junoser 0.4.1 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +16 -1
  3. data/Gemfile.lock +1 -1
  4. data/Rakefile +10 -1
  5. data/example/mx-19.3R3-S1.3.rb +161 -297
  6. data/example/vsrx-18.3R1.9.rb +1305 -1305
  7. data/lib/junoser/parser.rb +170 -306
  8. data/lib/junoser/ruler.rb +8 -0
  9. data/lib/junoser/version.rb +1 -1
  10. data/lib/junoser/xsd/base.rb +4 -2
  11. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b370402809bb2214265f0dd6e692c591337882121f7f5c1f8f3653553cd29f83
4
- data.tar.gz: 72dd3c61381706e34cba7618e6402f6be59380137c3b7198747d898e17d550c0
3
+ metadata.gz: f37eb9172418859fd2a4144cdd0d4b47c657162e02117cfb9fe73a33fe9ca0e2
4
+ data.tar.gz: 4791fbaf136985e1b16a4dba7daaf2fc2dbcee8ed85508d2e3c65b5b3f4575b9
5
5
  SHA512:
6
- metadata.gz: 606fec606c9882cddbef3f1cc687d00f19cf0f535acdb84da448dfea730e5c7d69f16d4837014c5b7c4b1a68fea00c957f72c867ffcdccae3773b7fbf2c76b5d
7
- data.tar.gz: d88215e1ef62177ed15e5c0e76a149ac53a96880fb19c9bfd32c275e750b2aa298bb39a6a01b6a3ee3b650592da1d843b7bb443ac9bbfa75ef620b1e2c061752
6
+ metadata.gz: 5961c24e760831bf52f6edb82c5972aefb023d99639091fb2c12d95f083ef57e9e2703fd441dbb0c1d5e44b5e386834679e910873e44825c9a7c103243fa2c6c
7
+ data.tar.gz: 9e41dcfb72bfe2f5b801506c50725a4a0da2f56a09a8ddeedb8cb7d4b8ae82864008c89cdf2da837ced1c83d39d2e7d53640bba5f7dcb459d434e0d173862659
data/CHANGELOG.md CHANGED
@@ -1,3 +1,18 @@
1
+ ## [0.4.2] - 2021-08-30
2
+
3
+ ### Added
4
+
5
+ * Newly supported syntax
6
+ * "virtual-chassis vcp-snmp-statistics"
7
+ * "application_object"
8
+
9
+ ### Fixed
10
+
11
+ * Keywords "tls", "group", "dest-nat-rule-match", "src-nat-rule-match", and "static-nat-rule-match" might be marked as invalid in some hierarchies
12
+ * "applications application xxx term xxx"
13
+ * "security"
14
+
15
+
1
16
  ## [0.4.1] - 2021-06-06
2
17
 
3
18
  ### Added
@@ -7,7 +22,7 @@
7
22
 
8
23
  ### Fixed
9
24
 
10
- * "scpf-link", "https", "inet6", "icmp6", "icmpv6", "ospf3", and "snmptrap" keywords might be marked as invalid in some hierarchies
25
+ * Keywords "scpf-link", "https", "inet6", "icmp6", "icmpv6", "ospf3", and "snmptrap" might be marked as invalid in some hierarchies
11
26
  * "policy-options community xxx members"
12
27
  * "policy-options route-distinguisher xxx members"
13
28
  * "routing-options confederation members"
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- junoser (0.4.1)
4
+ junoser (0.4.2)
5
5
  parslet
6
6
 
7
7
  GEM
data/Rakefile CHANGED
@@ -19,12 +19,22 @@ def open_files(input, output, &block)
19
19
  o.close
20
20
  end
21
21
 
22
+ def move_wildcards(element)
23
+ ['ipaddr', 'ipv6addr', 'ipprefix'].each do |pattern|
24
+ element.xpath(%[.//xsd:element[@type="#{pattern}"]/xsd:annotation/xsd:appinfo/flag[text()="nokeyword"]/../../..]).each do |wildcard|
25
+ parent = wildcard.parent
26
+ removed = wildcard.remove
27
+ parent << removed
28
+ end
29
+ end
30
+ end
22
31
 
23
32
  namespace :build do
24
33
  desc 'Build an intermediate config hierarchy'
25
34
  task :config do
26
35
  open_files(xsd_path, rule_path) do |input, output|
27
36
  Nokogiri::XML(input).root.remove_unused.xpath('/xsd:schema/*').each do |e|
37
+ move_wildcards e # Move wildcard elements to the end of siblings as they capture keywords unexpectedly
28
38
  output.puts e.to_config
29
39
  end
30
40
  end
@@ -56,7 +66,6 @@ task 'find-srx-methods' do
56
66
  end
57
67
  end
58
68
 
