulation, must be one of: erspan, gre, gretap, ip6erspan, ip6gre, ip6gretap, ipip, sit, ipip6 or ip6ip6 - - - #include - - - Enable multicast operation over tunnel - - - - - - Tunnel parameters - - - - - ERSPAN tunnel parameters - - - - - Mirrored traffic direction - - ingress egress - - - ingress - Mirror ingress traffic - - - egress - Mirror egress traffic - - - (ingress|egress) - - - - - - Unique identifier of an ERSPAN engine within a system - - u32:0-1048575 - Unique identifier of an ERSPAN engine - - - - - - - - - ERSPAN version 1 index field - - u32:0-63 - Platform-depedent field for specifying port number and direction - - - - - - - - - Protocol version - - 1 2 - - - 1 - ERSPAN Type II - - - 2 - ERSPAN Type III - - - - - - 1 - - - - - - IPv4-specific tunnel parameters - - - - - Disable path MTU discovery - - - - - - Ignore the DF (don't fragment) bit - - - - #include - #include - #include - - 64 - - - - - - IPv6-specific tunnel parameters - - - - - Set fixed encapsulation limit - - none - - - u32:0-255 - Encapsulation limit - - - none - Disable encapsulation limit - - - (none) - - - Tunnel encaplimit must be 0-255 or none - - 4 - - #include - - - Hoplimit - - u32:0-255 - Hop limit - - - - - hop limit must be between 0-255 - - 64 - - - - Traffic class (Tclass) - - 0x0-0x0fffff - Traffic class, 'inherit' or hex value - - - (0x){0,1}(0?[0-9A-Fa-f]{1,2}) - - Must be 'inherit' or a number - - inherit - - - - - - #include - #include - - - - - diff --git a/interface-definitions/interfaces-virtual-ethernet.xml.in b/interface-definitions/interfaces-virtual-ethernet.xml.in deleted file mode 100644 index 0fc89efc0..000000000 --- a/interface-definitions/interfaces-virtual-ethernet.xml.in +++ /dev/null @@ -1,48 +0,0 @@ - - - - - - - Virtual Ethernet (veth) Interface - 300 - - veth[0-9]+ - - Virtual Ethernet interface must be named vethN - - vethN - Virtual Ethernet interface name - - - - #include - #include - #include - #include - #include - #include - #include - #include - #include - - - Virtual ethernet peer interface name - - interfaces virtual-ethernet - - - txt - Name of peer interface - - - veth[0-9]+ - - Virutal Ethernet interface must be named vethN - - - - - - - diff --git a/interface-definitions/interfaces-vti.xml.in b/interface-definitions/interfaces-vti.xml.in deleted file mode 100644 index b116f7386..000000000 --- a/interface-definitions/interfaces-vti.xml.in +++ /dev/null @@ -1,32 +0,0 @@ - - - - - - - Virtual Tunnel Interface (XFRM) - 381 - - vti[0-9]+ - - VTI interface must be named vtiN - - vtiN - VTI interface name - - - - #include - #include - #include - #include - #include - #include - #include - #include - #include - - - - - diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in deleted file mode 100644 index 4461923d9..000000000 --- a/interface-definitions/interfaces-vxlan.xml.in +++ /dev/null @@ -1,133 +0,0 @@ - - - - - - - Virtual Extensible LAN (VXLAN) Interface - 460 - - vxlan[0-9]+ - - VXLAN interface must be named vxlanN - - vxlanN - VXLAN interface name - - - - #include - #include - #include - - - Enable Generic Protocol extension (VXLAN-GPE) - - - - - - Multicast group address for VXLAN interface - - ipv4 - Multicast IPv4 group address - - - ipv6 - Multicast IPv6 group address - - - - - - Multicast IPv4/IPv6 address required - - - #include - #include - #include - #include - #include - - - VXLAN tunnel parameters - - - - - IPv4 specific tunnel parameters - - - #include - #include - #include - - 16 - - - - - - IPv6 specific tunnel parameters - - - #include - - - - - Use external control plane - - - - - - Do not add unknown addresses into forwarding database - - - - - - Enable neighbor discovery (ARP and ND) suppression - - - - - - Enable VNI filter support - - - - - - #include - - 4789 - - #include - #include - #include - #include - #include - #include - - - Configuring VLAN-to-VNI mappings for EVPN-VXLAN - - u32:0-4094 - Virtual Local Area Network (VLAN) ID - - - - - VLAN ID must be between 0 and 4094 - - - #include - - - - - - - diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in deleted file mode 100644 index 3c79cef28..000000000 --- a/interface-definitions/interfaces-wireguard.xml.in +++ /dev/null @@ -1,129 +0,0 @@ - - - - - - - WireGuard Interface - 379 - - wg[0-9]+ - - WireGuard interface must be named wgN - - wgN - WireGuard interface name - - - - #include - #include - #include - #include - #include - #include - - 1420 - - #include - #include - - - A 32-bit fwmark value set on all outgoing packets - - number - value which marks the packet for QoS/shaper - - - - - - 0 - - - - Base64 encoded private key - - [0-9a-zA-Z\+/]{43}= - - Key is not valid 44-character (32-bytes) base64 - - - - - peer alias - - [^ ]{1,100} - - peer alias too long (limit 100 characters) - - - #include - #include - - - base64 encoded public key - - [0-9a-zA-Z\+/]{43}= - - Key is not valid 44-character (32-bytes) base64 - - - - - base64 encoded preshared key - - [0-9a-zA-Z\+/]{43}= - - Key is not valid 44-character (32-bytes) base64 - - - - - IP addresses allowed to traverse the peer - - - - - - - - - IP address of tunnel endpoint - - ipv4 - IPv4 address of remote tunnel endpoint - - - ipv6 - IPv6 address of remote tunnel endpoint - - - - - - - - #include - - - Interval to send keepalive messages - - u32:1-65535 - Interval in seconds - - - - - - - - - #include - #include - #include - - - - - diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in deleted file mode 100644 index 88b858c07..000000000 --- a/interface-definitions/interfaces-wireless.xml.in +++ /dev/null @@ -1,832 +0,0 @@ - - - - - - - Wireless (WiFi/WLAN) Network Interface - 318 - - - - - wlan[0-9]+ - - Wireless interface must be named wlanN - - wlanN - Wireless (WiFi/WLAN) interface name - - - - #include - - - HT and VHT capabilities for your card - - - - - HT (High Throughput) settings - - - - - 40MHz intolerance, use 20MHz only! - - - - - - Enable WMM-PS unscheduled automatic power aave delivery [U-APSD] - - - - - - Supported channel set width - - ht20 ht40+ ht40- - - - ht20 - Supported channel set width both 20 MHz only - - - ht40+ - Supported channel set width both 20 MHz and 40 MHz with secondary channel above primary channel - - - ht40- - Supported channel set width both 20 MHz and 40 MHz with secondary channel below primary channel - - - (ht20|ht40\+|ht40-) - - - - - - - Enable HT-delayed block ack - - - - - - Enable DSSS_CCK-40 - - - - - - Enable HT-greenfield - - - - - - Enable LDPC coding capability - - - - - - Enable L-SIG TXOP protection capability - - - - - - Set maximum A-MSDU length - - 3839 7935 - - - 3839 - Set maximum A-MSDU length to 3839 octets - - - 7935 - Set maximum A-MSDU length to 7935 octets - - - (3839|7935) - - - - - - Short GI capabilities - - 20 40 - - - 20 - Short GI for 20 MHz - - - 40 - Short GI for 40 MHz - - - (20|40) - - - - - - - Spatial Multiplexing Power Save (SMPS) settings - - static dynamic - - - static - STATIC Spatial Multiplexing (SM) Power Save - - - dynamic - DYNAMIC Spatial Multiplexing (SM) Power Save - - - (static|dynamic) - - - - - - Support for sending and receiving PPDU using STBC (Space Time Block Coding) - - - - - Enable receiving PPDU using STBC (Space Time Block Coding) - - [1-3]+ - Number of spacial streams that can use RX STBC - - - [1-3]+ - - Invalid capability item - - - - - Enable sending PPDU using STBC (Space Time Block Coding) - - - - - - - - - - Require stations to support HT PHY (reject association if they do not) - - - - - - - - - Require stations to support VHT PHY (reject association if they do not) - - - - - - - - - VHT (Very High Throughput) settings - - - - - Number of antennas on this card - - u32:1-8 - Number of antennas for this card - - - - - - - - - Set if antenna pattern does not change during the lifetime of an association - - - - - - Beamforming capabilities - - single-user-beamformer single-user-beamformee multi-user-beamformer multi-user-beamformee - - - single-user-beamformer - Support for operation as single user beamformer - - - single-user-beamformee - Support for operation as single user beamformee - - - multi-user-beamformer - Support for operation as multi user beamformer - - - multi-user-beamformee - Support for operation as multi user beamformee - - - (single-user-beamformer|single-user-beamformee|multi-user-beamformer|multi-user-beamformee) - - - - - - - VHT operating channel center frequency - - - - - VHT operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes) - - u32:34-173 - 5Ghz (802.11 a/h/j/n/ac) center channel index (use 42 for primary 80MHz channel 36) - - - - - Channel center value must be between 34 and 173 - - - - - VHT operating channel center frequency - center freq 2 (for use with the 80+80 mode) - - u32:34-173 - 5Ghz (802.11 a/h/j/n/ac) center channel index (use 58 for primary 80MHz channel 52) - - - - - Channel center value must be between 34 and 173 - - - - - - - VHT operating Channel width - - 0 1 2 3 - - - 0 - 20 or 40 MHz channel width - - - 1 - 80 MHz channel width - - - 2 - 160 MHz channel width - - - 3 - 80+80 MHz channel width - - - - - - - - - Enable LDPC (Low Density Parity Check) coding capability - - - - - - VHT link adaptation capabilities - - unsolicited both - - - unsolicited - Station provides only unsolicited VHT MFB - - - both - Station can provide VHT MFB in response to VHT MRQ and unsolicited VHT MFB - - - (unsolicited|both) - - Invalid capability item - - - - - Set the maximum length of A-MPDU pre-EOF padding that the station can receive - - u32:0-7 - Maximum length of A-MPDU pre-EOF padding = 2 pow(13 + x) -1 octets - - - - - - - - - Increase Maximum MPDU length to 7991 or 11454 octets (otherwise: 3895 octets) - - 7991 11454 - - - 7991 - ncrease Maximum MPDU length to 7991 octets - - - 11454 - ncrease Maximum MPDU length to 11454 octets - - - (7991|11454) - - - - - - Short GI capabilities - - 80 160 - - - 80 - Short GI for 80 MHz - - - 160 - Short GI for 160 MHz - - - (80|160) - - - - - - - Support for sending and receiving PPDU using STBC (Space Time Block Coding) - - - - - Enable receiving PPDU using STBC (Space Time Block Coding) - - [1-4]+ - Number of spacial streams that can use RX STBC - - - [1-4]+ - - Invalid capability item - - - - - Enable sending PPDU using STBC (Space Time Block Coding) - - - - - - - - Enable VHT TXOP Power Save Mode - - - - - - Station supports receiving VHT variant HT Control field - - - - - - - - - - Wireless radio channel - - 0 - Automatic Channel Selection (ACS) - - - u32:1-14 - 2.4Ghz (802.11 b/g/n) Channel - - - u32:34-173 - 5Ghz (802.11 a/h/j/n/ac) Channel - - - - - - 0 - - - - Indicate country in which device is operating - - us eu jp de uk cn es fr ru - - - txt - ISO/IEC 3166-1 Country Code - - - [a-z][a-z] - - Invalid ISO/IEC 3166-1 Country Code - - - #include - #include - #include - - - Disable broadcast of SSID from access-point - - - - #include - #include - #include - - - Disassociate stations based on excessive transmission failures - - - - #include - #include - #include - - - Isolate stations on the AP so they cannot see each other - - - - #include - - - Maximum number of wireless radio stations. Excess stations will be rejected upon authentication request. - - u32:1-2007 - Number of allowed stations - - - - - Number of stations must be between 1 and 2007 - - - - - Management Frame Protection (MFP) according to IEEE 802.11w - - disabled optional required - - - disabled - no MFP - - - optional - MFP optional - - - required - MFP enforced - - - (disabled|optional|required) - - - disabled - - - - Wireless radio mode - - a b g n ac - - - a - 802.11a - 54 Mbits/sec - - - b - 802.11b - 11 Mbits/sec - - - g - 802.11g - 54 Mbits/sec - - - n - 802.11n - 600 Mbits/sec - - - ac - 802.11ac - 1300 Mbits/sec - - - (a|b|g|n|ac) - - - g - - #include - - - Wireless physical device - - - - - - - - phy0 - - - - Transmission power reduction in dBm - - u32:0-255 - TX power reduction in dBm - - - - - dBm value must be between 0 and 255 - - - - - Wireless security settings - - - - - Station MAC address based authentication - - - - - Select security operation mode - - accept deny - - - accept - Accept all clients unless found in deny list - - - deny - Deny all clients unless found in accept list - - - (accept|deny) - - - accept - - - - Accept station MAC address - - - #include - - - - - Deny station MAC address - - - #include - - - - - - - Wired Equivalent Privacy (WEP) parameters - - - - - WEP encryption key - - txt - Wired Equivalent Privacy key - - - ([a-fA-F0-9]{10}|[a-fA-F0-9]{26}|[a-fA-F0-9]{32}) - - Invalid WEP key - - - - - - - - Wifi Protected Access (WPA) parameters - - - - - Cipher suite for WPA unicast packets - - GCMP-256 GCMP CCMP-256 CCMP TKIP - - - GCMP-256 - AES in Galois/counter mode with 256-bit key - - - GCMP - AES in Galois/counter mode with 128-bit key - - - CCMP-256 - AES in Counter mode with CBC-MAC with 256-bit key - - - CCMP - AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] (supported on all WPA2 APs) - - - TKIP - Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] - - - (GCMP-256|GCMP|CCMP-256|CCMP|TKIP) - - Invalid cipher selection - - - - - - Cipher suite for WPA multicast and broadcast packets - - GCMP-256 GCMP CCMP-256 CCMP TKIP - - - GCMP-256 - AES in Galois/counter mode with 256-bit key - - - GCMP - AES in Galois/counter mode with 128-bit key - - - CCMP-256 - AES in Counter mode with CBC-MAC with 256-bit key - - - CCMP - AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] (supported on all WPA2 APs) - - - TKIP - Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] - - - (GCMP-256|GCMP|CCMP-256|CCMP|TKIP) - - Invalid group cipher selection - - - - - - WPA mode - - wpa wpa2 wpa+wpa2 wpa3 - - - wpa - WPA (IEEE 802.11i/D3.0) - - - wpa2 - WPA2 (full IEEE 802.11i/RSN) - - - wpa+wpa2 - Allow both WPA and WPA2 - - - (wpa|wpa2|wpa\+wpa2|wpa3) - - Unknown WPA mode - - wpa+wpa2 - - - - WPA personal shared pass phrase. If you are using special characters in the WPA passphrase then single quotes are required. - - txt - Passphrase of at least 8 but not more than 63 printable characters - - - .{8,63} - - Invalid WPA pass phrase, must be 8 to 63 printable characters! - - - #include - - - - - - - Enable RADIUS server to receive accounting info - - - - - - - - - - - - - - Wireless access-point service set identifier (SSID) - - .{1,32} - - Invalid SSID - - - - - Wireless device type for this interface - - access-point station monitor - - - access-point - Access-point forwards packets between other nodes - - - station - Connects to another access point - - - monitor - Passively monitor all packets on the frequency/channel - - - (access-point|station|monitor) - - Type must be access-point, station or monitor - - monitor - - #include - #include - #include - #include - - - - - diff --git a/interface-definitions/interfaces-wwan.xml.in b/interface-definitions/interfaces-wwan.xml.in deleted file mode 100644 index 5fa3be8db..000000000 --- a/interface-definitions/interfaces-wwan.xml.in +++ /dev/null @@ -1,48 +0,0 @@ - - - - - - - Wireless Modem (WWAN) Interface - 350 - - - - - wwan[0-9]+ - - Wireless Modem interface must be named wwanN - - wwanN - Wireless Wide Area Network interface name - - - - #include - - - Access Point Name (APN) - - - #include - #include - #include - #include - #include - #include - #include - #include - - 1430 - - #include - #include - #include - #include - #include - - - - - diff --git a/interface-definitions/interfaces_bonding.xml.in b/interface-definitions/interfaces_bonding.xml.in new file mode 100644 index 000000000..62ee0bdc7 --- /dev/null +++ b/interface-definitions/interfaces_bonding.xml.in @@ -0,0 +1,286 @@ + + + + + + + Bonding Interface/Link Aggregation + 320 + + bond[0-9]+ + + Bonding interface must be named bondN + + bondN + Bonding interface name + + + + #include + + + ARP link monitoring parameters + + + + + ARP link monitoring interval + + u32 + Specifies the ARP link monitoring frequency in milliseconds + + + + + + + + + IP address used for ARP monitoring + + ipv4 + Specify IPv4 address of ARP requests when interval is enabled + + + + + + + + + + #include + #include + #include + #include + #include + #include + #include + + + EVPN Multihoming + + + + + Preference value used for designated forwarder (DF) election + + u32:1-65535 + DF Preference value + + + + + + + + + Ethernet segment identifier + + u32:1-16777215 + Local discriminator + + + txt + 10-byte ID - 00:11:22:33:44:55:AA:BB:CC:DD + + + + ([0-9A-Fa-f][0-9A-Fa-f]:){9}[0-9A-Fa-f][0-9A-Fa-f] + + + + + + Ethernet segment system MAC + + macaddr + MAC address + + + + + + + + + Uplink to the VXLAN core + + + + + + + + Bonding transmit hash policy + + layer2 layer2+3 layer3+4 encap2+3 encap3+4 + + + layer2 + use MAC addresses to generate the hash + + + layer2+3 + combine MAC address and IP address to make hash + + + layer3+4 + combine IP address and port to make hash + + + encap2+3 + combine encapsulated MAC address and IP address to make hash + + + encap3+4 + combine encapsulated IP address and port to make hash + + + (layer2\+3|layer3\+4|layer2|encap2\+3|encap3\+4) + + hash-policy must be layer2 layer2+3 layer3+4 encap2+3 or encap3+4 + + layer2 + + #include + #include + #include + + + Specifies the MII link monitoring frequency in milliseconds + + u32:0 + Disable MII link monitoring + + + u32:50-1000 + MII link monitoring frequency in milliseconds + + + + + + 100 + + + + Minimum number of member interfaces required up before enabling bond + + u32:0-16 + Minimum number of member interfaces required up before enabling bond + + + + + + 0 + + + + Rate in which we will ask our link partner to transmit LACPDU packets + + slow fast + + + slow + Request partner to transmit LACPDUs every 30 seconds + + + fast + Request partner to transmit LACPDUs every 1 second + + + (slow|fast) + + + slow + + + + Bonding mode + + 802.3ad active-backup broadcast round-robin transmit-load-balance adaptive-load-balance xor-hash + + + 802.3ad + IEEE 802.3ad Dynamic link aggregation + + + active-backup + Fault tolerant: only one slave in the bond is active + + + broadcast + Fault tolerant: transmits everything on all slave interfaces + + + round-robin + Load balance: transmit packets in sequential order + + + transmit-load-balance + Load balance: adapts based on transmit load and speed + + + adaptive-load-balance + Load balance: adapts based on transmit and receive plus ARP + + + xor-hash + Distribute based on MAC address + + + (802.3ad|active-backup|broadcast|round-robin|transmit-load-balance|adaptive-load-balance|xor-hash) + + mode must be 802.3ad, active-backup, broadcast, round-robin, transmit-load-balance, adaptive-load-balance, or xor + + 802.3ad + + + + Bridge member interfaces + + + + + Member interface name + + + + + txt + Interface name + + + #include + + + + + + + #include + + + Primary device interface + + + + + txt + Interface name + + + #include + + + + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_bridge.xml.in b/interface-definitions/interfaces_bridge.xml.in new file mode 100644 index 000000000..d4d277cfc --- /dev/null +++ b/interface-definitions/interfaces_bridge.xml.in @@ -0,0 +1,226 @@ + + + + + + + Bridge Interface + 310 + + br[0-9]+ + + Bridge interface must be named brN + + brN + Bridge interface name + + + + #include + + + MAC address aging interval + + u32:0 + Disable MAC address learning (always flood) + + + u32:10-1000000 + MAC address aging time in seconds + + + + + + 300 + + #include + #include + #include + #include + #include + #include + #include + + + Forwarding delay + + u32:0-200 + Spanning Tree Protocol forwarding delay in seconds + + + + + Forwarding delay must be between 0 and 200 seconds + + 14 + + + + Hello packet advertisement interval + + u32:1-10 + Spanning Tree Protocol hello advertisement interval in seconds + + + + + Bridge Hello interval must be between 1 and 10 seconds + + 2 + + + + Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) settings + + + + + Enable IGMP/MLD querier + + + + + + Enable IGMP/MLD snooping + + + + + + #include + #include + #include + #include + + + Enable VLAN aware bridge + + + + + + Interval at which neighbor bridges are removed + + u32:1-40 + Bridge maximum aging time in seconds + + + + + Bridge max aging value must be between 1 and 40 seconds + + 20 + + + + Bridge member interfaces + + + + + Member interface name + + + + + #include + + + + + + Specify VLAN id which should natively be present on the link + + u32:1-4094 + Virtual Local Area Network (VLAN) ID + + + + + VLAN ID must be between 1 and 4094 + + + + + Specify VLAN id which is allowed in this trunk interface + + <id> + VLAN id allowed to pass this interface + + + <idN>-<idM> + VLAN id range allowed on this interface (use '-' as delimiter) + + + + + not a valid VLAN ID value or range + + + + + + Bridge port cost + + u32:1-65535 + Path cost value for Spanning Tree Protocol + + + + + Path cost value must be between 1 and 65535 + + 100 + + + + Bridge port priority + + u32:0-63 + Bridge port priority + + + + + Port priority value must be between 0 and 63 + + 32 + + + + Port is isolated (also known as Private-VLAN) + + + + + + + + + + Priority for this bridge + + u32:0-65535 + Bridge priority + + + + + Bridge priority must be between 0 and 65535 (multiples of 4096) + + 32768 + + + + Enable spanning tree protocol + + + + #include + #include + + + + + diff --git a/interface-definitions/interfaces_dummy.xml.in b/interface-definitions/interfaces_dummy.xml.in new file mode 100644 index 000000000..ef8ee78e7 --- /dev/null +++ b/interface-definitions/interfaces_dummy.xml.in @@ -0,0 +1,57 @@ + + + + + + + Dummy Interface + 300 + + dum[0-9]+ + + Dummy interface must be named dumN + + dumN + Dummy interface name + + + + #include + #include + #include + + + IPv4 routing parameters + + + #include + #include + + + + + IPv6 routing parameters + + + #include + + + IPv6 address configuration modes + + + #include + #include + + + + + #include + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_ethernet.xml.in b/interface-definitions/interfaces_ethernet.xml.in new file mode 100644 index 000000000..4e55bac7c --- /dev/null +++ b/interface-definitions/interfaces_ethernet.xml.in @@ -0,0 +1,217 @@ + + + + + Network interfaces + + + + + Ethernet Interface + 318 + + ethN + Ethernet interface name + + + ((eth|lan)[0-9]+|(eno|ens|enp|enx).+) + + Invalid Ethernet interface name + + + #include + #include + #include + #include + + + Disable Ethernet flow control (pause frames) + + + + #include + #include + + + Duplex mode + + auto half full + + + auto + Auto negotiation + + + half + Half duplex + + + full + Full duplex + + + (auto|half|full) + + duplex must be auto, half or full + + auto + + #include + #include + #include + #include + #include + #include + #include + + + Configurable offload options + + + + + Enable Generic Receive Offload + + + + + + Enable Generic Segmentation Offload + + + + + + Enable Hardware Flow Offload + + + + + + Enable Large Receive Offload + + + + + + Enable Receive Packet Steering + + + + + + Enable Receive Flow Steering + + + + + + Enable Scatter-Gather + + + + + + Enable TCP Segmentation Offloading + + + + + + + + Link speed + + auto 10 100 1000 2500 5000 10000 25000 40000 50000 100000 + + + auto + Auto negotiation + + + 10 + 10 Mbit/sec + + + 100 + 100 Mbit/sec + + + 1000 + 1 Gbit/sec + + + 2500 + 2.5 Gbit/sec + + + 5000 + 5 Gbit/sec + + + 10000 + 10 Gbit/sec + + + 25000 + 25 Gbit/sec + + + 40000 + 40 Gbit/sec + + + 50000 + 50 Gbit/sec + + + 100000 + 100 Gbit/sec + + + (auto|10|100|1000|2500|5000|10000|25000|40000|50000|100000) + + Speed must be auto, 10, 100, 1000, 2500, 5000, 10000, 25000, 40000, 50000 or 100000 + + auto + + + + Shared buffer between the device driver and NIC + + + + + RX ring buffer + + u32:80-16384 + ring buffer size + + + + + + + + + TX ring buffer + + u32:80-16384 + ring buffer size + + + + + + + + + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_geneve.xml.in b/interface-definitions/interfaces_geneve.xml.in new file mode 100644 index 000000000..c94113271 --- /dev/null +++ b/interface-definitions/interfaces_geneve.xml.in @@ -0,0 +1,60 @@ + + + + + + + Generic Network Virtualization Encapsulation (GENEVE) Interface + 460 + + gnv[0-9]+ + + GENEVE interface must be named gnvN + + gnvN + GENEVE interface name + + + + #include + #include + #include + #include + #include + #include + #include + + + GENEVE tunnel parameters + + + + + IPv4 specific tunnel parameters + + + #include + #include + #include + #include + + + + + IPv6 specific tunnel parameters + + + #include + + + + + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_input.xml.in b/interface-definitions/interfaces_input.xml.in new file mode 100644 index 000000000..771c47e42 --- /dev/null +++ b/interface-definitions/interfaces_input.xml.in @@ -0,0 +1,27 @@ + + + + + + + Input Functional Block (IFB) interface name + + 310 + + ifb[0-9]+ + + Input interface must be named ifbN + + ifbN + Input interface name + + + + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_l2tpv3.xml.in b/interface-definitions/interfaces_l2tpv3.xml.in new file mode 100644 index 000000000..5f816c956 --- /dev/null +++ b/interface-definitions/interfaces_l2tpv3.xml.in @@ -0,0 +1,131 @@ + + + + + + + Layer 2 Tunnel Protocol Version 3 (L2TPv3) Interface + 485 + + l2tpeth[0-9]+ + + L2TPv3 interface must be named l2tpethN + + l2tpethN + L2TPv3 interface name + + + + #include + #include + + + UDP destination port for L2TPv3 tunnel + + u32:1-65535 + Numeric IP port + + + + + + 5000 + + #include + + + Encapsulation type + + udp ip + + + udp + UDP encapsulation + + + ip + IP encapsulation + + + (udp|ip) + + Encapsulation must be UDP or IP + + udp + + #include + #include + #include + #include + #include + + 1488 + + + + Peer session identifier + + u32:1-429496729 + L2TPv3 peer session identifier + + + + + + + + + Peer tunnel identifier + + u32:1-429496729 + L2TPv3 peer tunnel identifier + + + + + + + #include + + + Session identifier + + u32:1-429496729 + L2TPv3 session identifier + + + + + + + + + UDP source port for L2TPv3 tunnel + + u32:1-65535 + Numeric IP port + + + + + + 5000 + + + + Local tunnel identifier + + u32:1-429496729 + L2TPv3 local tunnel identifier + + + + + + + #include + + + + + diff --git a/interface-definitions/interfaces_loopback.xml.in b/interface-definitions/interfaces_loopback.xml.in new file mode 100644 index 000000000..09b4a00cf --- /dev/null +++ b/interface-definitions/interfaces_loopback.xml.in @@ -0,0 +1,35 @@ + + + + + + + Loopback Interface + 300 + + lo + + Loopback interface must be named lo + + lo + Loopback interface + + + + #include + #include + + + IPv4 routing parameters + + + #include + + + #include + #include + + + + + diff --git a/interface-definitions/interfaces_macsec.xml.in b/interface-definitions/interfaces_macsec.xml.in new file mode 100644 index 000000000..d825f8262 --- /dev/null +++ b/interface-definitions/interfaces_macsec.xml.in @@ -0,0 +1,153 @@ + + + + + + + MACsec Interface (802.1ae) + 461 + + macsec[0-9]+ + + MACsec interface must be named macsecN + + macsecN + MACsec interface name + + + + #include + #include + #include + #include + #include + #include + + + Security/Encryption Settings + + + + + Cipher suite used + + gcm-aes-128 gcm-aes-256 + + + gcm-aes-128 + Galois/Counter Mode of AES cipher with 128-bit key + + + gcm-aes-256 + Galois/Counter Mode of AES cipher with 256-bit key + + + (gcm-aes-128|gcm-aes-256) + + + + + + Enable optional MACsec encryption + + + + + + Use static keys for MACsec [static Secure Authentication Key (SAK) mode] + + + #include + + + MACsec peer name + + [^ ]{1,100} + + MACsec peer name exceeds limit of 100 characters + + + #include + #include + #include + + + + + + + MACsec Key Agreement protocol (MKA) + + + + + Secure Connectivity Association Key + + txt + 16-byte (128-bit) hex-string (32 hex-digits) for gcm-aes-128 or 32-byte (256-bit) hex-string (64 hex-digits) for gcm-aes-256 + + + [A-Fa-f0-9]{32} + [A-Fa-f0-9]{64} + + + + + + Secure Connectivity Association Key Name + + txt + 1..32-bytes (8..256 bit) hex-string (2..64 hex-digits) + + + [A-Fa-f0-9]{2,64} + + + + + + Priority of MACsec Key Agreement protocol (MKA) actor + + u32:0-255 + MACsec Key Agreement protocol (MKA) priority + + + + + + 255 + + + + + + IEEE 802.1X/MACsec replay protection window + + u32:0 + No replay window, strict check + + + u32:1-4294967295 + Number of packets that could be misordered + + + + + + + + + #include + #include + #include + + 1460 + + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_openvpn.xml.in b/interface-definitions/interfaces_openvpn.xml.in new file mode 100644 index 000000000..addf3c1ab --- /dev/null +++ b/interface-definitions/interfaces_openvpn.xml.in @@ -0,0 +1,809 @@ + + + + + + + OpenVPN Tunnel Interface + 460 + + vtun[0-9]+ + + OpenVPN tunnel interface must be named vtunN + + vtunN + OpenVPN interface name + + + + #include + #include + + + OpenVPN interface device-type + + tun tap + + + tun + TUN device, required for OSI layer 3 + + + tap + TAP device, required for OSI layer 2 + + + (tun|tap) + + + tun + + #include + + + Data Encryption settings + + + + + Standard Data Encryption Algorithm + + none 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm + + + none + Disable encryption + + + 3des + DES algorithm with triple encryption + + + aes128 + AES algorithm with 128-bit key CBC + + + aes128gcm + AES algorithm with 128-bit key GCM + + + aes192 + AES algorithm with 192-bit key CBC + + + aes192gcm + AES algorithm with 192-bit key GCM + + + aes256 + AES algorithm with 256-bit key CBC + + + aes256gcm + AES algorithm with 256-bit key GCM + + + (none|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm) + + + + + + Cipher negotiation list for use in server or client mode + + none 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm + + + none + Disable encryption + + + 3des + DES algorithm with triple encryption + + + aes128 + AES algorithm with 128-bit key CBC + + + aes128gcm + AES algorithm with 128-bit key GCM + + + aes192 + AES algorithm with 192-bit key CBC + + + aes192gcm + AES algorithm with 192-bit key GCM + + + aes256 + AES algorithm with 256-bit key CBC + + + aes256gcm + AES algorithm with 256-bit key GCM + + + (none|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm) + + + + + + + #include + #include + #include + + + Hashing Algorithm + + md5 sha1 sha256 sha384 sha512 + + + md5 + MD5 algorithm + + + sha1 + SHA-1 algorithm + + + sha256 + SHA-256 algorithm + + + sha384 + SHA-384 algorithm + + + sha512 + SHA-512 algorithm + + + (md5|sha1|sha256|sha384|sha512) + + + + + + Keepalive helper options + + + + + Maximum number of keepalive packet failures + + u32:0-1000 + Maximum number of keepalive packet failures + + + + + + 60 + + + + Keepalive packet interval in seconds + + u32:0-600 + Keepalive packet interval (seconds) + + + + + + 10 + + + + + + Local IP address of tunnel (IPv4 or IPv6) + + + + + + + + Subnet-mask for local IP address of tunnel (IPv4 only) + + + + + + + + + + Local IP address to accept connections (all if not set) + + ipv4 + Local IPv4 address + + + ipv6 + Local IPv6 address + + + + + + + + + Local port number to accept connections + + u32:1-65535 + Numeric IP port + + + + + + + + + OpenVPN mode of operation + + site-to-site client server + + + site-to-site + Site-to-site mode + + + client + Client in client-server mode + + + server + Server in client-server mode + + + (site-to-site|client|server) + + + + + + Configurable offload options + + + + + Enable data channel offload on this interface + + + + + + + + Additional OpenVPN options. You must use the syntax of openvpn.conf in this text-field. Using this without proper knowledge may result in a crashed OpenVPN server. Check system log to look for errors. + + + + + + Do not close and reopen interface (TUN/TAP device) on client restarts + + + + + + OpenVPN communication protocol + + udp tcp-passive tcp-active + + + udp + UDP + + + tcp-passive + TCP and accepts connections passively + + + tcp-active + TCP and initiates connections actively + + + (udp|tcp-passive|tcp-active) + + + udp + + + + IP address of remote end of tunnel + + ipv4 + Remote end IPv4 address + + + ipv6 + Remote end IPv6 address + + + + + + + + + + Remote host to connect to (dynamic if not set) + + ipv4 + IPv4 address of remote host + + + ipv6 + IPv6 address of remote host + + + txt + Hostname of remote host + + + + + + + Remote port number to connect to + + u32:1-65535 + Numeric IP port + + + + + + + + + OpenVPN tunnel to be used as the default route + + + + + Tunnel endpoints are on the same subnet + + + + + + + Server-mode options + + + + + Client-specific settings + + name + Client common-name in the certificate + + + + #include + + + IP address of the client + + ipv4 + Client IPv4 address + + + ipv6 + Client IPv6 address + + + + + + + + + + Route to be pushed to the client + + ipv4net + IPv4 network and prefix length + + + ipv6net + IPv6 network and prefix length + + + + + + + + + + Subnet belonging to the client (iroute) + + ipv4net + IPv4 network and prefix length belonging to the client + + + ipv6net + IPv6 network and prefix length belonging to the client + + + + + + + + + + + + Pool of client IPv4 addresses + + + #include + + + First IP address in the pool + + + + + ipv4 + IPv4 address + + + + + + Last IP address in the pool + + + + + ipv4 + IPv4 address + + + + + + Subnet mask pushed to dynamic clients. If not set the server subnet mask will be used. Only used with topology subnet or device type tap. Not used with bridged interfaces. + + + + + ipv4 + IPv4 subnet mask + + + + + + + + Pool of client IPv6 addresses + + + + + Client IPv6 pool base address with optional prefix length + + ipv6net + Client IPv6 pool base address with optional prefix length (defaults: base = server subnet + 0x1000, prefix length = server prefix length) + + + + + + + #include + + + + + DNS suffix to be pushed to all clients + + txt + Domain Name Server suffix + + + + + + Number of maximum client connections + + u32:1-4096 + Number of concurrent clients + + + + + + + #include + + + Route to be pushed to all clients + + ipv4net + IPv4 network and prefix length + + + ipv6net + IPv6 network and prefix length + + + + + + + + + Set metric for this route + + u32:0-4294967295 + Metric for this route + + + + + + 0 + + + + + + Reject connections from clients that are not explicitly configured + + + + + + Server-mode subnet (from which client IPs are allocated) + + ipv4net + IPv4 network and prefix length + + + ipv6net + IPv6 network and prefix length + + + + + + + + + + Topology for clients + + net30 point-to-point subnet + + + net30 + net30 topology + + + point-to-point + Point-to-point topology + + + subnet + Subnet topology + + + (subnet|point-to-point|net30) + + + net30 + + + + multi-factor authentication + + + + + Time-based one-time passwords + + + + + Maximum allowed clock slop in seconds + + 1-65535 + Seconds + + + + + + 180 + + + + Time drift in seconds + + 1-65535 + Seconds + + + + + + 0 + + + + Step value for totp in seconds + + 1-65535 + Seconds + + + + + + 30 + + + + Number of digits to use for totp hash + + 1-65535 + Seconds + + + + + + 6 + + + + Expect password as result of a challenge response protocol + + disable enable + + + disable + Disable challenge-response + + + enable + Enable chalenge-response + + + (disable|enable) + + + enable + + + + + + + + + + Secret key shared with remote end of tunnel + + pki openvpn shared-secret + + + + + + Transport Layer Security (TLS) options + + + + + TLS shared secret key for tls-auth + + pki openvpn shared-secret + + + + #include + #include + + + Diffie Hellman parameters (server only) + + pki dh + + + + + + Static key to use to authenticate control channel + + pki openvpn shared-secret + + + + + + + Peer certificate SHA256 fingerprint + + [0-9a-fA-F]{2}:([0-9a-fA-F]{2}:){30}[0-9a-fA-F]{2} + + Peer certificate fingerprint must be a colon-separated SHA256 hex digest + + + + + Specify the minimum required TLS version + + 1.0 1.1 1.2 1.3 + + + 1.0 + TLS v1.0 + + + 1.1 + TLS v1.1 + + + 1.2 + TLS v1.2 + + + 1.3 + TLS v1.3 + + + (1.0|1.1|1.2|1.3) + + + + + + TLS negotiation role + + active passive + + + active + Initiate TLS negotiation actively + + + passive + Wait for incoming TLS connection + + + (active|passive) + + + + + + + + Use fast LZO compression on this TUN/TAP interface + + + + #include + #include + + + + + diff --git a/interface-definitions/interfaces_pppoe.xml.in b/interface-definitions/interfaces_pppoe.xml.in new file mode 100644 index 000000000..56660bc15 --- /dev/null +++ b/interface-definitions/interfaces_pppoe.xml.in @@ -0,0 +1,153 @@ + + + + + + + Point-to-Point Protocol over Ethernet (PPPoE) Interface + 322 + + pppoe[0-9]+ + + PPPoE interface must be named pppoeN + + pppoeN + PPPoE dialer interface name + + + + #include + #include + #include + #include + #include + #include + #include + #include + + + Delay before disconnecting idle session (in seconds) + + u32:0-86400 + Idle timeout in seconds + + + + + Timeout must be in range 0 to 86400 + + + + + PPPoE RFC2516 host-uniq tag + + txt + Host-uniq tag as byte string in HEX + + + ([a-fA-F0-9][a-fA-F0-9]){1,18} + + Host-uniq must be specified as hex-adecimal byte-string (even number of HEX characters) + + + + + Delay before re-dial to the access concentrator when PPP session terminated by peer (in seconds) + + u32:0-86400 + Holdoff time in seconds + + + + + Holdoff must be in range 0 to 86400 + + 30 + + + + IPv4 routing parameters + + + #include + #include + #include + + + + + IPv6 routing parameters + + + + + IPv6 address configuration modes + + + #include + + + #include + #include + + + #include + + + IPv4 address of local end of the PPPoE link + + ipv4 + Address of local end of the PPPoE link + + + + + + + #include + #include + + 1492 + + + + Maximum Receive Unit (MRU) (default: MTU value) + + u32:128-16384 + Maximum Receive Unit in byte + + + + + MRU must be between 128 and 16384 + + + #include + + + IPv4 address of remote end of the PPPoE link + + ipv4 + Address of remote end of the PPPoE link + + + + + + + + + Service name, only connect to access concentrators advertising this + + [a-zA-Z0-9]+ + + Service name must be alphanumeric only + + + #include + #include + + + + + diff --git a/interface-definitions/interfaces_pseudo-ethernet.xml.in b/interface-definitions/interfaces_pseudo-ethernet.xml.in new file mode 100644 index 000000000..031af3563 --- /dev/null +++ b/interface-definitions/interfaces_pseudo-ethernet.xml.in @@ -0,0 +1,68 @@ + + + + + + + Pseudo Ethernet Interface (Macvlan) + 321 + + peth[0-9]+ + + Pseudo Ethernet interface must be named pethN + + pethN + Pseudo Ethernet interface name + + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + + + Receive mode (default: private) + + private vepa bridge passthru + + + private + No communication with other pseudo-devices + + + vepa + Virtual Ethernet Port Aggregator reflective relay + + + bridge + Simple bridge between pseudo-devices + + + passthru + Promicious mode passthrough of underlying device + + + (private|vepa|bridge|passthru) + + mode must be private, vepa, bridge or passthru + + private + + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_sstpc.xml.in b/interface-definitions/interfaces_sstpc.xml.in new file mode 100644 index 000000000..b7c49446f --- /dev/null +++ b/interface-definitions/interfaces_sstpc.xml.in @@ -0,0 +1,47 @@ + + + + + + + Secure Socket Tunneling Protocol (SSTP) client Interface + 460 + + sstpc[0-9]+ + + Secure Socket Tunneling Protocol interface must be named sstpcN + + sstpcN + Secure Socket Tunneling Protocol interface name + + + + #include + #include + #include + #include + #include + #include + #include + + 1452 + + #include + #include + + 443 + + + + Secure Sockets Layer (SSL) configuration + + + #include + + + #include + + + + + diff --git a/interface-definitions/interfaces_tunnel.xml.in b/interface-definitions/interfaces_tunnel.xml.in new file mode 100644 index 000000000..99d9b34c6 --- /dev/null +++ b/interface-definitions/interfaces_tunnel.xml.in @@ -0,0 +1,281 @@ + + + + + + + Tunnel interface + 380 + + tun[0-9]+ + + tunnel interface must be named tunN + + tunN + Tunnel interface name + + + + #include + #include + #include + #include + #include + + 1476 + + #include + #include + #include + #include + #include + + + 6rd network prefix + + ipv6 + IPv6 address and prefix length + + + + + + + + + 6rd relay prefix + + ipv4net + IPv4 prefix of interface for 6rd + + + + + + + + + Encapsulation of this tunnel interface + + erspan gre gretap ip6erspan ip6gre ip6gretap ip6ip6 ipip ipip6 sit + + + erspan + Encapsulated Remote Switched Port Analyzer + + + gre + Generic Routing Encapsulation (network layer) + + + gretap + Generic Routing Encapsulation (datalink layer) + + + ip6erspan + Encapsulated Remote Switched Port Analyzer over IPv6 + + + ip6gre + GRE over IPv6 (network layer) + + + ip6gretap + GRE over IPv6 (datalink layer) + + + ip6ip6 + IPv6 in IPv6 encapsulation + + + ipip + IPv4 in IPv4 encapsulation + + + ipip6 + IPv4 in IP6 encapsulation + + + sit + Simple Internet Transition (IPv6 in IPv4) + + + (erspan|gre|gretap|ip6erspan|ip6gre|ip6gretap|ip6ip6|ipip|ipip6|sit) + + Invalid encapsulation, must be one of: erspan, gre, gretap, ip6erspan, ip6gre, ip6gretap, ipip, sit, ipip6 or ip6ip6 + + + #include + + + Enable multicast operation over tunnel + + + + + + Tunnel parameters + + + + + ERSPAN tunnel parameters + + + + + Mirrored traffic direction + + ingress egress + + + ingress + Mirror ingress traffic + + + egress + Mirror egress traffic + + + (ingress|egress) + + + + + + Unique identifier of an ERSPAN engine within a system + + u32:0-1048575 + Unique identifier of an ERSPAN engine + + + + + + + + + ERSPAN version 1 index field + + u32:0-63 + Platform-depedent field for specifying port number and direction + + + + + + + + + Protocol version + + 1 2 + + + 1 + ERSPAN Type II + + + 2 + ERSPAN Type III + + + + + + 1 + + + + + + IPv4-specific tunnel parameters + + + + + Disable path MTU discovery + + + + + + Ignore the DF (don't fragment) bit + + + + #include + #include + #include + + 64 + + + + + + IPv6-specific tunnel parameters + + + + + Set fixed encapsulation limit + + none + + + u32:0-255 + Encapsulation limit + + + none + Disable encapsulation limit + + + (none) + + + Tunnel encaplimit must be 0-255 or none + + 4 + + #include + + + Hoplimit + + u32:0-255 + Hop limit + + + + + hop limit must be between 0-255 + + 64 + + + + Traffic class (Tclass) + + 0x0-0x0fffff + Traffic class, 'inherit' or hex value + + + (0x){0,1}(0?