junoser 0.4.1 → 0.4.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +16 -1
  3. data/Gemfile.lock +1 -1
  4. data/Rakefile +10 -1
  5. data/example/mx-19.3R3-S1.3.rb +161 -297
  6. data/example/vsrx-18.3R1.9.rb +1305 -1305
  7. data/lib/junoser/parser.rb +170 -306
  8. data/lib/junoser/ruler.rb +8 -0
  9. data/lib/junoser/version.rb +1 -1
  10. data/lib/junoser/xsd/base.rb +4 -2
  11. metadata +3 -3
data/lib/junoser/parser.rb CHANGED
@@ -2084,10 +2084,10 @@ module Junoser
2084
2084
  ),
2085
2085
  b(str("wildcard-address"),
2086
2086
  sc(
2087
- ipaddr,
2088
2087
  b(str("wildcard-mask"),
2089
2088
  ipaddr
2090
- )
2089
+ ),
2090
+ ipaddr
2091
2091
  )
2092
2092
  ).as(:oneline),
2093
2093
  b(str("port-range"),
@@ -2105,10 +2105,10 @@ module Junoser
2105
2105
  ),
2106
2106
  b(str("wildcard-address"),
2107
2107
  sc(
2108
- ipaddr,
2109
2108
  b(str("wildcard-mask"),
2110
2109
  ipaddr
2111
- )
2110
+ ),
2111
+ ipaddr
2112
2112
  )
2113
2113
  ).as(:oneline),
2114
2114
  b(str("port-range"),
@@ -5998,34 +5998,34 @@ module Junoser
5998
5998
  c(
5999
5999
  b(str("source-ip"),
6000
6000
  sc(
6001
- ipaddr,
6002
6001
  b(str("wildcard"),
6003
6002
  ipaddr
6004
- )
6003
+ ),
6004
+ ipaddr
6005
6005
  )
6006
6006
  ).as(:oneline),
6007
6007
  b(str("dest-ip"),
6008
6008
  sc(
6009
- ipaddr,
6010
6009
  b(str("wildcard"),
6011
6010
  ipaddr
6012
- )
6011
+ ),
6012
+ ipaddr
6013
6013
  )
6014
6014
  ).as(:oneline),
6015
6015
  b(str("sw-sip"),
6016
6016
  sc(
6017
- ipv6addr,
6018
6017
  b(str("wildcard"),
6019
6018
  ipv6addr
6020
- )
6019
+ ),
6020
+ ipv6addr
6021
6021
  )
6022
6022
  ).as(:oneline),
6023
6023
  b(str("sw-dip"),
6024
6024
  sc(
6025
- ipaddr,
6026
6025
  b(str("wildcard"),
6027
6026
  ipaddr
6028
- )
6027
+ ),
6028
+ ipaddr
6029
6029
  )
6030
6030
  ).as(:oneline),
6031
6031
  b(str("sport-range"),
@@ -10675,7 +10675,8 @@ module Junoser
10675
10675
  str("no-auto-conversion"),
10676
10676
  str("auto-conversion")
10677
10677
  ),
10678
- str("vcp-no-hold-time")
10678
+ str("vcp-no-hold-time"),
10679
+ str("vcp-snmp-statistics")
10679
10680
  )
10680
10681
  ),
10681
10682
  b(str("ethernet-switching-options"),
@@ -17960,53 +17961,6 @@ module Junoser
17960
17961
  )
17961
17962
  end
17962
17963
 
17963
- rule(:application_object) do
17964
- b(arg.as(:arg),
17965
- c(
17966
- b(str("application-protocol"),
17967
- (str("bootp") | str("dce-rpc") | str("dce-rpc-portmap") | str("dns") | str("exec") | str("ftp") | str("ftp-data") | str("gprs-gtp-c") | str("gprs-gtp-u") | str("gprs-gtp-v0") | str("gprs-sctp") | str("h323") | str("icmpv6") | str("icmp") | str("ignore") | str("iiop") | str("ike-esp-nat") | str("ip") | str("login") | str("mgcp-ca") | str("mgcp-ua") | str("ms-rpc") | str("netbios") | str("netshow") | str("none") | str("pptp") | str("q931") | str("ras") | str("realaudio") | str("rpc") | str("rpc-portmap") | str("rsh") | str("rtsp") | str("sccp") | str("sip") | str("shell") | str("snmp") | str("sqlnet") | str("sqlnet-v2") | str("sun-rpc") | str("talk") | str("tftp") | str("traceroute") | str("https") | str("winframe") | str("http") | str("imap") | str("smtp") | str("ssh") | str("telnet") | str("twamp"))