59
-
60
69
  Rake::TestTask.new do |t|
61
70
  t.libs << 'test'
62
71
 
data/example/mx-19.3R3-S1.3.rb CHANGED
@@ -1996,10 +1996,10 @@ rule(:configuration) do
1996
1996
  ),
1997
1997
  "wildcard-address" ( /* IP wildcard address and mask */
1998
1998
  sc(
1999
- ipaddr /* IP wildcard address */,
2000
1999
  "wildcard-mask" ( /* IP wildcard address mask */
2001
2000
  ipaddr /* IP wildcard address mask */
2002
- )
2001
+ ),
2002
+ ipaddr /* IP wildcard address */
2003
2003
  )
2004
2004
  ).as(:oneline),
2005
2005
  "port-range" ( /* IP port ranges */
@@ -2017,10 +2017,10 @@ rule(:configuration) do
2017
2017
  ),
2018
2018
  "wildcard-address" ( /* IP wildcard address and mask */
2019
2019
  sc(
2020
- ipaddr /* IP wildcard address */,
2021
2020
  "wildcard-mask" ( /* IP wildcard address mask */
2022
2021
  ipaddr /* IP wildcard address mask */
2023
- )
2022
+ ),
2023
+ ipaddr /* IP wildcard address */
2024
2024
  )
2025
2025
  ).as(:oneline),
2026
2026
  "port-range" ( /* IP port ranges */
@@ -5912,34 +5912,34 @@ rule(:configuration) do
5912
5912
  c(
5913
5913
  "source-ip" ( /* Filter based on source-ip (and wildcard) */
5914
5914
  sc(
5915
- ipaddr /* Source IP */,
5916
5915
  "wildcard" ( /* Source IP wildcard */
5917
5916
  ipaddr /* Source IP wildcard */
5918
- )
5917
+ ),
5918
+ ipaddr /* Source IP */
5919
5919
  )
5920
5920
  ).as(:oneline),
5921
5921
  "dest-ip" ( /* Filter based on dest-ip (and wildcard) */
5922
5922
  sc(
5923
- ipaddr /* Dest IP */,
5924
5923
  "wildcard" ( /* Dest IP wildcard */
5925
5924
  ipaddr /* Dest IP wildcard */
5926
- )
5925
+ ),
5926
+ ipaddr /* Dest IP */
5927
5927
  )
5928
5928
  ).as(:oneline),
5929
5929
  "sw-sip" ( /* Filter based on source softwire ip (and wildcard) */
5930
5930
  sc(
5931
- ipv6addr /* Source softwire IP */,
5932
5931
  "wildcard" ( /* Source IP wildcard */
5933
5932
  ipv6addr /* Source IP wildcard */
5934
- )
5933
+ ),
5934
+ ipv6addr /* Source softwire IP */
5935
5935
  )
5936
5936
  ).as(:oneline),
5937
5937
  "sw-dip" ( /* Filter based on destination softwire ip (and wildcard) */
5938
5938
  sc(
5939
- ipaddr /* Destination softwire IP */,
5940
5939
  "wildcard" ( /* Destination IP wildcard */
5941
5940
  ipaddr /* Destination IP wildcard */
5942
- )
5941
+ ),
5942
+ ipaddr /* Destination softwire IP */
5943
5943
  )
5944
5944
  ).as(:oneline),
5945
5945
  "sport-range" ( /* Filter based on source port */
@@ -10594,7 +10594,8 @@ rule(:configuration) do
10594
10594
  "no-auto-conversion" /* Disable automatic VC port conversion */,
10595
10595
  "auto-conversion" /* Enable automatic VC port conversion */
10596
10596
  ),
10597
- "vcp-no-hold-time" /* Set no hold time for vcp interfaces */
10597
+ "vcp-no-hold-time" /* Set no hold time for vcp interfaces */,
10598
+ "vcp-snmp-statistics"
10598
10599
  )
10599
10600
  ),
10600
10601
  "ethernet-switching-options" (
@@ -17879,53 +17880,6 @@ rule(:any_template) do
17879
17880
  )
17880
17881
  end
17881
17882
 