[0-9A-Fa-f]{1,2}) + + Must be 'inherit' or a number + + inherit + + + + + + #include + #include + + + + + diff --git a/interface-definitions/interfaces_virtual-ethernet.xml.in b/interface-definitions/interfaces_virtual-ethernet.xml.in new file mode 100644 index 000000000..c4610feec --- /dev/null +++ b/interface-definitions/interfaces_virtual-ethernet.xml.in @@ -0,0 +1,48 @@ + + + + + + + Virtual Ethernet (veth) Interface + 300 + + veth[0-9]+ + + Virtual Ethernet interface must be named vethN + + vethN + Virtual Ethernet interface name + + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + + + Virtual ethernet peer interface name + + interfaces virtual-ethernet + + + txt + Name of peer interface + + + veth[0-9]+ + + Virutal Ethernet interface must be named vethN + + + + + + + diff --git a/interface-definitions/interfaces_vti.xml.in b/interface-definitions/interfaces_vti.xml.in new file mode 100644 index 000000000..158d9afd0 --- /dev/null +++ b/interface-definitions/interfaces_vti.xml.in @@ -0,0 +1,32 @@ + + + + + + + Virtual Tunnel Interface (XFRM) + 381 + + vti[0-9]+ + + VTI interface must be named vtiN + + vtiN + VTI interface name + + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_vxlan.xml.in b/interface-definitions/interfaces_vxlan.xml.in new file mode 100644 index 000000000..504c08e7e --- /dev/null +++ b/interface-definitions/interfaces_vxlan.xml.in @@ -0,0 +1,133 @@ + + + + + + + Virtual Extensible LAN (VXLAN) Interface + 460 + + vxlan[0-9]+ + + VXLAN interface must be named vxlanN + + vxlanN + VXLAN interface name + + + + #include + #include + #include + + + Enable Generic Protocol extension (VXLAN-GPE) + + + + + + Multicast group address for VXLAN interface + + ipv4 + Multicast IPv4 group address + + + ipv6 + Multicast IPv6 group address + + + + + + Multicast IPv4/IPv6 address required + + + #include + #include + #include + #include + #include + + + VXLAN tunnel parameters + + + + + IPv4 specific tunnel parameters + + + #include + #include + #include + + 16 + + + + + + IPv6 specific tunnel parameters + + + #include + + + + + Use external control plane + + + + + + Do not add unknown addresses into forwarding database + + + + + + Enable neighbor discovery (ARP and ND) suppression + + + + + + Enable VNI filter support + + + + + + #include + + 4789 + + #include + #include + #include + #include + #include + #include + + + Configuring VLAN-to-VNI mappings for EVPN-VXLAN + + u32:0-4094 + Virtual Local Area Network (VLAN) ID + + + + + VLAN ID must be between 0 and 4094 + + + #include + + + + + + + diff --git a/interface-definitions/interfaces_wireguard.xml.in b/interface-definitions/interfaces_wireguard.xml.in new file mode 100644 index 000000000..f3fe0f1da --- /dev/null +++ b/interface-definitions/interfaces_wireguard.xml.in @@ -0,0 +1,129 @@ + + + + + + + WireGuard Interface + 379 + + wg[0-9]+ + + WireGuard interface must be named wgN + + wgN + WireGuard interface name + + + + #include + #include + #include + #include + #include + #include + + 1420 + + #include + #include + + + A 32-bit fwmark value set on all outgoing packets + + number + value which marks the packet for QoS/shaper + + + + + + 0 + + + + Base64 encoded private key + + [0-9a-zA-Z\+/]{43}= + + Key is not valid 44-character (32-bytes) base64 + + + + + peer alias + + [^ ]{1,100} + + peer alias too long (limit 100 characters) + + + #include + #include + + + base64 encoded public key + + [0-9a-zA-Z\+/]{43}= + + Key is not valid 44-character (32-bytes) base64 + + + + + base64 encoded preshared key + + [0-9a-zA-Z\+/]{43}= + + Key is not valid 44-character (32-bytes) base64 + + + + + IP addresses allowed to traverse the peer + + + + + + + + + IP address of tunnel endpoint + + ipv4 + IPv4 address of remote tunnel endpoint + + + ipv6 + IPv6 address of remote tunnel endpoint + + + + + + + + #include + + + Interval to send keepalive messages + + u32:1-65535 + Interval in seconds + + + + + + + + + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_wireless.xml.in b/interface-definitions/interfaces_wireless.xml.in new file mode 100644 index 000000000..b5da0a556 --- /dev/null +++ b/interface-definitions/interfaces_wireless.xml.in @@ -0,0 +1,832 @@ + + + + + + + Wireless (WiFi/WLAN) Network Interface + 318 + + + + + wlan[0-9]+ + + Wireless interface must be named wlanN + + wlanN + Wireless (WiFi/WLAN) interface name + + + + #include + + + HT and VHT capabilities for your card + + + + + HT (High Throughput) settings + + + + + 40MHz intolerance, use 20MHz only! + + + + + + Enable WMM-PS unscheduled automatic power aave delivery [U-APSD] + + + + + + Supported channel set width + + ht20 ht40+ ht40- + + + ht20 + Supported channel set width both 20 MHz only + + + ht40+ + Supported channel set width both 20 MHz and 40 MHz with secondary channel above primary channel + + + ht40- + Supported channel set width both 20 MHz and 40 MHz with secondary channel below primary channel + + + (ht20|ht40\+|ht40-) + + + + + + + Enable HT-delayed block ack + + + + + + Enable DSSS_CCK-40 + + + + + + Enable HT-greenfield + + + + + + Enable LDPC coding capability + + + + + + Enable L-SIG TXOP protection capability + + + + + + Set maximum A-MSDU length + + 3839 7935 + + + 3839 + Set maximum A-MSDU length to 3839 octets + + + 7935 + Set maximum A-MSDU length to 7935 octets + + + (3839|7935) + + + + + + Short GI capabilities + + 20 40 + + + 20 + Short GI for 20 MHz + + + 40 + Short GI for 40 MHz + + + (20|40) + + + + + + + Spatial Multiplexing Power Save (SMPS) settings + + static dynamic + + + static + STATIC Spatial Multiplexing (SM) Power Save + + + dynamic + DYNAMIC Spatial Multiplexing (SM) Power Save + + + (static|dynamic) + + + + + + Support for sending and receiving PPDU using STBC (Space Time Block Coding) + + + + + Enable receiving PPDU using STBC (Space Time Block Coding) + + [1-3]+ + Number of spacial streams that can use RX STBC + + + [1-3]+ + + Invalid capability item + + + + + Enable sending PPDU using STBC (Space Time Block Coding) + + + + + + + + + + Require stations to support HT PHY (reject association if they do not) + + + + + + + + + Require stations to support VHT PHY (reject association if they do not) + + + + + + + + + VHT (Very High Throughput) settings + + + + + Number of antennas on this card + + u32:1-8 + Number of antennas for this card + + + + + + + + + Set if antenna pattern does not change during the lifetime of an association + + + + + + Beamforming capabilities + + single-user-beamformer single-user-beamformee multi-user-beamformer multi-user-beamformee + + + single-user-beamformer + Support for operation as single user beamformer + + + single-user-beamformee + Support for operation as single user beamformee + + + multi-user-beamformer + Support for operation as multi user beamformer + + + multi-user-beamformee + Support for operation as multi user beamformee + + + (single-user-beamformer|single-user-beamformee|multi-user-beamformer|multi-user-beamformee) + + + + + + + VHT operating channel center frequency + + + + + VHT operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes) + + u32:34-173 + 5Ghz (802.11 a/h/j/n/ac) center channel index (use 42 for primary 80MHz channel 36) + + + + + Channel center value must be between 34 and 173 + + + + + VHT operating channel center frequency - center freq 2 (for use with the 80+80 mode) + + u32:34-173 + 5Ghz (802.11 a/h/j/n/ac) center channel index (use 58 for primary 80MHz channel 52) + + + + + Channel center value must be between 34 and 173 + + + + + + + VHT operating Channel width + + 0 1 2 3 + + + 0 + 20 or 40 MHz channel width + + + 1 + 80 MHz channel width + + + 2 + 160 MHz channel width + + + 3 + 80+80 MHz channel width + + + + + + + + + Enable LDPC (Low Density Parity Check) coding capability + + + + + + VHT link adaptation capabilities + + unsolicited both + + + unsolicited + Station provides only unsolicited VHT MFB + + + both + Station can provide VHT MFB in response to VHT MRQ and unsolicited VHT MFB + + + (unsolicited|both) + + Invalid capability item + + + + + Set the maximum length of A-MPDU pre-EOF padding that the station can receive + + u32:0-7 + Maximum length of A-MPDU pre-EOF padding = 2 pow(13 + x) -1 octets + + + + + + + + + Increase Maximum MPDU length to 7991 or 11454 octets (otherwise: 3895 octets) + + 7991 11454 + + + 7991 + ncrease Maximum MPDU length to 7991 octets + + + 11454 + ncrease Maximum MPDU length to 11454 octets + + + (7991|11454) + + + + + + Short GI capabilities + + 80 160 + + + 80 + Short GI for 80 MHz + + + 160 + Short GI for 160 MHz + + + (80|160) + + + + + + + Support for sending and receiving PPDU using STBC (Space Time Block Coding) + + + + + Enable receiving PPDU using STBC (Space Time Block Coding) + + [1-4]+ + Number of spacial streams that can use RX STBC + + + [1-4]+ + + Invalid capability item + + + + + Enable sending PPDU using STBC (Space Time Block Coding) + + + + + + + + Enable VHT TXOP Power Save Mode + + + + + + Station supports receiving VHT variant HT Control field + + + + + + + + + + Wireless radio channel + + 0 + Automatic Channel Selection (ACS) + + + u32:1-14 + 2.4Ghz (802.11 b/g/n) Channel + + + u32:34-173 + 5Ghz (802.11 a/h/j/n/ac) Channel + + + + + + 0 + + + + Indicate country in which device is operating + + us eu jp de uk cn es fr ru + + + txt + ISO/IEC 3166-1 Country Code + + + [a-z][a-z] + + Invalid ISO/IEC 3166-1 Country Code + + + #include + #include + #include + + + Disable broadcast of SSID from access-point + + + + #include + #include + #include + + + Disassociate stations based on excessive transmission failures + + + + #include + #include + #include + + + Isolate stations on the AP so they cannot see each other + + + + #include + + + Maximum number of wireless radio stations. Excess stations will be rejected upon authentication request. + + u32:1-2007 + Number of allowed stations + + + + + Number of stations must be between 1 and 2007 + + + + + Management Frame Protection (MFP) according to IEEE 802.11w + + disabled optional required + + + disabled + no MFP + + + optional + MFP optional + + + required + MFP enforced + + + (disabled|optional|required) + + + disabled + + + + Wireless radio mode + + a b g n ac + + + a + 802.11a - 54 Mbits/sec + + + b + 802.11b - 11 Mbits/sec + + + g + 802.11g - 54 Mbits/sec + + + n + 802.11n - 600 Mbits/sec + + + ac + 802.11ac - 1300 Mbits/sec + + + (a|b|g|n|ac) + + + g + + #include + + + Wireless physical device + + + + + + + + phy0 + + + + Transmission power reduction in dBm + + u32:0-255 + TX power reduction in dBm + + + + + dBm value must be between 0 and 255 + + + + + Wireless security settings + + + + + Station MAC address based authentication + + + + + Select security operation mode + + accept deny + + + accept + Accept all clients unless found in deny list + + + deny + Deny all clients unless found in accept list + + + (accept|deny) + + + accept + + + + Accept station MAC address + + + #include + + + + + Deny station MAC address + + + #include + + + + + + + Wired Equivalent Privacy (WEP) parameters + + + + + WEP encryption key + + txt + Wired Equivalent Privacy key + + + ([a-fA-F0-9]{10}|[a-fA-F0-9]{26}|[a-fA-F0-9]{32}) + + Invalid WEP key + + + + + + + + Wifi Protected Access (WPA) parameters + + + + + Cipher suite for WPA unicast packets + + GCMP-256 GCMP CCMP-256 CCMP TKIP + + + GCMP-256 + AES in Galois/counter mode with 256-bit key + + + GCMP + AES in Galois/counter mode with 128-bit key + + + CCMP-256 + AES in Counter mode with CBC-MAC with 256-bit key + + + CCMP + AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] (supported on all WPA2 APs) + + + TKIP + Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] + + + (GCMP-256|GCMP|CCMP-256|CCMP|TKIP) + + Invalid cipher selection + + + + + + Cipher suite for WPA multicast and broadcast packets + + GCMP-256 GCMP CCMP-256 CCMP TKIP + + + GCMP-256 + AES in Galois/counter mode with 256-bit key + + + GCMP + AES in Galois/counter mode with 128-bit key + + + CCMP-256 + AES in Counter mode with CBC-MAC with 256-bit key + + + CCMP + AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] (supported on all WPA2 APs) + + + TKIP + Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] + + + (GCMP-256|GCMP|CCMP-256|CCMP|TKIP) + + Invalid group cipher selection + + + + + + WPA mode + + wpa wpa2 wpa+wpa2 wpa3 + + + wpa + WPA (IEEE 802.11i/D3.0) + + + wpa2 + WPA2 (full IEEE 802.11i/RSN) + + + wpa+wpa2 + Allow both WPA and WPA2 + + + (wpa|wpa2|wpa\+wpa2|wpa3) + + Unknown WPA mode + + wpa+wpa2 + + + + WPA personal shared pass phrase. If you are using special characters in the WPA passphrase then single quotes are required. + + txt + Passphrase of at least 8 but not more than 63 printable characters + + + .{8,63} + + Invalid WPA pass phrase, must be 8 to 63 printable characters! + + + #include + + + + + + + Enable RADIUS server to receive accounting info + + + + + + + + + + + + + + Wireless access-point service set identifier (SSID) + + .{1,32} + + Invalid SSID + + + + + Wireless device type for this interface + + access-point station monitor + + + access-point + Access-point forwards packets between other nodes + + + station + Connects to another access point + + + monitor + Passively monitor all packets on the frequency/channel + + + (access-point|station|monitor) + + Type must be access-point, station or monitor + + monitor + + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_wwan.xml.in b/interface-definitions/interfaces_wwan.xml.in new file mode 100644 index 000000000..1580c3bcb --- /dev/null +++ b/interface-definitions/interfaces_wwan.xml.in @@ -0,0 +1,48 @@ + + + + + + + Wireless Modem (WWAN) Interface + 350 + + + + + wwan[0-9]+ + + Wireless Modem interface must be named wwanN + + wwanN + Wireless Wide Area Network interface name + + + + #include + + + Access Point Name (APN) + + + #include + #include + #include + #include + #include + #include + #include + #include + + 1430 + + #include + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/lldp.xml.in b/interface-definitions/lldp.xml.in deleted file mode 100644 index 25fb575b6..000000000 --- a/interface-definitions/lldp.xml.in +++ /dev/null @@ -1,188 +0,0 @@ - - - - - - - LLDP settings - 985 - - - - - Location data for interface - - all - Location data all interfaces - - - txt - Location data for a specific interface - - - - all - - - - #include - - - LLDP-MED location data - - - - - Coordinate based location - - - - - Altitude in meters - - 0 - No altitude - - - [+-]<meters> - Altitude in meters - - Altitude should be a positive or negative number - - - - - 0 - - - - Coordinate datum type - - WGS84 - WGS84 - - - NAD83 - NAD83 - - - MLLW - NAD83/MLLW - - - WGS84 NAD83 MLLW - - Datum should be WGS84, NAD83, or MLLW - - (WGS84|NAD83|MLLW) - - - WGS84 - - - - Latitude - - <latitude> - Latitude (example "37.524449N") - - Latitude should be a number followed by S or N - - (\d+)(\.\d+)?[nNsS] - - - - - - Longitude - - <longitude> - Longitude (example "122.267255W") - - Longiture should be a number followed by E or W - - (\d+)(\.\d+)?[eEwW] - - - - - - - - ECS ELIN (Emergency location identifier number) - - u32:0-9999999999 - Emergency Call Service ELIN number (between 10-25 numbers) - - - [0-9]{10,25} - - ELIN number must be between 10-25 numbers - - - - - - - - - Legacy (vendor specific) protocols - - - - - Listen for CDP for Cisco routers/switches - - - - - - Listen for EDP for Extreme routers/switches - - - - - - Listen for FDP for Foundry routers/switches - - - - - - Listen for SONMP for Nortel routers/switches - - - - - - - - Management IP Address - - - - - ipv4 - IPv4 Management Address - - - ipv6 - IPv6 Management Address - - - - - - - - - - Enable SNMP queries of the LLDP database - - - - - - - - diff --git a/interface-definitions/load-balancing-haproxy.xml.in b/interface-definitions/load-balancing-haproxy.xml.in deleted file mode 100644 index 8f6bd3a99..000000000 --- a/interface-definitions/load-balancing-haproxy.xml.in +++ /dev/null @@ -1,254 +0,0 @@ - - - - - - - Configure reverse-proxy - - - - - Frontend service name - - #include - - Server name must be alphanumeric and can contain hyphen and underscores - - - - - Backend member - - #include - - Backend name must be alphanumeric and can contain hyphen and underscores - - txt - Name of reverse-proxy backend system - - - load-balancing reverse-proxy backend - - - - - #include - #include - #include - #include - #include - - - Redirect HTTP to HTTPS - - - - - - SSL Certificate, SSL Key and CA - - - #include - - - - - - - Backend server name - - #include - - Backend name must be alphanumeric and can contain hyphen and underscores - - - - - Load-balancing algorithm - - source-address round-robin least-connection - - - source-address - Based on hash of source IP address - - - round-robin - Round robin - - - least-connection - Least connection - - - (source-address|round-robin|least-connection) - - - round-robin - - #include - #include - - - Backend parameters - - - - - HTTP health check - - - - - - #include - - - Backend server name - - - - - Backend server address - - ipv4 - IPv4 unicast peer address - - - ipv6 - IPv6 unicast peer address - - - - - - - - - Use backup server if other servers are not available - - - - - - Active health check backend server - - - - #include - - - Send a Proxy Protocol version 1 header (text format) - - - - - - Send a Proxy Protocol version 2 header (binary format) - - - - - - - - SSL Certificate, SSL Key and CA - - - #include - - - #include - - - - - Global perfomance parameters and limits - - - - - Maximum allowed connections - - u32:1-2000000 - Maximum allowed connections - - - - - - - - - Cipher algorithms ("cipher suite") used during SSL/TLS handshake for all frontend servers - - ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384 - - - ecdhe-ecdsa-aes128-gcm-sha256 - ecdhe-ecdsa-aes128-gcm-sha256 - - - ecdhe-rsa-aes128-gcm-sha256 - ecdhe-rsa-aes128-gcm-sha256 - - - ecdhe-ecdsa-aes256-gcm-sha384 - ecdhe-ecdsa-aes256-gcm-sha384 - - - ecdhe-rsa-aes256-gcm-sha384 - ecdhe-rsa-aes256-gcm-sha384 - - - ecdhe-ecdsa-chacha20-poly1305 - ecdhe-ecdsa-chacha20-poly1305 - - - ecdhe-rsa-chacha20-poly1305 - ecdhe-rsa-chacha20-poly1305 - - - dhe-rsa-aes128-gcm-sha256 - dhe-rsa-aes128-gcm-sha256 - - - dhe-rsa-aes256-gcm-sha384 - dhe-rsa-aes256-gcm-sha384 - - - (ecdhe-ecdsa-aes128-gcm-sha256|ecdhe-rsa-aes128-gcm-sha256|ecdhe-ecdsa-aes256-gcm-sha384|ecdhe-rsa-aes256-gcm-sha384|ecdhe-ecdsa-chacha20-poly1305|ecdhe-rsa-chacha20-poly1305|dhe-rsa-aes128-gcm-sha256|dhe-rsa-aes256-gcm-sha384) - - - - ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384 - - - - Specify the minimum required TLS version - - 1.2 1.3 - - - 1.2 - TLS v1.2 - - - 1.3 - TLS v1.3 - - - (1.2|1.3) - - - 1.3 - - - - #include - - - - - diff --git a/interface-definitions/load-balancing-wan.xml.in b/interface-definitions/load-balancing-wan.xml.in deleted file mode 100644 index c12cab22a..000000000 --- a/interface-definitions/load-balancing-wan.xml.in +++ /dev/null @@ -1,399 +0,0 @@ - - - - - Configure load-balancing - 900 - - - - - Configure Wide Area Network (WAN) load-balancing - - - - - Disable source NAT rules from being configured for WAN load balancing - - - - - - Enable WAN load balancing for locally sourced traffic - - - - - - Flush connection tracking tables on connection state change - - - - - - Script to be executed on interface status change - - txt - Script in /config/scripts - - - - - - - - - Interface name - - - - - - - - Failure count - - u32:1-10 - Failure count - - - - - - 1 - - - - Outbound interface nexthop address. Can be 'DHCP or IPv4 address' [REQUIRED] - - dhcp - - - ipv4 - Nexthop IP address - - - dhcp - Set the nexthop via DHCP - - - - (dhcp) - - - - - - Success count - - u32:1-10 - Success count - - - - - - 1 - - - - Rule number - - u32:0-4294967295 - Rule number - - - - - - - - - Ping response time (seconds) - - u32:1-30 - Response time (seconds) - - - - - - 5 - - - - Health target address - - ipv4 - Health target address - - - - - - - - - Path to user-defined script - - txt - Script in /config/scripts - - - - - - - - - TTL limit (hop count) - - u32:1-254 - Number of hops - - - - - - 1 - - - - WLB test type - - ping ttl user-defined - - - ping - Test with ICMP echo response - - - ttl - Test with UDP TTL expired response - - - user-defined - User-defined test script - - - (ping|ttl|user-defined) - - - ping - - - - - - - - Rule number (1-9999) - - u32:1-9999 - Rule number - - - - - - - #include - - - Destination - - - #include - #include - - - - - Exclude packets matching this rule from WAN load balance - - - - - - Enable failover for packets matching this rule from WAN load balance - - - - - - Inbound interface name (e.g., "eth0") [REQUIRED] - - any - - - - - - - Interface name [REQUIRED] - - - - - - - - Load-balance weight - - u32:1-255 - Interface weight - - - - - Weight must be between 1 and 255 - - 1 - - - - - - Enable packet limit for this rule - - - - - Burst limit for matching packets - - u32:0-4294967295 - Burst limit for matching packets - - - - - - 5 - - - - Time window for rate calculation - - hour minute second - - - hour - hour - - - minute - minute - - - second - second - - - (hour|minute|second) - - - second - - - - Number of packets used for rate limit - - u32:0-4294967295 - Number of packets used for rate limit - - - - - - 5 - - - - Threshold behavior for limit - - above below - - - above - Above limit - - - below - Below limit - - - (above|below) - - - below - - - - - - Option to match traffic per-packet instead of the default, per-flow - - - - - - Protocol to match (protocol name, number, or "all") - - - all tcp_udp - - - all - All IP protocols - - - tcp_udp - Both TCP and UDP - - - u32:0-255 - IP protocol number - - - <protocol> - IP protocol name - - - !<protocol> - IP protocol name - - - - - - all - - - - Source information - - - #include - #include - - - - - - - Configure sticky connections - - - - - Enable sticky incoming WAN connections - - - - - - - - - - diff --git a/interface-definitions/load-balancing_reverse-proxy.xml.in b/interface-definitions/load-balancing_reverse-proxy.xml.in new file mode 100644 index 000000000..2c2742dff --- /dev/null +++ b/interface-definitions/load-balancing_reverse-proxy.xml.in @@ -0,0 +1,254 @@ + + + + + + + Configure reverse-proxy + + + + + Frontend service name + + #include + + Server name must be alphanumeric and can contain hyphen and underscores + + + + + Backend member + + #include + + Backend name must be alphanumeric and can contain hyphen and underscores + + txt + Name of reverse-proxy backend system + + + load-balancing reverse-proxy backend + + + + + #include + #include + #include + #include + #include + + + Redirect HTTP to HTTPS + + + + + + SSL Certificate, SSL Key and CA + + + #include + + + + + + + Backend server name + + #include + + Backend name must be alphanumeric and can contain hyphen and underscores + + + + + Load-balancing algorithm + + source-address round-robin least-connection + + + source-address + Based on hash of source IP address + + + round-robin + Round robin + + + least-connection + Least connection + + + (source-address|round-robin|least-connection) + + + round-robin + + #include + #include + + + Backend parameters + + + + + HTTP health check + + + + + + #include + + + Backend server name + + + + + Backend server address + + ipv4 + IPv4 unicast peer address + + + ipv6 + IPv6 unicast peer address + + + + + + + + + Use backup server if other servers are not available + + + + + + Active health check backend server + + + + #include + + + Send a Proxy Protocol version 1 header (text format) + + + + + + Send a Proxy Protocol version 2 header (binary format) + + + + + + + + SSL Certificate, SSL Key and CA + + + #include + + + #include + + + + + Global perfomance parameters and limits + + + + + Maximum allowed connections + + u32:1-2000000 + Maximum allowed connections + + + + + + + + + Cipher algorithms ("cipher suite") used during SSL/TLS handshake for all frontend servers + + ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384 + + + ecdhe-ecdsa-aes128-gcm-sha256 + ecdhe-ecdsa-aes128-gcm-sha256 + + + ecdhe-rsa-aes128-gcm-sha256 + ecdhe-rsa-aes128-gcm-sha256 + + + ecdhe-ecdsa-aes256-gcm-sha384 + ecdhe-ecdsa-aes256-gcm-sha384 + + + ecdhe-rsa-aes256-gcm-sha384 + ecdhe-rsa-aes256-gcm-sha384 + + + ecdhe-ecdsa-chacha20-poly1305 + ecdhe-ecdsa-chacha20-poly1305 + + + ecdhe-rsa-chacha20-poly1305 + ecdhe-rsa-chacha20-poly1305 + + + dhe-rsa-aes128-gcm-sha256 + dhe-rsa-aes128-gcm-sha256 + + + dhe-rsa-aes256-gcm-sha384 + dhe-rsa-aes256-gcm-sha384 + + + (ecdhe-ecdsa-aes128-gcm-sha256|ecdhe-rsa-aes128-gcm-sha256|ecdhe-ecdsa-aes256-gcm-sha384|ecdhe-rsa-aes256-gcm-sha384|ecdhe-ecdsa-chacha20-poly1305|ecdhe-rsa-chacha20-poly1305|dhe-rsa-aes128-gcm-sha256|dhe-rsa-aes256-gcm-sha384) + + + + ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384 + + + + Specify the minimum required TLS version + + 1.2 1.3 + + + 1.2 + TLS v1.2 + + + 1.3 + TLS v1.3 + + + (1.2|1.3) + + + 1.3 + + + + #include + + + + + diff --git a/interface-definitions/load-balancing_wan.xml.in b/interface-definitions/load-balancing_wan.xml.in new file mode 100644 index 000000000..e117fd1b2 --- /dev/null +++ b/interface-definitions/load-balancing_wan.xml.in @@ -0,0 +1,399 @@ + + + + + Configure load-balancing + 900 + + + + + Configure Wide Area Network (WAN) load-balancing + + + + + Disable source NAT rules from being configured for WAN load balancing + + + + + + Enable WAN load balancing for locally sourced traffic + + + + + + Flush connection tracking tables on connection state change + + + + + + Script to be executed on interface status change + + txt + Script in /config/scripts + + + + + + + + + Interface name + + + + + + + + Failure count + + u32:1-10 + Failure count + + + + + + 1 + + + + Outbound interface nexthop address. Can be 'DHCP or IPv4 address' [REQUIRED] + + dhcp + + + ipv4 + Nexthop IP address + + + dhcp + Set the nexthop via DHCP + + + + (dhcp) + + + + + + Success count + + u32:1-10 + Success count + + + + + + 1 + + + + Rule number + + u32:0-4294967295 + Rule number + + + + + + + + + Ping response time (seconds) + + u32:1-30 + Response time (seconds) + + + + + + 5 + + + + Health target address + + ipv4 + Health target address + + + + + + + + + Path to user-defined script + + txt + Script in /config/scripts + + + + + + + + + TTL limit (hop count) + + u32:1-254 + Number of hops + + + + + + 1 + + + + WLB test type + + ping ttl user-defined + + + ping + Test with ICMP echo response + + + ttl + Test with UDP TTL expired response + + + user-defined + User-defined test script + + + (ping|ttl|user-defined) + + + ping + + + + + + + + Rule number (1-9999) + + u32:1-9999 + Rule number + + + + + + + #include + + + Destination + + + #include + #include + + + + + Exclude packets matching this rule from WAN load balance + + + + + + Enable failover for packets matching this rule from WAN load balance + + + + + + Inbound interface name (e.g., "eth0") [REQUIRED] + + any + + + + + + + Interface name [REQUIRED] + + + + + + + + Load-balance weight + + u32:1-255 + Interface weight + + + + + Weight must be between 1 and 255 + + 1 + + + + + + Enable packet limit for this rule + + + + + Burst limit for matching packets + + u32:0-4294967295 + Burst limit for matching packets + + + + + + 5 + + + + Time window for rate calculation + + hour minute second + + + hour + hour + + + minute + minute + + + second + second + + + (hour|minute|second) + + + second + + + + Number of packets used for rate limit + + u32:0-4294967295 + Number of packets used for rate limit + + + + + + 5 + + + + Threshold behavior for limit + + above below + + + above + Above limit + + + below + Below limit + + + (above|below) + + + below + + + + + + Option to match traffic per-packet instead of the default, per-flow + + + + + + Protocol to match (protocol name, number, or "all") + + + all tcp_udp + + + all + All IP protocols + + + tcp_udp + Both TCP and UDP + + + u32:0-255 + IP protocol number + + + <protocol> + IP protocol name + + + !<protocol> + IP protocol name + + + + + + all + + + + Source information + + + #include + #include + + + + + + + Configure sticky connections + + + + + Enable sticky incoming WAN connections + + + + + + + + + + diff --git a/interface-definitions/ntp.xml.in b/interface-definitions/ntp.xml.in deleted file mode 100644 index 4e874434b..000000000 --- a/interface-definitions/ntp.xml.in +++ /dev/null @@ -1,67 +0,0 @@ - - - - - - - - Network Time Protocol (NTP) configuration - 900 - - - - - Network Time Protocol (NTP) server - - ipv4 - IP address of NTP server - - - ipv6 - IPv6 address of NTP server - - - hostname - Fully qualified domain name of NTP server - - - - - - - - - - Marks the server as unused - - - - - - Enable Network Time Security (NTS) for the server - - - - - - Associate with a number of remote servers - - - - - - Marks the server as preferred - - - - - - #include - #include - #include - #include - - - - - diff --git a/interface-definitions/policy-local-route.xml.in b/interface-definitions/policy-local-route.xml.in deleted file mode 100644 index 15be099c9..000000000 --- a/interface-definitions/policy-local-route.xml.in +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - IPv4 policy route of local traffic - 500 - - - - - Policy local-route rule set number - - - u32:1-32765 - Local-route rule number (1-32765) - - - - - - - - - Packet modifications - - - - - Routing table to forward packet with - - u32:1-200 - Table number - - - main - - - - - - - - Match fwmark value - - u32:1-2147483647 - Address to match against - - - - - - - #include - - - Source parameters - - - #include - #include - - - - - Destination parameters - - - #include - #include - - - #include - - - - - - - IPv6 policy route of local traffic - 500 - - - - - IPv6 policy local-route rule set number - - - u32:1-32765 - Local-route rule number (1-32765) - - - - - - - - - Packet modifications - - - - - Routing table to forward packet with - - u32:1-200 - Table number - - - main - - - - - - - - Match fwmark value - - u32:1-2147483647 - Address to match against - - - - - - - #include - - - Source parameters - - - #include - #include - - - - - Destination parameters - - - #include - #include - - - #include - - - - - - - diff --git a/interface-definitions/policy-route.xml.in b/interface-definitions/policy-route.xml.in deleted file mode 100644 index 92e7a0cb4..000000000 --- a/interface-definitions/policy-route.xml.in +++ /dev/null @@ -1,117 +0,0 @@ - - - - - - - Policy route rule set name for IPv6 - - [a-zA-Z0-9][\w\-\.]* - - 201 - - - #include - #include - #include - - - Policy rule number - - u32:1-999999 - Number of policy rule - - - - - Policy rule number must be between 1 and 999999 - - - - - Destination parameters - - - #include - #include - #include - - - - - Source parameters - - - #include - #include - #include - - - #include - #include - #include - #include - #include - #include - - - - - - - Policy route rule set name for IPv4 - - [a-zA-Z0-9][\w\-\.]* - - 201 - - - #include - #include - #include - - - Policy rule number - - u32:1-999999 - Number of policy rule - - - - - Policy rule number must be between 1 and 999999 - - - - - Destination parameters - - - #include - #include - #include - - - - - Source parameters - - - #include - #include - #include - - - #include - #include - #include - #include - #include - #include - - - - - - - diff --git a/interface-definitions/policy_local-route.xml.in b/interface-definitions/policy_local-route.xml.in new file mode 100644 index 000000000..7a019154a --- /dev/null +++ b/interface-definitions/policy_local-route.xml.in @@ -0,0 +1,156 @@ + + + + + + + + IPv4 policy route of local traffic + 500 + + + + + Policy local-route rule set number + + + u32:1-32765 + Local-route rule number (1-32765) + + + + + + + + + Packet modifications + + + + + Routing table to forward packet with + + u32:1-200 + Table number + + + main + + + + + + + + Match fwmark value + + u32:1-2147483647 + Address to match against + + + + + + + #include + + + Source parameters + + + #include + #include + + + + + Destination parameters + + + #include + #include + + + #include + + + + + + + IPv6 policy route of local traffic + 500 + + + + + IPv6 policy local-route rule set number + + + u32:1-32765 + Local-route rule number (1-32765) + + + + + + + + + Packet modifications + + + + + Routing table to forward packet with + + u32:1-200 + Table number + + + main + + + + + + + + Match fwmark value + + u32:1-2147483647 + Address to match against + + + + + + + #include + + + Source parameters + + + #include + #include + + + + + Destination parameters + + + #include + #include + + + #include + + + + + + + diff --git a/interface-definitions/policy_route.xml.in b/interface-definitions/policy_route.xml.in new file mode 100644 index 000000000..9cc22540b --- /dev/null +++ b/interface-definitions/policy_route.xml.in @@ -0,0 +1,117 @@ + + + + + + + Policy route rule set name for IPv6 + + [a-zA-Z0-9][\w\-\.]* + + 201 + + + #include + #include + #include + + + Policy rule number + + u32:1-999999 + Number of policy rule + + + + + Policy rule number must be between 1 and 999999 + + + + + Destination parameters + + + #include + #include + #include + + + + + Source parameters + + + #include + #include + #include + + + #include + #include + #include + #include + #include + #include + + + + + + + Policy route rule set name for IPv4 + + [a-zA-Z0-9][\w\-\.]* + + 201 + + + #include + #include + #include + + + Policy rule number + + u32:1-999999 + Number of policy rule + + + + + Policy rule number must be between 1 and 999999 + + + + + Destination parameters + + + #include + #include + #include + + + + + Source parameters + + + #include + #include + #include + + + #include + #include + #include + #include + #include + #include + + + + + + + diff --git a/interface-definitions/protocols-babel.xml.in b/interface-definitions/protocols-babel.xml.in deleted file mode 100644 index 49fffe230..000000000 --- a/interface-definitions/protocols-babel.xml.in +++ /dev/null @@ -1,254 +0,0 @@ - - - - - - - Babel Routing Protocol - 650 - - - - - Babel-specific parameters - - - - - Enable diversity-aware routing - - - - - - Multiplicative factor used for diversity routing - - u32:1-256 - Multiplicative factor, in units of 1/256 - - - - - - 256 - - - - Time before resending a message - - u32:20-655340 - Milliseconds - - - - - - 2000 - - - - Smoothing half-life - - u32:0-65534 - Seconds - - - - - - 4 - - - - #include - - - Redistribute information from another routing protocol - - - - - Redistribute IPv4 routes - - - - - Redistribute BGP routes - - - - - - Redistribute connected routes - - - - - - Redistribute EIGRP routes - - - - - - Redistribute IS-IS routes - - - - - - Redistribute kernel routes - - - - - - Redistribute NHRP routes - - - - - - Redistribute OSPF routes - - - - - - Redistribute RIP routes - - - - - - Redistribute static routes - - - - - - - - Redistribute IPv6 routes - - - - - Redistribute BGP routes - - - - - - Redistribute connected routes - - - - - - Redistribute IS-IS routes - - - - - - Redistribute kernel routes - - - - - - Redistribute NHRP routes - - - - - - Redistribute OSPFv3 routes - - - - - - Redistribute RIPng routes - - - - - - Redistribute static routes - - - - - - - - - - Filter networks in routing updates - - - - - Filter IPv4 routes - - - #include - - - Apply filtering to an interface - - txt - Apply filtering to an interface - - - - - - #include - - - - #include - #include - - - #include - - - - - Filter IPv6 routes - - - #include - - - Apply filtering to an interface - - txt - Apply filtering to an interface - - - - - - #include - - - - #include - #include - - - #include - - - - - - - - - diff --git a/interface-definitions/protocols-bfd.xml.in b/interface-definitions/protocols-bfd.xml.in deleted file mode 100644 index 9048cf5c2..000000000 --- a/interface-definitions/protocols-bfd.xml.in +++ /dev/null @@ -1,85 +0,0 @@ - - - - - - - - Bidirectional Forwarding Detection (BFD) - 820 - - - - - Configures BFD peer to listen and talk to - - ipv4 - BFD peer IPv4 address - - - ipv6 - BFD peer IPv6 address - - - - - - - #include - - - Bind listener to specified interface/address, mandatory for IPv6 - - - #include - - - Local address to bind our peer listener to - - - - - ipv4 - Local IPv4 address used to connect to the peer - - - ipv6 - Local IPv6 address used to connect to the peer - - - - - - - - - #include - - - Allow this BFD peer to not be directly connected - - - - #include - - - - - Configure BFD profile used by individual peer - - txt - Name of BFD profile - - - [-_a-zA-Z0-9]{1,32} - - - - #include - - - - - - - diff --git a/interface-definitions/protocols-bgp.xml.in b/interface-definitions/protocols-bgp.xml.in deleted file mode 100644 index e1a822999..000000000 --- a/interface-definitions/protocols-bgp.xml.in +++ /dev/null @@ -1,16 +0,0 @@ - - - - - - - Border Gateway Protocol (BGP) - 820 - - - #include - - - - - diff --git a/interface-definitions/protocols-eigrp.xml.in b/interface-definitions/protocols-eigrp.xml.in deleted file mode 100644 index 88a881a1e..000000000 --- a/interface-definitions/protocols-eigrp.xml.in +++ /dev/null @@ -1,17 +0,0 @@ - - - - - - - - Enhanced Interior Gateway Routing Protocol (EIGRP) - 820 - - - #include - - - - - diff --git a/interface-definitions/protocols-failover.xml.in b/interface-definitions/protocols-failover.xml.in deleted file mode 100644 index c0caec68e..000000000 --- a/interface-definitions/protocols-failover.xml.in +++ /dev/null @@ -1,135 +0,0 @@ - - - - - - - Failover Routing - 490 - - - - - Failover IPv4 route - - ipv4net - IPv4 failover route - - - - - - - - - Next-hop IPv4 router address - - ipv4 - Next-hop router address - - - - - - - - - Check target options - - - - - Policy for check targets - - any-available all-available - - - all-available - All targets must be alive - - - any-available - Any target must be alive - - - (all-available|any-available) - - - any-available - - #include - - - Check target address - - ipv4 - Address to check - - - - - - - - - - Timeout between checks - - u32:1-300 - Timeout in seconds between checks - - - - - - 10 - - - - Check type - - arp icmp tcp - - - arp - Check target by ARP - - - icmp - Check target by ICMP - - - tcp - Check target by TCP - - - (arp|icmp|tcp) - - - icmp - - - - #include - - - Route metric for this gateway - - u32:1-255 - Route metric - - - - - - 1 - - - - - - - - - - diff --git a/interface-definitions/protocols-isis.xml.in b/interface-definitions/protocols-isis.xml.in deleted file mode 100644 index e0bc47bb9..000000000 --- a/interface-definitions/protocols-isis.xml.in +++ /dev/null @@ -1,16 +0,0 @@ - - - - - - - Intermediate System to Intermediate System (IS-IS) - 610 - - - #include - - - - - diff --git a/interface-definitions/protocols-mpls.xml.in b/interface-definitions/protocols-mpls.xml.in deleted file mode 100644 index 831601fc6..000000000 --- a/interface-definitions/protocols-mpls.xml.in +++ /dev/null @@ -1,560 +0,0 @@ - - - - - - - - Multiprotocol Label Switching (MPLS) - 490 - - - - - Label Distribution Protocol (LDP) - - - #include - - - Forwarding equivalence class allocation from local routes - - - - - IPv4 routes - - - - - Access-list number - - u32:1-2699 - Access list number - - - - - - - - - - - IPv6 routes - - - - - Access-list6 number - - u32:1-2699 - Access list number - - - - - - - - - - - - - LDP neighbor parameters - - ipv4 - Neighbor IPv4 address - - - - - - - - - Neighbor password - - - - - Neighbor TTL security - - disable - - - u32:1-254 - TTL - - - disable - Disable neighbor TTL security - - - - - - Session IPv4 hold time - - u32:15-65535 - Time in seconds - - - - - - - - - - - Discovery