diff options
Diffstat (limited to 'libs/uvl/root/lib')
-rw-r--r-- | libs/uvl/root/lib/uci/schema/default/firewall | 196 |
1 files changed, 170 insertions, 26 deletions
diff --git a/libs/uvl/root/lib/uci/schema/default/firewall b/libs/uvl/root/lib/uci/schema/default/firewall index 3d293ad61f..ac139fc8b2 100644 --- a/libs/uvl/root/lib/uci/schema/default/firewall +++ b/libs/uvl/root/lib/uci/schema/default/firewall @@ -1,6 +1,50 @@ package firewall config section + option name 'zone' + option title 'Firewall zones' + option package 'firewall' + +config variable + option name 'name' + option title 'Name of this firewall zone' + option section 'firewall.zone' + option required true + +config variable + option name 'network' + option title 'Associated network of this firewall zone' + option section 'firewall.zone' +# option valueof 'network.interface' +# option type 'lazylist' + +config variable + option name 'forward' + option title 'Zone specific action for forwarded traffic' + option section 'firewall.zone' + option required true + +config variable + option name 'input' + option title 'Zone specific action for incoming traffic' + option section 'firewall.zone' + option required true + +config variable + option name 'output' + option title 'Zone specific action for outgoing traffic' + option section 'firewall.zone' + option required true + +config variable + option name 'masq' + option title 'Enable masquerading for outgoing zone traffic' + option section 'firewall.zone' + option datatype 'boolean' + + + +config section option name 'defaults' option title 'Global firewall defaults' option package 'firewall' @@ -32,6 +76,7 @@ config variable option datatype 'boolean' + config section option name 'forwarding' option title 'Firewall traffic forwarding rules' @@ -52,44 +97,143 @@ config variable option required true + config section - option name 'zone' - option title 'Firewall zones' + option name 'rule' + option title 'Custom rule specification' option package 'firewall' + list depends 'target, src' + list depends 'target, dest' config variable - option name 'name' - option title 'Name of this firewall zone' - option section 'firewall.zone' - option required true + option name 'src' + option title 'Source zone' + option section 'firewall.rule' + list valueof 'firewall.zone' + list valueof 'firewall.zone.network' config variable - option name 'network' - option title 'Associated network of this firewall zone' - option section 'firewall.zone' -# option valueof 'network.interface' -# option type 'lazylist' + option name 'src_ip' + option title 'Source IP address' + option section 'firewall.rule' + option datatype 'ipaddr' config variable - option name 'forward' - option title 'Zone specific action for forwarded traffic' - option section 'firewall.zone' - option required true + option name 'src_port' + option title 'Source port' + option section 'firewall.rule' + option datatype 'uint' config variable - option name 'input' - option title 'Zone specific action for incoming traffic' - option section 'firewall.zone' - option required true + option name 'src_mac' + option title 'Source MAC address' + option section 'firewall.rule' + option datatype 'macaddr' config variable - option name 'output' - option title 'Zone specific action for outgoing traffic' - option section 'firewall.zone' + option name 'dest' + option title 'Destination zone' + option section 'firewall.rule' + list valueof 'firewall.zone' + list valueof 'firewall.zone.network' + +config variable + option name 'dest_ip' + option title 'Destination IP address' + option section 'firewall.rule' + option datatype 'ipaddr' + +config variable + option name 'dest_port' + option title 'Destination port' + option section 'firewall.rule' + option datatype 'uint' + +config variable + option name 'proto' + option title 'Protocol' + option section 'firewall.rule' + option datatype 'string' + +config variable + option name 'target' + option title 'Option target' + option section 'firewall.rule' + option datatype 'string' option required true + + +config section + option name 'redirect' + option title 'Traffic redirection rule definition' + option package 'firewall' + config variable - option name 'masq' - option title 'Enable masquerading for outgoing zone traffic' - option section 'firewall.zone' - option datatype 'boolean' + option name 'src' + option title 'Source zone' + option section 'firewall.redirect' + list valueof 'firewall.zone' + list valueof 'firewall.zone.network' + +config variable + option name 'src_ip' + option title 'Source IP address' + option section 'firewall.redirect' + option datatype 'ipaddr' + +config variable + option name 'src_port' + option title 'Source port' + option section 'firewall.redirect' + option datatype 'uint' + +config variable + option name 'src_dport' + option title 'Source destination port' + option section 'firewall.redirect' + option datatype 'uint' + +config variable + option name 'src_mac' + option title 'Option src_mac' + option section 'firewall.redirect' + option datatype 'macaddr' + +config variable + option name 'dest' + option title 'Destination zone' + option section 'firewall.redirect' + list valueof 'firewall.zone' + list valueof 'firewall.zone.network' + +config variable + option name 'dest_ip' + option title 'Destination IP address' + option section 'firewall.redirect' + option datatype 'ipaddr' + +config variable + option name 'dest_port' + option title 'Destination port' + option section 'firewall.redirect' + option datatype 'uint' + +config variable + option name 'proto' + option title 'Protocol' + option section 'firewall.redirect' + option datatype 'string' + + + +config section + option name 'include' + option title 'User defined config includes' + option package 'firewall' + +config variable + option name 'path' + option title 'Path to the include file' + option section 'firewall.include' + option datatype 'file' |