17882
- rule(:application_object) do
17883
- arg.as(:arg) (
17884
- c(
17885
- "application-protocol" ( /* Application protocol type */
17886
- ("bootp" | "dce-rpc" | "dce-rpc-portmap" | "dns" | "exec" | "ftp" | "ftp-data" | "gprs-gtp-c" | "gprs-gtp-u" | "gprs-gtp-v0" | "gprs-sctp" | "h323" | "icmp" | "icmpv6" | "ignore" | "iiop" | "ike-esp-nat" | "ip" | "login" | "mgcp-ca" | "mgcp-ua" | "ms-rpc" | "netbios" | "netshow" | "none" | "pptp" | "q931" | "ras" | "realaudio" | "rpc" | "rpc-portmap" | "rsh" | "rtsp" | "sccp" | "sip" | "shell" | "snmp" | "sqlnet" | "sqlnet-v2" | "sun-rpc" | "talk" | "tftp" | "traceroute" | "http" | "winframe" | "https" | "imap" | "smtp" | "ssh" | "telnet" | "twamp")
17887
- ),
17888
- "protocol" ( /* Match IP protocol type */
17889
- ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg)
17890
- ),
17891
- "source-port" ( /* Match TCP/UDP source port */
17892
- ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg)
17893
- ),
17894
- "destination-port" ( /* Match TCP/UDP destination port */
17895
- ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg)
17896
- ),
17897
- "ether-type" arg /* Match ether type */,
17898
- "snmp-command" ( /* Match SNMP command */
17899
- ("get" | "get-next" | "get-response" | "set" | "trap")
17900
- ),
17901
- "icmp-type" ( /* Match ICMP message type */
17902
- ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg)
17903
- ),
17904
- "icmp6-type" ( /* Match ICMP6 message type */
17905
- ("echo-request" | "echo-reply" | "destination-unreachable" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "packet-too-big" | "membership-query" | "membership-report" | "membership-termination" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | arg)
17906
- ),
17907
- "icmp-code" ( /* Match ICMP message code */
17908
- ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg)
17909
- ),
17910
- "icmp6-code" ( /* Match ICMP6 message code */
17911
- ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg)
17912
- ),
17913
- "ttl-threshold" arg /* Traceroute TTL threshold */,
17914
- "rpc-program-number" arg /* Match range of RPC program numbers */,
17915
- "uuid" arg /* Match universal unique identifier for DCE RPC objects */,
17916
- "inactivity-timeout" ( /* Application-specific inactivity timeout */
17917
- ("never" | arg)
17918
- ),
17919
- "gate-timeout" arg /* Application-specific gate timeout */,
17920
- "child-inactivity-timeout" arg /* Application-specific child session inactivity timeout */,
17921
- c(
17922
- "do-not-translate-AAAA-query-to-A-query" /* Knob to control the translation of AAAA query to A query */,
17923
- "do-not-translate-A-query-to-AAAA-query" /* Knob to control the translation of A query to AAAA query */
17924
- )
17925
- )
17926
- )
17927
- end
17928
-
17929
17883
  rule(:application_set_object) do
17930
17884
  arg.as(:arg) (
17931
17885
  c(
@@ -28321,34 +28275,34 @@ rule(:interfaces_type) do
28321
28275
  c(
28322
28276
  "source-ip" ( /* Filter based on source-ip (and wildcard) */
28323
28277
  sc(
28324
- ipaddr /* Source IP */,
28325
28278
  "wildcard" ( /* Source IP wildcard */
28326
28279
  ipaddr /* Source IP wildcard */
28327
- )
28280
+ ),
28281
+ ipaddr /* Source IP */
28328
28282
  )
28329
28283
  ).as(:oneline),
28330
28284
  "dest-ip" ( /* Filter based on dest-ip (and wildcard) */
28331
28285
  sc(
28332
- ipaddr /* Dest IP */,
28333
28286
  "wildcard" ( /* Dest IP wildcard */
28334
28287
  ipaddr /* Dest IP wildcard */
28335
- )
28288
+ ),
28289
+ ipaddr /* Dest IP */
28336
28290
  )
28337
28291
  ).as(:oneline),
28338
28292
  "sw-sip" ( /* Filter based on source softwire ip (and wildcard) */
28339
28293
  sc(
28340
- ipv6addr /* Source softwire IP */,
28341
28294
  "wildcard" ( /* Source IP wildcard */
28342
28295
  ipv6addr /* Source IP wildcard */
28343
- )
28296
+ ),
28297
+ ipv6addr /* Source softwire IP */
28344
28298
  )
28345
28299
  ).as(:oneline),
28346
28300
  "sw-dip" ( /* Filter based on destination softwire ip (and wildcard) */
28347
28301
  sc(
28348
- ipaddr /* Destination softwire IP */,
28349
28302
  "wildcard" ( /* Destination IP wildcard */
28350
28303
  ipaddr /* Destination IP wildcard */
28351
- )
28304
+ ),
28305
+ ipaddr /* Destination softwire IP */
28352
28306
  )
28353
28307
  ).as(:oneline),
28354
28308
  "sport-range" ( /* Filter based on source port */
@@ -43766,34 +43720,34 @@ rule(:juniper_dynamic_profile_object) do
43766
43720
  c(
43767
43721
  "source-ip" ( /* Filter based on source-ip (and wildcard) */
43768
43722
  sc(
43769
- ipaddr /* Source IP */,
43770
43723
  "wildcard" ( /* Source IP wildcard */
43771
43724
  ipaddr /* Source IP wildcard */
43772
- )
43725
+ ),
43726
+ ipaddr /* Source IP */
43773
43727
  )
43774
43728
  ).as(:oneline),
43775
43729
  "dest-ip" ( /* Filter based on dest-ip (and wildcard) */
43776
43730
  sc(
43777
- ipaddr /* Dest IP */,
43778
43731
  "wildcard" ( /* Dest IP wildcard */
43779
43732
  ipaddr /* Dest IP wildcard */
43780
- )
43733
+ ),
43734
+ ipaddr /* Dest IP */
43781
43735
  )
43782
43736
  ).as(:oneline),
43783
43737
  "sw-sip" ( /* Filter based on source softwire ip (and wildcard) */
43784
43738
  sc(
43785
- ipv6addr /* Source softwire IP */,
43786
43739
  "wildcard" ( /* Source IP wildcard */
43787
43740
  ipv6addr /* Source IP wildcard */
43788
- )
43741
+ ),
43742
+ ipv6addr /* Source softwire IP */
43789
43743
  )
43790
43744
  ).as(:oneline),
43791
43745
  "sw-dip" ( /* Filter based on destination softwire ip (and wildcard) */
43792
43746
  sc(
43793
- ipaddr /* Destination softwire IP */,
43794
43747
  "wildcard" ( /* Destination IP wildcard */
43795
43748
  ipaddr /* Destination IP wildcard */
43796
- )
43749
+ ),
43750
+ ipaddr /* Destination softwire IP */
43797
43751
  )
43798
43752
  ).as(:oneline),
43799
43753
  "sport-range" ( /* Filter based on source port */
@@ -47223,34 +47177,34 @@ rule(:juniper_dynamic_profile_object) do
47223
47177
  c(
47224
47178
  "source-ip" ( /* Filter based on source-ip (and wildcard) */
47225
47179
  sc(
47226
- ipaddr /* Source IP */,
47227
47180
  "wildcard" ( /* Source IP wildcard */