parameters - - ipv4 - Discovery parameters - - - - - - Hello IPv4 hold time - - u32:1-65535 - Time in seconds - - - - - - - - - Hello IPv4 interval - - u32:1-65535 - Time in seconds - - - - - - - - - Hello IPv6 hold time - - u32:1-65535 - Time in seconds - - - - - - - - - Hello IPv6 interval - - u32:1-65535 - Time in seconds - - - - - - - - - Session IPv4 hold time - - u32:15-65535 - Time in seconds - - - - - - - - - Session IPv6 hold time - - u32:15-65535 - Time in seconds - - - - - - - - - Transport IPv4 address - - ipv4 - IPv4 bind as transport - - - - - - - - - Transport IPv6 address - - ipv6 - IPv6 bind as transport - - - - - - - - - - - Targeted LDP neighbor/session parameters - - - - - Targeted IPv4 neighbor/session parameters - - - - - Neighbor/session address - - ipv4 - Neighbor/session address - - - - - - - - - - Accept and respond to targeted hellos - - - - - - Hello interval - - u32:1-65535 - Time in seconds - - - - - - - - - Hello hold time - - u32:1-65535 - Time in seconds - - - - - - - - - - - Targeted IPv6 neighbor/session parameters - - - - - Neighbor/session address - - ipv6 - Neighbor/session address - - - - - - - - - - Accept and respond to targeted hellos - - - - - - Hello interval - - u32:1-65535 - Time in seconds - - - - - - - - - Hello hold time - - u32:1-65535 - Time in seconds - - - - - - - - - - - - - Label Distribution Protocol miscellaneous parameters - - - - - Enable Cisco non-compliant format capability TLV - - - - - - Prefer IPv4 for TCP peer transport connection - - - - - - Enable LDP ordered label distribution control mode - - - - - - - - Export parameters - - - - - IPv4 parameters - - - - - Explicit-Null Label - - - - - - Forwarding equivalence class export filter - - - - - Access-list number to apply FEC filtering - - u32:1-2699 - Access list number - - - - - - - - - Access-list number for IPv4 neighbor selection to apply filtering - - u32:1-2699 - Access list number - - - - - - - - - - - - - IPv6 parameters - - - - - Explicit-Null Label - - - - - - Forwarding equivalence class export filter - - - - - Access-list6 number to apply FEC filtering - - u32:1-2699 - Access list number - - - - - - - - - Access-list6 number for IPv6 neighbor selection to apply filtering - - u32:1-2699 - Access list number - - - - - - - - - - - - - - - Import parameters - - - - - IPv4 parameters - - - - - Forwarding equivalence class import filter - - - - - Access-list number to apply FEC filtering - - u32:1-2699 - Access list number - - - - - - - - - Access-list number for IPv4 neighbor selection to apply filtering - - u32:1-2699 - Access list number - - - - - - - - - - - - - IPv6 parameters - - - - - Forwarding equivalence class import filter - - - - - Access-list6 number to apply FEC filtering - - u32:1-2699 - Access list number - - - - - - - - - Access-list6 number for IPv6 neighbor selection to apply filtering - - u32:1-2699 - Access list number - - - - - - - - - - - - - #include - - - - - Multiprotocol Label Switching miscellaneous parameters - - - - - Disable copy of IP TTL to MPLS TTL - - - - - - Maximum TTL for MPLS packets - - u32:1-255 - Maximum hops allowed - - - - - - - - - #include - - - - - diff --git a/interface-definitions/protocols-multicast.xml.in b/interface-definitions/protocols-multicast.xml.in deleted file mode 100644 index c8e28ed35..000000000 --- a/interface-definitions/protocols-multicast.xml.in +++ /dev/null @@ -1,94 +0,0 @@ - - - - - - - - - Multicast static route - - - - - Configure static unicast route into MRIB for multicast RPF lookup - - ipv4net - Network - - - - - - - - - Nexthop IPv4 address - - ipv4 - Nexthop IPv4 address - - - - - - - - - Distance value for this route - - u32:1-255 - Distance for this route - - - - - - - - - - - - - Multicast interface based route - - ipv4net - Network - - - - - - - - - Next-hop interface - - - - - - - - Distance value for this route - - u32:1-255 - Distance for this route - - - - - - - - - - - - - - - - - diff --git a/interface-definitions/protocols-nhrp.xml.in b/interface-definitions/protocols-nhrp.xml.in deleted file mode 100644 index d7663c095..000000000 --- a/interface-definitions/protocols-nhrp.xml.in +++ /dev/null @@ -1,138 +0,0 @@ - - - - - - - Next Hop Resolution Protocol (NHRP) parameters - 680 - - - - - Tunnel for NHRP - - tun[0-9]+ - - - tunN - NHRP tunnel name - - - - - - Pass phrase for cisco authentication - - txt - Pass phrase for cisco authentication - - - [^[:space:]]{1,8} - - Password should contain up to eight non-whitespace characters - - - - - Set an HUB tunnel address - - ipv4net - Set the IP address and prefix length - - - - - - Set HUB fqdn (nbma-address - fqdn) - - <fqdn> - Set the external HUB fqdn - - - - - - - - Holding time in seconds - - - - - Set an HUB tunnel address - - - - - If the statically mapped peer is running Cisco IOS, specify this - - - - - - Set HUB address (nbma-address - external hub address or fqdn) - - - - - Specifies that Registration Request should be sent to this peer on startup - - - - - - - - Set multicast for NHRP - - dynamic nhs - - - (dynamic|nhs) - - - - - - This can be used to reduce memory consumption on big NBMA subnets - - - - - - Enable sending of Cisco style NHRP Traffic Indication packets - - - - - - This instructs opennhrp to reply with authorative answers on NHRP Resolution Requests destined to addresses in this interface - - - - - - Defines an off-NBMA network prefix for which the GRE interface will act as a gateway - - - - - Holding time in seconds - - - - - - - Enable creation of shortcut routes. A received NHRP Traffic Indication will trigger the resolution and establishment of a shortcut route - - - - - - - - - - diff --git a/interface-definitions/protocols-ospf.xml.in b/interface-definitions/protocols-ospf.xml.in deleted file mode 100644 index b3c063d0d..000000000 --- a/interface-definitions/protocols-ospf.xml.in +++ /dev/null @@ -1,16 +0,0 @@ - - - - - - - Open Shortest Path First (OSPF) - 620 - - - #include - - - - - diff --git a/interface-definitions/protocols-ospfv3.xml.in b/interface-definitions/protocols-ospfv3.xml.in deleted file mode 100644 index 2b98ffa7b..000000000 --- a/interface-definitions/protocols-ospfv3.xml.in +++ /dev/null @@ -1,16 +0,0 @@ - - - - - - - Open Shortest Path First (OSPF) for IPv6 - 620 - - - #include - - - - - diff --git a/interface-definitions/protocols-pim.xml.in b/interface-definitions/protocols-pim.xml.in deleted file mode 100644 index 4a20c0d9b..000000000 --- a/interface-definitions/protocols-pim.xml.in +++ /dev/null @@ -1,210 +0,0 @@ - - - - - - - - Protocol Independent Multicast (PIM) and IGMP - 400 - - - - - PIM interface - - - - - #include - - - - #include - #include - #include - #include - #include - #include - - - Internet Group Management Protocol (IGMP) options - - - #include - - - IGMP join multicast group - - ipv4 - Multicast group address - - - - - - - #include - - - - - IGMP host query interval - - u32:1-1800 - Query interval in seconds - - - - - - - - - IGMP max query response time - - u32:10-250 - Query response value in deci-seconds - - - - - - - - - Interface IGMP version - - 2 3 - - - 2 - IGMP version 2 - - - 3 - IGMP version 3 - - - - - - 3 - - - - - - - - Enable PIM ECMP - - - - - Enable PIM ECMP Rebalance - - - - - - - - Internet Group Management Protocol (IGMP) options - - - - - Configure group limit for watermark warning - - u32:1-65535 - Group count to generate watermark warning - - - - - - - - - #include - #include - #include - #include - - - Only accept registers from a specific source prefix list - - - #include - - - - - Rendezvous Point - - - - - Rendezvous Point address - - ipv4 - Rendezvous Point address - - - - - - - - - Group Address range - - ipv4net - Group Address range RFC 3171 - - - - - - - - - - #include - - - - - Disable IPv6 secondary address in hello packets - - - - - - Shortest-path tree (SPT) switchover - - - - - Never switch to SPT Tree - - - #include - - - - - - - Source-Specific Multicast - - - #include - - - - - - - diff --git a/interface-definitions/protocols-pim6.xml.in b/interface-definitions/protocols-pim6.xml.in deleted file mode 100644 index 8bd3f3fee..000000000 --- a/interface-definitions/protocols-pim6.xml.in +++ /dev/null @@ -1,179 +0,0 @@ - - - - - - - - Protocol Independent Multicast for IPv6 (PIMv6) and MLD - 400 - - - - - PIMv6 interface - - - - - #include - - - - #include - #include - #include - #include - - - Multicast Listener Discovery (MLD) - - - #include - - - MLD join multicast group - - ipv6 - Multicast group address - - - - - - - - - Source address - - ipv6 - Source address - - - - - - - - - - - - - - - Last member query count - - u32:1-255 - Count - - - - - - - - - Last member query interval - - u32:100-6553500 - Last member query interval in milliseconds - - - - - - - - - Query interval - - u32:1-65535 - Query interval in seconds - - - - - - - - - Max query response time - - u32:100-6553500 - Query response value in milliseconds - - - - - - - - - MLD version - - 1 2 - - - 1 - MLD version 1 - - - 2 - MLD version 2 - - - - - - 2 - - - - - - #include - #include - #include - #include - - - Rendezvous Point - - - - - Rendezvous Point address - - ipv6 - Rendezvous Point address - - - - - - - - - Group Address range - - ipv6net - Group Address range - - - - - - - - #include - - - #include - - - - - - - diff --git a/interface-definitions/protocols-rip.xml.in b/interface-definitions/protocols-rip.xml.in deleted file mode 100644 index 0edd8f2ce..000000000 --- a/interface-definitions/protocols-rip.xml.in +++ /dev/null @@ -1,258 +0,0 @@ - - - - - - - Routing Information Protocol (RIP) parameters - 650 - - - - - Administrative distance - - u32:1-255 - Administrative distance - - - - - - - #include - #include - - - Filter networks in routing updates - - - #include - - - Apply filtering to an interface - - txt - Apply filtering to an interface - - - - - - #include - - - - #include - #include - - - #include - - - #include - - - - - Authentication - - - - - MD5 key id - - u32:1-255 - OSPF key id - - - - - - - - - Authentication password - - txt - MD5 Key (16 characters or less) - - - [^[:space:]]{1,16} - - Password must be 16 characters or less - - - - - - - Plain text password - - txt - Plain text password (16 characters or less) - - - [^[:space:]]{1,16} - - Password must be 16 characters or less - - - - - - - Advertisement reception - - - #include - - - - - Advertisement transmission - - - #include - - - - - - - Neighbor router - - ipv4 - Neighbor router - - - - - - - - - - RIP network - - ipv4net - RIP network - - - - - - - - - - Source network - - ipv4net - Source network - - - - - - - - - Access list - - txt - Access list - - - policy access-list - - - - #include - - - #include - - - Redistribute information from another routing protocol - - - - - Redistribute BGP routes - - - #include - - - - - Redistribute connected routes - - - #include - - - - - Redistribute IS-IS routes - - - #include - - - - - Redistribute kernel routes - - - #include - - - - - Redistribute OSPF routes - - - #include - - - - - Redistribute static routes - - - #include - - - - - Redistribute Babel routes - - - #include - - - - - - - RIP static route - - ipv4net - RIP static route - - - - - - - - #include - #include - #include - - - - - diff --git a/interface-definitions/protocols-ripng.xml.in b/interface-definitions/protocols-ripng.xml.in deleted file mode 100644 index 9d4d87422..000000000 --- a/interface-definitions/protocols-ripng.xml.in +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - Routing Information Protocol (RIPng) parameters - 660 - - - - - Aggregate RIPng route announcement - - ipv6net - Aggregate RIPng route announcement - - - - - - - - #include - #include - - - Filter networks in routing updates - - - #include - - - Apply filtering to an interface - - txt - Apply filtering to an interface - - - - - - #include - - - - #include - #include - - - #include - - - #include - - - RIPng network - - ipv6net - RIPng network - - - - - - - - - - Passive interface - - txt - Suppress routing updates on interface - - - - - - - - - - Redistribute information from another routing protocol - - - - - Redistribute BGP routes - - - #include - - - - - Redistribute connected routes - - - #include - - - - - Redistribute kernel routes - - - #include - - - - - Redistribute OSPFv3 routes - - - #include - - - - - Redistribute static routes - - - #include - - - - - Redistribute Babel routes - - - #include - - - - - - - RIPng static route - - ipv6net - RIPng static route - - - - - - - - #include - #include - - - - - diff --git a/interface-definitions/protocols-rpki.xml.in b/interface-definitions/protocols-rpki.xml.in deleted file mode 100644 index e9fd04b5f..000000000 --- a/interface-definitions/protocols-rpki.xml.in +++ /dev/null @@ -1,95 +0,0 @@ - - - - - - - BGP prefix origin validation - - - - - RPKI cache server address - - ipv4 - IP address of RPKI server - - - ipv6 - IPv6 address of RPKI server - - - hostname - Fully qualified domain name of RPKI server - - - - - - - - #include - - - Preference of the cache server - - u32:1-255 - Preference of the cache server - - - - - - - - - RPKI SSH connection settings - - - - - RPKI SSH known hosts file - - - - - - - - RPKI SSH private key file - - - - - - - - RPKI SSH public key file path - - - - - - #include - - - - - - - RPKI cache polling period - - u32:1-86400 - Polling period in seconds - - - - - - 300 - - - - - - diff --git a/interface-definitions/protocols-segment-routing.xml.in b/interface-definitions/protocols-segment-routing.xml.in deleted file mode 100644 index 4308f0c91..000000000 --- a/interface-definitions/protocols-segment-routing.xml.in +++ /dev/null @@ -1,137 +0,0 @@ - - - - - - - Segment Routing - 900 - - - - - Interface specific Segment Routing options - - - - - txt - Interface name - - - #include - - - - - - Accept SR-enabled IPv6 packets on this interface - - - - - Define HMAC policy for ingress SR-enabled packets on this interface - - accept drop ignore - - - accept - Accept packets without HMAC, validate packets with HMAC - - - drop - Drop packets without HMAC, validate packets with HMAC - - - ignore - Ignore HMAC field. - - - (accept|drop|ignore) - - - accept - - - - - - - - Segment-Routing SRv6 configuration - - - - - Segment Routing SRv6 locator - - #include - - - - - - Set SRv6 behavior uSID - - - - - - SRv6 locator prefix - - ipv6net - SRv6 locator prefix - - - - - - - - - Configure SRv6 locator block length in bits - - u32:16-64 - Specify SRv6 locator block length in bits - - - - - - 40 - - - - Configure SRv6 locator function length in bits - - u32:0-64 - Specify SRv6 locator function length in bits - - - - - - 16 - - - - Configure SRv6 locator node length in bits - - u32:16-64 - Configure SRv6 locator node length in bits - - - - - - 24 - - - - - - - - - - diff --git a/interface-definitions/protocols-static-arp.xml.in b/interface-definitions/protocols-static-arp.xml.in deleted file mode 100644 index 4b338df63..000000000 --- a/interface-definitions/protocols-static-arp.xml.in +++ /dev/null @@ -1,51 +0,0 @@ - - - - - - - - - Static ARP translation - - - - - Interface configuration - - - - - txt - Interface name - - - #include - - - - - - IP address for static ARP entry - - ipv4 - IPv4 destination address - - - - - - - #include - #include - - - - - - - - - - - diff --git a/interface-definitions/protocols-static.xml.in b/interface-definitions/protocols-static.xml.in deleted file mode 100644 index ca4ca2d74..000000000 --- a/interface-definitions/protocols-static.xml.in +++ /dev/null @@ -1,44 +0,0 @@ - - - - - Routing protocols - - - - - Static Routing - 480 - - - #include - #include - #include - - - Policy route table number - - u32:1-200 - Policy route table number - - - - - - - - #include - #include - #include - - - - - - - diff --git a/interface-definitions/protocols_babel.xml.in b/interface-definitions/protocols_babel.xml.in new file mode 100644 index 000000000..49fffe230 --- /dev/null +++ b/interface-definitions/protocols_babel.xml.in @@ -0,0 +1,254 @@ + + + + + + + Babel Routing Protocol + 650 + + + + + Babel-specific parameters + + + + + Enable diversity-aware routing + + + + + + Multiplicative factor used for diversity routing + + u32:1-256 + Multiplicative factor, in units of 1/256 + + + + + + 256 + + + + Time before resending a message + + u32:20-655340 + Milliseconds + + + + + + 2000 + + + + Smoothing half-life + + u32:0-65534 + Seconds + + + + + + 4 + + + + #include + + + Redistribute information from another routing protocol + + + + + Redistribute IPv4 routes + + + + + Redistribute BGP routes + + + + + + Redistribute connected routes + + + + + + Redistribute EIGRP routes + + + + + + Redistribute IS-IS routes + + + + + + Redistribute kernel routes + + + + + + Redistribute NHRP routes + + + + + + Redistribute OSPF routes + + + + + + Redistribute RIP routes + + + + + + Redistribute static routes + + + + + + + + Redistribute IPv6 routes + + + + + Redistribute BGP routes + + + + + + Redistribute connected routes + + + + + + Redistribute IS-IS routes + + + + + + Redistribute kernel routes + + + + + + Redistribute NHRP routes + + + + + + Redistribute OSPFv3 routes + + + + + + Redistribute RIPng routes + + + + + + Redistribute static routes + + + + + + + + + + Filter networks in routing updates + + + + + Filter IPv4 routes + + + #include + + + Apply filtering to an interface + + txt + Apply filtering to an interface + + + + + + #include + + + + #include + #include + + + #include + + + + + Filter IPv6 routes + + + #include + + + Apply filtering to an interface + + txt + Apply filtering to an interface + + + + + + #include + + + + #include + #include + + + #include + + + + + + + + + diff --git a/interface-definitions/protocols_bfd.xml.in b/interface-definitions/protocols_bfd.xml.in new file mode 100644 index 000000000..9048cf5c2 --- /dev/null +++ b/interface-definitions/protocols_bfd.xml.in @@ -0,0 +1,85 @@ + + + + + + + + Bidirectional Forwarding Detection (BFD) + 820 + + + + + Configures BFD peer to listen and talk to + + ipv4 + BFD peer IPv4 address + + + ipv6 + BFD peer IPv6 address + + + + + + + #include + + + Bind listener to specified interface/address, mandatory for IPv6 + + + #include + + + Local address to bind our peer listener to + + + + + ipv4 + Local IPv4 address used to connect to the peer + + + ipv6 + Local IPv6 address used to connect to the peer + + + + + + + + + #include + + + Allow this BFD peer to not be directly connected + + + + #include + + + + + Configure BFD profile used by individual peer + + txt + Name of BFD profile + + + [-_a-zA-Z0-9]{1,32} + + + + #include + + + + + + + diff --git a/interface-definitions/protocols_bgp.xml.in b/interface-definitions/protocols_bgp.xml.in new file mode 100644 index 000000000..e1a822999 --- /dev/null +++ b/interface-definitions/protocols_bgp.xml.in @@ -0,0 +1,16 @@ + + + + + + + Border Gateway Protocol (BGP) + 820 + + + #include + + + + + diff --git a/interface-definitions/protocols_eigrp.xml.in b/interface-definitions/protocols_eigrp.xml.in new file mode 100644 index 000000000..88a881a1e --- /dev/null +++ b/interface-definitions/protocols_eigrp.xml.in @@ -0,0 +1,17 @@ + + + + + + + + Enhanced Interior Gateway Routing Protocol (EIGRP) + 820 + + + #include + + + + + diff --git a/interface-definitions/protocols_failover.xml.in b/interface-definitions/protocols_failover.xml.in new file mode 100644 index 000000000..c0caec68e --- /dev/null +++ b/interface-definitions/protocols_failover.xml.in @@ -0,0 +1,135 @@ + + + + + + + Failover Routing + 490 + + + + + Failover IPv4 route + + ipv4net + IPv4 failover route + + + + + + + + + Next-hop IPv4 router address + + ipv4 + Next-hop router address + + + + + + + + + Check target options + + + + + Policy for check targets + + any-available all-available + + + all-available + All targets must be alive + + + any-available + Any target must be alive + + + (all-available|any-available) + + + any-available + + #include + + + Check target address + + ipv4 + Address to check + + + + + + + + + + Timeout between checks + + u32:1-300 + Timeout in seconds between checks + + + + + + 10 + + + + Check type + + arp icmp tcp + + + arp + Check target by ARP + + + icmp + Check target by ICMP + + + tcp + Check target by TCP + + + (arp|icmp|tcp) + + + icmp + + + + #include + + + Route metric for this gateway + + u32:1-255 + Route metric + + + + + + 1 + + + + + + + + + + diff --git a/interface-definitions/protocols_igmp-proxy.xml.in b/interface-definitions/protocols_igmp-proxy.xml.in new file mode 100644 index 000000000..5cde484f5 --- /dev/null +++ b/interface-definitions/protocols_igmp-proxy.xml.in @@ -0,0 +1,97 @@ + + + + + + + + Internet Group Management Protocol (IGMP) proxy parameters + 740 + + + #include + + + Option to disable "quickleave" + + + + + + Interface for IGMP proxy + + + + + + + + Unicast source networks allowed for multicast traffic to be proxyed + + ipv4net + IPv4 network + + + + + + + + + + IGMP interface role + + upstream downstream disabled + + + upstream + Upstream interface (only 1 allowed) + + + downstream + Downstream interface(s) + + + disabled + Disabled interface + + + (upstream|downstream|disabled) + + + downstream + + + + TTL threshold + + u32:1-255 + TTL threshold for the interfaces + + + + + Threshold must be between 1 and 255 + + 1 + + + + Group to whitelist + + ipv4net + IPv4 network + + + + + + + + + + + + + + diff --git a/interface-definitions/protocols_isis.xml.in b/interface-definitions/protocols_isis.xml.in new file mode 100644 index 000000000..e0bc47bb9 --- /dev/null +++ b/interface-definitions/protocols_isis.xml.in @@ -0,0 +1,16 @@ + + + + + + + Intermediate System to Intermediate System (IS-IS) + 610 + + + #include + + + + + diff --git a/interface-definitions/protocols_mpls.xml.in b/interface-definitions/protocols_mpls.xml.in new file mode 100644 index 000000000..831601fc6 --- /dev/null +++ b/interface-definitions/protocols_mpls.xml.in @@ -0,0 +1,560 @@ + + + + + + + + Multiprotocol Label Switching (MPLS) + 490 + + + + + Label Distribution Protocol (LDP) + + + #include + + + Forwarding equivalence class allocation from local routes + + + + + IPv4 routes + + + + + Access-list number + + u32:1-2699 + Access list number + + + + + + + + + + + IPv6 routes + + + + + Access-list6 number + + u32:1-2699 + Access list number + + + + + + + + + + + + + LDP neighbor parameters + + ipv4 + Neighbor IPv4 address + + + + + + + + + Neighbor password + + + + + Neighbor TTL security + + disable + + + u32:1-254 + TTL + + + disable + Disable neighbor TTL security + + + + + + Session IPv4 hold time + + u32:15-65535 + Time in seconds + + + + + + + + + + + Discovery parameters + + ipv4 + Discovery parameters + + + + + + Hello IPv4 hold time + + u32:1-65535 + Time in seconds + + + + + + + + + Hello IPv4 interval + + u32:1-65535 + Time in seconds + + + + + + + + + Hello IPv6 hold time + + u32:1-65535 + Time in seconds + + + + + + + + + Hello IPv6 interval + + u32:1-65535 + Time in seconds + + + + + + + + + Session IPv4 hold time + + u32:15-65535 + Time in seconds + + + + + + + + + Session IPv6 hold time + + u32:15-65535 + Time in seconds + + + + + + + + + Transport IPv4 address + + ipv4 + IPv4 bind as transport + + + + + + + + + Transport IPv6 address + + ipv6 + IPv6 bind as transport + + + + + + + + + + + Targeted LDP neighbor/session parameters + + + + + Targeted IPv4 neighbor/session parameters + + + + + Neighbor/session address + + ipv4 + Neighbor/session address + + + + + + + + + + Accept and respond to targeted hellos + + + + + + Hello interval + + u32:1-65535 + Time in seconds + + + + + + + + + Hello hold time + + u32:1-65535 + Time in seconds + + + + + + + + + + + Targeted IPv6 neighbor/session parameters + + + + + Neighbor/session address + + ipv6 + Neighbor/session address + + + + + + + + + + Accept and respond to targeted hellos + + + + + + Hello interval + + u32:1-65535 + Time in seconds + + + + + + + + + Hello hold time + + u32:1-65535 + Time in seconds + + + + + + + + + + + + + Label Distribution Protocol miscellaneous parameters + + + + + Enable Cisco non-compliant format capability TLV + + + + + + Prefer IPv4 for TCP peer transport connection + + + + + + Enable LDP ordered label distribution control mode + + + + + + + + Export parameters + + + + + IPv4 parameters + + + + + Explicit-Null Label + + + + + + Forwarding equivalence class export filter + + + + + Access-list number to apply FEC filtering + + u32:1-2699 + Access list number + + + + + + + + + Access-list number for IPv4 neighbor selection to apply filtering + + u32:1-2699 + Access list number + + + + + + + + + + + + + IPv6 parameters + + + + + Explicit-Null Label + + + + + + Forwarding equivalence class export filter + + + + + Access-list6 number to apply FEC filtering + + u32:1-2699 + Access list number + + + + + + + + + Access-list6 number for IPv6 neighbor selection to apply filtering + + u32:1-2699 + Access list number + + + + + + + + + + + + + + + Import parameters + + + + + IPv4 parameters + + + + + Forwarding equivalence class import filter + + + + + Access-list number to apply FEC filtering + + u32:1-2699 + Access list number + + + + + + + + + Access-list number for IPv4 neighbor selection to apply filtering + + u32:1-2699 + Access list number + + + + + + + + + + + + + IPv6 parameters + + + + + Forwarding equivalence class import filter + + + + + Access-list6 number to apply FEC filtering + + u32:1-2699 + Access list number + + + + + + + + + Access-list6 number for IPv6 neighbor selection to apply filtering + + u32:1-2699 + Access list number + + + + + + + + + + + + + #include + + + + + Multiprotocol Label Switching miscellaneous parameters + + + + + Disable copy of IP TTL to MPLS TTL + + + + + + Maximum TTL for MPLS packets + + u32:1-255 + Maximum hops allowed + + + + + + + + + #include + + + + + diff --git a/interface-definitions/protocols_nhrp.xml.in b/interface-definitions/protocols_nhrp.xml.in new file mode 100644 index 000000000..d7663c095 --- /dev/null +++ b/interface-definitions/protocols_nhrp.xml.in @@ -0,0 +1,138 @@ + + + + + + + Next Hop Resolution Protocol (NHRP) parameters + 680 + + + + + Tunnel for NHRP + + tun[0-9]+ + + + tunN + NHRP tunnel name + + + + + + Pass phrase for cisco authentication + + txt + Pass phrase for cisco authentication + + + [^[:space:]]{1,8} + + Password should contain up to eight non-whitespace characters + + + + + Set an HUB tunnel address + + ipv4net + Set the IP address and prefix length + + + + + + Set HUB fqdn (nbma-address - fqdn) + + <fqdn> + Set the external HUB fqdn + + + + + + + + Holding time in seconds + + + + + Set an HUB tunnel address + + + + + If the statically mapped peer is running Cisco IOS, specify this + + + + + + Set HUB address (nbma-address - external hub address or fqdn) + + + + + Specifies that Registration Request should be sent to this peer on startup + + + + + + + + Set multicast for NHRP + + dynamic nhs + + + (dynamic|nhs) + + + + + + This can be used to reduce memory consumption on big NBMA subnets + + + + + + Enable sending of Cisco style NHRP Traffic Indication packets + + + + + + This instructs opennhrp to reply with authorative answers on NHRP Resolution Requests destined to addresses in this interface + + + + + + Defines an off-NBMA network prefix for which the GRE interface will act as a gateway + + + + + Holding time in seconds + + + + + + + Enable creation of shortcut routes. A received NHRP Traffic Indication will trigger the resolution and establishment of a shortcut route + + + + + + + + + + diff --git a/interface-definitions/protocols_ospf.xml.in b/interface-definitions/protocols_ospf.xml.in new file mode 100644 index 000000000..b3c063d0d --- /dev/null +++ b/interface-definitions/protocols_ospf.xml.in @@ -0,0 +1,16 @@ + + + + + + + Open Shortest Path First (OSPF) + 620 + + + #include + + + + + diff --git a/interface-definitions/protocols_ospfv3.xml.in b/interface-definitions/protocols_ospfv3.xml.in new file mode 100644 index 000000000..2b98ffa7b --- /dev/null +++ b/interface-definitions/protocols_ospfv3.xml.in @@ -0,0 +1,16 @@ + + + + + + + Open Shortest Path First (OSPF) for IPv6 + 620 + + + #include + + + + + diff --git a/interface-definitions/protocols_pim.xml.in b/interface-definitions/protocols_pim.xml.in new file mode 100644 index 000000000..4a20c0d9b --- /dev/null +++ b/interface-definitions/protocols_pim.xml.in @@ -0,0 +1,210 @@ + + + + + + + + Protocol Independent Multicast (PIM) and IGMP + 400 + + + + + PIM interface + + + + + #include + + + + #include + #include + #include + #include + #include + #include + + + Internet Group Management Protocol (IGMP) options + + + #include + + + IGMP join multicast group + + ipv4 + Multicast group address + + + + + + + #include + + + + + IGMP host query interval + + u32:1-1800 + Query interval in seconds + + + + + + + + + IGMP max query response time + + u32:10-250 + Query response value in deci-seconds + + + + + + + + + Interface IGMP version + + 2 3 + + + 2 + IGMP version 2 + + + 3 + IGMP version 3 + + + + + + 3 + + + + + + + + Enable PIM ECMP + + + + + Enable PIM ECMP Rebalance + + + + + + + + Internet Group Management Protocol (IGMP) options + + + + + Configure group limit for watermark warning + + u32:1-65535 + Group count to generate watermark warning + + + + + + + + + #include + #include + #include + #include + + + Only accept registers from a specific source prefix list + + + #include + + + + + Rendezvous Point + + + + + Rendezvous Point address + + ipv4 + Rendezvous Point address + + + + + + + + + Group Address range + + ipv4net + Group Address range RFC 3171 + + + + + + + + + + #include + + + + + Disable IPv6 secondary address in hello packets + + + + + + Shortest-path tree (SPT) switchover + + + + + Never switch to SPT Tree + + + #include + + + + + + + Source-Specific Multicast + + + #include + + + + + + + diff --git a/interface-definitions/protocols_pim6.xml.in b/interface-definitions/protocols_pim6.xml.in new file mode 100644 index 000000000..8bd3f3fee --- /dev/null +++ b/interface-definitions/protocols_pim6.xml.in @@ -0,0 +1,179 @@ + + + + + + + + Protocol Independent Multicast for IPv6 (PIMv6) and MLD + 400 + + + + + PIMv6 interface + + + + + #include + + + + #include + #include + #include + #include + + + Multicast Listener Discovery (MLD) + + + #include + + + MLD join multicast group + + ipv6 + Multicast group address + + + + + + + + + Source address + + ipv6 + Source address + + + + + + + + + + + + + + + Last member query count + + u32:1-255 + Count + + + + + + + + + Last member query interval + + u32:100-6553500 + Last member query interval in milliseconds + + + + + + + + + Query interval + + u32:1-65535 + Query interval in seconds + + + + + + + + + Max query response time + + u32:100-6553500 + Query response value in milliseconds + + + + + + + + + MLD version + + 1 2 + + + 1 + MLD version 1 + + + 2 + MLD version 2 + + + + + + 2 + + + + + + #include + #include + #include + #include + + + Rendezvous Point + + + + + Rendezvous Point address + + ipv6 + Rendezvous Point address + + + + + + + + + Group Address range + + ipv6net + Group Address range + + + + + + + + #include + + + #include + + + + + + + diff --git a/interface-definitions/protocols_rip.xml.in b/interface-definitions/protocols_rip.xml.in new file mode 100644 index 000000000..0edd8f2ce --- /dev/null +++ b/interface-definitions/protocols_rip.xml.in @@ -0,0 +1,258 @@ + + + + + + + Routing Information Protocol (RIP) parameters + 650 + + + + + Administrative distance + + u32:1-255 + Administrative distance + + + + + + + #include + #include + + + Filter networks in routing updates + + + #include + + + Apply filtering to an interface + + txt + Apply filtering to an interface + + + + + + #include + + + + #include + #include + + + #include + + + #include + + + + + Authentication + + + + + MD5 key id + + u32:1-255 + OSPF key id + + + + + + + + + Authentication password + + txt + MD5 Key (16 characters or less) + + + [^[:space:]]{1,16} + + Password must be 16 characters or less + + + + + + + Plain text password + + txt + Plain text password (16 characters or less) + + + [^[:space:]]{1,16} + + Password must be 16 characters or less + + + + + + + Advertisement reception + + + #include + + + + + Advertisement transmission + + + #include + + + + + + + Neighbor router + + ipv4 + Neighbor router + + + + + + + + + + RIP network + + ipv4net + RIP network + + + + + + + + + + Source network + + ipv4net + Source network + + + + + + + + + Access list + + txt + Access list + + + policy access-list + + + + #include + + + #include + + + Redistribute information from another routing protocol + + + + + Redistribute BGP routes + + + #include + + + + + Redistribute connected routes + + + #include + + + + + Redistribute IS-IS routes + + + #include + + + + + Redistribute kernel routes + + + #include + + + + + Redistribute OSPF routes + + + #include + + + + + Redistribute static routes + + + #include + + + + + Redistribute Babel routes + + + #include + + + + + + + RIP static route + + ipv4net + RIP static route + + + + + + + + #include + #include + #include + + + + + diff --git a/interface-definitions/protocols_ripng.xml.in b/interface-definitions/protocols_ripng.xml.in new file mode 100644 index 000000000..9d4d87422 --- /dev/null +++ b/interface-definitions/protocols_ripng.xml.in @@ -0,0 +1,155 @@ + + + + + + + Routing Information Protocol (RIPng) parameters + 660 + + + + + Aggregate RIPng route announcement + + ipv6net + Aggregate RIPng route announcement + + + + + + + + #include + #include + + + Filter networks in routing updates + + + #include + + + Apply filtering to an interface + + txt + Apply filtering to an interface + + + + + + #include + + + + #include + #include + + + #include + + + #include + + + RIPng network + + ipv6net + RIPng network + + + + + + + + + + Passive interface + + txt + Suppress routing updates on interface + + + + + + + + + + Redistribute information from another routing protocol + + + + + Redistribute BGP routes + + + #include + + + + + Redistribute connected routes + + + #include + + + + + Redistribute kernel routes + + + #include + + + + + Redistribute OSPFv3 routes + + + #include + + + + + Redistribute static routes + + + #include + + + + + Redistribute Babel routes + + + #include + + + + + + + RIPng static route + + ipv6net + RIPng static route + + + + + + + + #include + #include + + + + + diff --git a/interface-definitions/protocols_rpki.xml.in b/interface-definitions/protocols_rpki.xml.in new file mode 100644 index 000000000..e9fd04b5f --- /dev/null +++ b/interface-definitions/protocols_rpki.xml.in @@ -0,0 +1,95 @@ + + + + + + + BGP prefix origin validation + + + + + RPKI cache server address + + ipv4 + IP address of RPKI server + + + ipv6 + IPv6 address of RPKI server + + + hostname + Fully qualified domain name of RPKI server + + + + + + + + #include + + + Preference of the cache server + + u32:1-255 + Preference of the cache server + + + + + + + + + RPKI SSH connection settings + + + + + RPKI SSH known hosts file + + + + + + + + RPKI SSH private key file + + + + + + + + RPKI SSH public key file path + + + + + + #include + + + + + + + RPKI cache polling period + + u32:1-86400 + Polling period in seconds + + + + + + 300 + + + + + + diff --git a/interface-definitions/protocols_segment-routing.xml.in b/interface-definitions/protocols_segment-routing.xml.in new file mode 100644 index 000000000..c299f624e --- /dev/null +++ b/interface-definitions/protocols_segment-routing.xml.in @@ -0,0 +1,137 @@ + + + + + + + Segment Routing + 900 + + + + + Interface specific Segment Routing options + + + + + txt + Interface name + + + #include + + + + + + Accept SR-enabled IPv6 packets on this interface + + + + + Define HMAC policy for ingress SR-enabled packets on this interface + + accept drop ignore + + + accept + Accept packets without HMAC, validate packets with HMAC + + + drop + Drop packets without HMAC, validate packets with HMAC + + + ignore + Ignore HMAC field. + + + (accept|drop|ignore) + + + accept + + + + + + + + Segment-Routing SRv6 configuration + + + + + Segment Routing SRv6 locator + + #include + + + + + + Set SRv6 behavior uSID + + + + + + SRv6 locator prefix + + ipv6net + SRv6 locator prefix + + + + + + + + + Configure SRv6 locator block length in bits + + u32:16-64 + Specify SRv6 locator block length in bits + + + + + + 40 + + + + Configure SRv6 locator function length in bits + + u32:0-64 + Specify SRv6 locator function length in bits + + + + + + 16 + + + + Configure SRv6 locator node length in bits + + u32:16-64 + Configure SRv6 locator node length in bits + + + + + + 24 + + + + + + + + + + diff --git a/interface-definitions/protocols_static.xml.in b/interface-definitions/protocols_static.xml.in new file mode 100644 index 000000000..ca4ca2d74 --- /dev/null +++ b/interface-definitions/protocols_static.xml.in @@ -0,0 +1,44 @@ + + + + + Routing protocols + + + + + Static Routing + 480 + + + #include + #include + #include + + + Policy route table number + + u32:1-200 + Policy route table number + + + + + + + + #include + #include + #include + + + + + + + diff --git a/interface-definitions/protocols_static_arp.xml.in b/interface-definitions/protocols_static_arp.xml.in new file mode 100644 index 000000000..05c69f1ed --- /dev/null +++ b/interface-definitions/protocols_static_arp.xml.in @@ -0,0 +1,51 @@ + + + + + + + + + Static ARP translation + + + + + Interface configuration + + + + + txt + Interface name + + + #include + + + + + + IP address for static ARP entry + + ipv4 + IPv4 destination address + + + + + + + #include + #include + + + + + + + + + + + diff --git a/interface-definitions/protocols_static_multicast.xml.in b/interface-definitions/protocols_static_multicast.xml.in new file mode 100644 index 000000000..c8e28ed35 --- /dev/null +++ b/interface-definitions/protocols_static_multicast.xml.in @@ -0,0 +1,94 @@ + + + + + + + + + Multicast static route + + + + + Configure static unicast route into MRIB for multicast RPF lookup + + ipv4net + Network + + + + + + + + + Nexthop IPv4 address + + ipv4 + Nexthop IPv4 address + + + + + + + + + Distance value for this route + + u32:1-255 + Distance for this route + + + + + + + + + + + + + Multicast interface based route + + ipv4net + Network + + + + + + + + + Next-hop interface + + + + + + + + Distance value for this route + + u32:1-255 + Distance for this route + + + + + + + + + + + + + + + + + diff --git a/interface-definitions/salt-minion.xml.in b/interface-definitions/salt-minion.xml.in deleted file mode 100644 index c3219cff3..000000000 --- a/interface-definitions/salt-minion.xml.in +++ /dev/null @@ -1,74 +0,0 @@ - - - - - - - Salt Minion - 500 - - - - - Hash used when discovering file on master server (default: sha256) - - md5 sha1 sha224 sha256 sha384 sha512 - - - (md5|sha1|sha224|sha256|sha384|sha512) - - - sha256 - - - - Hostname or IP address of the Salt master server - - ipv4 - Salt server IPv4 address - - - ipv6 - Salt server IPv6 address - - - hostname - Salt server FQDN address - - - - - - Invalid FQDN or IP address - - - - - - Explicitly declare ID for this minion to use (default: hostname) - - - - - Interval in minutes between updates (default: 60) - - u32:1-1440 - Update interval in minutes - - - - - - 60 - - - - URL with signature of master for auth reply verification - - - #include - - - - - diff --git a/interface-definitions/service-aws-glb.xml.in b/interface-definitions/service-aws-glb.xml.in deleted file mode 100644 index c749fd04e..000000000 --- a/interface-definitions/service-aws-glb.xml.in +++ /dev/null @@ -1,127 +0,0 @@ - - - - - - - Amazon Web Service - 1280 - - - - - Gateway load-balancer tunnel handler - - - - - Script executed on create or destroy tunnel - - - - - Script to run when interface is created - - - - - - - - Script to run when interface is destroyed - - - - - - - - - - Status - - - - - Statistic format - - simple full - - - simple - Simple format - - - full - Full format - - - (simple|full) - - - - #include - - - - - Threads settings - - - - - Number of threads for each tunnel processor - - u32:1-256 - Number of threads - - - - - - - - - List of cores worker threads - - <idN>-<idM> - CPU core id range (use '-' as delimiter) - - - - - - - - - Number of threads for UDP receiver - - u32:1-256 - Number of threads - - - - - - - - - List of cores worker threads - - <idN>-<idM> - CPU core id range (use '-' as delimiter) - - - - - - - - - - - - - - - diff --git a/interface-definitions/service-config-sync.xml.in b/interface-definitions/service-config-sync.xml.in deleted file mode 100644 index e804e17f7..000000000 --- a/interface-definitions/service-config-sync.xml.in +++ /dev/null @@ -1,104 +0,0 @@ - - - - - - - Configuration synchronization - - - - - Secondary server parameters - - - - - IP address - - ipv4 - IPv4 address to match - - - ipv6 - IPv6 address to match - - - hostname - FQDN address to match - - - - - - - - - - - Connection API timeout - - u32:1-300 - Connection API timeout - - - - - - 60 - - - - HTTP API key - - - - - - - Synchronization mode - - load set - - - load - Load and replace configuration section - - - set - Set configuration section - - - (load|set) - - - - - - Section for synchronization - - nat nat66 firewall - - - nat - NAT - - - nat66 - NAT66 - - - firewall - firewall - - - (nat|nat66|firewall) - - - - - - - - - diff --git a/interface-definitions/service-conntrack-sync.xml.in b/interface-definitions/service-conntrack-sync.xml.in deleted file mode 100644 index 50a4bf62f..000000000 --- a/interface-definitions/service-conntrack-sync.xml.in +++ /dev/null @@ -1,173 +0,0 @@ - - - - - - - Connection tracking synchronization - - 799 - - - - - Protocols for which local conntrack entries will be synced - - tcp udp icmp icmp6 sctp dccp - - - tcp - Sync Transmission Control Protocol entries - - - udp - Sync User Datagram Protocol entries - - - icmp - Sync Internet Control Message Protocol entries - - - icmp6 - Sync IPv6 Internet Control Message Protocol entries - - - sctp - Sync Stream Control Transmission Protocol entries - - - dccp - Sync Datagram Congestion Control Protocol entries - - - (tcp|udp|icmp|icmp6|sctp|dccp) - - Allowed protocols: tcp udp icmp or sctp - - - - - - Directly injects the flow-states into the in-kernel Connection Tracking System of the backup firewall. - - - - - - Queue size for local conntrack events - - u32 - Queue size in MB - - - 8 - - - - Protocol for which expect entries need to be synchronized - - all ftp sip h323 nfs sqlnet - - - (all|ftp|sip|h323|nfs|sqlnet) - - Invalid protocol - - - - - - Failover mechanism to use for conntrack-sync - - - - - VRRP as failover-mechanism to use for conntrack-sync - - - - - VRRP sync group - - high-availability vrrp sync-group - - - - - - - - - - IP addresses for which local conntrack entries will not be synced - - ipv4 - IPv4 address to ignore - - - ipv4net - IPv4 prefix to ignore - - - ipv6 - IPv6 address to ignore - - - ipv6net - IPv6 prefix to ignore - - - - - - - - - - - Interface to use for syncing conntrack entries - - - - - - - - IP address of the peer to send the UDP conntrack info too. This disable multicast. - - ipv4 - IP address to listen for incoming connections - - - - - - - #include - - - #include - - - Multicast group to use for syncing conntrack entries - - - - - 225.0.0.50 - - - - Queue size for syncing conntrack entries - - u32 - Queue size in MB - - - 1 - - - - - - diff --git a/interface-definitions/service-console-server.xml.in b/interface-definitions/service-console-server.xml.in deleted file mode 100644 index fc6dbe954..000000000 --- a/interface-definitions/service-console-server.xml.in +++ /dev/null @@ -1,100 +0,0 @@ - - - - - - - Serial Console Server - - - - - System serial interface name (ttyS or ttyUSB) - - - - - - ttySxxx - Regular serial interface - - - usbxbxpx - USB based serial interface - - - (ttyS\d+|usb\d+b.