17968
- ),
17969
- b(str("protocol"),
17970
- (str("icmp6") | str("icmpv6") | str("igmp") | str("ipip") | str("tcp") | str("egp") | str("udp") | str("rsvp") | str("gre") | str("esp") | str("ah") | str("icmp") | str("ospf") | str("pim") | str("sctp") | arg)
17971
- ),
17972
- b(str("source-port"),
17973
- (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg)
17974
- ),
17975
- b(str("destination-port"),
17976
- (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg)
17977
- ),
17978
- a(str("ether-type"), arg),
17979
- b(str("snmp-command"),
17980
- (str("get") | str("get-next") | str("get-response") | str("set") | str("trap"))
17981
- ),
17982
- b(str("icmp-type"),
17983
- (str("echo-request") | str("echo-reply") | str("unreachable") | str("source-quench") | str("redirect") | str("router-advertisement") | str("router-solicit") | str("time-exceeded") | str("parameter-problem") | str("timestamp") | str("timestamp-reply") | str("info-request") | str("info-reply") | str("mask-request") | str("mask-reply") | arg)
17984
- ),
17985
- b(str("icmp6-type"),
17986
- (str("echo-request") | str("echo-reply") | str("destination-unreachable") | str("router-advertisement") | str("router-solicit") | str("time-exceeded") | str("parameter-problem") | str("packet-too-big") | str("membership-query") | str("membership-report") | str("membership-termination") | str("redirect") | str("neighbor-solicit") | str("neighbor-advertisement") | str("router-renumbering") | str("node-information-request") | str("node-information-reply") | arg)
17987
- ),
17988
- b(str("icmp-code"),
17989
- (str("network-unreachable") | str("host-unreachable") | str("protocol-unreachable") | str("port-unreachable") | str("fragmentation-needed") | str("source-route-failed") | str("destination-network-unknown") | str("destination-host-unknown") | str("source-host-isolated") | str("destination-network-prohibited") | str("destination-host-prohibited") | str("network-unreachable-for-tos") | str("host-unreachable-for-tos") | str("communication-prohibited-by-filtering") | str("host-precedence-violation") | str("precedence-cutoff-in-effect") | str("redirect-for-network") | str("redirect-for-host") | str("redirect-for-tos-and-net") | str("redirect-for-tos-and-host") | str("ttl-eq-zero-during-transit") | str("ttl-eq-zero-during-reassembly") | str("ip-header-bad") | str("required-option-missing") | arg)
17990
- ),
17991
- b(str("icmp6-code"),
17992
- (str("no-route-to-destination") | str("administratively-prohibited") | str("address-unreachable") | str("port-unreachable") | str("ttl-eq-zero-during-transit") | str("ttl-eq-zero-during-reassembly") | str("ip6-header-bad") | str("unrecognized-next-header") | str("unrecognized-option") | arg)
17993
- ),
17994
- a(str("ttl-threshold"), arg),
17995
- a(str("rpc-program-number"), arg),
17996
- a(str("uuid"), arg),