47228
47181
  ipaddr /* Source IP wildcard */
47229
- )
47182
+ ),
47183
+ ipaddr /* Source IP */
47230
47184
  )
47231
47185
  ).as(:oneline),
47232
47186
  "dest-ip" ( /* Filter based on dest-ip (and wildcard) */
47233
47187
  sc(
47234
- ipaddr /* Dest IP */,
47235
47188
  "wildcard" ( /* Dest IP wildcard */
47236
47189
  ipaddr /* Dest IP wildcard */
47237
- )
47190
+ ),
47191
+ ipaddr /* Dest IP */
47238
47192
  )
47239
47193
  ).as(:oneline),
47240
47194
  "sw-sip" ( /* Filter based on source softwire ip (and wildcard) */
47241
47195
  sc(
47242
- ipv6addr /* Source softwire IP */,
47243
47196
  "wildcard" ( /* Source IP wildcard */
47244
47197
  ipv6addr /* Source IP wildcard */
47245
- )
47198
+ ),
47199
+ ipv6addr /* Source softwire IP */
47246
47200
  )
47247
47201
  ).as(:oneline),
47248
47202
  "sw-dip" ( /* Filter based on destination softwire ip (and wildcard) */
47249
47203
  sc(
47250
- ipaddr /* Destination softwire IP */,
47251
47204
  "wildcard" ( /* Destination IP wildcard */
47252
47205
  ipaddr /* Destination IP wildcard */
47253
- )
47206
+ ),
47207
+ ipaddr /* Destination softwire IP */
47254
47208
  )
47255
47209
  ).as(:oneline),
47256
47210
  "sport-range" ( /* Filter based on source port */
@@ -55337,10 +55291,10 @@ rule(:juniper_policy_options) do
55337
55291
  c(
55338
55292
  "self" /* Use a local address as the next-hop address */,
55339
55293
  "peer-address" /* Use the remote peer address as the next-hop address */,
55340
- ipaddr /* Next-hop address */,
55341
55294
  "reject" /* Use a reject next hop */,
55342
55295
  "discard" /* Use a discard next hop */,
55343
- "next-table" arg /* Perform a forwarding lookup in the specified table */
55296
+ "next-table" arg /* Perform a forwarding lookup in the specified table */,
55297
+ ipaddr /* Next-hop address */
55344
55298
  )
55345
55299
  )
55346
55300
  ).as(:oneline),
@@ -55948,10 +55902,10 @@ rule(:juniper_policy_options) do
55948
55902
  c(
55949
55903
  "self" /* Use a local address as the next-hop address */,
55950
55904
  "peer-address" /* Use the remote peer address as the next-hop address */,
55951
- ipaddr /* Next-hop address */,
55952
55905
  "reject" /* Use a reject next hop */,
55953
55906
  "discard" /* Use a discard next hop */,
55954
- "next-table" arg /* Perform a forwarding lookup in the specified table */
55907
+ "next-table" arg /* Perform a forwarding lookup in the specified table */,
55908
+ ipaddr /* Next-hop address */
55955
55909
  )
55956
55910
  )
55957
55911
  ).as(:oneline),
@@ -56163,8 +56117,8 @@ rule(:juniper_policy_options) do
56163
56117
  c(
56164
56118
  "inet" ( /* Route to match corresponds to an inet/inet6 prefix */
56165
56119
  c(
56166
- ipprefix /* Exact address of the route */,
56167
- "table" arg /* Routing table in which route should exist */
56120
+ "table" arg /* Routing table in which route should exist */,
56121
+ ipprefix /* Exact address of the route */
56168
56122
  )
56169
56123
  ),
56170
56124
  "ccc" ( /* Route to match corresponds to a ccc prefix */
@@ -56178,8 +56132,8 @@ rule(:juniper_policy_options) do
56178
56132
  )
56179
56133
  )
56180
56134
  ),
56181
- ipprefix /* Exact address of the route */,
56182
- "table" arg /* Routing table in which route should exist */
56135
+ "table" arg /* Routing table in which route should exist */,
56136
+ ipprefix /* Exact address of the route */
56183
56137
  )
56184
56138
  )
56185
56139
  )
@@ -56468,10 +56422,10 @@ rule(:control_prefix_list_filter_type) do
56468
56422
  c(
56469
56423
  "self" /* Use a local address as the next-hop address */,
56470
56424
  "peer-address" /* Use the remote peer address as the next-hop address */,
56471
- ipaddr /* Next-hop address */,
56472
56425
  "reject" /* Use a reject next hop */,
56473
56426
  "discard" /* Use a discard next hop */,
56474
- "next-table" arg /* Perform a forwarding lookup in the specified table */
56427
+ "next-table" arg /* Perform a forwarding lookup in the specified table */,
56428
+ ipaddr /* Next-hop address */
56475
56429
  )
56476
56430
  )
56477
56431
  ).as(:oneline),
@@ -56863,10 +56817,10 @@ rule(:control_route_filter_type) do
56863
56817
  c(
56864
56818
  "self" /* Use a local address as the next-hop address */,
56865
56819
  "peer-address" /* Use the remote peer address as the next-hop address */,
56866
- ipaddr /* Next-hop address */,
56867
56820
  "reject" /* Use a reject next hop */,
56868
56821
  "discard" /* Use a discard next hop */,
56869
- "next-table" arg /* Perform a forwarding lookup in the specified table */
56822
+ "next-table" arg /* Perform a forwarding lookup in the specified table */,
56823
+ ipaddr /* Next-hop address */
56870
56824
  )
56871
56825
  )
56872
56826
  ).as(:oneline),
@@ -57242,10 +57196,10 @@ rule(:control_source_address_filter_type) do
57242
57196
  c(
57243
57197
  "self" /* Use a local address as the next-hop address */,
57244
57198
  "peer-address" /* Use the remote peer address as the next-hop address */,
57245
- ipaddr /* Next-hop address */,
57246
57199
  "reject" /* Use a reject next hop */,
57247
57200
  "discard" /* Use a discard next hop */,
57248
- "next-table" arg /* Perform a forwarding lookup in the specified table */
57201
+ "next-table" arg /* Perform a forwarding lookup in the specified table */,
57202
+ ipaddr /* Next-hop address */
57249
57203
  )
57250
57204
  )
57251
57205
  ).as(:oneline),
@@ -77513,9 +77467,9 @@ rule(:juniper_system) do
77513
77467
  ).as(:oneline),
77514
77468
  "inet6-backup-router" ( /* IPv6 router to use while booting */
77515
77469
  sc(
77516
- ipv6addr /* Address of router to use while booting */,
77517
77470
  "destination" ( /* Destination network reachable through the router */
77518
- ipv6prefix /* Destination network reachable through the router */
77471
+ ipv6prefix /* Destination network reachable through the router */,
77472
+ ipv6addr /* Address of router to use while booting */
77519
77473
  )
77520
77474
  )
77521
77475
  ).as(:oneline),
@@ -98364,14 +98318,6 @@ rule(:log_object) do
98364
98318
  )
98365
98319
  end
98366
98320
 