*p.*) - - - - #include - - - Human-readable name for this console - - [-_a-zA-Z0-9.]{1,128} - - - - - - Serial port baud rate - - 300 1200 2400 4800 9600 19200 38400 57600 115200 - - - (300|1200|2400|4800|9600|19200|38400|57600|115200) - - - - - - Serial port data bits - - 7 8 - - - - - - 8 - - - - Serial port stop bits - - 1 2 - - - - - - 1 - - - - Parity setting - - even odd none - - - (even|odd|none) - - - none - - - - SSH remote access to this console - - - #include - - - - - - - - - diff --git a/interface-definitions/service-event-handler.xml.in b/interface-definitions/service-event-handler.xml.in deleted file mode 100644 index aef6bc1bc..000000000 --- a/interface-definitions/service-event-handler.xml.in +++ /dev/null @@ -1,70 +0,0 @@ - - - - - - - Service event handler - - - - - Event handler name - - - - - Logs filter settings - - - - - Match pattern (regex) - - - - - Identifier of a process in syslog (string) - - - - - - - Event handler script file - - - - - Script arguments - - - - - Script environment arguments - - - - - Environment value - - - - - - - Path to the script - - - - - - - - - - - - - - diff --git a/interface-definitions/service-ids-ddos-protection.xml.in b/interface-definitions/service-ids-ddos-protection.xml.in deleted file mode 100644 index 78463136b..000000000 --- a/interface-definitions/service-ids-ddos-protection.xml.in +++ /dev/null @@ -1,167 +0,0 @@ - - - - - - - Intrusion Detection System - - - - - FastNetMon detection and protection parameters - 731 - - - - - Path to fastnetmon alert script - - - - - How long we should keep an IP in blocked state - - u32:1-4294967294 - Time in seconds - - - - - - 1900 - - - - Direction for processing traffic - - in out - - - (in|out) - - - - - - - Specify IPv4 and IPv6 networks which are going to be excluded from protection - - ipv4net - IPv4 prefix(es) to exclude - - - ipv6net - IPv6 prefix(es) to exclude - - - - - - - - - - - Listen interface for mirroring traffic - - - - - - - - - Traffic capture mode - - mirror sflow - - - mirror - Listen to mirrored traffic - - - sflow - Capture sFlow flows - - - (mirror|sflow) - - - - - - Sflow settings - - - #include - #include - - 6343 - - - - - - Specify IPv4 and IPv6 networks which belong to you - - ipv4net - Your IPv4 prefix(es) - - - ipv6net - Your IPv6 prefix(es) - - - - - - - - - - - Attack limits thresholds - - - - - General threshold - - - #include - - - - - TCP threshold - - - #include - - - - - UDP threshold - - - #include - - - - - ICMP threshold - - - #include - - - - - - - - - - - diff --git a/interface-definitions/service-ipoe-server.xml.in b/interface-definitions/service-ipoe-server.xml.in deleted file mode 100644 index edfe6a34c..000000000 --- a/interface-definitions/service-ipoe-server.xml.in +++ /dev/null @@ -1,190 +0,0 @@ - - - - - - - Internet Protocol over Ethernet (IPoE) Server - 900 - - - - - Interface to listen dhcp or unclassified packets - - - - - - - - Client connectivity mode - - l2 l3 - - - l2 - Client located on same interface as server - - - l3 - Client located behind a router - - - (l2|l3) - - - l2 - - - - Enables clients to share the same network or each client has its own vlan - - shared vlan - - - (shared|vlan) - - - shared - Multiple clients share the same network - - - vlan - One VLAN per client - - - shared - - - - Client address pool - - ipv4net - IPv4 address and prefix length - - - - - - - - - DHCP requests will be forwarded - - - - - DHCP Server the request will be redirected to. - - ipv4 - IPv4 address of the DHCP Server - - - - - - - - - Relay Agent IPv4 Address - - ipv4 - Gateway IP address - - - - - - - - - #include - - - #include - #include - #include - #include - #include - - - Client authentication methods - - - #include - - - Network interface for client MAC addresses - - - - - - - - Media Access Control (MAC) address - - macaddr - Hardware (MAC) address - - - - - - - - - Upload/Download speed limits - - - - - Upload bandwidth limit in kbits/sec - - - - - - - - Download bandwidth limit in kbits/sec - - - - - - - - - - VLAN monitor for automatic creation of VLAN interfaces - - u32:1-4094 - Client VLAN id - - - - - VLAN IDs need to be in range 1-4094 - - - - - - - - - #include - - - #include - #include - - - #include - - - - - diff --git a/interface-definitions/service-mdns-repeater.xml.in b/interface-definitions/service-mdns-repeater.xml.in deleted file mode 100644 index 67870946c..000000000 --- a/interface-definitions/service-mdns-repeater.xml.in +++ /dev/null @@ -1,82 +0,0 @@ - - - - - - - Multicast DNS (mDNS) parameters - - - - - mDNS repeater configuration - 990 - - - #include - #include - - - IP address version to use - - _ipv4 - Use only IPv4 address - - - _ipv6 - Use only IPv6 address - - - both - Use both IPv4 and IPv6 address - - - ipv4 ipv6 both - - - (ipv[46]|both) - - IP Version must be literal 'ipv4', 'ipv6' or 'both' - - both - - - - mDNS browsing domains in addition to the default one - - txt - mDNS browsing domain - - - - - - - - - - Allowed mDNS services to be repeated - - txt - mDNS service - - - [-_.a-zA-Z0-9]+ - - Service name must be alphanumeric and can contain hyphens and underscores - - - - - - Disables mDNS repeater on VRRP interfaces not in MASTER state - - - - - - - - - - diff --git a/interface-definitions/service-monitoring-telegraf.xml.in b/interface-definitions/service-monitoring-telegraf.xml.in deleted file mode 100644 index 4d694114a..000000000 --- a/interface-definitions/service-monitoring-telegraf.xml.in +++ /dev/null @@ -1,284 +0,0 @@ - - - - - - - Monitoring services - 1280 - - - - - Telegraf metric collector - - - - - Output plugin InfluxDB - - - - - Authentication parameters - - - - - Authentication organization for InfluxDB v2 - - [a-zA-Z][1-9a-zA-Z@_\-.]{2,50} - - Organization name must be alphanumeric and can contain hyphens, underscores and at symbol. - - - - - Authentication token for InfluxDB v2 - - txt - Authentication token - - - [a-zA-Z0-9-_]{86}== - - Token must be 88 characters long and must contain only [a-zA-Z0-9-_] and '==' characters. - - - - - - - Remote bucket - - main - - #include - #include - - 8086 - - - - - - Output plugin Azure Data Explorer - - - - - Authentication parameters - - - - - Application client id - - #include - - Client-id is limited to alphanumerical characters and can contain hyphen and underscores - - - - - Application client secret - - #include - - Client-secret is limited to alphanumerical characters and can contain hyphen and underscores - - - - - Set tenant id - - #include - - Tenant-id is limited to alphanumerical characters and can contain hyphen and underscores - - - - - - - Remote database name - - txt - Remote database name - - - #include - - Database is limited to alphanumerical characters and can contain hyphen and underscores - - - - - Type of metrics grouping when push to Azure Data Explorer - - single-table table-per-metric - - - single-table - Metrics stores in one table - - - table-per-metric - One table per gorups of metric by the metric name - - - (single-table|table-per-metric) - - - table-per-metric - - - - Name of the single table [Only if set group-metrics single-table] - - txt - Table name - - - #include - - Table is limited to alphanumerical characters and can contain hyphen and underscores - - - #include - - - - - Source parameters for monitoring - - all hardware-utilization logs network system telegraf - - - all - All parameters - - - hardware-utilization - Hardware-utilization parameters (CPU, disk, memory) - - - logs - Logs parameters - - - network - Network parameters (net, netstat, nftables) - - - system - System parameters (system, processes, interrupts) - - - telegraf - Telegraf internal statistics - - - (all|hardware-utilization|logs|network|system|telegraf) - - - - all - - - - Output plugin Prometheus client - - - - - HTTP basic authentication parameters - - - - - Authentication username - - - - - Authentication password - - txt - Authentication password - - - - - - - - Networks allowed to query this server - - ipv4net - IP address and prefix length - - - ipv6net - IPv6 address and prefix length - - - - - - - - #include - - - Metric version control mapping from Telegraf to Prometheus format - - u32:1-2 - Metric version (default: 2) - - - - - - 2 - - #include - - 9273 - - - - - - Output plugin Splunk - - - - - HTTP basic authentication parameters - - - - - Authorization token - - - - - Use TLS but skip host validation - - - - - - #include - - - #include - - - - - - - diff --git a/interface-definitions/service-monitoring-zabbix-agent.xml.in b/interface-definitions/service-monitoring-zabbix-agent.xml.in deleted file mode 100644 index 40f2df642..000000000 --- a/interface-definitions/service-monitoring-zabbix-agent.xml.in +++ /dev/null @@ -1,193 +0,0 @@ - - - - - - - - - Zabbix-agent settings - - - - - Folder containing individual Zabbix-agent configuration files - - - - - - - - Zabbix agent hostname - - #include - - Host-name must be alphanumeric and can contain hyphens - - - - - Limit settings - - - - - Do not keep data longer than N seconds in buffer - - u32:1-3600 - Seconds - - - - - buffer-flush-interval must be between 1 and 3600 seconds - - 5 - - - - Maximum number of values in a memory buffer - - u32:2-65535 - Maximum number of values in a memory buffer - - - - - Buffer-size must be between 2 and 65535 - - 100 - - - - - - Log settings - - - - - Debug level - - basic critical error warning debug extended-debug - - - basic - Basic information - - - critical - Critical information - - - error - Error information - - - warning - Warnings - - - debug - Debug information - - - extended-debug - Extended debug information - - - (basic|critical|error|warning|debug|extended-debug) - - - warning - - - - Enable logging of executed shell commands as warnings - - - - - - Log file size in megabytes - - u32:0-1024 - Megabytes - - - - - Size must be between 0 and 1024 Megabytes - - 0 - - - - #include - - 0.0.0.0 - - #include - - 10050 - - - - Remote server to connect to - - ipv4 - Server IPv4 address - - - ipv6 - Server IPv6 address - - - hostname - Server hostname/FQDN - - - - - - - Remote server address to get active checks from - - ipv4 - Server IPv4 address - - - ipv6 - Server IPv6 address - - - hostname - Server hostname/FQDN - - - - #include - - - - - Item processing timeout in seconds - - u32:1-30 - Item processing timeout - - - - - Timeout must be between 1 and 30 seconds - - 3 - - - - - - - - diff --git a/interface-definitions/service-pppoe-server.xml.in b/interface-definitions/service-pppoe-server.xml.in deleted file mode 100644 index f1b369936..000000000 --- a/interface-definitions/service-pppoe-server.xml.in +++ /dev/null @@ -1,281 +0,0 @@ - - - - - - - Point to Point over Ethernet (PPPoE) Server - 900 - - - #include - - vyos-ac - - - - Authentication for remote access PPPoE Server - - - #include - #include - #include - #include - #include - - - #include - - - Format of Called-Station-Id attribute - - ifname ifname:mac - - - (ifname|ifname:mac) - - Invalid Called-Station-Id format - - ifname - NAS-Port-Id - should contain root interface name (NAS-Port-Id=eth1) - - - ifname:mac - NAS-Port-Id - should contain root interface name and mac address (NAS-Port-Id=eth1:00:00:00:00:00:00) - - - - - - - - #include - #include - #include - - - interface(s) to listen on - - - - - - #include - - - #include - #include - #include - - - Limits the connection rate from a single source - - - - - Acceptable rate of connections (e.g. 1/min, 60/sec) - - [0-9]+\/(min|sec) - - illegal value - - - - - Burst count - - - - - Timeout in seconds - - - - - - - Service name - - [a-zA-Z0-9\-]{1,100} - - Service-name can contain aplhanumerical characters and dashes only (max. 100) - - - - #include - - - Advanced protocol options - - - - - Minimum acceptable MTU (68-65535) - - - - - 1280 - - - - Preferred MRU (68-65535) - - - - - - - - CCP negotiation (default disabled) - - - - #include - #include - #include - #include - - - IPv4 (IPCP) negotiation algorithm - - (deny|allow|prefer|require) - - invalid value - - deny - Do not negotiate IPv4 - - - allow - Negotiate IPv4 only if client requests - - - prefer - Ask client for IPv4 negotiation, do not fail if it rejects - - - require - Require IPv4 negotiation - - - deny allow prefer require - - - - #include - #include - - - - - PADO delays - - u32:1-999999 - Number in ms - - - - - Invalid PADO delay - - - - - Number of sessions - - u32:1-999999 - Number of sessions - - - - - Invalid number of delayed sessions - - - - - - - control sessions count - - (deny|disable|replace) - - Invalid value - - disable - Disables session control - - - deny - Deny second session authorization - - - replace - Terminate first session when second is authorized - - - deny disable replace - - - replace - - #include - - - Enable SNMP - - - - - enable SNMP master agent mode - - - - - - - - Extended script execution - - - - - Script to run before PPPoE session interface comes up - - - - - - - - Script to run when PPPoE session interface is completely configured and started - - - - - - - - Script to run when PPPoE session interface going to terminate - - - - - - - - Script to run when PPPoE session interface changed by RADIUS CoA handling - - - - - - - - #include - - - - - diff --git a/interface-definitions/service-router-advert.xml.in b/interface-definitions/service-router-advert.xml.in deleted file mode 100644 index 16c29022d..000000000 --- a/interface-definitions/service-router-advert.xml.in +++ /dev/null @@ -1,369 +0,0 @@ - - - - - - - IPv6 Router Advertisements (RAs) service - 900 - - - - - Interface to send RA on - - - - - - - - Set Hop Count field of the IP header for outgoing packets - - u32:0 - Unspecified (by this router) - - - u32:1-255 - Value should represent current diameter of the Internet - - - - - Hop count must be between 0 and 255 - - 64 - - - - Lifetime associated with the default router in units of seconds - - u32:4-9000 - Router Lifetime in seconds - - - 0 - Not a default router - - - - - Default router livetime bust be 0 or between 4 and 9000 - - - - - Preference associated with the default router, - - low medium high - - - low - Default router has low preference - - - medium - Default router has medium preference - - - high - Default router has high preference - - - (low|medium|high) - - Default preference must be low, medium or high - - medium - - - - DNS search list - - - - - - Link MTU value placed in RAs, exluded in RAs if unset - - u32:1280-9000 - Link MTU value in RAs - - - - - Link MTU must be between 1280 and 9000 - - - - - Hosts use the administered (stateful) protocol for address autoconfiguration in addition to any addresses autoconfigured using SLAAC - - - - - - Set interval between unsolicited multicast RAs - - - - - Maximum interval between unsolicited multicast RAs - - u32:4-1800 - Maximum interval in seconds - - - - - Maximum interval must be between 4 and 1800 seconds - - 600 - - - - Minimum interval between unsolicited multicast RAs - - u32:3-1350 - Minimum interval in seconds - - - - - Minimum interval must be between 3 and 1350 seconds - - - - - #include - - - Maximum duration how long the RDNSS entries are used - - u32:0 - Name-servers should no longer be used - - - u32:1-7200 - Maximum interval in seconds - - - - - Maximum interval must be between 1 and 7200 seconds - - - - - Hosts use the administered (stateful) protocol for autoconfiguration of other (non-address) information - - - - - - IPv6 route to be advertised in Router Advertisements (RAs) - - ipv6net - IPv6 route to be advertized - - - - - - - - - Time in seconds that the route will remain valid - - infinity - - - u32:1-4294967295 - Time in seconds that the route will remain valid - - - infinity - Route will remain preferred forever - - - - (infinity) - - - 1800 - - - - Preference associated with the route, - - low medium high - - - low - Route has low preference - - - medium - Route has medium preference - - - high - Route has high preference - - - (low|medium|high) - - Route preference must be low, medium or high - - medium - - - - Do not announce this route with a zero second lifetime upon shutdown - - - - - - - - IPv6 prefix to be advertised in Router Advertisements (RAs) - - ipv6net - IPv6 prefix to be advertized - - - - - - - - - Prefix can not be used for stateless address auto-configuration - - - - - - Prefix can not be used for on-link determination - - - - - - Upon shutdown, this option will deprecate the prefix by announcing it in the shutdown RA - - - - - - Lifetime is decremented by the number of seconds since the last RA - use in conjunction with a DHCPv6-PD prefix - - - - - - Time in seconds that the prefix will remain preferred - - infinity - - - u32 - Time in seconds that the prefix will remain preferred - - - infinity - Prefix will remain preferred forever - - - - (infinity) - - - 14400 - - - - Time in seconds that the prefix will remain valid - - infinity - - - u32:1-4294967295 - Time in seconds that the prefix will remain valid - - - infinity - Prefix will remain preferred forever - - - - (infinity) - - - 2592000 - - - - - - Use IPv6 address as source address. Useful with VRRP. - - ipv6 - IPv6 address to be advertized (must be configured on interface) - - - - - - - - - - Time, in milliseconds, that a node assumes a neighbor is reachable after having received a reachability confirmation - - u32:0 - Reachable Time unspecified by this router - - - u32:1-3600000 - Reachable Time value in RAs (in milliseconds) - - - - - Reachable time must be 0 or between 1 and 3600000 milliseconds - - 0 - - - - Time in milliseconds between retransmitted Neighbor Solicitation messages - - u32:0 - Time, in milliseconds, between retransmitted Neighbor Solicitation messages - - - u32:1-4294967295 - Minimum interval in milliseconds - - - - - Retransmit interval must be 0 or between 1 and 4294967295 milliseconds - - 0 - - - - Do not send router adverts - - - - - - - - - - diff --git a/interface-definitions/service-sla.xml.in b/interface-definitions/service-sla.xml.in deleted file mode 100644 index 0c4f8a591..000000000 --- a/interface-definitions/service-sla.xml.in +++ /dev/null @@ -1,36 +0,0 @@ - - - - - - - Service level agreement (SLA) - - - - - One-way active measurement protocol (OWAMP) server - - - #include - - 861 - - - - - - Two-way active measurement protocol (TWAMP) server - - - #include - - 862 - - - - - - - - diff --git a/interface-definitions/service-upnp.xml.in b/interface-definitions/service-upnp.xml.in deleted file mode 100644 index 20e01bfbd..000000000 --- a/interface-definitions/service-upnp.xml.in +++ /dev/null @@ -1,228 +0,0 @@ - - - - - - - Universal Plug and Play (UPnP) service - 900 - - - - - Name of this service - - txt - Friendly name - - - - - - WAN network interface - - - - - #include - - - - - - WAN network IP - - ipv4 - IPv4 address - - - ipv6 - IPv6 address - - - - - - - - - - - Enable NAT-PMP support - - - - - - Enable Secure Mode - - - - - - Presentation Url - - txt - Presentation Url - - - - - - PCP-base lifetime Option - - - - - Max lifetime time - - - - - - - - Min lifetime time - - - - - - - - - - Local IP addresses for service to listen on - - - - - - <interface> - Monitor interface address - - - ipv4 - IPv4 address to listen for incoming connections - - - ipv4net - IPv4 prefix to listen for incoming connections - - - ipv6 - IPv6 address to listen for incoming connections - - - ipv6net - IPv6 prefix to listen for incoming connections - - - - #include - - - - - - - - - Enable STUN probe support (can be used with NAT 1:1 support for WAN interfaces) - - - - - The STUN server address - - txt - The STUN server host address - - - - - - - #include - - - - - UPnP Rule - - u32:0-65535 - Rule number - - - - - - - #include - - - Port range (REQUIRE) - - <port> - single port - - - <portN>-<portM> - Port range (use '-' as delimiter) - - - - - - - - - Port range (REQUIRE) - - <port> - single port - - - <portN>-<portM> - Port range (use '-' as delimiter) - - - - - - - - - The IP to which this rule applies (REQUIRE) - - ipv4 - The IPv4 address to which this rule applies - - - ipv4net - The IPv4 to which this rule applies - - - - - - - - - - Actions against the rule (REQUIRE) - - allow deny - - - (allow|deny) - - - - - - - - - - diff --git a/interface-definitions/service-webproxy.xml.in b/interface-definitions/service-webproxy.xml.in deleted file mode 100644 index 637d57891..000000000 --- a/interface-definitions/service-webproxy.xml.in +++ /dev/null @@ -1,654 +0,0 @@ - - - - - - - Webproxy service settings - 500 - - - - - Safe port ACL - - u32:1-1024 - Port number. Ports included by default: 21,70,80,210,280,443,488,591,777,873,1025-65535 - - - - - - - - - - SSL safe port - - u32:1-65535 - Port number. Ports included by default: 443 - - - - - - - - - - Default domain name - - domain - Domain to use for urls that do not contain a '.' - - - [.][A-Za-z0-9][-.A-Za-z0-9]* - - Must start append-domain with a '.' - - - - - Proxy Authentication Settings - - - - - Number of authentication helper processes - - n - Number of authentication helper processes - - - - - - 5 - - - - Authenticated session time to live in minutes - - n - Authenticated session timeout - - - - - - 60 - - - - LDAP authentication settings - - - - - LDAP Base DN to search - - - - - LDAP DN used to bind to server - - - - - Filter expression to perform LDAP search with - - - - - LDAP password to bind with - - - - - Use persistent LDAP connection - - - - #include - - 389 - - - - LDAP server to use - - - - - Use SSL/TLS for LDAP connection - - - - - - LDAP username attribute - - - - - LDAP protocol version - - 2 3 - - - 2 - LDAP protocol version 2 - - - 3 - LDAP protocol version 2 - - - - - - 3 - - - - - - Authentication Method - - ldap - - - ldap - Lightweight Directory Access Protocol - - - (ldap) - - The only supported method currently is LDAP - - - - - Name of authentication realm (e.g. "My Company proxy server") - - - - - - - Specify other caches in a hierarchy - - hostname - Cache peers FQDN - - - - - - Hostname or IP address of peer - - ipv4 - Squid cache-peer IPv4 address - - - hostname - Squid cache-peer hostname - - - - - - Invalid FQDN or IP address - - - - - Default Proxy Port - - u32:1025-65535 - Default port number - - - - - - 3128 - - - - Cache peer ICP port - - u32:0 - Cache peer disabled - - - u32:1-65535 - Cache peer ICP port - - - - - - 0 - - - - Cache peer options - - txt - Cache peer options - - - no-query default - - - - Squid peer type (default parent) - - parent sibling multicast - - - parent - Peer is a parent - - - sibling - Peer is a sibling - - - multicast - Peer is a member of a multicast group - - - (parent|sibling|multicast) - - - parent - - - - - - Disk cache size in MB - - u32 - Disk cache size in MB - - - 0 - Disable disk caching - - - 100 - - - - Default Proxy Port - - u32:1025-65535 - Default port number - - - - - - 3128 - - - - Disable logging of HTTP accesses - - - - - - Domain name to block - - - - - - Domain name to access without caching - - - - - - IPv4 listen-address for WebProxy - - - - - ipv4 - IPv4 address listen on - - - - - - Default Proxy Port - - u32:1025-65535 - Default port number - - - - - - - - - - Disable transparent mode - - - - - - - - Maximum size of object to be stored in cache in kilobytes - - u32 - Object size in KB - - - - - - - - - Memory cache size in MB - - u32 - Memory cache size in MB - - - - - - 20 - - - - Maximum size of object to be stored in cache in kilobytes - - u32 - Object size in KB - - - - - - - - - Outgoing IP address for webproxy - - - - - MIME type to block - - image/gif www/mime application/macbinary application/oda application/octet-stream application/pdf application/postscript application/postscript application/postscript text/rtf application/octet-stream application/octet-stream application/x-tar application/x-csh application/x-dvi application/x-hdf application/x-latex text/plain application/x-netcdf application/x-netcdf application/x-sh application/x-tcl application/x-tex application/x-texinfo application/x-texinfo application/x-troff application/x-troff application/x-troff application/x-troff-man application/x-troff-me application/x-troff-ms application/x-wais-source application/zip application/x-bcpio application/x-cpio application/x-gtar application/x-rpm application/x-shar application/x-sv4cpio application/x-sv4crc application/x-tar application/x-ustar audio/basic audio/basic audio/mpeg audio/mpeg audio/mpeg audio/x-aiff audio/x-aiff audio/x-aiff audio/x-wav image/bmp image/ief image/jpeg image/jpeg image/jpeg image/tiff image/tiff image/x-cmu-raster image/x-portable-anymap image/x-portable-bitmap image/x-portable-graymap image/x-portable-pixmap image/x-rgb image/x-xbitmap image/x-xpixmap image/x-xwindowdump text/html text/html text/css application/x-javascript text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/richtext text/tab-separated-values text/x-setext video/mpeg video/mpeg video/mpeg video/quicktime video/quicktime video/x-msvideo video/x-sgi-movie application/mac-compactpro application/mac-binhex40 application/macwriteii application/msword application/msword application/vnd.ms-excel application/vnd.ms-powerpoint application/vnd.lotus-1-2-3 application/vnd.mif application/x-stuffit application/pict application/pict application/x-arj-compressed application/x-lha-compressed application/x-lha-compressed application/x-deflate text/plain application/octet-stream application/octet-stream image/png application/octet-stream application/x-xpinstall application/octet-stream text/plain application/x-director application/x-director application/x-director image/vnd.djvu image/vnd.djvu application/octet-stream application/octet-stream application/andrew-inset x-conference/x-cooltalk model/iges model/iges audio/midi audio/midi audio/midi model/mesh model/mesh video/vnd.mpegurl chemical/x-pdb application/x-chess-pgn audio/x-realaudio audio/x-pn-realaudio audio/x-pn-realaudio text/sgml text/sgml application/x-koan application/x-koan application/x-koan application/x-koan application/smil application/smil application/octet-stream application/x-futuresplash application/x-shockwave-flash application/x-cdlink model/vrml image/vnd.wap.wbmp application/vnd.wap.wbxml application/vnd.wap.wmlc application/vnd.wap.wmlscriptc application/vnd.wap.wmlscript application/xhtml application/xhtml text/xml text/xml chemical/x-xyz text/plain - - - (image/gif|www/mime|application/macbinary|application/oda|application/octet-stream|application/pdf|application/postscript|application/postscript|application/postscript|text/rtf|application/octet-stream|application/octet-stream|application/x-tar|application/x-csh|application/x-dvi|application/x-hdf|application/x-latex|text/plain|application/x-netcdf|application/x-netcdf|application/x-sh|application/x-tcl|application/x-tex|application/x-texinfo|application/x-texinfo|application/x-troff|application/x-troff|application/x-troff|application/x-troff-man|application/x-troff-me|application/x-troff-ms|application/x-wais-source|application/zip|application/x-bcpio|application/x-cpio|application/x-gtar|application/x-rpm|application/x-shar|application/x-sv4cpio|application/x-sv4crc|application/x-tar|application/x-ustar|audio/basic|audio/basic|audio/mpeg|audio/mpeg|audio/mpeg|audio/x-aiff|audio/x-aiff|audio/x-aiff|audio/x-wav|image/bmp|image/ief|image/jpeg|image/jpeg|image/jpeg|image/tiff|image/tiff|image/x-cmu-raster|image/x-portable-anymap|image/x-portable-bitmap|image/x-portable-graymap|image/x-portable-pixmap|image/x-rgb|image/x-xbitmap|image/x-xpixmap|image/x-xwindowdump|text/html|text/html|text/css|application/x-javascript|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/richtext|text/tab-separated-values|text/x-setext|video/mpeg|video/mpeg|video/mpeg|video/quicktime|video/quicktime|video/x-msvideo|video/x-sgi-movie|application/mac-compactpro|application/mac-binhex40|application/macwriteii|application/msword|application/msword|application/vnd.ms-excel|application/vnd.ms-powerpoint|application/vnd.lotus-1-2-3|application/vnd.mif|application/x-stuffit|application/pict|application/pict|application/x-arj-compressed|application/x-lha-compressed|application/x-lha-compressed|application/x-deflate|text/plain|application/octet-stream|application/octet-stream|image/png|application/octet-stream|application/x-xpinstall|application/octet-stream|text/plain|application/x-director|application/x-director|application/x-director|image/vnd.djvu|image/vnd.djvu|application/octet-stream|application/octet-stream|application/andrew-inset|x-conference/x-cooltalk|model/iges|model/iges|audio/midi|audio/midi|audio/midi|model/mesh|model/mesh|video/vnd.mpegurl|chemical/x-pdb|application/x-chess-pgn|audio/x-realaudio|audio/x-pn-realaudio|audio/x-pn-realaudio|text/sgml|text/sgml|application/x-koan|application/x-koan|application/x-koan|application/x-koan|application/smil|application/smil|application/octet-stream|application/x-futuresplash|application/x-shockwave-flash|application/x-cdlink|model/vrml|image/vnd.wap.wbmp|application/vnd.wap.wbxml|application/vnd.wap.wmlc|application/vnd.wap.wmlscriptc|application/vnd.wap.wmlscript|application/xhtml|application/xhtml|text/xml|text/xml|chemical/x-xyz|text/plain) - - - - - - - Maximum reply body size in KB - - u32 - Reply size in KB - - - - - - - - - URL filtering settings - - - #include - - - URL filtering via squidGuard redirector - - - #include - - - Auto update settings - - - - - Hour of day for database update - - u32:0-23 - Hour for database update - - - - - - 0 - - - - - - Redirect URL for filtered websites - - url - URL for redirect - - - block.vyos.net - - - - URL filter rule for a source-group - - u32:1-1024 - Rule Number - - - - - SquidGuard rule must between 1-1024 - - - #include - - - Redirect URL for filtered websites - - url - URL for redirect - - - - - - Source-group for this rule - - group - Source group identifier for this rule - - - service webproxy url-filtering squidguard source-group - - - - - - Time-period for this rule - - period - Time period for this rule - - - service webproxy url-filtering squidguard time-period - - - - - - - - Source group name - - name - Name of source group - - - [^0-9][a-zA-Z_][a-zA-Z0-9][\w\-\.]* - - URL-filter source-group cannot start with a number! - - - - - Address for source-group - - ipv4 - IPv4 address to match - - - ipv4net - IPv4 prefix to match - - - ipv4range - IPv4 address range to match - - - - - - - - - - #include - - - Domain for source-group - - domain - Domain name for the source-group - - - - - - - LDAP search expression for an IP address list - - - - - - LDAP search expression for a user group - - - - - - List of user names - - - - - - - Time period name - - - - - Time-period days - - Sun Mon Tue Wed Thu Fri Sat weekdays weekend all - - - Sun - Sunday - - - Mon - Monday - - - Tue - Tuesday - - - Wed - Wednesday - - - Thu - Thursday - - - Fri - Friday - - - Sat - Saturday - - - weekdays - Monday through Friday - - - weekend - Saturday and Sunday - - - all - All days of the week - - - (Sun|Mon|Tue|Wed|Thu|Fri|Sat|weekdays|weekend|all) - - - - - - Time for time-period - - <hh:mm - hh:mm> - Time range in 24hr time - - - - (\d\d:\d\d)-(\d\d:\d\d) - - Expected time format hh:mm - hh:mm in 24hr time - - - - - #include - - - - - - - - - - - diff --git a/interface-definitions/service_aws_glb.xml.in b/interface-definitions/service_aws_glb.xml.in new file mode 100644 index 000000000..c749fd04e --- /dev/null +++ b/interface-definitions/service_aws_glb.xml.in @@ -0,0 +1,127 @@ + + + + + + + Amazon Web Service + 1280 + + + + + Gateway load-balancer tunnel handler + + + + + Script executed on create or destroy tunnel + + + + + Script to run when interface is created + + + + + + + + Script to run when interface is destroyed + + + + + + + + + + Status + + + + + Statistic format + + simple full + + + simple + Simple format + + + full + Full format + + + (simple|full) + + + + #include + + + + + Threads settings + + + + + Number of threads for each tunnel processor + + u32:1-256 + Number of threads + + + + + + + + + List of cores worker threads + + <idN>-<idM> + CPU core id range (use '-' as delimiter) + + + + + + + + + Number of threads for UDP receiver + + u32:1-256 + Number of threads + + + + + + + + + List of cores worker threads + + <idN>-<idM> + CPU core id range (use '-' as delimiter) + + + + + + + + + + + + + + + diff --git a/interface-definitions/service_broadcast-relay.xml.in b/interface-definitions/service_broadcast-relay.xml.in new file mode 100644 index 000000000..2e4330e20 --- /dev/null +++ b/interface-definitions/service_broadcast-relay.xml.in @@ -0,0 +1,46 @@ + + + + + + + UDP broadcast relay service + 990 + + + #include + + + Unique ID for each UDP port to forward + + u32:1-99 + Broadcast relay instance ID + + + + + + + #include + + + Set source IP of forwarded packets, otherwise original senders address is used + + ipv4 + Optional source address for forwarded packets + + + + + + + #include + #include + #include + + + + + + + diff --git a/interface-definitions/service_config-sync.xml.in b/interface-definitions/service_config-sync.xml.in new file mode 100644 index 000000000..9955acfee --- /dev/null +++ b/interface-definitions/service_config-sync.xml.in @@ -0,0 +1,104 @@ + + + + + + + Configuration synchronization + + + + + Secondary server parameters + + + + + IP address + + ipv4 + IPv4 address to match + + + ipv6 + IPv6 address to match + + + hostname + FQDN address to match + + + + + + + + + + + Connection API timeout + + u32:1-300 + Connection API timeout + + + + + + 60 + + + + HTTP API key + + + + + + + Synchronization mode + + load set + + + load + Load and replace configuration section + + + set + Set configuration section + + + (load|set) + + + + + + Section for synchronization + + nat nat66 firewall + + + nat + NAT + + + nat66 + NAT66 + + + firewall + firewall + + + (nat|nat66|firewall) + + + + + + + + + diff --git a/interface-definitions/service_conntrack-sync.xml.in b/interface-definitions/service_conntrack-sync.xml.in new file mode 100644 index 000000000..46dc8adc0 --- /dev/null +++ b/interface-definitions/service_conntrack-sync.xml.in @@ -0,0 +1,173 @@ + + + + + + + Connection tracking synchronization + + 799 + + + + + Protocols for which local conntrack entries will be synced + + tcp udp icmp icmp6 sctp dccp + + + tcp + Sync Transmission Control Protocol entries + + + udp + Sync User Datagram Protocol entries + + + icmp + Sync Internet Control Message Protocol entries + + + icmp6 + Sync IPv6 Internet Control Message Protocol entries + + + sctp + Sync Stream Control Transmission Protocol entries + + + dccp + Sync Datagram Congestion Control Protocol entries + + + (tcp|udp|icmp|icmp6|sctp|dccp) + + Allowed protocols: tcp udp icmp or sctp + + + + + + Directly injects the flow-states into the in-kernel Connection Tracking System of the backup firewall. + + + + + + Queue size for local conntrack events + + u32 + Queue size in MB + + + 8 + + + + Protocol for which expect entries need to be synchronized + + all ftp sip h323 nfs sqlnet + + + (all|ftp|sip|h323|nfs|sqlnet) + + Invalid protocol + + + + + + Failover mechanism to use for conntrack-sync + + + + + VRRP as failover-mechanism to use for conntrack-sync + + + + + VRRP sync group + + high-availability vrrp sync-group + + + + + + + + + + IP addresses for which local conntrack entries will not be synced + + ipv4 + IPv4 address to ignore + + + ipv4net + IPv4 prefix to ignore + + + ipv6 + IPv6 address to ignore + + + ipv6net + IPv6 prefix to ignore + + + + + + + + + + + Interface to use for syncing conntrack entries + + + + + + + + IP address of the peer to send the UDP conntrack info too. This disable multicast. + + ipv4 + IP address to listen for incoming connections + + + + + + + #include + + + #include + + + Multicast group to use for syncing conntrack entries + + + + + 225.0.0.50 + + + + Queue size for syncing conntrack entries + + u32 + Queue size in MB + + + 1 + + + + + + diff --git a/interface-definitions/service_console-server.xml.in b/interface-definitions/service_console-server.xml.in new file mode 100644 index 000000000..fc6dbe954 --- /dev/null +++ b/interface-definitions/service_console-server.xml.in @@ -0,0 +1,100 @@ + + + + + + + Serial Console Server + + + + + System serial interface name (ttyS or ttyUSB) + + + + + + ttySxxx + Regular serial interface + + + usbxbxpx + USB based serial interface + + + (ttyS\d+|usb\d+b.*p.*) + + + + #include + + + Human-readable name for this console + + [-_a-zA-Z0-9.]{1,128} + + + + + + Serial port baud rate + + 300 1200 2400 4800 9600 19200 38400 57600 115200 + + + (300|1200|2400|4800|9600|19200|38400|57600|115200) + + + + + + Serial port data bits + + 7 8 + + + + + + 8 + + + + Serial port stop bits + + 1 2 + + + + + + 1 + + + + Parity setting + + even odd none + + + (even|odd|none) + + + none + + + + SSH remote access to this console + + + #include + + + + + + + + + diff --git a/interface-definitions/service_dhcp-relay.xml.in b/interface-definitions/service_dhcp-relay.xml.in new file mode 100644 index 000000000..9fdd9581d --- /dev/null +++ b/interface-definitions/service_dhcp-relay.xml.in @@ -0,0 +1,126 @@ + + + + + + + + Host Configuration Protocol (DHCP) relay agent + 910 + + + #include + #include + + + Interface for DHCP Relay Agent to listen for requests + + + + + txt + Interface name + + + #include + + + + + + + Interface for DHCP Relay Agent forward requests out + + + + + txt + Interface name + + + #include + + + + + + + Relay options + + + + + Policy to discard packets that have reached specified hop-count + + u32:1-255 + Hop count + + + + + hop-count must be a value between 1 and 255 + + 10 + + + + Maximum packet size to send to a DHCPv4/BOOTP server + + u32:64-1400 + Maximum packet size + + + + + max-size must be a value between 64 and 1400 + + 576 + + + + Policy to handle incoming DHCPv4 packets which already contain relay agent options + + append replace forward discard + + + append + append own relay options to packet + + + replace + replace existing agent option field + + + forward + forward packet unchanged + + + discard + discard packet (default action if giaddr not set in packet) + + + (append|replace|forward|discard) + + + forward + + + + + + DHCP server address + + ipv4 + DHCP server IPv4 address + + + + + + + + + + + + diff --git a/interface-definitions/service_dhcp-server.xml.in b/interface-definitions/service_dhcp-server.xml.in new file mode 100644 index 000000000..e35d845f1 --- /dev/null +++ b/interface-definitions/service_dhcp-server.xml.in @@ -0,0 +1,456 @@ + + + + + + + + Dynamic Host Configuration Protocol (DHCP) for DHCP server + 911 + + + #include + + + Dynamically update Domain Name System (RFC4702) + + + + + + DHCP failover configuration + + + #include + + + IPv4 remote address used for connectio + + ipv4 + IPv4 address of failover peer + + + + + + + + + Peer name used to identify connection + + [-_a-zA-Z0-9.]