17997
- b(str("inactivity-timeout"),
17998
- (str("never") | arg)
17999
- ),
18000
- a(str("gate-timeout"), arg),
18001
- a(str("child-inactivity-timeout"), arg),
18002
- c(
18003
- str("do-not-translate-AAAA-query-to-A-query"),
18004
- str("do-not-translate-A-query-to-AAAA-query")
18005
- )
18006
- )
18007
- )
18008
- end
18009
-
18010
17964
  rule(:application_set_object) do
18011
17965
  b(arg.as(:arg),
18012
17966
  c(
@@ -28398,34 +28352,34 @@ module Junoser
28398
28352
  c(
28399
28353
  b(str("source-ip"),
28400
28354
  sc(
28401
- ipaddr,
28402
28355
  b(str("wildcard"),
28403
28356
  ipaddr
28404
- )
28357
+ ),
28358
+ ipaddr
28405
28359
  )
28406
28360
  ).as(:oneline),
28407
28361
  b(str("dest-ip"),
28408
28362
  sc(
28409
- ipaddr,
28410
28363
  b(str("wildcard"),
28411
28364
  ipaddr
28412
- )
28365
+ ),
28366
+ ipaddr
28413
28367
  )
28414
28368
  ).as(:oneline),
28415
28369
  b(str("sw-sip"),
28416
28370
  sc(
28417
- ipv6addr,
28418
28371
  b(str("wildcard"),
28419
28372
  ipv6addr
28420
- )
28373
+ ),
28374
+ ipv6addr
28421
28375
  )
28422
28376
  ).as(:oneline),
28423
28377
  b(str("sw-dip"),
28424
28378
  sc(
28425
- ipaddr,
28426
28379
  b(str("wildcard"),
28427
28380
  ipaddr
28428
- )
28381
+ ),
28382
+ ipaddr
28429
28383
  )
28430
28384
  ).as(:oneline),
28431
28385
  b(str("sport-range"),
@@ -43800,34 +43754,34 @@ module Junoser
43800
43754
  c(
43801
43755
  b(str("source-ip"),
43802
43756
  sc(
43803
- ipaddr,
43804
43757
  b(str("wildcard"),
43805
43758
  ipaddr
43806
- )
43759
+ ),
43760
+ ipaddr
43807
43761
  )
43808
43762
  ).as(:oneline),
43809
43763
  b(str("dest-ip"),
43810
43764
  sc(
43811
- ipaddr,
43812
43765
  b(str("wildcard"),
43813
43766
  ipaddr
43814
- )
43767
+ ),
43768
+ ipaddr
43815
43769
  )
43816
43770
  ).as(:oneline),
43817
43771
  b(str("sw-sip"),
43818
43772
  sc(
43819
- ipv6addr,
43820
43773
  b(str("wildcard"),
43821
43774
  ipv6addr
43822
- )
43775
+ ),
43776
+ ipv6addr
43823
43777
  )
43824
43778
  ).as(:oneline),
43825
43779
  b(str("sw-dip"),
43826
43780
  sc(
43827
- ipaddr,
43828
43781
  b(str("wildcard"),
43829
43782
  ipaddr
43830
- )
43783
+ ),
43784
+ ipaddr
43831
43785
  )
43832
43786
  ).as(:oneline),
43833
43787
  b(str("sport-range"),
@@ -47252,34 +47206,34 @@ module Junoser
47252
47206
  c(
47253
47207
  b(str("source-ip"),
47254
47208
  sc(
47255
- ipaddr,
47256
47209
  b(str("wildcard"),
47257
47210
  ipaddr
47258
- )
47211
+ ),
47212
+ ipaddr
47259
47213
  )
47260
47214
  ).as(:oneline),
47261
47215
  b(str("dest-ip"),
47262
47216
  sc(
47263
- ipaddr,
47264
47217
  b(str("wildcard"),
47265
47218
  ipaddr
47266
- )
47219
+ ),
47220
+ ipaddr
47267
47221
  )
47268
47222
  ).as(:oneline),
47269
47223
  b(str("sw-sip"),
47270
47224
  sc(
47271
- ipv6addr,
47272
47225
  b(str("wildcard"),
47273
47226
  ipv6addr
47274
- )
47227
+ ),
47228
+ ipv6addr
47275
47229
  )
47276
47230
  ).as(:oneline),
47277
47231
  b(str("sw-dip"),
47278
47232
  sc(
47279
- ipaddr,
47280
47233
  b(str("wildcard"),