98367
- rule(:logical_system_type) do
98368
- arg.as(:arg) (
98369
- c(
98370
- "max-sessions" arg /* Max number of IDP sessions */
98371
- )
98372
- )
98373
- end
98374
-
98375
98321
  rule(:login_class_object) do
98376
98322
  arg.as(:arg) (
98377
98323
  c(
@@ -101523,31 +101469,6 @@ rule(:nasreq_definition) do
101523
101469
  )
101524
101470
  end
101525
101471
 
101526
- rule(:nat_object) do
101527
- c(
101528
- "pool" ( /* Define a NAT pool */
101529
- nat_pool_object /* Define a NAT pool */
101530
- ),
101531
- "ipv6-multicast-interfaces" ("all" | "interface-name") ( /* Enable IPv6 multicast filter for IPv6 NAT */
101532
- c(
101533
- "disable" /* Disable IPv6 multicast filter for IPv6 NAT */
101534
- )
101535
- ),
101536
- "allow-overlapping-nat-pools" /* Allow usage of overlapping and same nat pools in multiple service sets */,
101537
- "rule" ( /* Define a NAT rule */
101538
- nat_rule_object /* Define a NAT rule */
101539
- ),
101540
- "port-forwarding" ( /* Define a port-forwarding pool */
101541
- pf_mapping /* Define a port-forwarding pool */
101542
- ),
101543
- "rule-set" arg ( /* Defines a set of NAT rules */
101544
- c(
101545
- "rule" arg /* Rule to be included in this rule set */
101546
- )
101547
- )
101548
- )
101549
- end
101550
-
101551
101472
  rule(:nat_pool_object) do
101552
101473
  arg.as(:arg) (
101553
101474
  c(
@@ -105285,10 +105206,10 @@ rule(:route_filter_list_items) do
105285
105206
  c(
105286
105207
  "self" /* Use a local address as the next-hop address */,
105287
105208
  "peer-address" /* Use the remote peer address as the next-hop address */,
105288
- ipaddr /* Next-hop address */,
105289
105209
  "reject" /* Use a reject next hop */,
105290
105210
  "discard" /* Use a discard next hop */,
105291
- "next-table" arg /* Perform a forwarding lookup in the specified table */
105211
+ "next-table" arg /* Perform a forwarding lookup in the specified table */,
105212
+ ipaddr /* Next-hop address */
105292
105213
  )
105293
105214
  )
105294
105215
  ).as(:oneline),
@@ -105552,11 +105473,11 @@ end
105552
105473
 
105553
105474
  rule(:routing_destination_address) do
105554
105475
  c(
105555
- ipaddr /* IP address */,
105556
105476
  "port" arg /* Port number */,
105557
105477
  "transport-protocol" ( /* Transport protocol */
105558
105478
  transport_protocol /* Transport protocol */
105559
- )
105479
+ ),
105480
+ ipaddr /* IP address */
105560
105481
  ).as(:oneline)
105561
105482
  end
105562
105483
 
@@ -107412,12 +107333,6 @@ rule(:ipsec_sa) do
107412
107333
  )
107413
107334
  end
107414
107335
 
107415
- rule(:ipsec_traceoptions) do
107416
- c(
107417
- "flag" enum(("packet-processing" | "packet-drops" | "security-associations" | "next-hop-tunnel-binding" | "all")) /* Events to include in data-plane IPSec trace output */.as(:oneline)
107418
- )
107419
- end
107420
-
107421
107336
  rule(:ipsec_trusted_channel_sa) do
107422
107337
  c(
107423
107338
  "description" arg /* Text description of trusted channel security association */,
@@ -107467,114 +107382,6 @@ rule(:ipsec_trusted_channel_sa) do
107467
107382
  )
107468
107383
  end
107469
107384
 