+ + + Invalid failover peer name. May only contain letters, numbers and .-_ + + + + + Failover hierarchy + + primary secondary + + + primary + Configure this server to be the primary node + + + secondary + Configure this server to be the secondary node + + + (primary|secondary) + + Invalid DHCP failover peer status + + + #include + #include + + + + + Updating /etc/hosts file (per client lease) + + + + #include + + + Name of DHCP shared network + + [-_a-zA-Z0-9.]+ + + Invalid shared network name. May only contain letters, numbers and .-_ + + + + + Option to make DHCP server authoritative for this physical network + + + + #include + #include + #include + #include + #include + #include + + + DHCP subnet for shared network + + ipv4net + IPv4 address and prefix length + + + + + Invalid IPv4 subnet definition + + + + + Bootstrap file name + + [[:ascii:]]{1,253} + + + + + + Server from which the initial boot file is to be loaded + + ipv4 + Bootfile server IPv4 address + + + hostname + Bootfile server FQDN + + + + + + + + + + Bootstrap file size + + u32:1-16 + Bootstrap file size in 512 byte blocks + + + + + + + #include + + + Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used. + + u32:0-32 + DHCP client prefix length must be 0 to 32 + + + + + DHCP client prefix length must be 0 to 32 + + + + + IP address of default router + + ipv4 + Default router IPv4 address + + + + + + + #include + #include + #include + #include + + + IP address to exclude from DHCP lease range + + ipv4 + IPv4 address to exclude from lease range + + + + + + + + + + Enable IP forwarding on client + + + + + + Lease timeout in seconds + + u32 + DHCP lease time in seconds + + + + + DHCP lease time must be between 0 and 4294967295 (49 days) + + 86400 + + #include + + + IP address of POP3 server + + ipv4 + POP3 server IPv4 address + + + + + + + + + + Address for DHCP server identifier + + ipv4 + DHCP server identifier IPv4 address + + + + + + + + + IP address of SMTP server + + ipv4 + SMTP server IPv4 address + + + + + + + + + + DHCP lease range + + [-_a-zA-Z0-9.]+ + + Invalid range name, may only be alphanumeric, dot and hyphen + + + + + First IP address for DHCP lease range + + ipv4 + IPv4 start address of pool + + + + + + + + + Last IP address for DHCP lease range + + ipv4 + IPv4 end address of pool + + + + + + + + + + + Hostname for static mapping reservation + + + + Invalid static mapping hostname + + + #include + + + Fixed IP address of static mapping + + ipv4 + IPv4 address used in static mapping + + + + + + + #include + #include + + + + + Classless static route destination subnet + + ipv4net + IPv4 address and prefix length + + + + + + + + + IP address of router to be used to reach the destination subnet + + ipv4 + IPv4 address of router + + + + + + + + + + + Disable IPv4 on IPv6 only hosts (RFC 8925) + + u32 + Seconds + + + + + Seconds must be between 0 and 4294967295 (49 days) + + + + + TFTP server name + + ipv4 + TFTP server IPv4 address + + + hostname + TFTP server FQDN + + + + + + + + + + Client subnet offset in seconds from Coordinated Universal Time (UTC) + + [-]N + Time offset (number, may be negative) + + + -?[0-9]+ + + Invalid time offset value + + + + + IP address of time server + + ipv4 + Time server IPv4 address + + + + + + + + + + Time zone to send to clients. Uses RFC4833 options 100 and 101 + + + + + + + + + + + Vendor Specific Options + + + + + Ubiquiti specific parameters + + + + + Address of UniFi controller + + ipv4 + IP address of UniFi controller + + + + + + + + + + + + + IP address for Windows Internet Name Service (WINS) server + + ipv4 + WINS server IPv4 address + + + + + + + + + + Web Proxy Autodiscovery (WPAD) URL + + + + + + + + + + + diff --git a/interface-definitions/service_dhcpv6-relay.xml.in b/interface-definitions/service_dhcpv6-relay.xml.in new file mode 100644 index 000000000..40679d1c2 --- /dev/null +++ b/interface-definitions/service_dhcpv6-relay.xml.in @@ -0,0 +1,82 @@ + + + + + + + + DHCPv6 Relay Agent parameters + 900 + + + #include + + + Interface for DHCPv6 Relay Agent to listen for requests + + + + + + + + IPv6 address on listen-interface listen for requests on + + ipv6 + IPv6 address on listen interface + + + + + + + + + + + Maximum hop count for which requests will be processed + + u32:1-255 + Hop count + + + + + max-hop-count must be a value between 1 and 255 + + 10 + + + + Interface for DHCPv6 Relay Agent forward requests out + + + + + + + + IPv6 address to forward requests to + + ipv6 + IPv6 address of the DHCP server + + + + + + + + + + + + Option to set DHCPv6 interface-ID option + + + + + + + + diff --git a/interface-definitions/service_dhcpv6-server.xml.in b/interface-definitions/service_dhcpv6-server.xml.in new file mode 100644 index 000000000..102c164a6 --- /dev/null +++ b/interface-definitions/service_dhcpv6-server.xml.in @@ -0,0 +1,375 @@ + + + + + + + DHCP for IPv6 (DHCPv6) server + 900 + + + #include + + + Additional global parameters for DHCPv6 server + + + #include + + + + + Preference of this DHCPv6 server compared with others + + u32:0-255 + DHCPv6 server preference (0-255) + + + + + Preference must be between 0 and 255 + + + + + DHCPv6 shared network name + + [-_a-zA-Z0-9.]+ + + Invalid DHCPv6 shared network name. May only contain letters, numbers and .-_ + + + #include + #include + + + Optional interface for this shared network to accept requests from + + + + + txt + Interface name + + + #include + + + + + + Common options to distribute to all clients, including stateless clients + + + + + Time (in seconds) that stateless clients should wait between refreshing the information they were given + + u32:1-4294967295 + DHCPv6 information refresh time + + + + + + + #include + #include + + + + + IPv6 DHCP subnet for this shared network + + ipv6net + IPv6 address and prefix length + + + + + + + + + Parameters setting ranges for assigning IPv6 addresses + + + + + IPv6 prefix defining range of addresses to assign + + ipv6net + IPv6 address and prefix length + + + + + + + + + + First in range of consecutive IPv6 addresses to assign + + ipv6 + IPv6 address + + + + + + + + + Last in range of consecutive IPv6 addresses + + ipv6 + IPv6 address + + + + + + + + + + + #include + #include + + + Parameters relating to the lease time + + + + + Default time (in seconds) that will be assigned to a lease + + u32:1-4294967295 + DHCPv6 valid lifetime + + + + + + + + + Maximum time (in seconds) that will be assigned to a lease + + u32:1-4294967295 + Maximum lease time in seconds + + + + + + + + + Minimum time (in seconds) that will be assigned to a lease + + u32:1-4294967295 + Minimum lease time in seconds + + + + + + + + + #include + + + NIS domain name for client to use + + [-_a-zA-Z0-9.]+ + + Invalid NIS domain name + + + + + IPv6 address of a NIS Server + + ipv6 + IPv6 address of NIS server + + + + + + + + + + NIS+ domain name for client to use + + [-_a-zA-Z0-9.]+ + + Invalid NIS+ domain name. May only contain letters, numbers and .-_ + + + + + IPv6 address of a NIS+ Server + + ipv6 + IPv6 address of NIS+ server + + + + + + + + + + Parameters relating to IPv6 prefix delegation + + + + + IPv6 prefix to be used in prefix delegation + + ipv6 + IPv6 prefix used in prefix delegation + + + + + + + + + Length in bits of prefix + + u32:32-64 + Prefix length (32-64) + + + + + Prefix length must be between 32 and 64 + + + + + Length in bits of prefixes to be delegated + + u32:32-64 + Delegated prefix length (32-64) + + + + + Delegated prefix length must be between 32 and 96 + + + + + + + + + IPv6 address of SIP server + + ipv6 + IPv6 address of SIP server + + + hostname + FQDN of SIP server + + + + + + + + + + + IPv6 address of an SNTP server for client to use + + + + + + + + + Hostname for static mapping reservation + + + + Invalid static mapping hostname + + + #include + #include + #include + + + Client IPv6 address for this static mapping + + ipv6 + IPv6 address for this static mapping + + + + + + + + + Client IPv6 prefix for this static mapping + + ipv6net + IPv6 prefix for this static mapping + + + + + + + + + + + Vendor Specific Options + + + + + Cisco specific parameters + + + + + TFTP server name + + ipv6 + TFTP server IPv6 address + + + + + + + + + + + + + + + + + + + + diff --git a/interface-definitions/service_dns_dynamic.xml.in b/interface-definitions/service_dns_dynamic.xml.in new file mode 100644 index 000000000..d1b0e90bb --- /dev/null +++ b/interface-definitions/service_dns_dynamic.xml.in @@ -0,0 +1,213 @@ + + + + + + + Domain Name System (DNS) related services + + + + + Dynamic DNS + 990 + + + + + Dynamic DNS configuration + + txt + Dynamic DNS service name + + + #include + + Dynamic DNS service name must be alphanumeric and can contain hyphens and underscores + + + #include + + + ddclient protocol used for Dynamic DNS service + + + + + + + + + + + Obtain IP address to send Dynamic DNS update for + + txt + Use interface to obtain the IP address + + + web + Use HTTP(S) web request to obtain the IP address + + + + web + + + #include + web + + + + + + Options when using HTTP(S) web request to obtain the IP address + + + #include + + + Pattern to skip from the HTTP(S) respose + + txt + Pattern to skip from the HTTP(S) respose to extract the external IP address + + + + + + + + IP address version to use + + _ipv4 + Use only IPv4 address + + + _ipv6 + Use only IPv6 address + + + both + Use both IPv4 and IPv6 address + + + ipv4 ipv6 both + + + (ipv[46]|both) + + IP Version must be literal 'ipv4', 'ipv6' or 'both' + + ipv4 + + + + Hostname to register with Dynamic DNS service + + #include + (\@|\*)[-.A-Za-z0-9]* + + Host-name must be alphanumeric, can contain hyphens and can be prefixed with '@' or '*' + + + + + + Remote Dynamic DNS server to send updates to + + ipv4 + IPv4 address of the remote server + + + ipv6 + IPv6 address of the remote server + + + hostname + Fully qualified domain name of the remote server + + + + + + Remote server must be IP address or fully qualified domain name + + + + + DNS zone to be updated + + txt + Name of DNS zone + + + + + + + #include + #include + + + File containing TSIG authentication key for RFC2136 nsupdate on remote DNS server + + filename + File in /config/auth directory + + + + + + + #include + + + Time in seconds to wait between update attempts + + u32:60-86400 + Time in seconds + + + + + Wait time must be between 60 and 86400 seconds + + + + + Time in seconds for the hostname to be marked expired in cache + + u32:300-2160000 + Time in seconds + + + + + Expiry time must be between 300 and 2160000 seconds + + + + + + + Interval in seconds to wait between Dynamic DNS updates + + u32:60-3600 + Time in seconds + + + + + Interval must be between 60 and 3600 seconds + + 300 + + #include + + + + + + + diff --git a/interface-definitions/service_dns_forwarding.xml.in b/interface-definitions/service_dns_forwarding.xml.in new file mode 100644 index 000000000..7dce9b548 --- /dev/null +++ b/interface-definitions/service_dns_forwarding.xml.in @@ -0,0 +1,703 @@ + + + + + + + + Domain Name System (DNS) related services + + + + + DNS forwarding + 918 + + + + + DNS forwarding cache size + + u32:0-2147483647 + DNS forwarding cache size + + + + + + 10000 + + + + Interfaces whose DHCP client nameservers to forward requests to + + + + + + + + + Help to communicate between IPv6-only client and IPv4-only server + + ipv6net + IPv6 address and /96 only prefix length + + + + + + + + + DNSSEC mode + + off process-no-validate process log-fail validate + + + off + No DNSSEC processing whatsoever! + + + process-no-validate + Respond with DNSSEC records to clients that ask for it. No validation done at all! + + + process + Respond with DNSSEC records to clients that ask for it. Validation for clients that request it. + + + log-fail + Similar behaviour to process, but validate RRSIGs on responses and log bogus responses. + + + validate + Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses. + + + (off|process-no-validate|process|log-fail|validate) + + + process-no-validate + + + + Domain to forward to a custom DNS server + + txt + An absolute DNS domain name + + + + + + + #include + + + Add NTA (negative trust anchor) for this domain (must be set if the domain does not support DNSSEC) + + + + + + Set the "recursion desired" bit in requests to the upstream nameserver + + + + + + + + Domain to host authoritative records for + + txt + An absolute DNS domain name + + + + + + + + + DNS zone records + + + + + A record + + txt + A DNS name relative to the root record + + + @ + Root record + + + any + Wildcard record (any subdomain) + + + ([-_a-zA-Z0-9.]{1,63}|@|any)(?<!\.) + + + + + + IPv4 address + + ipv4 + IPv4 address + + + + + + + + #include + + 300 + + #include + + + + + AAAA record + + txt + A DNS name relative to the root record + + + @ + Root record + + + any + Wildcard record (any subdomain) + + + ([-_a-zA-Z0-9.]{1,63}|@|any)(?<!\.) + + + + + + IPv6 address + + ipv6 + IPv6 address + + + + + + + + #include + + 300 + + #include + + + + + CNAME record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Target DNS name + + name.example.com + Absolute DNS name + + + [-_a-zA-Z0-9.]{1,63}(?<!\.) + + + + #include + + 300 + + #include + + + + + MX record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Mail server + + name.example.com + Absolute DNS name + + + [-_a-zA-Z0-9.]{1,63}(?<!\.) + + + + + + Server priority + + u32:1-999 + Server priority (lower numbers are higher priority) + + + + + + 10 + + + + #include + + 300 + + #include + + + + + NS record + + txt + A DNS name relative to the root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Target DNS server authoritative for subdomain + + nsXX.example.com + Absolute DNS name + + + [-_a-zA-Z0-9.]{1,63}(?<!\.) + + + + #include + + 300 + + #include + + + + + PTR record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Target DNS name + + name.example.com + Absolute DNS name + + + [-_a-zA-Z0-9.]{1,63}(?<!\.) + + + + #include + + 300 + + #include + + + + + TXT record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Record contents + + txt + Record contents + + + + + #include + + 300 + + #include + + + + + SPF record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Record contents + + txt + Record contents + + + + #include + + 300 + + #include + + + + + SRV record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Service entry + + u32:0-65535 + Entry number + + + + + + + + + Server hostname + + name.example.com + Absolute DNS name + + + [-_a-zA-Z0-9.]{1,63}(?<!\.) + + + + + + Port number + + u32:0-65535 + TCP/UDP port number + + + + + + + + + Entry priority + + u32:0-65535 + Entry priority (lower numbers are higher priority) + + + + + + 10 + + + + Entry weight + + u32:0-65535 + Entry weight + + + + + + 0 + + + + #include + + 300 + + #include + + + + + NAPTR record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + NAPTR rule + + u32:0-65535 + Rule number + + + + + + + + + Rule order + + u32:0-65535 + Rule order (lower order is evaluated first) + + + + + + + + + Rule preference + + u32:0-65535 + Rule preference + + + + + + 0 + + + + S flag + + + + + + A flag + + + + + + U flag + + + + + + P flag + + + + + + Service type + + [a-zA-Z][a-zA-Z0-9]{0,31}(\+[a-zA-Z][a-zA-Z0-9]{0,31})? + + + + + + Regular expression + + + + + Replacement DNS name + + name.example.com + Absolute DNS name + + + [-_a-zA-Z0-9.]{1,63}(?<!\.) + + + + + + #include + + 300 + + #include + + + + + #include + + + + + Do not use local /etc/hosts file in name resolution + + + + + + Makes the server authoritatively not aware of RFC1918 addresses + + + + + + Networks allowed to query this server + + ipv4net + IP address and prefix length + + + ipv6net + IPv6 address and prefix length + + + + + + + + #include + #include + + 53 + + + + Maximum amount of time negative entries are cached + + u32:0-7200 + Seconds to cache NXDOMAIN entries + + + + + + 3600 + + + + Number of milliseconds to wait for a remote authoritative server to respond + + u32:10-60000 + Network timeout in milliseconds + + + + + + 1500 + + #include + #include + + 0.0.0.0 :: + + + + Use system name servers + + + + + + + + + + diff --git a/interface-definitions/service_event-handler.xml.in b/interface-definitions/service_event-handler.xml.in new file mode 100644 index 000000000..2cee4f595 --- /dev/null +++ b/interface-definitions/service_event-handler.xml.in @@ -0,0 +1,70 @@ + + + + + + + Service event handler + + + + + Event handler name + + + + + Logs filter settings + + + + + Match pattern (regex) + + + + + Identifier of a process in syslog (string) + + + + + + + Event handler script file + + + + + Script arguments + + + + + Script environment arguments + + + + + Environment value + + + + + + + Path to the script + + + + + + + + + + + + + + diff --git a/interface-definitions/service_https.xml.in b/interface-definitions/service_https.xml.in new file mode 100644 index 000000000..223f10962 --- /dev/null +++ b/interface-definitions/service_https.xml.in @@ -0,0 +1,220 @@ + + + + + + + HTTPS configuration + 1001 + + + + + Identifier for virtual host + + [a-zA-Z0-9-_.:]{1,255} + + illegal characters in identifier or identifier longer than 255 characters + + + + + Address to listen for HTTPS requests + + + + + ipv4 + HTTPS IPv4 address + + + ipv6 + HTTPS IPv6 address + + + '*' + any + + + + \* + + + + #include + + 443 + + + + Server names: exact, wildcard, or regex + + + + #include + + + + + VyOS HTTP API configuration + + + + + HTTP API keys + + + + + HTTP API id + + + + + HTTP API plaintext key + + + + + + + + + Enforce strict path checking + + + + + + Debug + + + + + + + GraphQL support + + + + + Schema introspection + + + + + + GraphQL authentication + + + + + Authentication type + + key token + + + key + Use API keys + + + token + Use JWT token + + + (key|token) + + + key + + + + Token time to expire in seconds + + u32:60-31536000 + Token lifetime in seconds + + + + + + 3600 + + + + Length of shared secret in bytes + + u32:16-65535 + Byte length of generated shared secret + + + + + + 32 + + + + + + + + Set CORS options + + + + + Allow resource request from origin + + + + + + + + + + Restrict api proxy to subset of virtual hosts + + + + + Restrict proxy to virtual host(s) + + + + + + + + TLS certificates + + + #include + #include + + + Request or apply a letsencrypt certificate for domain-name + + + + + Domain name(s) for which to obtain certificate + + + + + + Email address to associate with certificate + + + + + + + #include + + + + + diff --git a/interface-definitions/service_ids_ddos-protection.xml.in b/interface-definitions/service_ids_ddos-protection.xml.in new file mode 100644 index 000000000..3ef2640b3 --- /dev/null +++ b/interface-definitions/service_ids_ddos-protection.xml.in @@ -0,0 +1,167 @@ + + + + + + + Intrusion Detection System + + + + + FastNetMon detection and protection parameters + 731 + + + + + Path to fastnetmon alert script + + + + + How long we should keep an IP in blocked state + + u32:1-4294967294 + Time in seconds + + + + + + 1900 + + + + Direction for processing traffic + + in out + + + (in|out) + + + + + + + Specify IPv4 and IPv6 networks which are going to be excluded from protection + + ipv4net + IPv4 prefix(es) to exclude + + + ipv6net + IPv6 prefix(es) to exclude + + + + + + + + + + + Listen interface for mirroring traffic + + + + + + + + + Traffic capture mode + + mirror sflow + + + mirror + Listen to mirrored traffic + + + sflow + Capture sFlow flows + + + (mirror|sflow) + + + + + + Sflow settings + + + #include + #include + + 6343 + + + + + + Specify IPv4 and IPv6 networks which belong to you + + ipv4net + Your IPv4 prefix(es) + + + ipv6net + Your IPv6 prefix(es) + + + + + + + + + + + Attack limits thresholds + + + + + General threshold + + + #include + + + + + TCP threshold + + + #include + + + + + UDP threshold + + + #include + + + + + ICMP threshold + + + #include + + + + + + + + + + + diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in new file mode 100644 index 000000000..edfe6a34c --- /dev/null +++ b/interface-definitions/service_ipoe-server.xml.in @@ -0,0 +1,190 @@ + + + + + + + Internet Protocol over Ethernet (IPoE) Server + 900 + + + + + Interface to listen dhcp or unclassified packets + + + + + + + + Client connectivity mode + + l2 l3 + + + l2 + Client located on same interface as server + + + l3 + Client located behind a router + + + (l2|l3) + + + l2 + + + + Enables clients to share the same network or each client has its own vlan + + shared vlan + + + (shared|vlan) + + + shared + Multiple clients share the same network + + + vlan + One VLAN per client + + + shared + + + + Client address pool + + ipv4net + IPv4 address and prefix length + + + + + + + + + DHCP requests will be forwarded + + + + + DHCP Server the request will be redirected to. + + ipv4 + IPv4 address of the DHCP Server + + + + + + + + + Relay Agent IPv4 Address + + ipv4 + Gateway IP address + + + + + + + + + #include + + + #include + #include + #include + #include + #include + + + Client authentication methods + + + #include + + + Network interface for client MAC addresses + + + + + + + + Media Access Control (MAC) address + + macaddr + Hardware (MAC) address + + + + + + + + + Upload/Download speed limits + + + + + Upload bandwidth limit in kbits/sec + + + + + + + + Download bandwidth limit in kbits/sec + + + + + + + + + + VLAN monitor for automatic creation of VLAN interfaces + + u32:1-4094 + Client VLAN id + + + + + VLAN IDs need to be in range 1-4094 + + + + + + + + + #include + + + #include + #include + + + #include + + + + + diff --git a/interface-definitions/service_lldp.xml.in b/interface-definitions/service_lldp.xml.in new file mode 100644 index 000000000..1a06e0cb3 --- /dev/null +++ b/interface-definitions/service_lldp.xml.in @@ -0,0 +1,188 @@ + + + + + + + LLDP settings + 985 + + + + + Location data for interface + + all + Location data all interfaces + + + txt + Location data for a specific interface + + + + all + + + + #include + + + LLDP-MED location data + + + + + Coordinate based location + + + + + Altitude in meters + + 0 + No altitude + + + [+-]<meters> + Altitude in meters + + Altitude should be a positive or negative number + + + + + 0 + + + + Coordinate datum type + + WGS84 + WGS84 + + + NAD83 + NAD83 + + + MLLW + NAD83/MLLW + + + WGS84 NAD83 MLLW + + Datum should be WGS84, NAD83, or MLLW + + (WGS84|NAD83|MLLW) + + + WGS84 + + + + Latitude + + <latitude> + Latitude (example "37.524449N") + + Latitude should be a number followed by S or N + + (\d+)(\.\d+)?[nNsS] + + + + + + Longitude + + <longitude> + Longitude (example "122.267255W") + + Longiture should be a number followed by E or W + + (\d+)(\.\d+)?[eEwW] + + + + + + + + ECS ELIN (Emergency location identifier number) + + u32:0-9999999999 + Emergency Call Service ELIN number (between 10-25 numbers) + + + [0-9]{10,25} + + ELIN number must be between 10-25 numbers + + + + + + + + + Legacy (vendor specific) protocols + + + + + Listen for CDP for Cisco routers/switches + + + + + + Listen for EDP for Extreme routers/switches + + + + + + Listen for FDP for Foundry routers/switches + + + + + + Listen for SONMP for Nortel routers/switches + + + + + + + + Management IP Address + + + + + ipv4 + IPv4 Management Address + + + ipv6 + IPv6 Management Address + + + + + + + + + + Enable SNMP queries of the LLDP database + + + + + + + + diff --git a/interface-definitions/service_mdns_repeater.xml.in b/interface-definitions/service_mdns_repeater.xml.in new file mode 100644 index 000000000..5d6f61d74 --- /dev/null +++ b/interface-definitions/service_mdns_repeater.xml.in @@ -0,0 +1,82 @@ + + + + + + + Multicast DNS (mDNS) parameters + + + + + mDNS repeater configuration + 990 + + + #include + #include + + + IP address version to use + + _ipv4 + Use only IPv4 address + + + _ipv6 + Use only IPv6 address + + + both + Use both IPv4 and IPv6 address + + + ipv4 ipv6 both + + + (ipv[46]|both) + + IP Version must be literal 'ipv4', 'ipv6' or 'both' + + both + + + + mDNS browsing domains in addition to the default one + + txt + mDNS browsing domain + + + + + + + + + + Allowed mDNS services to be repeated + + txt + mDNS service + + + [-_.a-zA-Z0-9]+ + + Service name must be alphanumeric and can contain hyphens and underscores + + + + + + Disables mDNS repeater on VRRP interfaces not in MASTER state + + + + + + + + + + diff --git a/interface-definitions/service_monitoring_telegraf.xml.in b/interface-definitions/service_monitoring_telegraf.xml.in new file mode 100644 index 000000000..4d694114a --- /dev/null +++ b/interface-definitions/service_monitoring_telegraf.xml.in @@ -0,0 +1,284 @@ + + + + + + + Monitoring services + 1280 + + + + + Telegraf metric collector + + + + + Output plugin InfluxDB + + + + + Authentication parameters + + + + + Authentication organization for InfluxDB v2 + + [a-zA-Z][1-9a-zA-Z@_\-.]{2,50} + + Organization name must be alphanumeric and can contain hyphens, underscores and at symbol. + + + + + Authentication token for InfluxDB v2 + + txt + Authentication token + + + [a-zA-Z0-9-_]{86}== + + Token must be 88 characters long and must contain only [a-zA-Z0-9-_] and '==' characters. + + + + + + + Remote bucket + + main + + #include + #include + + 8086 + + + + + + Output plugin Azure Data Explorer + + + + + Authentication parameters + + + + + Application client id + + #include + + Client-id is limited to alphanumerical characters and can contain hyphen and underscores + + + + + Application client secret + + #include + + Client-secret is limited to alphanumerical characters and can contain hyphen and underscores + + + + + Set tenant id + + #include + + Tenant-id is limited to alphanumerical characters and can contain hyphen and underscores + + + + + + + Remote database name + + txt + Remote database name + + + #include + + Database is limited to alphanumerical characters and can contain hyphen and underscores + + + + + Type of metrics grouping when push to Azure Data Explorer + + single-table table-per-metric + + + single-table + Metrics stores in one table + + + table-per-metric + One table per gorups of metric by the metric name + + + (single-table|table-per-metric) + + + table-per-metric + + + + Name of the single table [Only if set group-metrics single-table] + + txt + Table name + + + #include + + Table is limited to alphanumerical characters and can contain hyphen and underscores + + + #include + + + + + Source parameters for monitoring + + all hardware-utilization logs network system telegraf + + + all + All parameters + + + hardware-utilization + Hardware-utilization parameters (CPU, disk, memory) + + + logs + Logs parameters + + + network + Network parameters (net, netstat, nftables) + + + system + System parameters (system, processes, interrupts) + + + telegraf + Telegraf internal statistics + + + (all|hardware-utilization|logs|network|system|telegraf) + + + + all + + + + Output plugin Prometheus client + + + + + HTTP basic authentication parameters + + + + + Authentication username + + + + + Authentication password + + txt + Authentication password + + + + + + + + Networks allowed to query this server + + ipv4net + IP address and prefix length + + + ipv6net + IPv6 address and prefix length + + + + + + + + #include + + + Metric version control mapping from Telegraf to Prometheus format + + u32:1-2 + Metric version (default: 2) + + + + + + 2 + + #include + + 9273 + + + + + + Output plugin Splunk + + + + + HTTP basic authentication parameters + + + + + Authorization token + + + + + Use TLS but skip host validation + + + + + + #include + + + #include + + + + + + + diff --git a/interface-definitions/service_monitoring_zabbix-agent.xml.in b/interface-definitions/service_monitoring_zabbix-agent.xml.in new file mode 100644 index 000000000..40f2df642 --- /dev/null +++ b/interface-definitions/service_monitoring_zabbix-agent.xml.in @@ -0,0 +1,193 @@ + + + + + + + + + Zabbix-agent settings + + + + + Folder containing individual Zabbix-agent configuration files + + + + + + + + Zabbix agent hostname + + #include + + Host-name must be alphanumeric and can contain hyphens + + + + + Limit settings + + + + + Do not keep data longer than N seconds in buffer + + u32:1-3600 + Seconds + + + + + buffer-flush-interval must be between 1 and 3600 seconds + + 5 + + + + Maximum number of values in a memory buffer + + u32:2-65535 + Maximum number of values in a memory buffer + + + + + Buffer-size must be between 2 and 65535 + + 100 + + + + + + Log settings + + + + + Debug level + + basic critical error warning debug extended-debug + + + basic + Basic information + + + critical + Critical information + + + error + Error information + + + warning + Warnings + + + debug + Debug information + + + extended-debug + Extended debug information + + + (basic|critical|error|warning|debug|extended-debug) + + + warning + + + + Enable logging of executed shell commands as warnings + + + + + + Log file size in megabytes + + u32:0-1024 + Megabytes + + + + + Size must be between 0 and 1024 Megabytes + + 0 + + + + #include + + 0.0.0.0 + + #include + + 10050 + + + + Remote server to connect to + + ipv4 + Server IPv4 address + + + ipv6 + Server IPv6 address + + + hostname + Server hostname/FQDN + + + + + + + Remote server address to get active checks from + + ipv4 + Server IPv4 address + + + ipv6 + Server IPv6 address + + + hostname + Server hostname/FQDN + + + + #include + + + + + Item processing timeout in seconds + + u32:1-30 + Item processing timeout + + + + + Timeout must be between 1 and 30 seconds + + 3 + + + + + + + + diff --git a/interface-definitions/service_ntp.xml.in b/interface-definitions/service_ntp.xml.in new file mode 100644 index 000000000..65a45d7a1 --- /dev/null +++ b/interface-definitions/service_ntp.xml.in @@ -0,0 +1,67 @@ + + + + + + + + Network Time Protocol (NTP) configuration + 900 + + + + + Network Time Protocol (NTP) server + + ipv4 + IP address of NTP server + + + ipv6 + IPv6 address of NTP server + + + hostname + Fully qualified domain name of NTP server + + + + + + + + + + Marks the server as unused + + + + + + Enable Network Time Security (NTS) for the server + + + + + + Associate with a number of remote servers + + + + + + Marks the server as preferred + + + + + + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in new file mode 100644 index 000000000..f1b369936 --- /dev/null +++ b/interface-definitions/service_pppoe-server.xml.in @@ -0,0 +1,281 @@ + + + + + + + Point to Point over Ethernet (PPPoE) Server + 900 + + + #include + + vyos-ac + + + + Authentication for remote access PPPoE Server + + + #include + #include + #include + #include + #include + + + #include + + + Format of Called-Station-Id attribute + + ifname ifname:mac + + + (ifname|ifname:mac) + + Invalid Called-Station-Id format + + ifname + NAS-Port-Id - should contain root interface name (NAS-Port-Id=eth1) + + + ifname:mac + NAS-Port-Id - should contain root interface name and mac address (NAS-Port-Id=eth1:00:00:00:00:00:00) + + + + + + + + #include + #include + #include + + + interface(s) to listen on + + + + + + #include + + + #include + #include + #include + + + Limits the connection rate from a single source + + + + + Acceptable rate of connections (e.g. 1/min, 60/sec) + + [0-9]+\/(min|sec) + + illegal value + + + + + Burst count + + + + + Timeout in seconds + + + + + + + Service name + + [a-zA-Z0-9\-]{1,100} + + Service-name can contain aplhanumerical characters and dashes only (max. 100) + + + + #include + + + Advanced protocol options + + + + + Minimum acceptable MTU (68-65535) + + + + + 1280 + + + + Preferred MRU (68-65535) + + + + + + + + CCP negotiation (default disabled) + + + + #include + #include + #include + #include + + + IPv4 (IPCP) negotiation algorithm + + (deny|allow|prefer|require) + + invalid value + + deny + Do not negotiate IPv4 + + + allow + Negotiate IPv4 only if client requests + + + prefer + Ask client for IPv4 negotiation, do not fail if it rejects + + + require + Require IPv4 negotiation + + + deny allow prefer require + + + + #include + #include + + + + + PADO delays + + u32:1-999999 + Number in ms + + + + + Invalid PADO delay + + + + + Number of sessions + + u32:1-999999 + Number of sessions + + + + + Invalid number of delayed sessions + + + + + + + control sessions count + + (deny|disable|replace) + + Invalid value + + disable + Disables session control + + + deny + Deny second session authorization + + + replace + Terminate first session when second is authorized + + + deny disable replace + + + replace + + #include + + + Enable SNMP + + + + + enable SNMP master agent mode + + + + + + + + Extended script execution + + + + + Script to run before PPPoE session interface comes up + + + + + + + + Script to run when PPPoE session interface is completely configured and started + + + + + + + + Script to run when PPPoE session interface going to terminate + + + + + + + + Script to run when PPPoE session interface changed by RADIUS CoA handling + + + + + + + + #include + + + + + diff --git a/interface-definitions/service_router-advert.xml.in b/interface-definitions/service_router-advert.xml.in new file mode 100644 index 000000000..16c29022d --- /dev/null +++ b/interface-definitions/service_router-advert.xml.in @@ -0,0 +1,369 @@ + + + + + + + IPv6 Router Advertisements (RAs) service + 900 + + + + + Interface to send RA on + + + + + + + + Set Hop Count field of the IP header for outgoing packets + + u32:0 + Unspecified (by this router) + + + u32:1-255 + Value should represent current diameter of the Internet + + + + + Hop count must be between 0 and 255 + + 64 + + + + Lifetime associated with the default router in units of seconds + + u32:4-9000 + Router Lifetime in seconds + + + 0 + Not a default router + + + + + Default router livetime bust be 0 or between 4 and 9000 + + + + + Preference associated with the default router, + + low medium high + + + low + Default router has low preference + + + medium + Default router has medium preference + + + high + Default router has high preference + + + (low|medium|high) + + Default preference must be low, medium or high + + medium + + + + DNS search list + + + + + + Link MTU value placed in RAs, exluded in RAs if unset + + u32:1280-9000 + Link MTU value in RAs + + + + + Link MTU must be between 1280 and 9000 + + + + + Hosts use the administered (stateful) protocol for address autoconfiguration in addition to any addresses autoconfigured using SLAAC + + + + + + Set interval between unsolicited multicast RAs + + + + + Maximum interval between unsolicited multicast RAs + + u32:4-1800 + Maximum interval in seconds + + + + + Maximum interval must be between 4 and 1800 seconds + + 600 + + + + Minimum interval between unsolicited multicast RAs + + u32:3-1350 + Minimum interval in seconds + + + + + Minimum interval must be between 3 and 1350 seconds + + + + + #include + + + Maximum duration how long the RDNSS entries are used + + u32:0 + Name-servers should no longer be used + + + u32:1-7200 + Maximum interval in seconds + + + + + Maximum interval must be between 1 and 7200 seconds + + + + + Hosts use the administered (stateful) protocol for autoconfiguration of other (non-address) information + + + + + + IPv6 route to be advertised in Router Advertisements (RAs) + + ipv6net + IPv6 route to be advertized + + + + + + + + + Time in seconds that the route will remain valid + + infinity + + + u32:1-4294967295 + Time in seconds that the route will remain valid + + + infinity + Route will remain preferred forever + + + + (infinity) + + + 1800 + + + + Preference associated with the route, + + low medium high + + + low + Route has low preference + + + medium + Route has medium preference + + + high + Route has high preference + + + (low|medium|high) + + Route preference must be low, medium or high + + medium + + + + Do not announce this route with a zero second lifetime upon shutdown + + + + + + + + IPv6 prefix to be advertised in Router Advertisements (RAs) + + ipv6net + IPv6 prefix to be advertized + + + + + + + + + Prefix can not be used for stateless address auto-configuration + + + + + + Prefix can not be used for on-link determination + + + + + + Upon shutdown, this option will deprecate the prefix by announcing it in the shutdown RA + + + + + + Lifetime is decremented by the number of seconds since the last RA - use in conjunction with a DHCPv6-PD prefix + + + + + + Time in seconds that the prefix will remain preferred + + infinity + + + u32 + Time in seconds that the prefix will remain preferred + + + infinity + Prefix will remain preferred forever + + + + (infinity) + + + 14400 + + + + Time in seconds that the prefix will remain valid + + infinity + + + u32:1-4294967295 + Time in seconds that the prefix will remain valid + + + infinity + Prefix will remain preferred forever + + + + (infinity) + + + 2592000 + + + + + + Use IPv6 address as source address. Useful with VRRP. + + ipv6 + IPv6 address to be advertized (must be configured on interface) + + + + + + + + + + Time, in milliseconds, that a node assumes a neighbor is reachable after having received a reachability confirmation + + u32:0 + Reachable Time unspecified by this router + + + u32:1-3600000 + Reachable Time value in RAs (in milliseconds) + + + + + Reachable time must be 0 or between 1 and 3600000 milliseconds + + 0 + + + + Time in milliseconds between retransmitted Neighbor Solicitation messages + + u32:0 + Time, in milliseconds, between retransmitted Neighbor Solicitation messages + + + u32:1-4294967295 + Minimum interval in milliseconds + + + + + Retransmit interval must be 0 or between 1 and 4294967295 milliseconds + + 0 + + + + Do not send router adverts + + + + + + + + + + diff --git a/interface-definitions/service_salt-minion.xml.in b/interface-definitions/service_salt-minion.xml.in new file mode 100644 index 000000000..eaa2899f4 --- /dev/null +++ b/interface-definitions/service_salt-minion.xml.in @@ -0,0 +1,74 @@ + + + + + + + Salt Minion + 500 + + + + + Hash used when discovering file on master server (default: sha256) + + md5 sha1 sha224 sha256 sha384 sha512 + + + (md5|sha1|sha224|sha256|sha384|sha512) + + + sha256 + + + + Hostname or IP address of the Salt master server + + ipv4 + Salt server IPv4 address + + + ipv6 + Salt server IPv6 address + + + hostname + Salt server FQDN address + + + + + + Invalid FQDN or IP address + + + + + + Explicitly declare ID for this minion to use (default: hostname) + + + + + Interval in minutes between updates (default: 60) + + u32:1-1440 + Update interval in minutes + + + + + + 60 + + + + URL with signature of master for auth reply verification + + + #include + + + + + diff --git a/interface-definitions/service_sla.xml.in b/interface-definitions/service_sla.xml.in new file mode 100644 index 000000000..0c4f8a591 --- /dev/null +++ b/interface-definitions/service_sla.xml.in @@ -0,0 +1,36 @@ + + + + + + + Service level agreement (SLA) + + + + + One-way active measurement protocol (OWAMP) server + + + #include + + 861 + + + + + + Two-way active measurement protocol (TWAMP) server + + + #include + + 862 + + + + + + + + diff --git a/interface-definitions/service_snmp.xml.in b/interface-definitions/service_snmp.xml.in new file mode 100644 index 000000000..e16e9daa1 --- /dev/null +++ b/interface-definitions/service_snmp.xml.in @@ -0,0 +1,598 @@ + + + + + + + + Simple Network Management Protocol (SNMP) + 900 + + + + + Community name + + [[:alnum:]-_!@*#]{1,100} + + Community string is limited to alphanumerical characters, -, _, !, @, *, and # with a total lenght of 100 + + + + + Authorization type + + ro rw + + + ro + Read-Only + + + rw + Read-Write + + + (ro|rw) + + Authorization type must be either 'rw' or 'ro' + + ro + + + + IP address of SNMP client allowed to contact system + + + + + + + + + + Subnet of SNMP client(s) allowed to contact system + + ipv4net + IP address and prefix length + + + ipv6net + IPv6 address and prefix length + + + + + + + 0.0.0.0/0 ::/0 + + + + + + Contact information + + .