From c4409d6a4e11bf2acc7b5b96888e2c471c4559e5 Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Fri, 10 Nov 2023 19:26:35 +0000 Subject: T5729: firewall: switch to valueless in order to remove unnecessary commands; log and state moved to new syntax. --- .../include/firewall/common-rule-bridge.xml.i | 20 +--- .../include/firewall/common-rule-inet.xml.i | 123 +-------------------- interface-definitions/include/firewall/log.xml.i | 15 +-- interface-definitions/include/firewall/state.xml.i | 30 +++++ interface-definitions/include/nat-rule.xml.i | 7 +- .../include/policy/route-common.xml.i | 104 +---------------- .../include/version/firewall-version.xml.i | 2 +- .../include/version/policy-version.xml.i | 2 +- interface-definitions/nat66.xml.in | 7 +- 9 files changed, 43 insertions(+), 267 deletions(-) create mode 100644 interface-definitions/include/firewall/state.xml.i (limited to 'interface-definitions') diff --git a/interface-definitions/include/firewall/common-rule-bridge.xml.i b/interface-definitions/include/firewall/common-rule-bridge.xml.i index 381e04b1e..a27cae43b 100644 --- a/interface-definitions/include/firewall/common-rule-bridge.xml.i +++ b/interface-definitions/include/firewall/common-rule-bridge.xml.i @@ -23,25 +23,7 @@ - - - Option to log packets matching rule - - enable disable - - - enable - Enable log - - - disable - Disable log - - - (enable|disable) - - - +#include #include diff --git a/interface-definitions/include/firewall/common-rule-inet.xml.i b/interface-definitions/include/firewall/common-rule-inet.xml.i index a55a1a551..aabefcb27 100644 --- a/interface-definitions/include/firewall/common-rule-inet.xml.i +++ b/interface-definitions/include/firewall/common-rule-inet.xml.i @@ -82,44 +82,7 @@ - - - Option to log packets matching rule - - enable disable - - - enable - Enable log - - - disable - Disable log - - - (enable|disable) - - - - - - Option to log packets matching rule - - enable disable - - - enable - Enable log - - - disable - Disable log - - - (enable|disable) - - - +#include #include @@ -222,89 +185,7 @@ #include - - - Session state - - - - - Established state - - enable disable - - - enable - Enable - - - disable - Disable - - - (enable|disable) - - - - - - Invalid state - - enable disable - - - enable - Enable - - - disable - Disable - - - (enable|disable) - - - - - - New state - - enable disable - - - enable - Enable - - - disable - Disable - - - (enable|disable) - - - - - - Related state - - enable disable - - - enable - Enable - - - disable - Disable - - - (enable|disable) - - - - - +#include #include #include diff --git a/interface-definitions/include/firewall/log.xml.i b/interface-definitions/include/firewall/log.xml.i index 46d20c1df..21b883e6a 100644 --- a/interface-definitions/include/firewall/log.xml.i +++ b/interface-definitions/include/firewall/log.xml.i @@ -1,15 +1,8 @@ - + - Option to log packets + Enable log + - - - - Enable logging - - - - - + diff --git a/interface-definitions/include/firewall/state.xml.i b/interface-definitions/include/firewall/state.xml.i new file mode 100644 index 000000000..dee9722e5 --- /dev/null +++ b/interface-definitions/include/firewall/state.xml.i @@ -0,0 +1,30 @@ + + + + Session state + + established invalid new related + + + established + Established state + + + invalid + Invalid state + + + new + New state + + + related + Related state + + + (established|invalid|new|related) + + + + + diff --git a/interface-definitions/include/nat-rule.xml.i b/interface-definitions/include/nat-rule.xml.i index 6234e6195..deb13529d 100644 --- a/interface-definitions/include/nat-rule.xml.i +++ b/interface-definitions/include/nat-rule.xml.i @@ -34,12 +34,7 @@ #include - - - NAT rule logging - - - + #include Packet type diff --git a/interface-definitions/include/policy/route-common.xml.i b/interface-definitions/include/policy/route-common.xml.i index 8eab04d4a..4405f9c26 100644 --- a/interface-definitions/include/policy/route-common.xml.i +++ b/interface-definitions/include/policy/route-common.xml.i @@ -77,25 +77,7 @@ - - - Option to log packets matching rule - - enable disable - - - enable - Enable log - - - disable - Disable log - - - (enable|disable) - - - +#include Protocol to match (protocol name, number, or "all") @@ -231,89 +213,7 @@ - - - Session state - - - - - Established state - - enable disable - - - enable - Enable - - - disable - Disable - - - (enable|disable) - - - - - - Invalid state - - enable disable - - - enable - Enable - - - disable - Disable - - - (enable|disable) - - - - - - New state - - enable disable - - - enable - Enable - - - disable - Disable - - - (enable|disable) - - - - - - Related state - - enable disable - - - enable - Enable - - - disable - Disable - - - (enable|disable) - - - - - +#include #include #include diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i index 39f0cdcba..299eebb00 100644 --- a/interface-definitions/include/version/firewall-version.xml.i +++ b/interface-definitions/include/version/firewall-version.xml.i @@ -1,3 +1,3 @@ - + diff --git a/interface-definitions/include/version/policy-version.xml.i b/interface-definitions/include/version/policy-version.xml.i index 2c96e0f15..4fbe757f5 100644 --- a/interface-definitions/include/version/policy-version.xml.i +++ b/interface-definitions/include/version/policy-version.xml.i @@ -1,3 +1,3 @@ - + diff --git a/interface-definitions/nat66.xml.in b/interface-definitions/nat66.xml.in index a657535ba..2fd95e03a 100644 --- a/interface-definitions/nat66.xml.in +++ b/interface-definitions/nat66.xml.in @@ -32,12 +32,7 @@ #include - - - NAT66 rule logging - - - + #include #include #include -- cgit v1.2.3