107470
- rule(:ipsec_vpn_monitor) do
107471
- c(
107472
- "interval" arg /* Monitor interval in seconds */,
107473
- "threshold" arg /* Number of consecutive failures to determine connectivity */
107474
- )
107475
- end
107476
-
107477
- rule(:ipsec_vpn_template) do
107478
- arg.as(:arg) (
107479
- c(
107480
- "bind-interface" ( /* Bind to tunnel interface (route-based VPN) */
107481
- interface_name /* Bind to tunnel interface (route-based VPN) */
107482
- ),
107483
- "df-bit" ( /* Specifies how to handle the Don't Fragment bit */
107484
- ("clear" | "set" | "copy")
107485
- ),
107486
- "vpn-monitor" ( /* Monitor VPN liveliness */
107487
- ipsec_template_monitor /* Monitor VPN liveliness */
107488
- ),
107489
- c(
107490
- "manual" ( /* Define a manual security association */
107491
- c(
107492
- "gateway" ( /* Define the IPSec peer */
107493
- hostname /* Define the IPSec peer */
107494
- ),
107495
- "external-interface" ( /* External interface for the security association */
107496
- interface_unit /* External interface for the security association */
107497
- ),
107498
- "protocol" ( /* Define an IPSec protocol for the security association */
107499
- ("ah" | "esp")
107500
- ),
107501
- "spi" arg /* Define security parameter index */,
107502
- "authentication" ( /* Define authentication parameters */
107503
- c(
107504
- "algorithm" ( /* Define authentication algorithm */
107505
- ("hmac-md5-96" | "hmac-sha1-96" | "hmac-sha-256-128" | "hmac-sha-256-96")
107506
- ),
107507
- "key" ( /* Define an authentication key */
107508
- sc(
107509
- c(
107510
- "ascii-text" arg /* Format as text */,
107511
- "hexadecimal" arg /* Format as hexadecimal */
107512
- )
107513
- )
107514
- ).as(:oneline)
107515
- )
107516
- ),
107517
- "encryption" ( /* Define encryption parameters */
107518
- c(
107519
- "algorithm" ( /* Define encryption algorithm */
107520
- ("des-cbc" | "3des-cbc" | "aes-128-cbc" | "aes-192-cbc" | "aes-256-cbc")
107521
- ),
107522
- "key" ( /* Define an encryption key */
107523
- sc(
107524
- c(
107525
- "ascii-text" arg /* Format as text */,
107526
- "hexadecimal" arg /* Format as hexadecimal */
107527
- )
107528
- )
107529
- ).as(:oneline)
107530
- )
107531
- )
107532
- )
107533
- ),
107534
- "ike" ( /* Define an IKE-keyed IPSec vpn */
107535
- c(
107536
- "gateway" arg /* Name of remote gateway */,
107537
- "idle-time" arg /* Idle time to delete SA */,
107538
- "no-anti-replay" /* Disable the anti-replay check */,
107539
- "proxy-identity" ( /* IPSec proxy-id to use in IKE negotiations */
107540
- ipsec_template_proxy_id /* IPSec proxy-id to use in IKE negotiations */
107541
- ),
107542
- "ipsec-policy" arg /* Name of the IPSec policy */,
107543
- "install-interval" arg /* Delay installation of rekeyed outbound SAs on initiator */
107544
- )
107545
- )
107546
- ),
107547
- "establish-tunnels" ( /* Define the criteria to establish tunnels */
107548
- ("immediately" | "on-traffic")
107549
- )
107550
- )
107551
- )
107552
- end
107553
-
107554
- rule(:ipsec_template_monitor) do
107555
- c(
107556
- "optimized" /* Optimize for scalability */,
107557
- "source-interface" ( /* Source interface for monitor message */
107558
- interface_unit /* Source interface for monitor message */
107559
- ),
107560
- "destination-ip" ( /* Destination IP addres for monitor message */
107561
- ipaddr /* Destination IP addres for monitor message */
107562
- )
107563
- )
107564
- end
107565
-
107566
- rule(:ipsec_template_proxy_id) do
107567
- c(
107568
- "local" ( /* Local IP address/prefix length */
107569
- ipprefix_mandatory /* Local IP address/prefix length */
107570
- ),
107571
- "remote" ( /* Remote IP address/prefix length */
107572
- ipprefix_mandatory /* Remote IP address/prefix length */
107573
- ),
107574
- "service" arg /* Name of serivce that passes through, any enables all services */
107575
- )
107576
- end
107577
-
107578
107385
  rule(:security_macsec) do
107579
107386
  c(
107580
107387
  "traceoptions" ( /* Tracing options for debugging protocol operation */
@@ -108138,14 +107945,14 @@ rule(:service_set_ipsec_vpn_options_object) do
108138
107945
  "trusted-ca" arg /* List of trusted certificate authority profiles */,
108139
107946
  "local-gateway" ( /* Address and routing instance for local gateway */
108140
107947
  sc(
108141
- ipaddr /* Local gateway address */,
108142
107948
  "routing-instance" arg /* Name of routing instance that hosts local gateway */,
108143
107949
  "interface" ( /* Interface as local gateway */
108144
107950
  interface_unit /* Interface as local gateway */
108145
107951
  ),
108146
107952
  "gw-interface" ( /* Interface as local gateway */
108147
107953
  interface_unit /* Interface as local gateway */
108148
- )
107954
+ ),
107955
+ ipaddr /* Local gateway address */
108149
107956
  )
108150
107957
  ).as(:oneline),
108151
107958
  "ike-access-profile" arg /* IKE access profile for dynamic peers */,
@@ -109942,10 +109749,10 @@ rule(:source_address_filter_list_items) do
109942
109749
  c(
109943
109750
  "self" /* Use a local address as the next-hop address */,
109944
109751
  "peer-address" /* Use the remote peer address as the next-hop address */,
109945
- ipaddr /* Next-hop address */,
109946
109752
  "reject" /* Use a reject next hop */,
109947
109753
  "discard" /* Use a discard next hop */,
109948
- "next-table" arg /* Perform a forwarding lookup in the specified table */
109754
+ "next-table" arg /* Perform a forwarding lookup in the specified table */,
109755
+ ipaddr /* Next-hop address */
109949
109756
  )
109950
109757
  )
109951
109758
  ).as(:oneline),
@@ -115822,8 +115629,8 @@ rule(:default_anti_virus_feature) do
115822
115629
  c(
115823
115630
  "server" ( /* SAV and Anti-Spam first hop DNS server */
115824
115631
  c(
115825
- ipaddr /* SAV and Anti-Spam first hop DNS server ip */,
115826
- "routing-instance" arg /* Routing instance name */
115632
+ "routing-instance" arg /* Routing instance name */,
115633
+ ipaddr /* SAV and Anti-Spam first hop DNS server ip */
115827
115634
  )
115828
115635
  ),
115829
115636
  "sxl-timeout" arg /* Sxl sophos anti-virus engine timeout */,
@@ -116163,9 +115970,9 @@ end
116163
115970
 