{1,255} + + Contact information is limited to 255 characters or less + + + #include + + + Management information base (MIB) + + + + + Sets the maximum number of interfaces included in IF-MIB data collection + + u32:1-4294967295 + Sets the maximum number of interfaces included in IF-MIB data collection + + + + + + + + + Sets the interface name prefix to include in the IF-MIB data collection + + br bond dum eth gnv macsec peth sstpc tun veth vti vtun vxlan wg wlan wwan + + + br + Allow prefix for IF-MIB data collection + + + bond + Allow prefix for IF-MIB data collection + + + dum + Allow prefix for IF-MIB data collection + + + eth + Allow prefix for IF-MIB data collection + + + gnv + Allow prefix for IF-MIB data collection + + + macsec + Allow prefix for IF-MIB data collection + + + peth + Allow prefix for IF-MIB data collection + + + sstpc + Allow prefix for IF-MIB data collection + + + tun + Allow prefix for IF-MIB data collection + + + veth + Allow prefix for IF-MIB data collection + + + vti + Allow prefix for IF-MIB data collection + + + vtun + Allow prefix for IF-MIB data collection + + + vxlan + Allow prefix for IF-MIB data collection + + + wg + Allow prefix for IF-MIB data collection + + + wlan + Allow prefix for IF-MIB data collection + + + wwan + Allow prefix for IF-MIB data collection + + + (br|bond|dum|eth|gnv|macsec|peth|sstpc|tun|veth|vti|vtun|vxlan|wg|wlan|wwan) + + + + + + + + + IP address to listen for incoming SNMP requests + + + + + ipv4 + IPv4 address to listen for incoming SNMP requests + + + ipv6 + IPv6 address to listen for incoming SNMP requests + + + + + + + #include + + 161 + + + + + + Location information + + .{1,255} + + Location is limited to 255 characters or less + + + + + Enable specific OIDs that by default are disable + + ip-forward ip-route-table ip-net-to-media-table ip-net-to-physical-phys-address + + + ip-forward + Enable ipForward: .1.3.6.1.2.1.4.24 + + + ip-route-table + Enable ipRouteTable: .1.3.6.1.2.1.4.21 + + + ip-net-to-media-table + Enable ipNetToMediaTable: .1.3.6.1.2.1.4.22 + + + ip-net-to-physical-phys-address + Enable ipNetToPhysicalPhysAddress: .1.3.6.1.2.1.4.35 + + + (ip-forward|ip-route-table|ip-net-to-media-table|ip-net-to-physical-phys-address) + + OID must be one of the liste options + + + + #include + + + Register a subtree for SMUX-based processing + + txt + SNMP Object Identifier + + + + + + + SNMP trap source address + + ipv4 + IPv4 address + + + ipv6 + IPv6 address + + + + + + + + + Address of trap target + + ipv4 + IPv4 address + + + ipv6 + IPv6 address + + + + + + + + + Community used when sending trap information + + + #include + + 162 + + + + + + Simple Network Management Protocol (SNMP) v3 + + + + + Specifies the EngineID that uniquely identify an agent (e.g. 000000000000000000000002) + + ([0-9a-f][0-9a-f]){1,18} + + ID must contain an even number (from 2 to 36) of hex digits + + + + + + Specifies the group with name groupname + + + #include + + + Security levels + + noauth auth priv + + + noauth + Messages not authenticated and not encrypted (noAuthNoPriv) + + + auth + Messages are authenticated but not encrypted (authNoPriv) + + + priv + Messages are authenticated and encrypted (authPriv) + + + (noauth|auth|priv) + + + auth + + + + Defines the name of view + + service snmp v3 view + + + + + + + + Defines SNMP target for inform or traps for IP + + ipv4 + IP address of trap target + + + ipv6 + IPv6 address of trap target + + + + + + + + + + Defines the privacy + + + + + Defines the encrypted key for authentication + + [0-9a-f]* + + Encrypted key must only contain hex digits + + + + + Defines the clear text key for authentication + + .{8,} + + Key must contain 8 or more characters + + + #include + + + #include + + 162 + + + + Defines the privacy + + + + + Defines the encrypted key for privacy protocol + + [0-9a-f]* + + Encrypted key must only contain hex digits + + + + + Defines the clear text key for privacy protocol + + .{8,} + + Key must contain 8 or more characters + + + #include + + + #include + + + Specifies the type of notification between inform and trap + + inform trap + + + inform + Use INFORM + + + trap + Use TRAP + + + (inform|trap) + + + inform + + + + Defines username for authentication + + service snmp v3 user + + + + + + + + Specifies the user with name username + + [^\(\)\|\-]+ + + Illegal characters in name + + + + + Specifies the auth + + + + + Defines the encrypted key for authentication + + [0-9a-f]* + + Encrypted key must only contain hex digits + + + + + Defines the clear text key for authentication + + .{8,} + + Key must contain 8 or more characters + + + #include + + + + + Specifies group for user name + + service snmp v3 group + + + + #include + + + Defines the privacy + + + + + Defines the encrypted key for privacy protocol + + [0-9a-f]* + + Encrypted key must only contain hex digits + + + + + Defines the clear text key for privacy protocol + + .{8,} + + Key must contain 8 or more characters + + + #include + + + + + + + Specifies the view with name viewname + + [^\(\)\|\-]+ + + Illegal characters in name + + + + + Specifies the oid + + [0-9]+(\.[0-9]+)* + + OID must start from a number + + + + + Exclude is an optional argument + + + + + Defines a bit-mask that is indicating which subidentifiers of the associated subtree OID should be regarded as significant + + [0-9a-f]{2}([\.:][0-9a-f]{2})* + + MASK is a list of hex octets, separated by '.' or ':' + + + + + + + + + + + SNMP script extensions + + + + + Extension name + + [a-z0-9\.\-\_]+ + + Script extension contains invalid characters + + + + + Script location and name + + + + + [a-z0-9\.\-\_\/]+ + + Script extension contains invalid characters + + + + + + + #include + + + + + diff --git a/interface-definitions/service_ssh.xml.in b/interface-definitions/service_ssh.xml.in new file mode 100644 index 000000000..5c893bd35 --- /dev/null +++ b/interface-definitions/service_ssh.xml.in @@ -0,0 +1,270 @@ + + + + + System services + + + + + Secure Shell (SSH) + 1000 + + + + + SSH user/group access controls + + + + + Allow user/group SSH access + + + #include + #include + + + + + Deny user/group SSH access + + + #include + #include + + + + + + + Allowed ciphers + + + 3des-cbc aes128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com chacha20-poly1305@openssh.com + + + (3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|rijndael-cbc@lysator.liu.se|aes128-ctr|aes192-ctr|aes256-ctr|aes128-gcm@openssh.com|aes256-gcm@openssh.com|chacha20-poly1305@openssh.com) + + + + + + + Disable IP Address to Hostname lookup + + + + + + Disable password-based authentication + + + + + + Allow dynamic protection + + + + + Block source IP in seconds. Subsequent blocks increase by a factor of 1.5 + + u32:1-65535 + Time interval in seconds for blocking + + + + + + 120 + + + + Remember source IP in seconds before reset their score + + u32:1-65535 + Time interval in seconds + + + + + + 1800 + + + + Block source IP when their cumulative attack score exceeds threshold + + u32:1-65535 + Threshold score + + + + + + 30 + + + + Always allow inbound connections from these systems + + ipv4 + Address to match against + + + ipv4net + IPv4 address and prefix length + + + ipv6 + IPv6 address to match against + + + ipv6net + IPv6 address and prefix length + + + + + + + + + + + + + Allowed host key signature algorithms + + + ssh-ed25519 ssh-ed25519-cert-v01@openssh.com sk-ssh-ed25519@openssh.com sk-ssh-ed25519-cert-v01@openssh.com ssh-rsa rsa-sha2-256 rsa-sha2-512 ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 sk-ecdsa-sha2-nistp256@openssh.com webauthn-sk-ecdsa-sha2-nistp256@openssh.com ssh-rsa-cert-v01@openssh.com rsa-sha2-256-cert-v01@openssh.com rsa-sha2-512-cert-v01@openssh.com ssh-dss-cert-v01@openssh.com ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com sk-ecdsa-sha2-nistp256-cert-v01@openssh.com + + + + (ssh-ed25519|ssh-ed25519-cert-v01@openssh.com|sk-ssh-ed25519@openssh.com|sk-ssh-ed25519-cert-v01@openssh.com|ssh-rsa|rsa-sha2-256|rsa-sha2-512|ssh-dss|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|sk-ecdsa-sha2-nistp256@openssh.com|webauthn-sk-ecdsa-sha2-nistp256@openssh.com|ssh-rsa-cert-v01@openssh.com|rsa-sha2-256-cert-v01@openssh.com|rsa-sha2-512-cert-v01@openssh.com|ssh-dss-cert-v01@openssh.com|ecdsa-sha2-nistp256-cert-v01@openssh.com|ecdsa-sha2-nistp384-cert-v01@openssh.com|ecdsa-sha2-nistp521-cert-v01@openssh.com|sk-ecdsa-sha2-nistp256-cert-v01@openssh.com) + + + + + + Allowed key exchange (KEX) algorithms + + + diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 curve25519-sha256 curve25519-sha256@libssh.org + + + + (diffie-hellman-group1-sha1|diffie-hellman-group14-sha1|diffie-hellman-group14-sha256|diffie-hellman-group16-sha512|diffie-hellman-group18-sha512|diffie-hellman-group-exchange-sha1|diffie-hellman-group-exchange-sha256|ecdh-sha2-nistp256|ecdh-sha2-nistp384|ecdh-sha2-nistp521|curve25519-sha256|curve25519-sha256@libssh.org) + + + + #include + + + Log level + + quiet fatal error info verbose + + + quiet + stay silent + + + fatal + log fatals only + + + error + log errors and fatals only + + + info + default log level + + + verbose + enable logging of failed login attempts + + + (quiet|fatal|error|info|verbose) + + + info + + + + Allowed message authentication code (MAC) algorithms + + + hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 hmac-md5 hmac-md5-96 umac-64@openssh.com umac-128@openssh.com hmac-sha1-etm@openssh.com hmac-sha1-96-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com hmac-md5-etm@openssh.com hmac-md5-96-etm@openssh.com umac-64-etm@openssh.com umac-128-etm@openssh.com + + + (hmac-sha1|hmac-sha1-96|hmac-sha2-256|hmac-sha2-512|hmac-md5|hmac-md5-96|umac-64@openssh.com|umac-128@openssh.com|hmac-sha1-etm@openssh.com|hmac-sha1-96-etm@openssh.com|hmac-sha2-256-etm@openssh.com|hmac-sha2-512-etm@openssh.com|hmac-md5-etm@openssh.com|hmac-md5-96-etm@openssh.com|umac-64-etm@openssh.com|umac-128-etm@openssh.com) + + + + + + + Port for SSH service + + u32:1-65535 + Numeric IP port + + + + + + + 22 + + + + SSH session rekey limit + + + + + Threshold data in megabytes + + u32:1-65535 + Megabytes + + + + + + + + + Threshold time in minutes + + u32:1-65535 + Minutes + + + + + + + + + + + Enable transmission of keepalives from server to client + + u32:1-65535 + Time interval in seconds for keepalive message + + + + + + + #include + + + + + diff --git a/interface-definitions/service_tftp-server.xml.in b/interface-definitions/service_tftp-server.xml.in new file mode 100644 index 000000000..e48b5a3f0 --- /dev/null +++ b/interface-definitions/service_tftp-server.xml.in @@ -0,0 +1,32 @@ + + + + + + + + Trivial File Transfer Protocol (TFTP) server + 990 + + + + + Folder containing files served by TFTP + + + + + Allow TFTP file uploads + + + + #include + + 69 + + #include + + + + + diff --git a/interface-definitions/service_upnp.xml.in b/interface-definitions/service_upnp.xml.in new file mode 100644 index 000000000..20e01bfbd --- /dev/null +++ b/interface-definitions/service_upnp.xml.in @@ -0,0 +1,228 @@ + + + + + + + Universal Plug and Play (UPnP) service + 900 + + + + + Name of this service + + txt + Friendly name + + + + + + WAN network interface + + + + + #include + + + + + + WAN network IP + + ipv4 + IPv4 address + + + ipv6 + IPv6 address + + + + + + + + + + + Enable NAT-PMP support + + + + + + Enable Secure Mode + + + + + + Presentation Url + + txt + Presentation Url + + + + + + PCP-base lifetime Option + + + + + Max lifetime time + + + + + + + + Min lifetime time + + + + + + + + + + Local IP addresses for service to listen on + + + + + + <interface> + Monitor interface address + + + ipv4 + IPv4 address to listen for incoming connections + + + ipv4net + IPv4 prefix to listen for incoming connections + + + ipv6 + IPv6 address to listen for incoming connections + + + ipv6net + IPv6 prefix to listen for incoming connections + + + + #include + + + + + + + + + Enable STUN probe support (can be used with NAT 1:1 support for WAN interfaces) + + + + + The STUN server address + + txt + The STUN server host address + + + + + + + #include + + + + + UPnP Rule + + u32:0-65535 + Rule number + + + + + + + #include + + + Port range (REQUIRE) + + <port> + single port + + + <portN>-<portM> + Port range (use '-' as delimiter) + + + + + + + + + Port range (REQUIRE) + + <port> + single port + + + <portN>-<portM> + Port range (use '-' as delimiter) + + + + + + + + + The IP to which this rule applies (REQUIRE) + + ipv4 + The IPv4 address to which this rule applies + + + ipv4net + The IPv4 to which this rule applies + + + + + + + + + + Actions against the rule (REQUIRE) + + allow deny + + + (allow|deny) + + + + + + + + + + diff --git a/interface-definitions/service_webproxy.xml.in b/interface-definitions/service_webproxy.xml.in new file mode 100644 index 000000000..637d57891 --- /dev/null +++ b/interface-definitions/service_webproxy.xml.in @@ -0,0 +1,654 @@ + + + + + + + Webproxy service settings + 500 + + + + + Safe port ACL + + u32:1-1024 + Port number. Ports included by default: 21,70,80,210,280,443,488,591,777,873,1025-65535 + + + + + + + + + + SSL safe port + + u32:1-65535 + Port number. Ports included by default: 443 + + + + + + + + + + Default domain name + + domain + Domain to use for urls that do not contain a '.' + + + [.][A-Za-z0-9][-.A-Za-z0-9]* + + Must start append-domain with a '.' + + + + + Proxy Authentication Settings + + + + + Number of authentication helper processes + + n + Number of authentication helper processes + + + + + + 5 + + + + Authenticated session time to live in minutes + + n + Authenticated session timeout + + + + + + 60 + + + + LDAP authentication settings + + + + + LDAP Base DN to search + + + + + LDAP DN used to bind to server + + + + + Filter expression to perform LDAP search with + + + + + LDAP password to bind with + + + + + Use persistent LDAP connection + + + + #include + + 389 + + + + LDAP server to use + + + + + Use SSL/TLS for LDAP connection + + + + + + LDAP username attribute + + + + + LDAP protocol version + + 2 3 + + + 2 + LDAP protocol version 2 + + + 3 + LDAP protocol version 2 + + + + + + 3 + + + + + + Authentication Method + + ldap + + + ldap + Lightweight Directory Access Protocol + + + (ldap) + + The only supported method currently is LDAP + + + + + Name of authentication realm (e.g. "My Company proxy server") + + + + + + + Specify other caches in a hierarchy + + hostname + Cache peers FQDN + + + + + + Hostname or IP address of peer + + ipv4 + Squid cache-peer IPv4 address + + + hostname + Squid cache-peer hostname + + + + + + Invalid FQDN or IP address + + + + + Default Proxy Port + + u32:1025-65535 + Default port number + + + + + + 3128 + + + + Cache peer ICP port + + u32:0 + Cache peer disabled + + + u32:1-65535 + Cache peer ICP port + + + + + + 0 + + + + Cache peer options + + txt + Cache peer options + + + no-query default + + + + Squid peer type (default parent) + + parent sibling multicast + + + parent + Peer is a parent + + + sibling + Peer is a sibling + + + multicast + Peer is a member of a multicast group + + + (parent|sibling|multicast) + + + parent + + + + + + Disk cache size in MB + + u32 + Disk cache size in MB + + + 0 + Disable disk caching + + + 100 + + + + Default Proxy Port + + u32:1025-65535 + Default port number + + + + + + 3128 + + + + Disable logging of HTTP accesses + + + + + + Domain name to block + + + + + + Domain name to access without caching + + + + + + IPv4 listen-address for WebProxy + + + + + ipv4 + IPv4 address listen on + + + + + + Default Proxy Port + + u32:1025-65535 + Default port number + + + + + + + + + + Disable transparent mode + + + + + + + + Maximum size of object to be stored in cache in kilobytes + + u32 + Object size in KB + + + + + + + + + Memory cache size in MB + + u32 + Memory cache size in MB + + + + + + 20 + + + + Maximum size of object to be stored in cache in kilobytes + + u32 + Object size in KB + + + + + + + + + Outgoing IP address for webproxy + + + + + MIME type to block + + image/gif www/mime application/macbinary application/oda application/octet-stream application/pdf application/postscript application/postscript application/postscript text/rtf application/octet-stream application/octet-stream application/x-tar application/x-csh application/x-dvi application/x-hdf application/x-latex text/plain application/x-netcdf application/x-netcdf application/x-sh application/x-tcl application/x-tex application/x-texinfo application/x-texinfo application/x-troff application/x-troff application/x-troff application/x-troff-man application/x-troff-me application/x-troff-ms application/x-wais-source application/zip application/x-bcpio application/x-cpio application/x-gtar application/x-rpm application/x-shar application/x-sv4cpio application/x-sv4crc application/x-tar application/x-ustar audio/basic audio/basic audio/mpeg audio/mpeg audio/mpeg audio/x-aiff audio/x-aiff audio/x-aiff audio/x-wav image/bmp image/ief image/jpeg image/jpeg image/jpeg image/tiff image/tiff image/x-cmu-raster image/x-portable-anymap image/x-portable-bitmap image/x-portable-graymap image/x-portable-pixmap image/x-rgb image/x-xbitmap image/x-xpixmap image/x-xwindowdump text/html text/html text/css application/x-javascript text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/richtext text/tab-separated-values text/x-setext video/mpeg video/mpeg video/mpeg video/quicktime video/quicktime video/x-msvideo video/x-sgi-movie application/mac-compactpro application/mac-binhex40 application/macwriteii application/msword application/msword application/vnd.ms-excel application/vnd.ms-powerpoint application/vnd.lotus-1-2-3 application/vnd.mif application/x-stuffit application/pict application/pict application/x-arj-compressed application/x-lha-compressed application/x-lha-compressed application/x-deflate text/plain application/octet-stream application/octet-stream image/png application/octet-stream application/x-xpinstall application/octet-stream text/plain application/x-director application/x-director application/x-director image/vnd.djvu image/vnd.djvu application/octet-stream application/octet-stream application/andrew-inset x-conference/x-cooltalk model/iges model/iges audio/midi audio/midi audio/midi model/mesh model/mesh video/vnd.mpegurl chemical/x-pdb application/x-chess-pgn audio/x-realaudio audio/x-pn-realaudio audio/x-pn-realaudio text/sgml text/sgml application/x-koan application/x-koan application/x-koan application/x-koan application/smil application/smil application/octet-stream application/x-futuresplash application/x-shockwave-flash application/x-cdlink model/vrml image/vnd.wap.wbmp application/vnd.wap.wbxml application/vnd.wap.wmlc application/vnd.wap.wmlscriptc application/vnd.wap.wmlscript application/xhtml application/xhtml text/xml text/xml chemical/x-xyz text/plain + + + (image/gif|www/mime|application/macbinary|application/oda|application/octet-stream|application/pdf|application/postscript|application/postscript|application/postscript|text/rtf|application/octet-stream|application/octet-stream|application/x-tar|application/x-csh|application/x-dvi|application/x-hdf|application/x-latex|text/plain|application/x-netcdf|application/x-netcdf|application/x-sh|application/x-tcl|application/x-tex|application/x-texinfo|application/x-texinfo|application/x-troff|application/x-troff|application/x-troff|application/x-troff-man|application/x-troff-me|application/x-troff-ms|application/x-wais-source|application/zip|application/x-bcpio|application/x-cpio|application/x-gtar|application/x-rpm|application/x-shar|application/x-sv4cpio|application/x-sv4crc|application/x-tar|application/x-ustar|audio/basic|audio/basic|audio/mpeg|audio/mpeg|audio/mpeg|audio/x-aiff|audio/x-aiff|audio/x-aiff|audio/x-wav|image/bmp|image/ief|image/jpeg|image/jpeg|image/jpeg|image/tiff|image/tiff|image/x-cmu-raster|image/x-portable-anymap|image/x-portable-bitmap|image/x-portable-graymap|image/x-portable-pixmap|image/x-rgb|image/x-xbitmap|image/x-xpixmap|image/x-xwindowdump|text/html|text/html|text/css|application/x-javascript|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/richtext|text/tab-separated-values|text/x-setext|video/mpeg|video/mpeg|video/mpeg|video/quicktime|video/quicktime|video/x-msvideo|video/x-sgi-movie|application/mac-compactpro|application/mac-binhex40|application/macwriteii|application/msword|application/msword|application/vnd.ms-excel|application/vnd.ms-powerpoint|application/vnd.lotus-1-2-3|application/vnd.mif|application/x-stuffit|application/pict|application/pict|application/x-arj-compressed|application/x-lha-compressed|application/x-lha-compressed|application/x-deflate|text/plain|application/octet-stream|application/octet-stream|image/png|application/octet-stream|application/x-xpinstall|application/octet-stream|text/plain|application/x-director|application/x-director|application/x-director|image/vnd.djvu|image/vnd.djvu|application/octet-stream|application/octet-stream|application/andrew-inset|x-conference/x-cooltalk|model/iges|model/iges|audio/midi|audio/midi|audio/midi|model/mesh|model/mesh|video/vnd.mpegurl|chemical/x-pdb|application/x-chess-pgn|audio/x-realaudio|audio/x-pn-realaudio|audio/x-pn-realaudio|text/sgml|text/sgml|application/x-koan|application/x-koan|application/x-koan|application/x-koan|application/smil|application/smil|application/octet-stream|application/x-futuresplash|application/x-shockwave-flash|application/x-cdlink|model/vrml|image/vnd.wap.wbmp|application/vnd.wap.wbxml|application/vnd.wap.wmlc|application/vnd.wap.wmlscriptc|application/vnd.wap.wmlscript|application/xhtml|application/xhtml|text/xml|text/xml|chemical/x-xyz|text/plain) + + + + + + + Maximum reply body size in KB + + u32 + Reply size in KB + + + + + + + + + URL filtering settings + + + #include + + + URL filtering via squidGuard redirector + + + #include + + + Auto update settings + + + + + Hour of day for database update + + u32:0-23 + Hour for database update + + + + + + 0 + + + + + + Redirect URL for filtered websites + + url + URL for redirect + + + block.vyos.net + + + + URL filter rule for a source-group + + u32:1-1024 + Rule Number + + + + + SquidGuard rule must between 1-1024 + + + #include + + + Redirect URL for filtered websites + + url + URL for redirect + + + + + + Source-group for this rule + + group + Source group identifier for this rule + + + service webproxy url-filtering squidguard source-group + + + + + + Time-period for this rule + + period + Time period for this rule + + + service webproxy url-filtering squidguard time-period + + + + + + + + Source group name + + name + Name of source group + + + [^0-9][a-zA-Z_][a-zA-Z0-9][\w\-\.]* + + URL-filter source-group cannot start with a number! + + + + + Address for source-group + + ipv4 + IPv4 address to match + + + ipv4net + IPv4 prefix to match + + + ipv4range + IPv4 address range to match + + + + + + + + + + #include + + + Domain for source-group + + domain + Domain name for the source-group + + + + + + + LDAP search expression for an IP address list + + + + + + LDAP search expression for a user group + + + + + + List of user names + + + + + + + Time period name + + + + + Time-period days + + Sun Mon Tue Wed Thu Fri Sat weekdays weekend all + + + Sun + Sunday + + + Mon + Monday + + + Tue + Tuesday + + + Wed + Wednesday + + + Thu + Thursday + + + Fri + Friday + + + Sat + Saturday + + + weekdays + Monday through Friday + + + weekend + Saturday and Sunday + + + all + All days of the week + + + (Sun|Mon|Tue|Wed|Thu|Fri|Sat|weekdays|weekend|all) + + + + + + Time for time-period + + <hh:mm - hh:mm> + Time range in 24hr time + + + + (\d\d:\d\d)-(\d\d:\d\d) + + Expected time format hh:mm - hh:mm in 24hr time + + + + + #include + + + + + + + + + + + diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/snmp.xml.in deleted file mode 100644 index ec2151b98..000000000 --- a/interface-definitions/snmp.xml.in +++ /dev/null @@ -1,598 +0,0 @@ - - - - - - - - Simple Network Management Protocol (SNMP) - 900 - - - - - Community name - - [[:alnum:]-_!@*#]{1,100} - - Community string is limited to alphanumerical characters, -, _, !, @, *, and # with a total lenght of 100 - - - - - Authorization type - - ro rw - - - ro - Read-Only - - - rw - Read-Write - - - (ro|rw) - - Authorization type must be either 'rw' or 'ro' - - ro - - - - IP address of SNMP client allowed to contact system - - - - - - - - - - Subnet of SNMP client(s) allowed to contact system - - ipv4net - IP address and prefix length - - - ipv6net - IPv6 address and prefix length - - - - - - - 0.0.0.0/0 ::/0 - - - - - - Contact information - - .{1,255} - - Contact information is limited to 255 characters or less - - - #include - - - Management information base (MIB) - - - - - Sets the maximum number of interfaces included in IF-MIB data collection - - u32:1-4294967295 - Sets the maximum number of interfaces included in IF-MIB data collection - - - - - - - - - Sets the interface name prefix to include in the IF-MIB data collection - - br bond dum eth gnv macsec peth sstpc tun veth vti vtun vxlan wg wlan wwan - - - br - Allow prefix for IF-MIB data collection - - - bond - Allow prefix for IF-MIB data collection - - - dum - Allow prefix for IF-MIB data collection - - - eth - Allow prefix for IF-MIB data collection - - - gnv - Allow prefix for IF-MIB data collection - - - macsec - Allow prefix for IF-MIB data collection - - - peth - Allow prefix for IF-MIB data collection - - - sstpc - Allow prefix for IF-MIB data collection - - - tun - Allow prefix for IF-MIB data collection - - - veth - Allow prefix for IF-MIB data collection - - - vti - Allow prefix for IF-MIB data collection - - - vtun - Allow prefix for IF-MIB data collection - - - vxlan - Allow prefix for IF-MIB data collection - - - wg - Allow prefix for IF-MIB data collection - - - wlan - Allow prefix for IF-MIB data collection - - - wwan - Allow prefix for IF-MIB data collection - - - (br|bond|dum|eth|gnv|macsec|peth|sstpc|tun|veth|vti|vtun|vxlan|wg|wlan|wwan) - - - - - - - - - IP address to listen for incoming SNMP requests - - - - - ipv4 - IPv4 address to listen for incoming SNMP requests - - - ipv6 - IPv6 address to listen for incoming SNMP requests - - - - - - - #include - - 161 - - - - - - Location information - - .{1,255} - - Location is limited to 255 characters or less - - - - - Enable specific OIDs that by default are disable - - ip-forward ip-route-table ip-net-to-media-table ip-net-to-physical-phys-address - - - ip-forward - Enable ipForward: .1.3.6.1.2.1.4.24 - - - ip-route-table - Enable ipRouteTable: .1.3.6.1.2.1.4.21 - - - ip-net-to-media-table - Enable ipNetToMediaTable: .1.3.6.1.2.1.4.22 - - - ip-net-to-physical-phys-address - Enable ipNetToPhysicalPhysAddress: .1.3.6.1.2.1.4.35 - - - (ip-forward|ip-route-table|ip-net-to-media-table|ip-net-to-physical-phys-address) - - OID must be one of the liste options - - - - #include - - - Register a subtree for SMUX-based processing - - txt - SNMP Object Identifier - - - - - - - SNMP trap source address - - ipv4 - IPv4 address - - - ipv6 - IPv6 address - - - - - - - - - Address of trap target - - ipv4 - IPv4 address - - - ipv6 - IPv6 address - - - - - - - - - Community used when sending trap information - - - #include - - 162 - - - - - - Simple Network Management Protocol (SNMP) v3 - - - - - Specifies the EngineID that uniquely identify an agent (e.g. 000000000000000000000002) - - ([0-9a-f][0-9a-f]){1,18} - - ID must contain an even number (from 2 to 36) of hex digits - - - - - - Specifies the group with name groupname - - - #include - - - Security levels - - noauth auth priv - - - noauth - Messages not authenticated and not encrypted (noAuthNoPriv) - - - auth - Messages are authenticated but not encrypted (authNoPriv) - - - priv - Messages are authenticated and encrypted (authPriv) - - - (noauth|auth|priv) - - - auth - - - - Defines the name of view - - service snmp v3 view - - - - - - - - Defines SNMP target for inform or traps for IP - - ipv4 - IP address of trap target - - - ipv6 - IPv6 address of trap target - - - - - - - - - - Defines the privacy - - - - - Defines the encrypted key for authentication - - [0-9a-f]* - - Encrypted key must only contain hex digits - - - - - Defines the clear text key for authentication - - .{8,} - - Key must contain 8 or more characters - - - #include - - - #include - - 162 - - - - Defines the privacy - - - - - Defines the encrypted key for privacy protocol - - [0-9a-f]* - - Encrypted key must only contain hex digits - - - - - Defines the clear text key for privacy protocol - - .{8,} - - Key must contain 8 or more characters - - - #include - - - #include - - - Specifies the type of notification between inform and trap - - inform trap - - - inform - Use INFORM - - - trap - Use TRAP - - - (inform|trap) - - - inform - - - - Defines username for authentication - - service snmp v3 user - - - - - - - - Specifies the user with name username - - [^\(\)\|\-]+ - - Illegal characters in name - - - - - Specifies the auth - - - - - Defines the encrypted key for authentication - - [0-9a-f]* - - Encrypted key must only contain hex digits - - - - - Defines the clear text key for authentication - - .{8,} - - Key must contain 8 or more characters - - - #include - - - - - Specifies group for user name - - service snmp v3 group - - - - #include - - - Defines the privacy - - - - - Defines the encrypted key for privacy protocol - - [0-9a-f]* - - Encrypted key must only contain hex digits - - - - - Defines the clear text key for privacy protocol - - .{8,} - - Key must contain 8 or more characters - - - #include - - - - - - - Specifies the view with name viewname - - [^\(\)\|\-]+ - - Illegal characters in name - - - - - Specifies the oid - - [0-9]+(\.[0-9]+)* - - OID must start from a number - - - - - Exclude is an optional argument - - - - - Defines a bit-mask that is indicating which subidentifiers of the associated subtree OID should be regarded as significant - - [0-9a-f]{2}([\.:][0-9a-f]{2})* - - MASK is a list of hex octets, separated by '.' or ':' - - - - - - - - - - - SNMP script extensions - - - - - Extension name - - [a-z0-9\.\-\_]+ - - Script extension contains invalid characters - - - - - Script location and name - - - - - [a-z0-9\.\-\_\/]+ - - Script extension contains invalid characters - - - - - - - #include - - - - - diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in deleted file mode 100644 index 2bcce2cf0..000000000 --- a/interface-definitions/ssh.xml.in +++ /dev/null @@ -1,270 +0,0 @@ - - - - - System services - - - - - Secure Shell (SSH) - 1000 - - - - - SSH user/group access controls - - - - - Allow user/group SSH access - - - #include - #include - - - - - Deny user/group SSH access - - - #include - #include - - - - - - - Allowed ciphers - - - 3des-cbc aes128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com chacha20-poly1305@openssh.com - - - (3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|rijndael-cbc@lysator.liu.se|aes128-ctr|aes192-ctr|aes256-ctr|aes128-gcm@openssh.com|aes256-gcm@openssh.com|chacha20-poly1305@openssh.com) - - - - - - - Disable IP Address to Hostname lookup - - - - - - Disable password-based authentication - - - - - - Allow dynamic protection - - - - - Block source IP in seconds. Subsequent blocks increase by a factor of 1.5 - - u32:1-65535 - Time interval in seconds for blocking - - - - - - 120 - - - - Remember source IP in seconds before reset their score - - u32:1-65535 - Time interval in seconds - - - - - - 1800 - - - - Block source IP when their cumulative attack score exceeds threshold - - u32:1-65535 - Threshold score - - - - - - 30 - - - - Always allow inbound connections from these systems - - ipv4 - Address to match against - - - ipv4net - IPv4 address and prefix length - - - ipv6 - IPv6 address to match against - - - ipv6net - IPv6 address and prefix length - - - - - - - - - - - - - Allowed host key signature algorithms - - - ssh-ed25519 ssh-ed25519-cert-v01@openssh.com sk-ssh-ed25519@openssh.com sk-ssh-ed25519-cert-v01@openssh.com ssh-rsa rsa-sha2-256 rsa-sha2-512 ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 sk-ecdsa-sha2-nistp256@openssh.com webauthn-sk-ecdsa-sha2-nistp256@openssh.com ssh-rsa-cert-v01@openssh.com rsa-sha2-256-cert-v01@openssh.com rsa-sha2-512-cert-v01@openssh.com ssh-dss-cert-v01@openssh.com ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com sk-ecdsa-sha2-nistp256-cert-v01@openssh.com - - - - (ssh-ed25519|ssh-ed25519-cert-v01@openssh.com|sk-ssh-ed25519@openssh.com|sk-ssh-ed25519-cert-v01@openssh.com|ssh-rsa|rsa-sha2-256|rsa-sha2-512|ssh-dss|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|sk-ecdsa-sha2-nistp256@openssh.com|webauthn-sk-ecdsa-sha2-nistp256@openssh.com|ssh-rsa-cert-v01@openssh.com|rsa-sha2-256-cert-v01@openssh.com|rsa-sha2-512-cert-v01@openssh.com|ssh-dss-cert-v01@openssh.com|ecdsa-sha2-nistp256-cert-v01@openssh.com|ecdsa-sha2-nistp384-cert-v01@openssh.com|ecdsa-sha2-nistp521-cert-v01@openssh.com|sk-ecdsa-sha2-nistp256-cert-v01@openssh.com) - - - - - - Allowed key exchange (KEX) algorithms - - - diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 curve25519-sha256 curve25519-sha256@libssh.org - - - - (diffie-hellman-group1-sha1|diffie-hellman-group14-sha1|diffie-hellman-group14-sha256|diffie-hellman-group16-sha512|diffie-hellman-group18-sha512|diffie-hellman-group-exchange-sha1|diffie-hellman-group-exchange-sha256|ecdh-sha2-nistp256|ecdh-sha2-nistp384|ecdh-sha2-nistp521|curve25519-sha256|curve25519-sha256@libssh.org) - - - - #include - - - Log level - - quiet fatal error info verbose - - - quiet - stay silent - - - fatal - log fatals only - - - error - log errors and fatals only - - - info - default log level - - - verbose - enable logging of failed login attempts - - - (quiet|fatal|error|info|verbose) - - - info - - - - Allowed message authentication code (MAC) algorithms - - - hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 hmac-md5 hmac-md5-96 umac-64@openssh.com umac-128@openssh.com hmac-sha1-etm@openssh.com hmac-sha1-96-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com hmac-md5-etm@openssh.com hmac-md5-96-etm@openssh.com umac-64-etm@openssh.com umac-128-etm@openssh.com - - - (hmac-sha1|hmac-sha1-96|hmac-sha2-256|hmac-sha2-512|hmac-md5|hmac-md5-96|umac-64@openssh.com|umac-128@openssh.com|hmac-sha1-etm@openssh.com|hmac-sha1-96-etm@openssh.com|hmac-sha2-256-etm@openssh.com|hmac-sha2-512-etm@openssh.com|hmac-md5-etm@openssh.com|hmac-md5-96-etm@openssh.com|umac-64-etm@openssh.com|umac-128-etm@openssh.com) - - - - - - - Port for SSH service - - u32:1-65535 - Numeric IP port - - - - - - - 22 - - - - SSH session rekey limit - - - - - Threshold data in megabytes - - u32:1-65535 - Megabytes - - - - - - - - - Threshold time in minutes - - u32:1-65535 - Minutes - - - - - - - - - - - Enable transmission of keepalives from server to client - - u32:1-65535 - Time interval in seconds for keepalive message - - - - - - - #include - - - - - diff --git a/interface-definitions/system-acceleration-qat.xml.in b/interface-definitions/system-acceleration-qat.xml.in deleted file mode 100644 index 812484184..000000000 --- a/interface-definitions/system-acceleration-qat.xml.in +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - - Acceleration components - 50 - - - - - Enable Intel QAT (Quick Assist Technology) for cryptographic acceleration - - - - - - - - diff --git a/interface-definitions/system-config-mgmt.xml.in b/interface-definitions/system-config-mgmt.xml.in deleted file mode 100644 index 61089ce34..000000000 --- a/interface-definitions/system-config-mgmt.xml.in +++ /dev/null @@ -1,82 +0,0 @@ - - - - - - - Configuration management settings - 400 - - - - - Commit archive settings - - - - - Commit archive location - - http://<user>:<passwd>@<host>/<path> - - - - https://<user>:<passwd>@<host>/<path> - - - - ftp://<user>:<passwd>@<host>/<path> - - - - sftp://<user>:<passwd>@<host>/<path> - - - - scp://<user>:<passwd>@<host>/<path> - - - - tftp://<host>/<path> - - - - git+https://<user>:<passwd>@<host>/<path> - - - - - (ssh|git|git\+(\w+)):\/\/.* - - - - - - - Source address or interface for archive server connections - - - #include - - - - - - - - Commit revisions - - u32:1-65535 - Number of config backups to keep - - - - - Number of revisions must be between 0 and 65535 - - - - - - - diff --git a/interface-definitions/system-conntrack.xml.in b/interface-definitions/system-conntrack.xml.in deleted file mode 100644 index d9504544d..000000000 --- a/interface-definitions/system-conntrack.xml.in +++ /dev/null @@ -1,513 +0,0 @@ - - - - - - - Connection Tracking Engine Options - - 218 - - - - - Enable connection tracking flow accounting - - - - - - Size of connection tracking expect table - - u32:1-50000000 - Number of entries allowed in connection tracking expect table - - - - - - 2048 - - - - Hash size for connection tracking table - - u32:1-50000000 - Size of hash to use for connection tracking table - - - - - - 32768 - - - - Customized rules to ignore selective connection tracking - - - - - IPv4 rules - - - - - Rule number - - u32:1-999999 - Number of conntrack ignore rule - - - - - Ignore rule number must be between 1 and 999999 - - - #include - - - Destination parameters - - - #include - #include - #include - - - - - Interface to ignore connections tracking on - - any - - - - - #include - - - Protocol to match (protocol name, number, or "all") - - - all tcp_udp - - - all - All IP protocols - - - tcp_udp - Both TCP and UDP - - - u32:0-255 - IP protocol number - - - <protocol> - IP protocol name - - - !<protocol> - IP protocol name - - - - - - - - - Source parameters - - - #include - #include - #include - - - #include - - - - - - - IPv6 rules - - - - - Rule number - - u32:1-999999 - Number of conntrack ignore rule - - - - - Ignore rule number must be between 1 and 999999 - - - #include - - - Destination parameters - - - #include - #include - #include - - - - - Interface to ignore connections tracking on - - any - - - - - #include - - - Protocol to match (protocol name, number, or "all") - - - all tcp_udp - - - all - All IP protocols - - - tcp_udp - Both TCP and UDP - - - u32:0-255 - IP protocol number - - - <protocol> - IP protocol name - - - !<protocol> - IP protocol name - - - - - - - - - Source parameters - - - #include - #include - #include - - - #include - - - - - - - - - - Log connection tracking events per protocol - - - - - Log connection tracking events for ICMP - - - #include - - - - - Log connection tracking events for all protocols other than TCP, UDP and ICMP - - - #include - - - - - Log connection tracking events for TCP - - - #include - - - - - Log connection tracking events for UDP - - - #include - - - - - - - Connection tracking modules - - - - - FTP connection tracking - - - - - - H.323 connection tracking - - - - - - NFS connection tracking - - - - - - PPTP connection tracking - - - - - - SIP connection tracking - - - - - - SQLnet connection tracking - - - - - - TFTP connection tracking - - - - - - - - Size of connection tracking table - - u32:1-50000000 - Number of entries allowed in connection tracking table - - - - - - 262144 - - - - TCP options - - - - - Maximum number of TCP half-open connections - - u32:1-2147483647 - Generic connection timeout in seconds - - - - - - 512 - - - - Policy to track previously established connections - - enable disable - - - enable - Allow tracking of previously established connections - - - disable - Do not allow tracking of previously established connections - - - (enable|disable) - - - enable - - - - Maximum number of packets that can be retransmitted without received an ACK - - u32:1-255 - Number of packets to be retransmitted - - - - - - 3 - - - - - - Connection timeout options - - - - - Define custom timeouts per connection - - - - - IPv4 rules - - - - - Rule number - - u32:1-999999 - Number of conntrack rule - - - - - Ignore rule number must be between 1 and 999999 - - - #include - - - Destination parameters - - - #include - #include - - - - - Interface to ignore connections tracking on - - any - - - - - - - Customize protocol specific timers, one protocol configuration per rule - - - #include - - - - - Source parameters - - - #include - #include - - - - - - - - - IPv6 rules - - - - - Rule number - - u32:1-999999 - Number of conntrack rule - - - - - Ignore rule number must be between 1 and 999999 - - - #include - - - Destination parameters - - - #include - #include - - - - - Interface to ignore connections tracking on - - any - - - - - - - Customize protocol specific timers, one protocol configuration per rule - - - #include - - - - - Source parameters - - - #include - #include - - - - - - - - - #include - - - - - - - diff --git a/interface-definitions/system-console.xml.in b/interface-definitions/system-console.xml.in deleted file mode 100644 index 5acd3e90b..000000000 --- a/interface-definitions/system-console.xml.in +++ /dev/null @@ -1,91 +0,0 @@ - - - - - - - Serial console configuration - 100 - - - - - Serial console device name - - - - - - ttySN - TTY device name, regular serial port - - - usbNbXpY - TTY device name, USB based - - - hvcN - Xen console - - - (ttyS[0-9]+|hvc[0-9]+|usb[0-9]+b.