Gitiles
Code Review Sign In
gerrit.cesnet.cz / CzechLight / velia / 09fc70181da95c0c78fa55908d4cfd06cae76a31 / . / yang / czechlight-firewall@2021-01-25.yang
blob: 7f73b95bfa97440504d0cdde8a77c80a9d4d6d07 [file] [log] [blame]
Václav Kubernát457d1ad2021-01-22 02:43:18 +0100[diff] [blame]1module czechlight-firewall {
2 yang-version 1.1;
3 namespace "http://czechlight.cesnet.cz/yang/czechlight-firewall";
4 prefix cla-fw;
5
6 import ietf-packet-fields {
7 prefix pf;
8 }
9
10 import ietf-access-control-list {
11 prefix acl;
12 }
13
14 revision 2021-01-25 {
15 description
16 "Initial version.";
17 }
18
19 // We don't support logging
20 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:actions/acl:logging { deviate not-supported; }
21
22 // We don't support these types of matching
23 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:egress-interface { deviate not-supported; }
24 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:ingress-interface { deviate not-supported; }
25 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l2 { deviate not-supported; }
26 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l3/acl:ipv4/acl:ipv4/acl:destination-network { deviate not-supported; }
27 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l3/acl:ipv4/acl:ipv4/acl:dscp { deviate not-supported; }
28 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l3/acl:ipv4/acl:ipv4/acl:ecn { deviate not-supported; }
29 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l3/acl:ipv4/acl:ipv4/acl:flags { deviate not-supported; }
30 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l3/acl:ipv4/acl:ipv4/acl:identification { deviate not-supported; }
31 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l3/acl:ipv4/acl:ipv4/acl:ihl { deviate not-supported; }
32 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l3/acl:ipv4/acl:ipv4/acl:length { deviate not-supported; }
33 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l3/acl:ipv4/acl:ipv4/acl:offset { deviate not-supported; }
34 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l3/acl:ipv4/acl:ipv4/acl:protocol { deviate not-supported; }
35 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l3/acl:ipv4/acl:ipv4/acl:ttl { deviate not-supported; }
36 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l3/acl:ipv6/acl:ipv6/acl:destination-network { deviate not-supported; }
37 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l3/acl:ipv6/acl:ipv6/acl:dscp { deviate not-supported; }
38 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l3/acl:ipv6/acl:ipv6/acl:ecn { deviate not-supported; }
39 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l3/acl:ipv6/acl:ipv6/acl:flow-label { deviate not-supported; }
40 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l3/acl:ipv6/acl:ipv6/acl:length { deviate not-supported; }
41 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l3/acl:ipv6/acl:ipv6/acl:protocol { deviate not-supported; }
42 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l3/acl:ipv6/acl:ipv6/acl:ttl { deviate not-supported; }
43 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l4 { deviate not-supported; }
44
45 // We don't support statistics
46 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:statistics { deviate not-supported; }
47
48 // We don't support attachment-points
49 deviation /acl:acls/acl:attachment-points { deviate not-supported; }
50
51 // We only support ONE acl (which we will translate to one table)
52 deviation /acl:acls/acl:acl {
53 deviate add {
54 max-elements 1;
55 }
56 }
57
58 deviation /acl:acls/acl:acl/acl:aces/acl:ace/acl:name {
59 deviate replace {
60 type string {
61 // We don't allow newlines and double quotes in ACE names
62 pattern '[^\r\n"]+';
63 }
64 }
65 }
66}