116164
115971
  rule(:host_object) do
116165
115972
  c(
116166
- ipaddr /* IP address */,
116167
115973
  "port" arg /* Host port number */,
116168
- "routing-instance" arg /* Routing-instance name */
115974
+ "routing-instance" arg /* Routing-instance name */,
115975
+ ipaddr /* IP address */
116169
115976
  )
116170
115977
  end
116171
115978
 
@@ -116563,7 +116370,6 @@ rule(:address_type) do
116563
116370
  c(
116564
116371
  "description" arg /* Text description of address */,
116565
116372
  c(
116566
- ipprefix /* Numeric IPv4 or IPv6 address with prefix */,
116567
116373
  "dns-name" ( /* DNS address name */
116568
116374
  dns_name_type /* DNS address name */
116569
116375
  ),
@@ -116572,7 +116378,8 @@ rule(:address_type) do
116572
116378
  ),
116573
116379
  "range-address" ( /* Address range */
116574
116380
  range_address_type /* Address range */
116575
- )
116381
+ ),
116382
+ ipprefix /* Numeric IPv4 or IPv6 address with prefix */
116576
116383
  )
116577
116384
  )
116578
116385
  )
@@ -117077,36 +116884,6 @@ rule(:security_ipsec_policy) do
117077
116884
  )
117078
116885
  end
117079
116886
 