*) - - - - - - Console baud rate - - 1200 2400 4800 9600 19200 38400 57600 115200 - - - 1200 - 1200 bps - - - 2400 - 2400 bps - - - 4800 - 4800 bps - - - 9600 - 9600 bps - - - 19200 - 19200 bps - - - 38400 - 38400 bps - - - 57600 - 57600 bps - - - 115200 - 115200 bps - - - (1200|2400|4800|9600|19200|38400|57600|115200) - - - 115200 - - - - - - Enable screen blank powersaving on VGA console - - - - - - - - diff --git a/interface-definitions/system-frr.xml.in b/interface-definitions/system-frr.xml.in deleted file mode 100644 index 76001b392..000000000 --- a/interface-definitions/system-frr.xml.in +++ /dev/null @@ -1,91 +0,0 @@ - - - - - - - Configure FRR parameters - - 150 - - - - - Enable BGP Monitoring Protocol support - - - - - - Number of open file descriptors a process is allowed to use - - u32:1024-8192 - Number of file descriptors - - - - - Port number must be in range 1024 to 8192 - - 1024 - - - - Enable ICMP Router Discovery Protocol support - - - - - - Enable SNMP integration for next daemons - - - - - BGP - - - - - - IS-IS - - - - - - LDP - - - - - - OSPFv3 - - - - - - OSPFv2 - - - - - - RIP - - - - - - Zebra (IP routing manager) - - - - - - - - - - diff --git a/interface-definitions/system-ip.xml.in b/interface-definitions/system-ip.xml.in deleted file mode 100644 index 6db4dbfc7..000000000 --- a/interface-definitions/system-ip.xml.in +++ /dev/null @@ -1,114 +0,0 @@ - - - - - - - IPv4 Settings - - 290 - - - - - Parameters for ARP cache - - - #include - - - - - Disable IPv4 forwarding on all interfaces - - - - - - Disable IPv4 directed broadcast forwarding on all interfaces - - - - - - IPv4 multipath settings - - - - - Ignore next hops that are not in the ARP table - - - - - - Use layer 4 information for ECMP hashing - - - - - - - - IPv4 TCP parameters - - - - - IPv4 TCP MSS probing options - - - - - Attempt to lower the MSS if TCP connections fail to establish - - on-icmp-black-hole force - - - on-icmp-black-hole - Attempt TCP MSS probing when an ICMP black hole is detected - - - force - Attempt TCP MSS probing by default - - - (on-icmp-black-hole|force) - - Must be on-icmp-black-hole or force - - - - - Base MSS to start probing from (applicable to "probing force") - - u32:48-1460 - Base MSS value for probing (default: 1024) - - - - - - - - - Minimum MSS to stop probing at (default: 48) - - u32:48-1460 - Minimum MSS value to probe - - - - - - - - - - - #include - - - - - diff --git a/interface-definitions/system-ipv6.xml.in b/interface-definitions/system-ipv6.xml.in deleted file mode 100644 index e17e1c01c..000000000 --- a/interface-definitions/system-ipv6.xml.in +++ /dev/null @@ -1,50 +0,0 @@ - - - - - - - IPv6 Settings - - 290 - - - - - Disable IPv6 forwarding on all interfaces - - - - - - IPv6 multipath settings - - - - - Use layer 4 information for ECMP hashing - - - - - - - - Parameters for neighbor discovery cache - - - #include - - - #include - - - Disable IPv6 operation on interface when DAD fails on LL addr - - - - - - - - diff --git a/interface-definitions/system-lcd.xml.in b/interface-definitions/system-lcd.xml.in deleted file mode 100644 index 0cf4de308..000000000 --- a/interface-definitions/system-lcd.xml.in +++ /dev/null @@ -1,70 +0,0 @@ - - - - - - - System LCD display - 100 - - - - - Model of the display attached to this system - - cfa-533 cfa-631 cfa-633 cfa-635 hd44780 sdec - - - cfa-533 - Crystalfontz CFA-533 - - - cfa-631 - Crystalfontz CFA-631 - - - cfa-633 - Crystalfontz CFA-633 - - - cfa-635 - Crystalfontz CFA-635 - - - hd44780 - Hitachi HD44780, Caswell Appliances - - - sdec - Lanner, Watchguard, Nexcom NSA, Sophos UTM appliances - - - (cfa-533|cfa-631|cfa-633|cfa-635|hd44780|sdec) - - - - - - Physical device used by LCD display - - - - - - ttySXX - TTY device name, regular serial port - - - usbNbXpY - TTY device name, USB based - - - (ttyS[0-9]+|usb[0-9]+b.*) - - - - - - - - diff --git a/interface-definitions/system-login-banner.xml.in b/interface-definitions/system-login-banner.xml.in deleted file mode 100644 index bdd0ad96a..000000000 --- a/interface-definitions/system-login-banner.xml.in +++ /dev/null @@ -1,32 +0,0 @@ - - - - - - - System User Login Configuration - 400 - - - - - System login banners - - - - - A system banner after the user logs in - - - - - A system banner before the user logs in - - - - - - - - - diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in deleted file mode 100644 index a2f8beead..000000000 --- a/interface-definitions/system-login.xml.in +++ /dev/null @@ -1,302 +0,0 @@ - - - - - - - System User Login Configuration - 400 - - - - - Local user account information - - #include - - Username contains illegal characters or\nexceeds 100 character limitation. - - - - - Authentication settings - - - - - Encrypted password - - (\*|\!) - [a-zA-Z0-9\.\/]{13} - \$1\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{22} - \$5\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43} - \$6\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86} - - Invalid encrypted password for $VAR(../../@). - - ! - - - - One-Time-Pad (two-factor) authentication parameters - - - - - Limit number of logins (rate-limit) per rate-time - - u32:1-10 - Number of attempts - - - - - Number of login attempts must me between 1 and 10 - - 3 - - - - Limit number of logins (rate-limit) per rate-time - - u32:15-600 - Time interval - - - - - Rate limit time interval must be between 15 and 600 seconds - - 30 - - - - Set window of concurrently valid codes - - u32:1-21 - Window size - - - - - Window of concurrently valid codes must be between 1 and 21 - - 3 - - - - Key/secret the token algorithm (see RFC4226) - - txt - Base32 encoded key/token - - - [a-zA-Z2-7]{26,10000} - - Key must only include base32 characters and be at least 26 characters long - - - - - - - Plaintext password used for encryption - - - - - Remote access public keys - - txt - Key identifier used by ssh-keygen (usually of form user@host) - - - - - - Public key value (Base64 encoded) - - - - - - - - Optional public key options - - - - - SSH public key type - - ssh-dss ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 sk-ecdsa-sha2-nistp256@openssh.com sk-ssh-ed25519@openssh.com - - - ssh-dss - Digital Signature Algorithm (DSA) key support - - - ssh-rsa - Key pair based on RSA algorithm - - - ecdsa-sha2-nistp256 - Elliptic Curve DSA with NIST P-256 curve - - - ecdsa-sha2-nistp384 - Elliptic Curve DSA with NIST P-384 curve - - - ecdsa-sha2-nistp521 - Elliptic Curve DSA with NIST P-521 curve - - - ssh-ed25519 - Edwards-curve DSA with elliptic curve 25519 - - - sk-ecdsa-sha2-nistp256@openssh.com - Elliptic Curve DSA security key - - - sk-ssh-ed25519@openssh.com - Elliptic curve 25519 security key - - - (ssh-dss|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-ed25519|sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com) - - - - - - - - - - Full name of the user (use quotes for names with spaces) - - [^:]* - - Cannot use ':' in full name - - - - - Home directory - - txt - Path to home directory - - - \/$|(\/[a-zA-Z_0-9-.]+)+ - - - - - - #include - - - - - #include - - - Server priority - - u32:1-255 - Server priority - - - - - - 255 - - - - #include - - - - - TACACS+ based user authentication - - - - - TACACS+ server configuration - - ipv4 - TACACS+ server IPv4 address - - - - - - - #include - #include - #include - - 49 - - - - #include - - - Security mode for TACACS+ authentication - - mandatory optional - - - mandatory - Deny access immediately if TACACS+ answers with REJECT - - - optional - Pass to the next authentication method if TACACS+ answers with REJECT - - - (mandatory|optional) - - - optional - - #include - #include - - - - - Maximum number of all login sessions - - u32:1-65536 - Maximum number of all login sessions - - - - - Maximum logins must be between 1 and 65536 - - - - - Session timeout - - u32:5-604800 - Session timeout in seconds - - - - - Timeout must be between 5 and 604800 seconds - - - - - - - diff --git a/interface-definitions/system-logs.xml.in b/interface-definitions/system-logs.xml.in deleted file mode 100644 index 1caa7abb6..000000000 --- a/interface-definitions/system-logs.xml.in +++ /dev/null @@ -1,92 +0,0 @@ - - - - - - - Logging options - 9999 - - - - - Logrotate options - - - - - Atop logs options (system resources usage) - - - - - Size of a single log file that triggers rotation - - u32:1-1024 - Size in MB - - - - - The size must be between 1 and 1024 MB - - 10 - - - - Count of rotations before old logs will be deleted - - u32:1-100 - Rotations - - - - - The count must be between 1 and 100 - - 10 - - - - - - The /var/log/messages file rotation - - - - - Size of a single log file that triggers rotation - - u32:1-1024 - Size in MB - - - - - The size must be between 1 and 1024 MB - - 1 - - - - Count of rotations before old logs will be deleted - - u32:1-100 - Rotations - - - - - The count must be between 1 and 100 - - 10 - - - - - - - - - - diff --git a/interface-definitions/system-option.xml.in b/interface-definitions/system-option.xml.in deleted file mode 100644 index b1b5f7fae..000000000 --- a/interface-definitions/system-option.xml.in +++ /dev/null @@ -1,171 +0,0 @@ - - - - - - - System Options - 9999 - - - - - System action on Ctrl-Alt-Delete keystroke - - ignore reboot poweroff - - - ignore - Ignore key sequence - - - reboot - Reboot system - - - poweroff - Poweroff system - - - (ignore|reboot|poweroff) - - Must be ignore, reboot, or poweroff - - - - - System keyboard layout, type ISO2 - - us uk fr de es fi jp106 no dk se-latin1 dvorak - - - us - United States - - - uk - United Kingdom - - - fr - France - - - de - Germany - - - es - Spain - - - fi - Finland - - - jp106 - Japan - - - no - Norway - - - dk - Denmark - - - se-latin1 - Sweden - - - dvorak - Dvorak - - - (us|uk|fr|de|es|fi|jp106|no|dk|se-latin1|dvorak) - - Invalid keyboard layout - - us - - - - Tune system performance - - throughput latency - - - throughput - Tune for maximum network throughput - - - latency - Tune for low network latency - - - (throughput|latency) - - - - - - Global options used for HTTP client - - - #include - #include - - - - - Reboot system on kernel panic - - - - - - Global options used for SSH client - - - #include - #include - - - - - plays sound via system speaker when you can login - - - - - - Enable root partition auto-extention on system boot - - - - - - System time-format - - 12-hour 24-hour - - - 12-hour - 12 hour time format - - - 24-hour - 24 hour time format - - - (12-hour|24-hour) - - - 12-hour - - - - - - diff --git a/interface-definitions/system-proxy.xml.in b/interface-definitions/system-proxy.xml.in deleted file mode 100644 index f7ab31d7e..000000000 --- a/interface-definitions/system-proxy.xml.in +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - - Sets a proxy for system wide use - - - - - Proxy URL - - http(s)?:\/\/[a-z0-9-\.]+ - - - - #include - #include - #include - - - - - diff --git a/interface-definitions/system-sflow.xml.in b/interface-definitions/system-sflow.xml.in deleted file mode 100644 index c5152abe9..000000000 --- a/interface-definitions/system-sflow.xml.in +++ /dev/null @@ -1,113 +0,0 @@ - - - - - - - - sFlow settings - 990 - - - - - sFlow agent IPv4 or IPv6 address - - auto - - - - ipv4 - sFlow IPv4 agent address - - - ipv6 - sFlow IPv6 agent address - - - - - - - - - - IP address associated with this interface - - - - - txt - Interface name - - - #include - - - - - - Export headers of dropped by kernel packets - - u32:1-65535 - Maximum rate limit of N drops per second send out in the sFlow datagrams - - - - - - - #include - - - Schedule counter-polling in seconds - - u32:1-600 - Polling rate in seconds - - - - - - 30 - - - - sFlow sampling-rate - - u32:1-65535 - Sampling rate (1 in N packets) - - - - - - 1000 - - - - sFlow destination server - - ipv4 - IPv4 server to export sFlow - - - ipv6 - IPv6 server to export sFlow - - - - - - - #include - - 6343 - - - - - - - - diff --git a/interface-definitions/system-sysctl.xml.in b/interface-definitions/system-sysctl.xml.in deleted file mode 100644 index bf118c24b..000000000 --- a/interface-definitions/system-sysctl.xml.in +++ /dev/null @@ -1,40 +0,0 @@ - - - - - System parameters - - - - - Configure kernel parameters at runtime - 318 - - - - - Sysctl key name - - - - - txt - Sysctl key name - - - - - - - - - Sysctl configuration value - - - - - - - - - diff --git a/interface-definitions/system-syslog.xml.in b/interface-definitions/system-syslog.xml.in deleted file mode 100644 index cd5c514a8..000000000 --- a/interface-definitions/system-syslog.xml.in +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - System logging - 400 - - - - - Logging to specific terminal of given user - - system login user - - - txt - Local user account - - - #include - - illegal characters in user - - - #include - - - - - Logging to remote host - - - - - Invalid host (FQDN or IP address) - - ipv4 - Remote syslog server IPv4 address - - - ipv6 - Remote syslog server IPv6 address - - - hostname - Remote syslog server FQDN - - - - #include - - 514 - - #include - #include - - - Logging format - - - - - Allows for the transmission of all characters inside a syslog message - - - - - - - - - - Logging to system standard location - - - #include - - - mark messages sent to syslog - - - - - time interval how often a mark message is being sent in seconds - - - - - 1200 - - - - - - uses FQDN for logging - - - - - - - - Logging to a file - - [a-zA-Z0-9\-_.]{1,255} - - illegal characters in filename or filename longer than 255 characters - - - - - Log file size and rotation characteristics - - - - - Number of saved files - - [0-9]+ - - illegal characters in number of files - - 5 - - - - Size of log files in kbytes - - [0-9]+ - - illegal characters in size - - 256 - - - - #include - - - - - logging to serial console - - - #include - - - #include - - - - - diff --git a/interface-definitions/system-time-zone.xml.in b/interface-definitions/system-time-zone.xml.in deleted file mode 100644 index f6b291984..000000000 --- a/interface-definitions/system-time-zone.xml.in +++ /dev/null @@ -1,19 +0,0 @@ - - - - - - - Local time zone (default UTC) - 100 - - - - - - - - - - - diff --git a/interface-definitions/system-update-check.xml.in b/interface-definitions/system-update-check.xml.in deleted file mode 100644 index a7d754003..000000000 --- a/interface-definitions/system-update-check.xml.in +++ /dev/null @@ -1,22 +0,0 @@ - - - - - - - Check available update images - 9999 - - - - - Enable auto check for new images - - - - #include - - - - - diff --git a/interface-definitions/system_acceleration.xml.in b/interface-definitions/system_acceleration.xml.in new file mode 100644 index 000000000..fb5c9d4ea --- /dev/null +++ b/interface-definitions/system_acceleration.xml.in @@ -0,0 +1,21 @@ + + + + + + + Acceleration components + 50 + + + + + Enable Intel QAT (Quick Assist Technology) for cryptographic acceleration + + + + + + + + diff --git a/interface-definitions/system_config-management.xml.in b/interface-definitions/system_config-management.xml.in new file mode 100644 index 000000000..7ae347955 --- /dev/null +++ b/interface-definitions/system_config-management.xml.in @@ -0,0 +1,82 @@ + + + + + + + Configuration management settings + 400 + + + + + Commit archive settings + + + + + Commit archive location + + http://<user>:<passwd>@<host>/<path> + + + + https://<user>:<passwd>@<host>/<path> + + + + ftp://<user>:<passwd>@<host>/<path> + + + + sftp://<user>:<passwd>@<host>/<path> + + + + scp://<user>:<passwd>@<host>/<path> + + + + tftp://<host>/<path> + + + + git+https://<user>:<passwd>@<host>/<path> + + + + + (ssh|git|git\+(\w+)):\/\/.* + + + + + + + Source address or interface for archive server connections + + + #include + + + + + + + + Commit revisions + + u32:1-65535 + Number of config backups to keep + + + + + Number of revisions must be between 0 and 65535 + + + + + + + diff --git a/interface-definitions/system_conntrack.xml.in b/interface-definitions/system_conntrack.xml.in new file mode 100644 index 000000000..a348097cc --- /dev/null +++ b/interface-definitions/system_conntrack.xml.in @@ -0,0 +1,513 @@ + + + + + + + Connection Tracking Engine Options + + 218 + + + + + Enable connection tracking flow accounting + + + + + + Size of connection tracking expect table + + u32:1-50000000 + Number of entries allowed in connection tracking expect table + + + + + + 2048 + + + + Hash size for connection tracking table + + u32:1-50000000 + Size of hash to use for connection tracking table + + + + + + 32768 + + + + Customized rules to ignore selective connection tracking + + + + + IPv4 rules + + + + + Rule number + + u32:1-999999 + Number of conntrack ignore rule + + + + + Ignore rule number must be between 1 and 999999 + + + #include + + + Destination parameters + + + #include + #include + #include + + + + + Interface to ignore connections tracking on + + any + + + + + #include + + + Protocol to match (protocol name, number, or "all") + + + all tcp_udp + + + all + All IP protocols + + + tcp_udp + Both TCP and UDP + + + u32:0-255 + IP protocol number + + + <protocol> + IP protocol name + + + !<protocol> + IP protocol name + + + + + + + + + Source parameters + + + #include + #include + #include + + + #include + + + + + + + IPv6 rules + + + + + Rule number + + u32:1-999999 + Number of conntrack ignore rule + + + + + Ignore rule number must be between 1 and 999999 + + + #include + + + Destination parameters + + + #include + #include + #include + + + + + Interface to ignore connections tracking on + + any + + + + + #include + + + Protocol to match (protocol name, number, or "all") + + + all tcp_udp + + + all + All IP protocols + + + tcp_udp + Both TCP and UDP + + + u32:0-255 + IP protocol number + + + <protocol> + IP protocol name + + + !<protocol> + IP protocol name + + + + + + + + + Source parameters + + + #include + #include + #include + + + #include + + + + + + + + + + Log connection tracking events per protocol + + + + + Log connection tracking events for ICMP + + + #include + + + + + Log connection tracking events for all protocols other than TCP, UDP and ICMP + + + #include + + + + + Log connection tracking events for TCP + + + #include + + + + + Log connection tracking events for UDP + + + #include + + + + + + + Connection tracking modules + + + + + FTP connection tracking + + + + + + H.323 connection tracking + + + + + + NFS connection tracking + + + + + + PPTP connection tracking + + + + + + SIP connection tracking + + + + + + SQLnet connection tracking + + + + + + TFTP connection tracking + + + + + + + + Size of connection tracking table + + u32:1-50000000 + Number of entries allowed in connection tracking table + + + + + + 262144 + + + + TCP options + + + + + Maximum number of TCP half-open connections + + u32:1-2147483647 + Generic connection timeout in seconds + + + + + + 512 + + + + Policy to track previously established connections + + enable disable + + + enable + Allow tracking of previously established connections + + + disable + Do not allow tracking of previously established connections + + + (enable|disable) + + + enable + + + + Maximum number of packets that can be retransmitted without received an ACK + + u32:1-255 + Number of packets to be retransmitted + + + + + + 3 + + + + + + Connection timeout options + + + + + Define custom timeouts per connection + + + + + IPv4 rules + + + + + Rule number + + u32:1-999999 + Number of conntrack rule + + + + + Ignore rule number must be between 1 and 999999 + + + #include + + + Destination parameters + + + #include + #include + + + + + Interface to ignore connections tracking on + + any + + + + + + + Customize protocol specific timers, one protocol configuration per rule + + + #include + + + + + Source parameters + + + #include + #include + + + + + + + + + IPv6 rules + + + + + Rule number + + u32:1-999999 + Number of conntrack rule + + + + + Ignore rule number must be between 1 and 999999 + + + #include + + + Destination parameters + + + #include + #include + + + + + Interface to ignore connections tracking on + + any + + + + + + + Customize protocol specific timers, one protocol configuration per rule + + + #include + + + + + Source parameters + + + #include + #include + + + + + + + + + #include + + + + + + + diff --git a/interface-definitions/system_console.xml.in b/interface-definitions/system_console.xml.in new file mode 100644 index 000000000..5acd3e90b --- /dev/null +++ b/interface-definitions/system_console.xml.in @@ -0,0 +1,91 @@ + + + + + + + Serial console configuration + 100 + + + + + Serial console device name + + + + + + ttySN + TTY device name, regular serial port + + + usbNbXpY + TTY device name, USB based + + + hvcN + Xen console + + + (ttyS[0-9]+|hvc[0-9]+|usb[0-9]+b.*) + + + + + + Console baud rate + + 1200 2400 4800 9600 19200 38400 57600 115200 + + + 1200 + 1200 bps + + + 2400 + 2400 bps + + + 4800 + 4800 bps + + + 9600 + 9600 bps + + + 19200 + 19200 bps + + + 38400 + 38400 bps + + + 57600 + 57600 bps + + + 115200 + 115200 bps + + + (1200|2400|4800|9600|19200|38400|57600|115200) + + + 115200 + + + + + + Enable screen blank powersaving on VGA console + + + + + + + + diff --git a/interface-definitions/system_domain-name.xml.in b/interface-definitions/system_domain-name.xml.in new file mode 100644 index 000000000..bfca9b8ce --- /dev/null +++ b/interface-definitions/system_domain-name.xml.in @@ -0,0 +1,15 @@ + + + + + + + System domain name + + + + + + + + diff --git a/interface-definitions/system_domain-search.xml.in b/interface-definitions/system_domain-search.xml.in new file mode 100644 index 000000000..eb6c8a85c --- /dev/null +++ b/interface-definitions/system_domain-search.xml.in @@ -0,0 +1,18 @@ + + + + + + + Domain Name Server (DNS) domain completion order + 400 + + + + Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and period. + + + + + + diff --git a/interface-definitions/system_flow-accounting.xml.in b/interface-definitions/system_flow-accounting.xml.in new file mode 100644 index 000000000..83a2480a3 --- /dev/null +++ b/interface-definitions/system_flow-accounting.xml.in @@ -0,0 +1,437 @@ + + + + + + + + Flow accounting settings + 990 + + + + + Buffer size + + u32 + Buffer size in MiB + + + + + + 10 + + + + Specifies the maximum number of bytes to capture for each packet + + u32:128-750 + Packet length in bytes + + + + + + 128 + + + + Enable egress flow accounting + + + + + + Disable in memory table plugin + + + + + + Syslog facility for flow-accounting + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + Routing protocols (local7) + + + security + Authentication and authorization + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + all + Authentication and authorization + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + + + #include + + + NetFlow settings + + + + + NetFlow engine-id + + 0-255 or 0-255:0-255 + NetFlow engine-id for v5 + + + u32 + NetFlow engine-id for v9 / IPFIX + + + (\d|[1-9]\d{1,8}|[1-3]\d{9}|4[01]\d{8}|42[0-8]\d{7}|429[0-3]\d{6}|4294[0-8]\d{5}|42949[0-5]\d{4}|429496[0-6]\d{3}|4294967[01]\d{2}|42949672[0-8]\d|429496729[0-5])$|^(\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]):(\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]) + + + + + + NetFlow maximum flows + + u32 + NetFlow maximum flows + + + + + + + + + NetFlow sampling-rate + + u32 + Sampling rate (1 in N packets) + + + + + + + #include + + + NetFlow version to export + + 5 9 10 + + + 5 + NetFlow version 5 + + + 9 + NetFlow version 9 + + + 10 + Internet Protocol Flow Information Export (IPFIX) + + + 9 + + + + NetFlow destination server + + ipv4 + IPv4 server to export NetFlow + + + ipv6 + IPv6 server to export NetFlow + + + + + + + + + NetFlow port number + + u32:1025-65535 + NetFlow port number + + + + + + 2055 + + + + + + NetFlow timeout values + + + + + Expiry scan interval + + u32:0-2147483647 + Expiry scan interval + + + + + + 60 + + + + Generic flow timeout value + + u32:0-2147483647 + Generic flow timeout in seconds + + + + + + 3600 + + + + ICMP timeout value + + u32:0-2147483647 + ICMP timeout in seconds + + + + + + 300 + + + + Max active timeout value + + u32:0-2147483647 + Max active timeout in seconds + + + + + + 604800 + + + + TCP finish timeout value + + u32:0-2147483647 + TCP FIN timeout in seconds + + + + + + 300 + + + + TCP generic timeout value + + u32:0-2147483647 + TCP generic timeout in seconds + + + + + + 3600 + + + + TCP reset timeout value + + u32:0-2147483647 + TCP RST timeout in seconds + + + + + + 120 + + + + UDP timeout value + + u32:0-2147483647 + UDP timeout in seconds + + + + + + 300 + + + + + + + + sFlow settings + + + + + sFlow agent IPv4 address + + auto + + + + ipv4 + sFlow IPv4 agent address + + + + + + + + + sFlow sampling-rate + + u32 + Sampling rate (1 in N packets) + + + + + + + + + sFlow destination server + + ipv4 + IPv4 server to export sFlow + + + ipv6 + IPv6 server to export sFlow + + + + + + + + + sFlow port number + + u32:1025-65535 + sFlow port number + + + + + + 6343 + + + + #include + + + #include + + + + + diff --git a/interface-definitions/system_frr.xml.in b/interface-definitions/system_frr.xml.in new file mode 100644 index 000000000..76001b392 --- /dev/null +++ b/interface-definitions/system_frr.xml.in @@ -0,0 +1,91 @@ + + + + + + + Configure FRR parameters + + 150 + + + + + Enable BGP Monitoring Protocol support + + + + + + Number of open file descriptors a process is allowed to use + + u32:1024-8192 + Number of file descriptors + + + + + Port number must be in range 1024 to 8192 + + 1024 + + + + Enable ICMP Router Discovery Protocol support + + + + + + Enable SNMP integration for next daemons + + + + + BGP + + + + + + IS-IS + + + + + + LDP + + + + + + OSPFv3 + + + + + + OSPFv2 + + + + + + RIP + + + + + + Zebra (IP routing manager) + + + + + + + + + + diff --git a/interface-definitions/system_host-name.xml.in b/interface-definitions/system_host-name.xml.in new file mode 100644 index 000000000..423531a68 --- /dev/null +++ b/interface-definitions/system_host-name.xml.in @@ -0,0 +1,16 @@ + + + + + + + + System host name (default: vyos) + + #include + + + + + + diff --git a/interface-definitions/system_ip.xml.in b/interface-definitions/system_ip.xml.in new file mode 100644 index 000000000..6e3b7d5d0 --- /dev/null +++ b/interface-definitions/system_ip.xml.in @@ -0,0 +1,114 @@ + + + + + + + IPv4 Settings + + 290 + + + + + Parameters for ARP cache + + + #include + + + + + Disable IPv4 forwarding on all interfaces + + + + + + Disable IPv4 directed broadcast forwarding on all interfaces + + + + + + IPv4 multipath settings + + + + + Ignore next hops that are not in the ARP table + + + + + + Use layer 4 information for ECMP hashing + + + + + + + + IPv4 TCP parameters + + + + + IPv4 TCP MSS probing options + + + + + Attempt to lower the MSS if TCP connections fail to establish + + on-icmp-black-hole force + + + on-icmp-black-hole + Attempt TCP MSS probing when an ICMP black hole is detected + + + force + Attempt TCP MSS probing by default + + + (on-icmp-black-hole|force) + + Must be on-icmp-black-hole or force + + + + + Base MSS to start probing from (applicable to "probing force") + + u32:48-1460 + Base MSS value for probing (default: 1024) + + + + + + + + + Minimum MSS to stop probing at (default: 48) + + u32:48-1460 + Minimum MSS value to probe + + + + + + + + + + + #include + + + + + diff --git a/interface-definitions/system_ipv6.xml.in b/interface-definitions/system_ipv6.xml.in new file mode 100644 index 000000000..8957cb6a7 --- /dev/null +++ b/interface-definitions/system_ipv6.xml.in @@ -0,0 +1,50 @@ + + + + + + + IPv6 Settings + + 290 + + + + + Disable IPv6 forwarding on all interfaces + + + + + + IPv6 multipath settings + + + + + Use layer 4 information for ECMP hashing + + + + + + + + Parameters for neighbor discovery cache + + + #include + + + #include + + + Disable IPv6 operation on interface when DAD fails on LL addr + + + + + + + + diff --git a/interface-definitions/system_lcd.xml.in b/interface-definitions/system_lcd.xml.in new file mode 100644 index 000000000..0cf4de308 --- /dev/null +++ b/interface-definitions/system_lcd.xml.in @@ -0,0 +1,70 @@ + + + + + + + System LCD display + 100 + + + + + Model of the display attached to this system + + cfa-533 cfa-631 cfa-633 cfa-635 hd44780 sdec + + + cfa-533 + Crystalfontz CFA-533 + + + cfa-631 + Crystalfontz CFA-631 + + + cfa-633 + Crystalfontz CFA-633 + + + cfa-635 + Crystalfontz CFA-635 + + + hd44780 + Hitachi HD44780, Caswell Appliances + + + sdec + Lanner, Watchguard, Nexcom NSA, Sophos UTM appliances + + + (cfa-533|cfa-631|cfa-633|cfa-635|hd44780|sdec) + + + + + + Physical device used by LCD display + + + + + + ttySXX + TTY device name, regular serial port + + + usbNbXpY + TTY device name, USB based + + + (ttyS[0-9]+|usb[0-9]+b.*) + + + + + + + + diff --git a/interface-definitions/system_login.xml.in b/interface-definitions/system_login.xml.in new file mode 100644 index 000000000..44e1a7a92 --- /dev/null +++ b/interface-definitions/system_login.xml.in @@ -0,0 +1,302 @@ + + + + + + + System User Login Configuration + 400 + + + + + Local user account information + + #include + + Username contains illegal characters or\nexceeds 100 character limitation. + + + + + Authentication settings + + + + + Encrypted password + + (\*|\!) + [a-zA-Z0-9\.\/]{13} + \$1\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{22} + \$5\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43} + \$6\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86} + + Invalid encrypted password for $VAR(../../@). + + ! + + + + One-Time-Pad (two-factor) authentication parameters + + + + + Limit number of logins (rate-limit) per rate-time + + u32:1-10 + Number of attempts + + + + + Number of login attempts must me between 1 and 10 + + 3 + + + + Limit number of logins (rate-limit) per rate-time + + u32:15-600 + Time interval + + + + + Rate limit time interval must be between 15 and 600 seconds + + 30 + + + + Set window of concurrently valid codes + + u32:1-21 + Window size + + + + + Window of concurrently valid codes must be between 1 and 21 + + 3 + + + + Key/secret the token algorithm (see RFC4226) + + txt + Base32 encoded key/token + + + [a-zA-Z2-7]{26,10000} + + Key must only include base32 characters and be at least 26 characters long + + + + + + + Plaintext password used for encryption + + + + + Remote access public keys + + txt + Key identifier used by ssh-keygen (usually of form user@host) + + + + + + Public key value (Base64 encoded) + + + + + + + + Optional public key options + + + + + SSH public key type + + ssh-dss ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 sk-ecdsa-sha2-nistp256@openssh.com sk-ssh-ed25519@openssh.com + + + ssh-dss + Digital Signature Algorithm (DSA) key support + + + ssh-rsa + Key pair based on RSA algorithm + + + ecdsa-sha2-nistp256 + Elliptic Curve DSA with NIST P-256 curve + + + ecdsa-sha2-nistp384 + Elliptic Curve DSA with NIST P-384 curve + + + ecdsa-sha2-nistp521 + Elliptic Curve DSA with NIST P-521 curve + + + ssh-ed25519 + Edwards-curve DSA with elliptic curve 25519 + + + sk-ecdsa-sha2-nistp256@openssh.com + Elliptic Curve DSA security key + + + sk-ssh-ed25519@openssh.com + Elliptic curve 25519 security key + + + (ssh-dss|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-ed25519|sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com) + + + + + + + + + + Full name of the user (use quotes for names with spaces) + + [^:]* + + Cannot use ':' in full name + + + + + Home directory + + txt + Path to home directory + + + \/$|(\/[a-zA-Z_0-9-.]+)+ + + + + + + #include + + + + + #include + + + Server priority + + u32:1-255 + Server priority + + + + + + 255 + + + + #include + + + + + TACACS+ based user authentication + + + + + TACACS+ server configuration + + ipv4 + TACACS+ server IPv4 address + + + + + + + #include + #include + #include + + 49 + + + + #include + + + Security mode for TACACS+ authentication + + mandatory optional + + + mandatory + Deny access immediately if TACACS+ answers with REJECT + + + optional + Pass to the next authentication method if TACACS+ answers with REJECT + + + (mandatory|optional) + + + optional + + #include + #include + + + + + Maximum number of all login sessions + + u32:1-65536 + Maximum number of all login sessions + + + + + Maximum logins must be between 1 and 65536 + + + + + Session timeout + + u32:5-604800 + Session timeout in seconds + + + + + Timeout must be between 5 and 604800 seconds + + + + + + + diff --git a/interface-definitions/system_login_banner.xml.in b/interface-definitions/system_login_banner.xml.in new file mode 100644 index 000000000..211505ae4 --- /dev/null +++ b/interface-definitions/system_login_banner.xml.in @@ -0,0 +1,32 @@ + + + + + + + System User Login Configuration + 400 + + + + + System login banners + + + + + A system banner after the user logs in + + + + + A system banner before the user logs in + + + + + + + + + diff --git a/interface-definitions/system_logs.xml.in b/interface-definitions/system_logs.xml.in new file mode 100644 index 000000000..b34cbdc39 --- /dev/null +++ b/interface-definitions/system_logs.xml.in @@ -0,0 +1,92 @@ + + + + + + + Logging options + 9999 + + + + + Logrotate options + + + + + Atop logs options (system resources usage) + + + + + Size of a single log file that triggers rotation + + u32:1-1024 + Size in MB + + + + + The size must be between 1 and 1024 MB + + 10 + + + + Count of rotations before old logs will be deleted + + u32:1-100 + Rotations + + + + + The count must be between 1 and 100 + + 10 + + + + + + The /var/log/messages file rotation + + + + + Size of a single log file that triggers rotation + + u32:1-1024 + Size in MB + + + + + The size must be between 1 and 1024 MB + + 1 + + + + Count of rotations before old logs will be deleted + + u32:1-100 + Rotations + + + + + The count must be between 1 and 100 + + 10 + + + + + + + + + + diff --git a/interface-definitions/system_name-server.xml.in b/interface-definitions/system_name-server.xml.in new file mode 100644 index 000000000..2f750abfa --- /dev/null +++ b/interface-definitions/system_name-server.xml.in @@ -0,0 +1,33 @@ + + + + + + + System Domain Name Servers (DNS) + 400 + + + + + ipv4 + Domain Name Server IPv4 address + + + ipv6 + Domain Name Server IPv6 address + + + txt + Use Domain Name Server from DHCP interface + + + + + #include + + + + + + diff --git a/interface-definitions/system_option.xml.in b/interface-definitions/system_option.xml.in new file mode 100644 index 000000000..adb45bdcc --- /dev/null +++ b/interface-definitions/system_option.xml.in @@ -0,0 +1,171 @@ + + + + + + + System Options + 9999 + + + + + System action on Ctrl-Alt-Delete keystroke + + ignore reboot poweroff + + + ignore + Ignore key sequence + + + reboot + Reboot system + + + poweroff + Poweroff system + + + (ignore|reboot|poweroff) + + Must be ignore, reboot, or poweroff + + + + + System keyboard layout, type ISO2 + + us uk fr de es fi jp106 no dk se-latin1 dvorak + + + us + United States + + + uk + United Kingdom + + + fr + France + + + de + Germany + + + es + Spain + + + fi + Finland + + + jp106 + Japan + + + no + Norway + + + dk + Denmark + + + se-latin1 + Sweden + + + dvorak + Dvorak + + + (us|uk|fr|de|es|fi|jp106|no|dk|se-latin1|dvorak) + + Invalid keyboard layout + + us + + + + Tune system performance + + throughput latency + + + throughput + Tune for maximum network throughput + + + latency + Tune for low network latency + + + (throughput|latency) + + + + + + Global options used for HTTP client + + + #include + #include + + + + + Reboot system on kernel panic + + + + + + Global options used for SSH client + + + #include + #include + + + + + plays sound via system speaker when you can login + + + + + + Enable root partition auto-extention on system boot + + + + + + System time-format + + 12-hour 24-hour + + + 12-hour + 12 hour time format + + + 24-hour + 24 hour time format + + + (12-hour|24-hour) + + + 12-hour + + + + + + diff --git a/interface-definitions/system_proxy.xml.in b/interface-definitions/system_proxy.xml.in new file mode 100644 index 000000000..214534dbb --- /dev/null +++ b/interface-definitions/system_proxy.xml.in @@ -0,0 +1,25 @@ + + + + + + + Sets a proxy for system wide use + + + + + Proxy URL + + http(s)?:\/\/[a-z0-9-\.]+ + + + + #include + #include + #include + + + + + diff --git a/interface-definitions/system_sflow.xml.in b/interface-definitions/system_sflow.xml.in new file mode 100644 index 000000000..c5152abe9 --- /dev/null +++ b/interface-definitions/system_sflow.xml.in @@ -0,0 +1,113 @@ + + + + + + + + sFlow settings + 990 + + + + + sFlow agent IPv4 or IPv6 address + + auto + + + + ipv4 + sFlow IPv4 agent address + + + ipv6 + sFlow IPv6 agent address + + + + + + + + + + IP address associated with this interface + + + + + txt + Interface name + + + #include + + + + + + Export headers of dropped by kernel packets + + u32:1-65535 + Maximum rate limit of N drops per second send out in the sFlow datagrams + + + + + + + #include + + + Schedule counter-polling in seconds + + u32:1-600 + Polling rate in seconds + + + + + + 30 + + + + sFlow sampling-rate + + u32:1-65535 + Sampling rate (1 in N packets) + + + + + + 1000 + + + + sFlow destination server + + ipv4 + IPv4 server to export sFlow + + + ipv6 + IPv6 server to export sFlow + + + + + + + #include + + 6343 + + + + + + + + diff --git a/interface-definitions/system_static-host-mapping.xml.in b/interface-definitions/system_static-host-mapping.xml.in new file mode 100644 index 000000000..492741f11 --- /dev/null +++ b/interface-definitions/system_static-host-mapping.xml.in @@ -0,0 +1,53 @@ + + + + + + + Map host names to addresses + 400 + + + + + Host name for static address mapping + + #include + + Host-name must be alphanumeric and can contain hyphens + + + + + Alias for this address + + .{1,63} + + invalid alias hostname, needs to be between 1 and 63 charactes + + + + + + IP Address + + ipv4 + IPv4 address + + + ipv6 + IPv6 address + + + + + + + + + + + + + + diff --git a/interface-definitions/system_sysctl.xml.in b/interface-definitions/system_sysctl.xml.in new file mode 100644 index 000000000..bf118c24b --- /dev/null +++ b/interface-definitions/system_sysctl.xml.in @@ -0,0 +1,40 @@ + + + + + System parameters + + + + + Configure kernel parameters at runtime + 318 + + + + + Sysctl key name + + + + + txt + Sysctl key name + + + + + + + + + Sysctl configuration value + + + + + + + + + diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in new file mode 100644 index 000000000..3343e2c59 --- /dev/null +++ b/interface-definitions/system_syslog.xml.in @@ -0,0 +1,155 @@ + + + + + + + System logging + 400 + + + + + Logging to specific terminal of given user + + system login user + + + txt + Local user account + + + #include + + illegal characters in user + + + #include + + + + + Logging to remote host + + + + + Invalid host (FQDN or IP address) + + ipv4 + Remote syslog server IPv4 address + + + ipv6 + Remote syslog server IPv6 address + + + hostname + Remote syslog server FQDN + + + + #include + + 514 + + #include + #include + + + Logging format + + + + + Allows for the transmission of all characters inside a syslog message + + + + + + + + + + Logging to system standard location + + + #include + + + mark messages sent to syslog + + + + + time interval how often a mark message is being sent in seconds + + + + + 1200 + + + + + + uses FQDN for logging + + + + + + + + Logging to a file + + [a-zA-Z0-9\-_.]