47281
47234
  ipaddr
47282
- )
47235
+ ),
47236
+ ipaddr
47283
47237
  )
47284
47238
  ).as(:oneline),
47285
47239
  b(str("sport-range"),
@@ -55338,10 +55292,10 @@ module Junoser
55338
55292
  c(
55339
55293
  str("self"),
55340
55294
  str("peer-address"),
55341
- ipaddr,
55342
55295
  str("reject"),
55343
55296
  str("discard"),
55344
- a(str("next-table"), arg)
55297
+ a(str("next-table"), arg),
55298
+ ipaddr
55345
55299
  )
55346
55300
  )
55347
55301
  ).as(:oneline),
@@ -55937,10 +55891,10 @@ module Junoser
55937
55891
  c(
55938
55892
  str("self"),
55939
55893
  str("peer-address"),
55940
- ipaddr,
55941
55894
  str("reject"),
55942
55895
  str("discard"),
55943
- a(str("next-table"), arg)
55896
+ a(str("next-table"), arg),
55897
+ ipaddr
55944
55898
  )
55945
55899
  )
55946
55900
  ).as(:oneline),
@@ -56152,8 +56106,8 @@ module Junoser
56152
56106
  c(
56153
56107
  b(str("inet"),
56154
56108
  c(
56155
- ipprefix,
56156
- a(str("table"), arg)
56109
+ a(str("table"), arg),
56110
+ ipprefix
56157
56111
  )
56158
56112
  ),
56159
56113
  b(str("ccc"),
@@ -56167,8 +56121,8 @@ module Junoser
56167
56121
  )
56168
56122
  )
56169
56123
  ),
56170
- ipprefix,
56171
- a(str("table"), arg)
56124
+ a(str("table"), arg),
56125
+ ipprefix
56172
56126
  )
56173
56127
  )
56174
56128
  )
@@ -56445,10 +56399,10 @@ module Junoser
56445
56399
  c(
56446
56400
  str("self"),
56447
56401
  str("peer-address"),
56448
- ipaddr,
56449
56402
  str("reject"),
56450
56403
  str("discard"),
56451
- a(str("next-table"), arg)
56404
+ a(str("next-table"), arg),
56405
+ ipaddr
56452
56406
  )
56453
56407
  )
56454
56408
  ).as(:oneline),
@@ -56827,10 +56781,10 @@ module Junoser
56827
56781
  c(
56828
56782
  str("self"),
56829
56783
  str("peer-address"),
56830
- ipaddr,
56831
56784
  str("reject"),
56832
56785
  str("discard"),
56833
- a(str("next-table"), arg)
56786
+ a(str("next-table"), arg),
56787
+ ipaddr
56834
56788
  )
56835
56789
  )
56836
56790
  ).as(:oneline),
@@ -57193,10 +57147,10 @@ module Junoser
57193
57147
  c(
57194
57148
  str("self"),
57195
57149
  str("peer-address"),
57196
- ipaddr,
57197
57150
  str("reject"),
57198
57151
  str("discard"),
57199
- a(str("next-table"), arg)
57152
+ a(str("next-table"), arg),
57153
+ ipaddr
57200
57154
  )
57201
57155
  )
57202
57156
  ).as(:oneline),
@@ -77377,9 +77331,9 @@ module Junoser
77377
77331
  ).as(:oneline),
77378
77332
  b(str("inet6-backup-router"),
77379
77333
  sc(
77380
- ipv6addr,
77381
77334
  b(str("destination"),
77382
- ipv6prefix
77335
+ ipv6prefix,
77336
+ ipv6addr
77383
77337
  )
77384
77338
  )
77385
77339
  ).as(:oneline),
@@ -98225,14 +98179,6 @@ module Junoser
98225
98179
  )
98226
98180
  end
98227
98181
 
98228
- rule(:logical_system_type) do
98229
- b(arg.as(:arg),
98230
- c(
98231
- a(str("max-sessions"), arg)
98232
- )
98233
- )
98234
- end
98235
-
98236
98182
  rule(:login_class_object) do
98237
98183
  b(arg.as(:arg),
98238
98184
  c(
@@ -101379,31 +101325,6 @@ module Junoser
101379
