1 files changed, 251 insertions, 0 deletions

diff --git a/interface-definitions/nat66.xml.in b/interface-definitions/nat66.xml.in
new file mode 100644
index 0000000..c59725c
--- /dev/null
+++ b/interface-definitions/nat66.xml.in
@@ -0,0 +1,251 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="nat66" owner="${vyos_conf_scripts_dir}/nat66.py">
+    <properties>
+      <help>Network Prefix Translation (NAT66/NPTv6) parameters</help>
+      <priority>500</priority>
+    </properties>
+    <children>
+      <node name="source">
+        <properties>
+          <help>Prefix mapping of IPv6 source address translation</help>
+        </properties>
+        <children>
+          <tagNode name="rule">
+            <properties>
+              <help>Source NAT66 rule number</help>
+              <valueHelp>
+                <format>u32:1-999999</format>
+                <description>Number for this rule</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 1-999999"/>
+              </constraint>
+              <constraintErrorMessage>NAT66 rule number must be between 1 and 999999</constraintErrorMessage>
+            </properties>
+            <children>
+              #include <include/generic-description.xml.i>
+              #include <include/generic-disable-node.xml.i>
+              #include <include/nat-exclude.xml.i>
+              #include <include/firewall/log.xml.i>
+              #include <include/firewall/outbound-interface-no-group.xml.i>
+              #include <include/nat/protocol.xml.i>
+              <node name="destination">
+                <properties>
+                  <help>IPv6 destination prefix options</help>
+                </properties>
+                <children>
+                  <leafNode name="prefix">
+                    <properties>
+                      <help>IPv6 prefix to be translated</help>
+                      <valueHelp>
+                        <format>ipv6net</format>
+                        <description>IPv6 prefix</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>!ipv6net</format>
+                        <description>Match everything except the specified IPv6 prefix</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv6-prefix"/>
+                        <validator name="ipv6-prefix-exclude"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  #include <include/nat-port.xml.i>
+                </children>
+              </node>
+              <node name="source">
+                <properties>
+                  <help>IPv6 source prefix options</help>
+                </properties>
+                <children>
+                  <leafNode name="prefix">
+                    <properties>
+                      <help>IPv6 prefix to be translated</help>
+                      <valueHelp>
+                        <format>ipv6net</format>
+                        <description>IPv6 prefix</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>!ipv6net</format>
+                        <description>Match everything except the specified IPv6 prefix</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv6-prefix"/>
+                        <validator name="ipv6-prefix-exclude"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  #include <include/nat-port.xml.i>
+                </children>
+              </node>
+              <node name="translation">
+                <properties>
+                  <help>Translated IPv6 address options</help>
+                </properties>
+                <children>
+                  <leafNode name="address">
+                    <properties>
+                      <help>IPv6 address to translate to</help>
+                      <completionHelp>
+                        <list>masquerade</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>ipv6</format>
+                        <description>IPv6 address</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>ipv6net</format>
+                        <description>IPv6 prefix</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>masquerade</format>
+                        <description>NAT to the primary address of outbound-interface</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv6-address"/>
+                        <validator name="ipv6-prefix"/>
+                        <regex>(masquerade)</regex>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  #include <include/nat-translation-port.xml.i>
+                </children>
+              </node>
+            </children>
+          </tagNode>
+        </children>
+      </node>
+      <node name="destination">
+        <properties>
+          <help>Prefix mapping for IPv6 destination address translation</help>
+        </properties>
+        <children>
+          <tagNode name="rule">
+            <properties>
+              <help>Destination NAT66 rule number</help>
+              <valueHelp>
+                <format>u32:1-999999</format>
+                <description>Number for this rule</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 1-999999"/>
+              </constraint>
+              <constraintErrorMessage>NAT66 rule number must be between 1 and 999999</constraintErrorMessage>
+            </properties>
+            <children>
+              #include <include/generic-description.xml.i>
+              #include <include/generic-disable-node.xml.i>
+              #include <include/nat-exclude.xml.i>
+              <leafNode name="log">
+                <properties>
+                  <help>NAT66 rule logging</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+              #include <include/firewall/inbound-interface-no-group.xml.i>
+              #include <include/nat/protocol.xml.i>
+              <node name="destination">
+                <properties>
+                  <help>IPv6 destination prefix options</help>
+                </properties>
+                <children>
+                  <leafNode name="address">
+                    <properties>
+                      <help>IPv6 address or prefix to be translated</help>
+                      <valueHelp>
+                        <format>ipv6</format>
+                        <description>IPv6 address</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>ipv6net</format>
+                        <description>IPv6 prefix</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>!ipv6</format>
+                        <description>Match everything except the specified IPv6 address</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>!ipv6net</format>
+                        <description>Match everything except the specified IPv6 prefix</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv6-address"/>
+                        <validator name="ipv6-prefix"/>
+                        <validator name="ipv6-address-exclude"/>
+                        <validator name="ipv6-prefix-exclude"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  #include <include/nat-port.xml.i>
+                  #include <include/firewall/source-destination-group-ipv6.xml.i>
+                </children>
+              </node>
+              <node name="source">
+                <properties>
+                  <help>IPv6 source prefix options</help>
+                </properties>
+                <children>
+                  <leafNode name="address">
+                    <properties>
+                      <help>IPv6 address or prefix to be translated</help>
+                      <valueHelp>
+                        <format>ipv6</format>
+                        <description>IPv6 address</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>ipv6net</format>
+                        <description>IPv6 prefix</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>!ipv6</format>
+                        <description>Match everything except the specified IPv6 address</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>!ipv6net</format>
+                        <description>Match everything except the specified IPv6 prefix</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv6-address"/>
+                        <validator name="ipv6-prefix"/>
+                        <validator name="ipv6-address-exclude"/>
+                        <validator name="ipv6-prefix-exclude"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                #include <include/nat-port.xml.i>
+                </children>
+              </node>
+              <node name="translation">
+                <properties>
+                  <help>Translated IPv6 address options</help>
+                </properties>
+                <children>
+                  <leafNode name="address">
+                    <properties>
+                      <help>IPv6 address or prefix to translate to</help>
+                      <valueHelp>
+                        <format>ipv6</format>
+                        <description>IPv6 address</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>ipv6net</format>
+                        <description>IPv6 prefix</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv6-address"/>
+                        <validator name="ipv6-prefix"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  #include <include/nat-translation-port.xml.i>
+                </children>
+              </node>
+            </children>
+          </tagNode>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>