{1,255} + + illegal characters in filename or filename longer than 255 characters + + + + + Log file size and rotation characteristics + + + + + Number of saved files + + [0-9]+ + + illegal characters in number of files + + 5 + + + + Size of log files in kbytes + + [0-9]+ + + illegal characters in size + + 256 + + + + #include + + + + + logging to serial console + + + #include + + + #include + + + + + diff --git a/interface-definitions/system_task-scheduler.xml.in b/interface-definitions/system_task-scheduler.xml.in new file mode 100644 index 000000000..597d58813 --- /dev/null +++ b/interface-definitions/system_task-scheduler.xml.in @@ -0,0 +1,72 @@ + + + + + + + Task scheduler settings + + + + + Scheduled task + + txt + Task name + + 999 + + + + + UNIX crontab time specification string + + + + + Execution interval + + <minutes> + Execution interval in minutes + + + <minutes>m + Execution interval in minutes + + + <hours>h + Execution interval in hours + + + <days>d + Execution interval in days + + + [1-9]([0-9]*)([mhd]{0,1}) + + + + + + Executable path and arguments + + + + + Path to executable + + + + + Arguments passed to the executable + + + + + + + + + + + diff --git a/interface-definitions/system_time-zone.xml.in b/interface-definitions/system_time-zone.xml.in new file mode 100644 index 000000000..65cce9e95 --- /dev/null +++ b/interface-definitions/system_time-zone.xml.in @@ -0,0 +1,19 @@ + + + + + + + Local time zone (default UTC) + 100 + + + + + + + + + + + diff --git a/interface-definitions/system_update-check.xml.in b/interface-definitions/system_update-check.xml.in new file mode 100644 index 000000000..14570b039 --- /dev/null +++ b/interface-definitions/system_update-check.xml.in @@ -0,0 +1,22 @@ + + + + + + + Check available update images + 9999 + + + + + Enable auto check for new images + + + + #include + + + + + diff --git a/interface-definitions/tftp-server.xml.in b/interface-definitions/tftp-server.xml.in deleted file mode 100644 index 8ca4da883..000000000 --- a/interface-definitions/tftp-server.xml.in +++ /dev/null @@ -1,32 +0,0 @@ - - - - - - - - Trivial File Transfer Protocol (TFTP) server - 990 - - - - - Folder containing files served by TFTP - - - - - Allow TFTP file uploads - - - - #include - - 69 - - #include - - - - - diff --git a/interface-definitions/vpn-ipsec.xml.in b/interface-definitions/vpn-ipsec.xml.in deleted file mode 100644 index 1847401b5..000000000 --- a/interface-definitions/vpn-ipsec.xml.in +++ /dev/null @@ -1,1194 +0,0 @@ - - - - - Virtual Private Network (VPN) - - - - - VPN IP security (IPsec) parameters - 901 - - - - - Authentication - - - - - Pre-shared key name - - - #include - - - ID for authentication - - txt - ID used for authentication - - - - - - - IKE pre-shared secret key - - txt - IKE pre-shared secret key - - - - - - - - - - Disable requirement for unique IDs in the Security Database - - - - - - Encapsulating Security Payload (ESP) group name - - - - - Enable ESP compression - - - - - - Security Association time to expire - - u32:30-86400 - SA lifetime in seconds - - - - - - 3600 - - - - Security Association byte count to expire - - u32:1024-26843545600000 - SA life in bytes - - - - - - - - - Security Association packet count to expire - - u32:1000-26843545600000 - SA life in packets - - - - - - - - - ESP mode - - tunnel transport - - - tunnel - Tunnel mode - - - transport - Transport mode - - - (tunnel|transport) - - - tunnel - - - - ESP Perfect Forward Secrecy - - enable dh-group1 dh-group2 dh-group5 dh-group14 dh-group15 dh-group16 dh-group17 dh-group18 dh-group19 dh-group20 dh-group21 dh-group22 dh-group23 dh-group24 dh-group25 dh-group26 dh-group27 dh-group28 dh-group29 dh-group30 dh-group31 dh-group32 disable - - - enable - Inherit Diffie-Hellman group from the IKE group - - - dh-group1 - Use Diffie-Hellman group 1 (modp768) - - - dh-group2 - Use Diffie-Hellman group 2 (modp1024) - - - dh-group5 - Use Diffie-Hellman group 5 (modp1536) - - - dh-group14 - Use Diffie-Hellman group 14 (modp2048) - - - dh-group15 - Use Diffie-Hellman group 15 (modp3072) - - - dh-group16 - Use Diffie-Hellman group 16 (modp4096) - - - dh-group17 - Use Diffie-Hellman group 17 (modp6144) - - - dh-group18 - Use Diffie-Hellman group 18 (modp8192) - - - dh-group19 - Use Diffie-Hellman group 19 (ecp256) - - - dh-group20 - Use Diffie-Hellman group 20 (ecp384) - - - dh-group21 - Use Diffie-Hellman group 21 (ecp521) - - - dh-group22 - Use Diffie-Hellman group 22 (modp1024s160) - - - dh-group23 - Use Diffie-Hellman group 23 (modp2048s224) - - - dh-group24 - Use Diffie-Hellman group 24 (modp2048s256) - - - dh-group25 - Use Diffie-Hellman group 25 (ecp192) - - - dh-group26 - Use Diffie-Hellman group 26 (ecp224) - - - dh-group27 - Use Diffie-Hellman group 27 (ecp224bp) - - - dh-group28 - Use Diffie-Hellman group 28 (ecp256bp) - - - dh-group29 - Use Diffie-Hellman group 29 (ecp384bp) - - - dh-group30 - Use Diffie-Hellman group 30 (ecp512bp) - - - dh-group31 - Use Diffie-Hellman group 31 (curve25519) - - - dh-group32 - Use Diffie-Hellman group 32 (curve448) - - - disable - Disable PFS - - - (enable|dh-group1|dh-group2|dh-group5|dh-group14|dh-group15|dh-group16|dh-group17|dh-group18|dh-group19|dh-group20|dh-group21|dh-group22|dh-group23|dh-group24|dh-group25|dh-group26|dh-group27|dh-group28|dh-group29|dh-group30|dh-group31|dh-group32|disable) - - - enable - - - - ESP group proposal - - u32:1-65535 - ESP group proposal number - - - - #include - #include - - - - - - - Internet Key Exchange (IKE) group name - - - - - Action to take if a child SA is unexpectedly closed - - none hold restart - - - none - Do nothing - - - hold - Attempt to re-negotiate when matching traffic is seen - - - restart - Attempt to re-negotiate the connection immediately - - - (none|hold|restart) - - - none - - - - Dead Peer Detection (DPD) - - - - - Keep-alive failure action - - hold clear restart - - - hold - Attempt to re-negotiate the connection when matching traffic is seen - - - clear - Remove the connection immediately - - - restart - Attempt to re-negotiate the connection immediately - - - (hold|clear|restart) - - - clear - - - - Keep-alive interval - - u32:2-86400 - Keep-alive interval in seconds - - - - - - 30 - - - - Dead Peer Detection keep-alive timeout (IKEv1 only) - - u32:2-86400 - Keep-alive timeout in seconds - - - - - - 120 - - - - - - Re-authentication of the remote peer during an IKE re-key (IKEv2 only) - - - - - - IKE version - - ikev1 ikev2 - - - ikev1 - Use IKEv1 for key exchange - - - ikev2 - Use IKEv2 for key exchange - - - (ikev1|ikev2) - - - - - - IKE lifetime - - u32:0-86400 - IKE lifetime in seconds - - - - - - 28800 - - - - Disable MOBIKE Support (IKEv2 only) - - - - - - IKEv1 phase 1 mode - - main aggressive - - - main - Use the main mode (recommended) - - - aggressive - Use the aggressive mode (insecure, not recommended) - - - (main|aggressive) - - - main - - - - IKE proposal - - u32:1-65535 - IKE group proposal - - - - - - dh-grouphelp - - 1 2 5 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 - - - 1 - Diffie-Hellman group 1 (modp768) - - - 2 - Diffie-Hellman group 2 (modp1024) - - - 5 - Diffie-Hellman group 5 (modp1536) - - - 14 - Diffie-Hellman group 14 (modp2048) - - - 15 - Diffie-Hellman group 15 (modp3072) - - - 16 - Diffie-Hellman group 16 (modp4096) - - - 17 - Diffie-Hellman group 17 (modp6144) - - - 18 - Diffie-Hellman group 18 (modp8192) - - - 19 - Diffie-Hellman group 19 (ecp256) - - - 20 - Diffie-Hellman group 20 (ecp384) - - - 21 - Diffie-Hellman group 21 (ecp521) - - - 22 - Diffie-Hellman group 22 (modp1024s160) - - - 23 - Diffie-Hellman group 23 (modp2048s224) - - - 24 - Diffie-Hellman group 24 (modp2048s256) - - - 25 - Diffie-Hellman group 25 (ecp192) - - - 26 - Diffie-Hellman group 26 (ecp224) - - - 27 - Diffie-Hellman group 27 (ecp224bp) - - - 28 - Diffie-Hellman group 28 (ecp256bp) - - - 29 - Diffie-Hellman group 29 (ecp384bp) - - - 30 - Diffie-Hellman group 30 (ecp512bp) - - - 31 - Diffie-Hellman group 31 (curve25519) - - - 32 - Diffie-Hellman group 32 (curve448) - - - (1|2|5|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32) - - - 2 - - - - Pseudo-Random Functions - - prfmd5 prfsha1 prfaesxcbc prfaescmac prfsha256 prfsha384 prfsha512 - - - prfmd5 - MD5 PRF - - - prfsha1 - SHA1 PRF - - - prfaesxcbc - AES XCBC PRF - - - prfaescmac - AES CMAC PRF - - - prfsha256 - SHA2_256 PRF - - - prfsha384 - SHA2_384 PRF - - - prfsha512 - SHA2_512 PRF - - - (prfmd5|prfsha1|prfaesxcbc|prfaescmac|prfsha256|prfsha384|prfsha512) - - - - #include - #include - - - - - #include - - - IPsec logging - - - - - Global IPsec logging Level - - 0 - Very basic auditing logs (e.g., SA up/SA down) - - - 1 - Generic control flow with errors, a good default to see whats going on - - - 2 - More detailed debugging control flow - - - - - - 0 - - - - Subsystem logging levels - - dmn mgr ike chd job cfg knl net asn enc lib esp tls tnc imc imv pts any - - - dmn - Main daemon setup/cleanup/signal handling - - - mgr - IKE_SA manager, handling synchronization for IKE_SA access - - - ike - IKE_SA/ISAKMP SA - - - chd - CHILD_SA/IPsec SA - - - job - Jobs queuing/processing and thread pool management - - - cfg - Configuration management and plugins - - - knl - IPsec/Networking kernel interface - - - net - IKE network communication - - - asn - Low-level encoding/decoding (ASN.1, X.509 etc.) - - - enc - Packet encoding/decoding encryption/decryption operations - - - lib - libstrongswan library messages - - - esp - libipsec library messages - - - tls - libtls library messages - - - tnc - Trusted Network Connect - - - imc - Integrity Measurement Collector - - - imv - Integrity Measurement Verifier - - - pts - Platform Trust Service - - - any - Any subsystem - - - (dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|lib|esp|tls|tnc|imc|imv|pts|any) - - - - - - - - - Global IPsec settings - - - - - Do not automatically install routes to remote networks - - - - - - Allow FlexVPN vendor ID payload (IKEv2 only) - - - - #include - - - Allow install virtual-ip addresses - - - - - - - - VPN IPsec profile - - txt - Profile name - - - [a-zA-Z][0-9a-zA-Z_-]+ - - Profile name must be alphanumeric and can contain hyphen(s) and underscore(s) - - - #include - - - Authentication - - - - - Authentication mode - - pre-shared-secret - - - pre-shared-secret - Use a pre-shared secret key - - - - #include - - - - - DMVPN tunnel configuration - - - - - Tunnel interface associated with this profile - - interfaces tunnel - - - txt - Associated interface to this profile - - - - - - - #include - #include - - - - - IKEv2 remote access VPN - - - - - IKEv2 VPN connection name - - txt - Connection name - - - [a-zA-Z][0-9a-zA-Z_-]+ - - Profile name must be alphanumeric and can contain hyphen(s) and underscore(s) - - - - - Authentication for remote access - - - #include - #include - - - Client authentication mode - - x509 eap-tls eap-mschapv2 eap-radius - - - x509 - Use IPsec x.509 certificate authentication - - - eap-tls - Use EAP-TLS authentication - - - eap-mschapv2 - Use EAP-MSCHAPv2 authentication - - - eap-radius - Use EAP-RADIUS authentication - - - (x509|eap-tls|eap-mschapv2|eap-radius) - - - eap-mschapv2 - - #include - - - Server authentication mode - - pre-shared-secret x509 - - - pre-shared-secret - Use a pre-shared secret key - - - x509 - Use x.509 certificate - - - (pre-shared-secret|x509) - - - x509 - - #include - - - #include - #include - #include - #include - #include - #include - - - Timeout to close connection if no data is transmitted - - u32:0 - Disable inactivity checks - - - u32:1-86400 - Timeout in seconds - - - - - - 28800 - - - - IP address pool - - vpn ipsec remote-access pool - dhcp radius - - - txt - Predefined IP pool name - - - dhcp - Forward requests for virtual IP addresses to a DHCP server - - - radius - Forward requests for virtual IP addresses to a RADIUS server - - - - - - - Connection uniqueness enforcement policy - - never keep replace - - - never - Never enforce connection uniqueness - - - keep - Reject new connection attempts if the same user already has an active connection - - - replace - Delete any existing connection if a new one for the same user gets established - - - (never|keep|replace) - - - - - - - - DHCP pool options for remote access - - - #include - - - DHCP server address - - ipv4 - DHCP server IPv4 address - - - - - - - - - - - IP address pool for remote access users - - - - - Local IPv4 or IPv6 pool prefix exclusions - - ipv4net - Local IPv4 pool prefix exclusion - - - ipv6net - Local IPv6 pool prefix exclusion - - - - - - - - - - - Local IPv4 or IPv6 pool prefix - - ipv4net - Local IPv4 pool prefix - - - ipv6net - Local IPv6 pool prefix - - - - - - - - #include - - - #include - - - #include - #include - - - #include - - - - - - - - - Site-to-site VPN - - - - - Connection name of the peer - - txt - Connection name of the peer - - - [-_a-zA-Z0-9|@]+ - - Peer connection name must be alphanumeric and can contain hyphen and underscores - - - #include - - - Peer authentication - - - #include - #include - #include - - - Authentication mode - - pre-shared-secret rsa x509 - - - pre-shared-secret - Use pre-shared secret key - - - rsa - Use RSA key - - - x509 - Use x.509 certificate - - - (pre-shared-secret|rsa|x509) - - - - - - ID for remote authentication - - txt - ID used for peer authentication - - - %any - - - - Use certificate common name as ID - - - - - - - - Connection type - - initiate respond none - - - initiate - Bring the connection up immediately - - - respond - Wait for the peer to initiate the connection - - - none - Load the connection only - - - (initiate|respond|none) - - - - - - Defult ESP group name - - vpn ipsec esp-group - - - - #include - #include - - - Force UDP encapsulation - - - - #include - - - Re-authentication of the remote peer during an IKE re-key (IKEv2 only) - - yes no inherit - - - yes - Enable remote host re-autentication during an IKE re-key. Currently broken due to a strong swan bug - - - no - Disable remote host re-authenticaton during an IKE re-key. - - - inherit - Inherit the reauth configuration form your IKE-group - - - (yes|no|inherit) - - - - #include - #include - - - Peer tunnel - - u32 - Peer tunnel - - - - #include - #include - #include - #include - - - Priority for IPsec policy (lowest value more preferable) - - u32:1-100 - Priority for IPsec policy (lowest value more preferable) - - - - - - - - - Match remote addresses - - - #include - - - Remote IPv4 or IPv6 prefix - - ipv4net - Remote IPv4 prefix - - - ipv6net - Remote IPv6 prefix - - - - - - - - - - - - - - - Initiator request virtual-address from peer - - ipv4 - Request IPv4 address from peer - - - ipv6 - Request IPv6 address from peer - - - - - - - Virtual tunnel interface - - - - - VTI tunnel interface associated with this configuration - - interfaces vti - - - - #include - - - - - - - - - - - diff --git a/interface-definitions/vpn-l2tp.xml.in b/interface-definitions/vpn-l2tp.xml.in deleted file mode 100644 index 3e2d00e6b..000000000 --- a/interface-definitions/vpn-l2tp.xml.in +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - L2TP Virtual Private Network (VPN) - 902 - - - - - Remote access L2TP VPN - - - #include - #include - - 1436 - - - - External IP address to which VPN clients will connect - - - - - - #include - #include - - - L2TP Network Server (LNS) - - - - - Tunnel password used to authenticate the client (LAC) - - - - - Sent to the client (LAC) in the Host-Name attribute - - #include - - Host-name must be alphanumeric and can contain hyphens - - - - - - - Disable Compression Control Protocol (CCP) - - - - - - Internet Protocol Security (IPsec) for remote access L2TP VPN - - - - - IPsec authentication settings - - - - - Authentication mode for IPsec - - pre-shared-secret - Use pre-shared secret for IPsec authentication - - - x509 - Use X.509 certificate for IPsec authentication - - - (pre-shared-secret|x509) - - - pre-shared-secret x509 - - - - #include - #include - - - - - IKE lifetime - - u32:30-86400 - IKE lifetime in seconds - - - - - - 3600 - - - - ESP lifetime - - u32:30-86400 - IKE lifetime in seconds - - - - - - 3600 - - #include - #include - - - #include - #include - #include - #include - #include - - - Authentication for remote access L2TP VPN - - - #include - #include - #include - #include - #include - - - #include - - - - - - - Advanced protocol options - - - #include - #include - #include - #include - #include - #include - - - #include - - - - - - - diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in deleted file mode 100644 index 736084f8b..000000000 --- a/interface-definitions/vpn-openconnect.xml.in +++ /dev/null @@ -1,392 +0,0 @@ - - - - - - - SSL VPN OpenConnect, AnyConnect compatible server - 901 - - - - - Accounting for users OpenConnect VPN Sessions - - - - - Accounting mode used by this server - - - - - Use RADIUS server for accounting - - - - - - #include - - - - - Authentication for remote access SSL VPN Server - - - - - Authentication mode used by this server - - - - - Use local username/password configuration (OTP supported) - - password - Password-only local authentication - - - otp - OTP-only local authentication - - - password-otp - Password (first) + OTP local authentication - - - (password|otp|password-otp) - - Invalid authentication mode. Must be one of: password, otp or password-otp - - otp password password-otp - - - - - - Use RADIUS server for user autentication - - - - - - - - Include configuration file by username or RADIUS group attribute - - - #include - - - Select per user or per group configuration file - ignored if authentication group is configured - - user group - - - user - Match configuration file on username - - - group - Match RADIUS response class attribute as file name - - - (user|group) - - Invalid mode, must be either user or group - - - - - Directory to containing configuration files - - path - Path to configuration directory, must be under /config/auth - - - - - - - - - Default configuration if discrete config could not be found - - filename - Default configuration filename, must be under /config/auth - - - - - - - - - - - Group that a client is allowed to select (from a list). Maps to RADIUS Class attribute. - - txt - Group string. The group may be followed by a user-friendly name in brackets: group1[First Group] - - - - - #include - - - - - - - 2FA OTP authentication parameters - - - - - Token Key Secret key for the token algorithm (see RFC 4226) - - txt - OTP key in hex-encoded format - - - [a-fA-F0-9]{20,10000} - - Key name must only include hex characters and be at least 20 characters long - - - - - Number of digits in OTP code - - u32:6-8 - Number of digits in OTP code - - - - - Number of digits in OTP code must be between 6 and 8 - - 6 - - - - Time tokens interval in seconds - - u32:5-86400 - Time tokens interval in seconds. - - - - - Time token interval must be between 5 and 86400 seconds - - 30 - - - - Token type - - hotp-time - Time-based OTP algorithm - - - hotp-event - Event-based OTP algorithm - - - (hotp-time|hotp-event) - - - hotp-time hotp-event - - - hotp-time - - - - - - - - #include - - - #include - - - If the groupconfig option is set, then config-per-user will be overriden, and all configuration will be read from RADIUS. - - - - - - - #include - - 0.0.0.0 - - - - Specify custom ports to use for client connections - - - - - tcp port number to accept connections - - u32:1-65535 - Numeric IP port - - - - - - 443 - - - - udp port number to accept connections - - u32:1-65535 - Numeric IP port - - - - - - 443 - - - - - - Enable HTTP security headers - - - - - - SSL Certificate, SSL Key and CA - - - #include - #include - - - - - Network settings - - - - - Route to be pushed to the client - - ipv4net - IPv4 network and prefix length - - - ipv6net - IPv6 network and prefix length - - - - - - - - - - Client IP pools settings - - - - - Client IP subnet (CIDR notation) - - ipv4net - IPv4 address and prefix length - - - - - Not a valid CIDR formatted prefix - - - - - - - Pool of client IPv6 addresses - - - - - Pool of addresses used to assign to clients - - ipv6net - IPv6 address and prefix length - - - - - - - - - Prefix length used for individual client - - u32:48-128 - Client prefix length - - - - - - 64 - - - - #include - - - Domains over which the provided DNS should be used - - txt - Client prefix length - - - - - - - - - - If the tunnel-all-dns option is set to yes, tunnel all DNS queries via the VPN. This is the default when a default route is set. - - yes no - - - yes - Enable tunneling of all DNS traffic - - - no - Disable tunneling of all DNS traffic - - - (yes|no) - - - no - - - - - - - - diff --git a/interface-definitions/vpn-pptp.xml.in b/interface-definitions/vpn-pptp.xml.in deleted file mode 100644 index 7bb8db798..000000000 --- a/interface-definitions/vpn-pptp.xml.in +++ /dev/null @@ -1,143 +0,0 @@ - - - - - - - Point to Point Tunneling Protocol (PPTP) Virtual Private Network (VPN) - 901 - - - - - Remote access PPTP VPN - - - #include - #include - - 1436 - - - - External IP address to which VPN clients will connect - - - - - - #include - #include - #include - #include - - - Authentication for remote access PPTP VPN - - - - - Authentication protocol for remote access peer PPTP VPN - - pap chap mschap mschap-v2 - - - pap - Require the peer to authenticate itself using PAP [Password Authentication Protocol]. - - - chap - Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. - - - mschap - Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. - - - mschap-v2 - Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2]. - - - (pap|chap|mschap|mschap-v2) - - - mschap-v2 - - - - Specifies mppe negotioation preference. (default require mppe 128-bit stateless - - deny - deny mppe - - - prefer - ask client for mppe, if it rejects do not fail - - - require - ask client for mppe, if it rejects drop connection - - - (deny|prefer|require) - - - deny prefer require - - - prefer - - #include - - - Local user authentication for remote access PPTP VPN - - - - - User name for authentication - - - #include - - - Password for authentication - - - - - Static client IP address - - * - - - - - - - - #include - - - #include - #include - - - - 30 - - - 30 - - - - - - #include - - - - - - - diff --git a/interface-definitions/vpn-sstp.xml.in b/interface-definitions/vpn-sstp.xml.in deleted file mode 100644 index a1b69f990..000000000 --- a/interface-definitions/vpn-sstp.xml.in +++ /dev/null @@ -1,64 +0,0 @@ - - - - - - - Secure Socket Tunneling Protocol (SSTP) server - 901 - - - - - Authentication for remote access SSTP Server - - - #include - #include - #include - #include - #include - - - #include - - - - - #include - #include - #include - #include - #include - #include - #include - - 443 - - #include - - - PPP (Point-to-Point Protocol) settings - - - #include - #include - #include - #include - #include - - - - - SSL Certificate, SSL Key and CA - - - #include - #include - - - - - - - diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in new file mode 100644 index 000000000..1847401b5 --- /dev/null +++ b/interface-definitions/vpn_ipsec.xml.in @@ -0,0 +1,1194 @@ + + + + + Virtual Private Network (VPN) + + + + + VPN IP security (IPsec) parameters + 901 + + + + + Authentication + + + + + Pre-shared key name + + + #include + + + ID for authentication + + txt + ID used for authentication + + + + + + + IKE pre-shared secret key + + txt + IKE pre-shared secret key + + + + + + + + + + Disable requirement for unique IDs in the Security Database + + + + + + Encapsulating Security Payload (ESP) group name + + + + + Enable ESP compression + + + + + + Security Association time to expire + + u32:30-86400 + SA lifetime in seconds + + + + + + 3600 + + + + Security Association byte count to expire + + u32:1024-26843545600000 + SA life in bytes + + + + + + + + + Security Association packet count to expire + + u32:1000-26843545600000 + SA life in packets + + + + + + + + + ESP mode + + tunnel transport + + + tunnel + Tunnel mode + + + transport + Transport mode + + + (tunnel|transport) + + + tunnel + + + + ESP Perfect Forward Secrecy + + enable dh-group1 dh-group2 dh-group5 dh-group14 dh-group15 dh-group16 dh-group17 dh-group18 dh-group19 dh-group20 dh-group21 dh-group22 dh-group23 dh-group24 dh-group25 dh-group26 dh-group27 dh-group28 dh-group29 dh-group30 dh-group31 dh-group32 disable + + + enable + Inherit Diffie-Hellman group from the IKE group + + + dh-group1 + Use Diffie-Hellman group 1 (modp768) + + + dh-group2 + Use Diffie-Hellman group 2 (modp1024) + + + dh-group5 + Use Diffie-Hellman group 5 (modp1536) + + + dh-group14 + Use Diffie-Hellman group 14 (modp2048) + + + dh-group15 + Use Diffie-Hellman group 15 (modp3072) + + + dh-group16 + Use Diffie-Hellman group 16 (modp4096) + + + dh-group17 + Use Diffie-Hellman group 17 (modp6144) + + + dh-group18 + Use Diffie-Hellman group 18 (modp8192) + + + dh-group19 + Use Diffie-Hellman group 19 (ecp256) + + + dh-group20 + Use Diffie-Hellman group 20 (ecp384) + + + dh-group21 + Use Diffie-Hellman group 21 (ecp521) + + + dh-group22 + Use Diffie-Hellman group 22 (modp1024s160) + + + dh-group23 + Use Diffie-Hellman group 23 (modp2048s224) + + + dh-group24 + Use Diffie-Hellman group 24 (modp2048s256) + + + dh-group25 + Use Diffie-Hellman group 25 (ecp192) + + + dh-group26 + Use Diffie-Hellman group 26 (ecp224) + + + dh-group27 + Use Diffie-Hellman group 27 (ecp224bp) + + + dh-group28 + Use Diffie-Hellman group 28 (ecp256bp) + + + dh-group29 + Use Diffie-Hellman group 29 (ecp384bp) + + + dh-group30 + Use Diffie-Hellman group 30 (ecp512bp) + + + dh-group31 + Use Diffie-Hellman group 31 (curve25519) + + + dh-group32 + Use Diffie-Hellman group 32 (curve448) + + + disable + Disable PFS + + + (enable|dh-group1|dh-group2|dh-group5|dh-group14|dh-group15|dh-group16|dh-group17|dh-group18|dh-group19|dh-group20|dh-group21|dh-group22|dh-group23|dh-group24|dh-group25|dh-group26|dh-group27|dh-group28|dh-group29|dh-group30|dh-group31|dh-group32|disable) + + + enable + + + + ESP group proposal + + u32:1-65535 + ESP group proposal number + + + + #include + #include + + + + + + + Internet Key Exchange (IKE) group name + + + + + Action to take if a child SA is unexpectedly closed + + none hold restart + + + none + Do nothing + + + hold + Attempt to re-negotiate when matching traffic is seen + + + restart + Attempt to re-negotiate the connection immediately + + + (none|hold|restart) + + + none + + + + Dead Peer Detection (DPD) + + + + + Keep-alive failure action + + hold clear restart + + + hold + Attempt to re-negotiate the connection when matching traffic is seen + + + clear + Remove the connection immediately + + + restart + Attempt to re-negotiate the connection immediately + + + (hold|clear|restart) + + + clear + + + + Keep-alive interval + + u32:2-86400 + Keep-alive interval in seconds + + + + + + 30 + + + + Dead Peer Detection keep-alive timeout (IKEv1 only) + + u32:2-86400 + Keep-alive timeout in seconds + + + + + + 120 + + + + + + Re-authentication of the remote peer during an IKE re-key (IKEv2 only) + + + + + + IKE version + + ikev1 ikev2 + + + ikev1 + Use IKEv1 for key exchange + + + ikev2 + Use IKEv2 for key exchange + + + (ikev1|ikev2) + + + + + + IKE lifetime + + u32:0-86400 + IKE lifetime in seconds + + + + + + 28800 + + + + Disable MOBIKE Support (IKEv2 only) + + + + + + IKEv1 phase 1 mode + + main aggressive + + + main + Use the main mode (recommended) + + + aggressive + Use the aggressive mode (insecure, not recommended) + + + (main|aggressive) + + + main + + + + IKE proposal + + u32:1-65535 + IKE group proposal + + + + + + dh-grouphelp + + 1 2 5 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 + + + 1 + Diffie-Hellman group 1 (modp768) + + + 2 + Diffie-Hellman group 2 (modp1024) + + + 5 + Diffie-Hellman group 5 (modp1536) + + + 14 + Diffie-Hellman group 14 (modp2048) + + + 15 + Diffie-Hellman group 15 (modp3072) + + + 16 + Diffie-Hellman group 16 (modp4096) + + + 17 + Diffie-Hellman group 17 (modp6144) + + + 18 + Diffie-Hellman group 18 (modp8192) + + + 19 + Diffie-Hellman group 19 (ecp256) + + + 20 + Diffie-Hellman group 20 (ecp384) + + + 21 + Diffie-Hellman group 21 (ecp521) + + + 22 + Diffie-Hellman group 22 (modp1024s160) + + + 23 + Diffie-Hellman group 23 (modp2048s224) + + + 24 + Diffie-Hellman group 24 (modp2048s256) + + + 25 + Diffie-Hellman group 25 (ecp192) + + + 26 + Diffie-Hellman group 26 (ecp224) + + + 27 + Diffie-Hellman group 27 (ecp224bp) + + + 28 + Diffie-Hellman group 28 (ecp256bp) + + + 29 + Diffie-Hellman group 29 (ecp384bp) + + + 30 + Diffie-Hellman group 30 (ecp512bp) + + + 31 + Diffie-Hellman group 31 (curve25519) + + + 32 + Diffie-Hellman group 32 (curve448) + + + (1|2|5|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32) + + + 2 + + + + Pseudo-Random Functions + + prfmd5 prfsha1 prfaesxcbc prfaescmac prfsha256 prfsha384 prfsha512 + + + prfmd5 + MD5 PRF + + + prfsha1 + SHA1 PRF + + + prfaesxcbc + AES XCBC PRF + + + prfaescmac + AES CMAC PRF + + + prfsha256 + SHA2_256 PRF + + + prfsha384 + SHA2_384 PRF + + + prfsha512 + SHA2_512 PRF + + + (prfmd5|prfsha1|prfaesxcbc|prfaescmac|prfsha256|prfsha384|prfsha512) + + + + #include + #include + + + + + #include + + + IPsec logging + + + + + Global IPsec logging Level + + 0 + Very basic auditing logs (e.g., SA up/SA down) + + + 1 + Generic control flow with errors, a good default to see whats going on + + + 2 + More detailed debugging control flow + + + + + + 0 + + + + Subsystem logging levels + + dmn mgr ike chd job cfg knl net asn enc lib esp tls tnc imc imv pts any + + + dmn + Main daemon setup/cleanup/signal handling + + + mgr + IKE_SA manager, handling synchronization for IKE_SA access + + + ike + IKE_SA/ISAKMP SA + + + chd + CHILD_SA/IPsec SA + + + job + Jobs queuing/processing and thread pool management + + + cfg + Configuration management and plugins + + + knl + IPsec/Networking kernel interface + + + net + IKE network communication + + + asn + Low-level encoding/decoding (ASN.1, X.509 etc.) + + + enc + Packet encoding/decoding encryption/decryption operations + + + lib + libstrongswan library messages + + + esp + libipsec library messages + + + tls + libtls library messages + + + tnc + Trusted Network Connect + + + imc + Integrity Measurement Collector + + + imv + Integrity Measurement Verifier + + + pts + Platform Trust Service + + + any + Any subsystem + + + (dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|lib|esp|tls|tnc|imc|imv|pts|any) + + + + + + + + + Global IPsec settings + + + + + Do not automatically install routes to remote networks + + + + + + Allow FlexVPN vendor ID payload (IKEv2 only) + + + + #include + + + Allow install virtual-ip addresses + + + + + + + + VPN IPsec profile + + txt + Profile name + + + [a-zA-Z][0-9a-zA-Z_-]+ + + Profile name must be alphanumeric and can contain hyphen(s) and underscore(s) + + + #include + + + Authentication + + + + + Authentication mode + + pre-shared-secret + + + pre-shared-secret + Use a pre-shared secret key + + + + #include + + + + + DMVPN tunnel configuration + + + + + Tunnel interface associated with this profile + + interfaces tunnel + + + txt + Associated interface to this profile + + + + + + + #include + #include + + + + + IKEv2 remote access VPN + + + + + IKEv2 VPN connection name + + txt + Connection name + + + [a-zA-Z][0-9a-zA-Z_-]+ + + Profile name must be alphanumeric and can contain hyphen(s) and underscore(s) + + + + + Authentication for remote access + + + #include + #include + + + Client authentication mode + + x509 eap-tls eap-mschapv2 eap-radius + + + x509 + Use IPsec x.509 certificate authentication + + + eap-tls + Use EAP-TLS authentication + + + eap-mschapv2 + Use EAP-MSCHAPv2 authentication + + + eap-radius + Use EAP-RADIUS authentication + + + (x509|eap-tls|eap-mschapv2|eap-radius) + + + eap-mschapv2 + + #include + + + Server authentication mode + + pre-shared-secret x509 + + + pre-shared-secret + Use a pre-shared secret key + + + x509 + Use x.509 certificate + + + (pre-shared-secret|x509) + + + x509 + + #include + + + #include + #include + #include + #include + #include + #include + + + Timeout to close connection if no data is transmitted + + u32:0 + Disable inactivity checks + + + u32:1-86400 + Timeout in seconds + + + + + + 28800 + + + + IP address pool + + vpn ipsec remote-access pool + dhcp radius + + + txt + Predefined IP pool name + + + dhcp + Forward requests for virtual IP addresses to a DHCP server + + + radius + Forward requests for virtual IP addresses to a RADIUS server + + + + + + + Connection uniqueness enforcement policy + + never keep replace + + + never + Never enforce connection uniqueness + + + keep + Reject new connection attempts if the same user already has an active connection + + + replace + Delete any existing connection if a new one for the same user gets established + + + (never|keep|replace) + + + + + + + + DHCP pool options for remote access + + + #include + + + DHCP server address + + ipv4 + DHCP server IPv4 address + + + + + + + + + + + IP address pool for remote access users + + + + + Local IPv4 or IPv6 pool prefix exclusions + + ipv4net + Local IPv4 pool prefix exclusion + + + ipv6net + Local IPv6 pool prefix exclusion + + + + + + + + + + + Local IPv4 or IPv6 pool prefix + + ipv4net + Local IPv4 pool prefix + + + ipv6net + Local IPv6 pool prefix + + + + + + + + #include + + + #include + + + #include + #include + + + #include + + + + + + + + + Site-to-site VPN + + + + + Connection name of the peer + + txt + Connection name of the peer + + + [-_a-zA-Z0-9|@]+ + + Peer connection name must be alphanumeric and can contain hyphen and underscores + + + #include + + + Peer authentication + + + #include + #include + #include + + + Authentication mode + + pre-shared-secret rsa x509 + + + pre-shared-secret + Use pre-shared secret key + + + rsa + Use RSA key + + + x509 + Use x.509 certificate + + + (pre-shared-secret|rsa|x509) + + + + + + ID for remote authentication + + txt + ID used for peer authentication + + + %any + + + + Use certificate common name as ID + + + + + + + + Connection type + + initiate respond none + + + initiate + Bring the connection up immediately + + + respond + Wait for the peer to initiate the connection + + + none + Load the connection only + + + (initiate|respond|none) + + + + + + Defult ESP group name + + vpn ipsec esp-group + + + + #include + #include + + + Force UDP encapsulation + + + + #include + + + Re-authentication of the remote peer during an IKE re-key (IKEv2 only) + + yes no inherit + + + yes + Enable remote host re-autentication during an IKE re-key. Currently broken due to a strong swan bug + + + no + Disable remote host re-authenticaton during an IKE re-key. + + + inherit + Inherit the reauth configuration form your IKE-group + + + (yes|no|inherit) + + + + #include + #include + + + Peer tunnel + + u32 + Peer tunnel + + + + #include + #include + #include + #include + + + Priority for IPsec policy (lowest value more preferable) + + u32:1-100 + Priority for IPsec policy (lowest value more preferable) + + + + + + + + + Match remote addresses + + + #include + + + Remote IPv4 or IPv6 prefix + + ipv4net + Remote IPv4 prefix + + + ipv6net + Remote IPv6 prefix + + + + + + + + + + + + + + + Initiator request virtual-address from peer + + ipv4 + Request IPv4 address from peer + + + ipv6 + Request IPv6 address from peer + + + + + + + Virtual tunnel interface + + + + + VTI tunnel interface associated with this configuration + + interfaces vti + + + + #include + + + + + + + + + + + diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in new file mode 100644 index 000000000..3e2d00e6b --- /dev/null +++ b/interface-definitions/vpn_l2tp.xml.in @@ -0,0 +1,163 @@ + + + + + + + L2TP Virtual Private Network (VPN) + 902 + + + + + Remote access L2TP VPN + + + #include + #include + + 1436 + + + + External IP address to which VPN clients will connect + + + + + + #include + #include + + + L2TP Network Server (LNS) + + + + + Tunnel password used to authenticate the client (LAC) + + + + + Sent to the client (LAC) in the Host-Name attribute + + #include + + Host-name must be alphanumeric and can contain hyphens + + + + + + + Disable Compression Control Protocol (CCP) + + + + + + Internet Protocol Security (IPsec) for remote access L2TP VPN + + + + + IPsec authentication settings + + + + + Authentication mode for IPsec + + pre-shared-secret + Use pre-shared secret for IPsec authentication + + + x509 + Use X.509 certificate for IPsec authentication + + + (pre-shared-secret|x509) + + + pre-shared-secret x509 + + + + #include + #include + + + + + IKE lifetime + + u32:30-86400 + IKE lifetime in seconds + + + + + + 3600 + + + + ESP lifetime + + u32:30-86400 + IKE lifetime in seconds + + + + + + 3600 + + #include + #include + + + #include + #include + #include + #include + #include + + + Authentication for remote access L2TP VPN + + + #include + #include + #include + #include + #include + + + #include + + + + + + + Advanced protocol options + + + #include + #include + #include + #include + #include + #include + + + #include + + + + + + + diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in new file mode 100644 index 000000000..736084f8b --- /dev/null +++ b/interface-definitions/vpn_openconnect.xml.in @@ -0,0 +1,392 @@ + + + + + + + SSL VPN OpenConnect, AnyConnect compatible server + 901 + + + + + Accounting for users OpenConnect VPN Sessions + + + + + Accounting mode used by this server + + + + + Use RADIUS server for accounting + + + + + + #include + + + + + Authentication for remote access SSL VPN Server + + + + + Authentication mode used by this server + + + + + Use local username/password configuration (OTP supported) + + password + Password-only local authentication + + + otp + OTP-only local authentication + + + password-otp + Password (first) + OTP local authentication + + + (password|otp|password-otp) + + Invalid authentication mode. Must be one of: password, otp or password-otp + + otp password password-otp + + + + + + Use RADIUS server for user autentication + + + + + + + + Include configuration file by username or RADIUS group attribute + + + #include + + + Select per user or per group configuration file - ignored if authentication group is configured + + user group + + + user + Match configuration file on username + + + group + Match RADIUS response class attribute as file name + + + (user|group) + + Invalid mode, must be either user or group + + + + + Directory to containing configuration files + + path + Path to configuration directory, must be under /config/auth + + + + + + + + + Default configuration if discrete config could not be found + + filename + Default configuration filename, must be under /config/auth + + + + + + + + + + + Group that a client is allowed to select (from a list). Maps to RADIUS Class attribute. + + txt + Group string. The group may be followed by a user-friendly name in brackets: group1[First Group] + + + + + #include + + + + + + + 2FA OTP authentication parameters + + + + + Token Key Secret key for the token algorithm (see RFC 4226) + + txt + OTP key in hex-encoded format + + + [a-fA-F0-9]{20,10000} + + Key name must only include hex characters and be at least 20 characters long + + + + + Number of digits in OTP code + + u32:6-8 + Number of digits in OTP code + + + + + Number of digits in OTP code must be between 6 and 8 + + 6 + + + + Time tokens interval in seconds + + u32:5-86400 + Time tokens interval in seconds. + + + + + Time token interval must be between 5 and 86400 seconds + + 30 + + + + Token type + + hotp-time + Time-based OTP algorithm + + + hotp-event + Event-based OTP algorithm + + + (hotp-time|hotp-event) + + + hotp-time hotp-event + + + hotp-time + + + + + + + + #include + + + #include + + + If the groupconfig option is set, then config-per-user will be overriden, and all configuration will be read from RADIUS. + + + + + + + #include + + 0.0.0.0 + + + + Specify custom ports to use for client connections + + + + + tcp port number to accept connections + + u32:1-65535 + Numeric IP port + + + + + + 443 + + + + udp port number to accept connections + + u32:1-65535 + Numeric IP port + + + + + + 443 + + + + + + Enable HTTP security headers + + + + + + SSL Certificate, SSL Key and CA + + + #include + #include + + + + + Network settings + + + + + Route to be pushed to the client + + ipv4net + IPv4 network and prefix length + + + ipv6net + IPv6 network and prefix length + + + + + + + + + + Client IP pools settings + + + + + Client IP subnet (CIDR notation) + + ipv4net + IPv4 address and prefix length + + + + + Not a valid CIDR formatted prefix + + + + + + + Pool of client IPv6 addresses + + + + + Pool of addresses used to assign to clients + + ipv6net + IPv6 address and prefix length + + + + + + + + + Prefix length used for individual client + + u32:48-128 + Client prefix length + + + + + + 64 + + + + #include + + + Domains over which the provided DNS should be used + + txt + Client prefix length + + + + + + + + + + If the tunnel-all-dns option is set to yes, tunnel all DNS queries via the VPN. This is the default when a default route is set. + + yes no + + + yes + Enable tunneling of all DNS traffic + + + no + Disable tunneling of all DNS traffic + + + (yes|no) + + + no + + + + + + + + diff --git a/interface-definitions/vpn_pptp.xml.in b/interface-definitions/vpn_pptp.xml.in new file mode 100644 index 000000000..7bb8db798 --- /dev/null +++ b/interface-definitions/vpn_pptp.xml.in @@ -0,0 +1,143 @@ + + + + + + + Point to Point Tunneling Protocol (PPTP) Virtual Private Network (VPN) + 901 + + + + + Remote access PPTP VPN + + + #include + #include + + 1436 + + + + External IP address to which VPN clients will connect + + + + + + #include + #include + #include + #include + + + Authentication for remote access PPTP VPN + + + + + Authentication protocol for remote access peer PPTP VPN + + pap chap mschap mschap-v2 + + + pap + Require the peer to authenticate itself using PAP [Password Authentication Protocol]. + + + chap + Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. + + + mschap + Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. + + + mschap-v2 + Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2]. + + + (pap|chap|mschap|mschap-v2) + + + mschap-v2 + + + + Specifies mppe negotioation preference. (default require mppe 128-bit stateless + + deny + deny mppe + + + prefer + ask client for mppe, if it rejects do not fail + + + require + ask client for mppe, if it rejects drop connection + + + (deny|prefer|require) + + + deny prefer require + + + prefer + + #include + + + Local user authentication for remote access PPTP VPN + + + + + User name for authentication + + + #include + + + Password for authentication + + + + + Static client IP address + + * + + + + + + + + #include + + + #include + #include + + + + 30 + + + 30 + + + + + + #include + + + + + + + diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in new file mode 100644 index 000000000..a1b69f990 --- /dev/null +++ b/interface-definitions/vpn_sstp.xml.in @@ -0,0 +1,64 @@ + + + + + + + Secure Socket Tunneling Protocol (SSTP) server + 901 + + + + + Authentication for remote access SSTP Server + + + #include + #include + #include + #include + #include + + + #include + + + + + #include + #include + #include + #include + #include + #include + #include + + 443 + + #include + + + PPP (Point-to-Point Protocol) settings + + + #include + #include + #include + #include + #include + + + + + SSL Certificate, SSL Key and CA + + + #include + #include + + + + + + + -- cgit v1.2.3