101325
  )
101380
101326
  end
101381
101327
 
101382
- rule(:nat_object) do
101383
- c(
101384
- b(str("pool"),
101385
- nat_pool_object
101386
- ),
101387
- a(str("ipv6-multicast-interfaces"), str("all") | str("interface-name"),
101388
- c(
101389
- str("disable")
101390
- )
101391
- ),
101392
- str("allow-overlapping-nat-pools"),
101393
- b(str("rule"),
101394
- nat_rule_object
101395
- ),
101396
- b(str("port-forwarding"),
101397
- pf_mapping
101398
- ),
101399
- b(a(str("rule-set"), arg),
101400
- c(
101401
- a(str("rule"), arg)
101402
- )
101403
- )
101404
- )
101405
- end
101406
-
101407
101328
  rule(:nat_pool_object) do
101408
101329
  b(arg.as(:arg),
101409
101330
  c(
@@ -105125,10 +105046,10 @@ module Junoser
105125
105046
  c(
105126
105047
  str("self"),
105127
105048
  str("peer-address"),
105128
- ipaddr,
105129
105049
  str("reject"),
105130
105050
  str("discard"),
105131
- a(str("next-table"), arg)
105051
+ a(str("next-table"), arg),
105052
+ ipaddr
105132
105053
  )
105133
105054
  )
105134
105055
  ).as(:oneline),
@@ -105392,11 +105313,11 @@ module Junoser
105392
105313
 
105393
105314
  rule(:routing_destination_address) do
105394
105315
  c(
105395
- ipaddr,
105396
105316
  a(str("port"), arg),
105397
105317
  b(str("transport-protocol"),
105398
105318
  transport_protocol
105399
- )
105319
+ ),
105320
+ ipaddr
105400
105321
  ).as(:oneline)
105401
105322
  end
105402
105323
 
@@ -106808,7 +106729,7 @@ module Junoser
106808
106729
  (str("pre-shared-keys") | str("rsa-signatures") | str("dsa-signatures"))
106809
106730
  ),
106810
106731
  b(str("dh-group"),
106811
- (str("group1") | str("group2") | str("group5") | str("group14"))
106732
+ (str("group14") | str("group1") | str("group2") | str("group5"))
106812
106733
  ),
106813
106734
  b(str("authentication-algorithm"),
106814
106735
  (str("md5") | str("sha1") | str("sha-256"))
@@ -107049,7 +106970,7 @@ module Junoser
107049
106970
  (str("pre-shared-keys") | str("rsa-signatures") | str("dsa-signatures") | str("ecdsa-signatures-256") | str("ecdsa-signatures-384"))
107050
106971
  ),
107051
106972
  b(str("dh-group"),
107052
- (str("group1") | str("group2") | str("group5") | str("group14") | str("group15") | str("group16") | str("group19") | str("group20") | str("group24"))
106973
+ (str("group14") | str("group15") | str("group16") | str("group19") | str("group20") | str("group24") | str("group1") | str("group2") | str("group5"))
107053
106974
  ),
107054
106975
  b(str("authentication-algorithm"),
107055
106976
  (str("md5") | str("sha1") | str("sha-256") | str("sha-384"))
@@ -107156,7 +107077,7 @@ module Junoser
107156
107077
  b(str("perfect-forward-secrecy"),
107157
107078
  c(
107158
107079
  b(str("keys"),
107159
- (str("group1") | str("group2") | str("group5") | str("group14") | str("group15") | str("group16") | str("group19") | str("group20") | str("group24"))
107080
+ (str("group14") | str("group15") | str("group16") | str("group19") | str("group20") | str("group24") | str("group1") | str("group2") | str("group5"))