117080
- rule(:security_ipsec_vpn) do
117081
- c(
117082
- "internal" ( /* Define an IPSec SA for internal RE-RE communication */
117083
- c(
117084
- "security-association" ( /* Define an IPsec security association */
117085
- ipsec_internal_sa /* Define an IPsec security association */
117086
- )
117087
- )
117088
- ),
117089
- "traceoptions" ( /* Trace options for IPSec data-plane debug */
117090
- ipsec_traceoptions /* Trace options for IPSec data-plane debug */
117091
- ),
117092
- "vpn-monitor-options" ( /* Global options for VPN liveliness monitoring */
117093
- ipsec_vpn_monitor /* Global options for VPN liveliness monitoring */
117094
- ),
117095
- "proposal" ( /* Define an IPSec proposal */
117096
- ipsec_proposal /* Define an IPSec proposal */
117097
- ),
117098
- "policy" ( /* Define an IPSec policy */
117099
- ipsec_policy /* Define an IPSec policy */
117100
- ),
117101
- "vpn" ( /* Define an IPSec VPN */
117102
- ipsec_vpn_template /* Define an IPSec VPN */
117103
- ),
117104
- "security-association" ( /* Define a manual control plane SA */
117105
- ipsec_sa /* Define a manual control plane SA */
117106
- )
117107
- )
117108
- end
117109
-
117110
116887
  rule(:ipsec_traceoptions) do
117111
116888
  c(
117112
116889
  "flag" enum(("packet-processing" | "packet-drops" | "security-associations" | "next-hop-tunnel-binding" | "all")) /* Events to include in data-plane IPSec trace output */.as(:oneline)
@@ -117450,7 +117227,6 @@ rule(:ssg_destination_nat_object) do
117450
117227
  ),
117451
117228
  "address" ( /* Add address or address range to pool */
117452
117229
  sc(
117453
- ipprefix /* IPv4 or IPv6 address or address range */,
117454
117230
  c(
117455
117231
  "to" ( /* Upper limit of address range */
117456
117232
  c(
@@ -117458,7 +117234,8 @@ rule(:ssg_destination_nat_object) do
117458
117234
  )
117459
117235
  ),
117460
117236
  "port" arg /* Specify the port value */
117461
- )
117237
+ ),
117238
+ ipprefix /* IPv4 or IPv6 address or address range */
117462
117239
  )
117463
117240
  ).as(:oneline)
117464
117241
  )
@@ -118056,13 +117833,13 @@ rule(:static_nat_rule_object) do
118056
117833
  ),
118057
117834
  "prefix" ( /* Address prefix */
118058
117835
  c(
118059
- ipprefix /* IPv4 or IPv6 address prefix value */,
118060
117836
  "mapped-port" ( /* Mapped port */
118061
117837
  static_nat_rule_mapped_port_object /* Mapped port */
118062
117838
  ).as(:oneline),
118063
117839
  "routing-instance" ( /* Routing instance */
118064
117840
  ("default" | arg)
118065
- )
117841
+ ),
117842
+ ipprefix /* IPv4 or IPv6 address prefix value */
118066
117843
  )
118067
117844
  ),
118068
117845
  "prefix-name" ( /* Address from address book */
@@ -118078,10 +117855,10 @@ rule(:static_nat_rule_object) do
118078
117855
  ),
118079
117856
  "nptv6-prefix" ( /* NPTv6 address prefix, the longest prefix will be supported is /64 */
118080
117857
  c(
118081
- ipprefix /* IPv6 address prefix value, the longest prefix will be supported is /64 */,
118082
117858
  "routing-instance" ( /* Routing instance */
118083
117859
  ("default" | arg)
118084
- )
117860
+ ),
117861
+ ipprefix /* IPv6 address prefix value, the longest prefix will be supported is /64 */
118085
117862
  )
118086
117863
  ),
118087
117864
  "nptv6-prefix-name" ( /* NPTv6 address from address book */
@@ -118416,4 +118193,91 @@ rule(:zone_system_services_object_type) do
118416
118193
  )
118417
118194
  )
118418
118195
  end
118196
+
118197
+ rule(:application_object) do
118198
+ arg.as(:arg) (
118199
+ c(
118200
+ "description" arg /* Text description of application */,
118201
+ "term" ( /* Define individual application protocols */
118202
+ term_object /* Define individual application protocols */
118203
+ ),
118204
+ "application-protocol" ( /* Application protocol type */
118205
+ ("bootp" | "dce-rpc" | "dce-rpc-portmap" | "dns" | "exec" | "ftp" | "ftp-data" | "gprs-gtp-c" | "gprs-gtp-u" | "gprs-gtp-v0" | "gprs-sctp" | "h323" | "icmp" | "icmpv6" | "ignore" | "iiop" | "ike-esp-nat" | "ip" | "login" | "mgcp-ca" | "mgcp-ua" | "ms-rpc" | "netbios" | "netshow" | "none" | "pptp" | "q931" | "ras" | "realaudio" | "rpc" | "rpc-portmap" | "rsh" | "rtsp" | "sccp" | "sip" | "shell" | "snmp" | "sqlnet" | "sqlnet-v2" | "sun-rpc" | "talk" | "tftp" | "traceroute" | "http" | "winframe" | "https" | "imap" | "smtp" | "ssh" | "telnet" | "twamp")
118206
+ ),
118207
+ "protocol" ( /* Match IP protocol type */
118208
+ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg)
118209
+ ),
118210
+ "source-port" ( /* Match TCP/UDP source port */
118211
+ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg)
118212
+ ),
118213
+ "destination-port" ( /* Match TCP/UDP destination port */
118214
+ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg)
118215
+ ),
118216
+ "ether-type" arg /* Match ether type */,
118217
+ "snmp-command" arg /* Match SNMP command */,
118218
+ "icmp-type" ( /* Match ICMP message type */
118219
+ ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg)
118220
+ ),
118221
+ "icmp6-type" ( /* Match ICMP6 message type */
118222
+ ("echo-request" | "echo-reply" | "destination-unreachable" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "packet-too-big" | "membership-query" | "membership-report" | "membership-termination" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | arg)
118223
+ ),
118224
+ "icmp-code" ( /* Match ICMP message code */
118225
+ ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg)
118226
+ ),
118227
+ "icmp6-code" ( /* Match ICMP6 message code */
118228
+ ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg)
118229
+ ),
118230
+ "ttl-threshold" arg /* Traceroute TTL threshold */,
118231
+ "rpc-program-number" arg /* Match range of RPC program numbers */,
118232
+ "uuid" arg /* Match universal unique identifier for DCE RPC objects */,
118233
+ "inactivity-timeout" ( /* Application-specific inactivity timeout */
118234
+ ("never" | arg)
118235
+ ),
118236
+ "gate-timeout" arg /* Application-specific gate timeout */,
118237
+ "child-inactivity-timeout" arg /* Application-specific child session inactivity timeout */,
118238
+ "learn-sip-register" /* Learn potential incoming SIP calls by inspecting the SIP register method */,
118239
+ "sip-call-hold-timeout" arg /* SIP flow timeout when call is put on hold */,
118240
+ c(
118241
+ "do-not-translate-AAAA-query-to-A-query" /* Knob to control the translation of AAAA query to A query */,
118242
+ "do-not-translate-A-query-to-AAAA-query" /* Knob to control the translation of A query to AAAA query */
118243
+ )
118244
+ )
118245
+ )
118246
+ end
118247
+
118248
+ rule(:term_object) do
118249
+ arg.as(:arg) (
118250
+ c(
118251
+ "alg" ( /* Application Layer Gateway */
118252
+ ("bootp" | "dce-rpc" | "dce-rpc-portmap" | "dns" | "exec" | "ftp" | "ftp-data" | "gprs-gtp-c" | "gprs-gtp-u" | "gprs-gtp-v0" | "gprs-sctp" | "h323" | "icmp" | "icmpv6" | "ignore" | "iiop" | "ike-esp-nat" | "ip" | "login" | "mgcp-ca" | "mgcp-ua" | "ms-rpc" | "netbios" | "netshow" | "none" | "pptp" | "q931" | "ras" | "realaudio" | "rpc" | "rpc-portmap" | "rsh" | "rtsp" | "sccp" | "sip" | "shell" | "snmp" | "sqlnet" | "sqlnet-v2" | "sun-rpc" | "talk" | "tftp" | "traceroute" | "http" | "winframe" | "https" | "imap" | "smtp" | "ssh" | "telnet" | "twamp")
118253
+ ),
118254
+ "protocol" ( /* Match IP protocol type */
118255
+ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg)
118256
+ ),
118257
+ "source-port" ( /* Match TCP/UDP source port */
118258
+ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg)
118259
+ ),
118260
+ "destination-port" ( /* Match TCP/UDP destination port */
118261
+ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg)
118262
+ ),
118263
+ "icmp-type" ( /* Match ICMP message type */
118264
+ ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg)
118265
+ ),
118266
+ "icmp-code" ( /* Match ICMP message code */
118267
+ ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg)
118268
+ ),
118269
+ "icmp6-type" ( /* Match ICMP6 message type */
118270
+ ("echo-request" | "echo-reply" | "destination-unreachable" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "packet-too-big" | "membership-query" | "membership-report" | "membership-termination" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | arg)
118271
+ ),
118272
+ "icmp6-code" ( /* Match ICMP6 message code */
118273
+ ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg)
118274
+ ),
118275
+ "rpc-program-number" arg /* Match range of RPC program numbers */,
118276
+ "uuid" arg /* Match universal unique identifier for DCE RPC objects */,
118277
+ "inactivity-timeout" ( /* Application-specific inactivity timeout */
118278
+ ("never" | arg)
118279
+ )
118280
+ )
118281
+ ).as(:oneline)
118282
+ end
118419
118283
  # End of vSRX 18.3R1.9