107160
107081
  )
107161
107082
  )
107162
107083
  ),
@@ -107250,12 +107171,6 @@ module Junoser
107250
107171
  )
107251
107172
  end
107252
107173
 
107253
- rule(:ipsec_traceoptions) do
107254
- c(
107255
- a(str("flag"), enum(str("packet-processing") | str("packet-drops") | str("security-associations") | str("next-hop-tunnel-binding") | str("all"))).as(:oneline)
107256
- )
107257
- end
107258
-
107259
107174
  rule(:ipsec_trusted_channel_sa) do
107260
107175
  c(
107261
107176
  a(str("description"), quote | arg),
@@ -107305,114 +107220,6 @@ module Junoser
107305
107220
  )
107306
107221
  end
107307
107222
 
107308
- rule(:ipsec_vpn_monitor) do
107309
- c(
107310
- a(str("interval"), arg),
107311
- a(str("threshold"), arg)
107312
- )
107313
- end
107314
-
107315
- rule(:ipsec_vpn_template) do
107316
- b(arg.as(:arg),
107317
- c(
107318
- b(str("bind-interface"),
107319
- interface_name
107320
- ),
107321
- b(str("df-bit"),
107322
- (str("clear") | str("set") | str("copy"))
107323
- ),
107324
- b(str("vpn-monitor"),
107325
- ipsec_template_monitor
107326
- ),
107327
- c(
107328
- b(str("manual"),
107329
- c(
107330
- b(str("gateway"),
107331
- hostname
107332
- ),
107333
- b(str("external-interface"),
107334
- interface_unit
107335
- ),
107336
- b(str("protocol"),
107337
- (str("ah") | str("esp"))
107338
- ),
107339
- a(str("spi"), arg),
107340
- b(str("authentication"),
107341
- c(
107342
- b(str("algorithm"),
107343
- (str("hmac-md5-96") | str("hmac-sha1-96") | str("hmac-sha-256-128") | str("hmac-sha-256-96"))
107344
- ),
107345
- b(str("key"),
107346
- sc(
107347
- c(
107348
- a(str("ascii-text"), arg),
107349
- a(str("hexadecimal"), arg)
107350
- )
107351
- )
107352
- ).as(:oneline)
107353
- )
107354
- ),
107355
- b(str("encryption"),
107356
- c(
107357
- b(str("algorithm"),
107358
- (str("des-cbc") | str("3des-cbc") | str("aes-128-cbc") | str("aes-192-cbc") | str("aes-256-cbc"))
107359
- ),
107360
- b(str("key"),
107361
- sc(
107362
- c(
107363
- a(str("ascii-text"), arg),
107364
- a(str("hexadecimal"), arg)
107365
- )
107366
- )
107367
- ).as(:oneline)
107368
- )
107369
- )
107370
- )
107371
- ),
107372
- b(str("ike"),
107373
- c(
107374
- a(str("gateway"), arg),
107375
- a(str("idle-time"), arg),
107376
- str("no-anti-replay"),
107377
- b(str("proxy-identity"),
107378
- ipsec_template_proxy_id
107379
- ),
107380
- a(str("ipsec-policy"), arg),
107381
- a(str("install-interval"), arg)
107382
- )
107383
- )
107384
- ),
107385
- b(str("establish-tunnels"),
107386
- (str("immediately") | str("on-traffic"))
107387
- )
107388
- )
107389
- )
107390
- end
107391
-
107392
- rule(:ipsec_template_monitor) do
107393
- c(
107394
- str("optimized"),
107395
- b(str("source-interface"),
107396
- interface_unit
107397
- ),
107398
- b(str("destination-ip"),
107399
- ipaddr
107400
- )
107401
- )
107402
- end
107403
-
107404
- rule(:ipsec_template_proxy_id) do
107405
- c(
107406
- b(str("local"),
107407
- ipprefix_mandatory
107408
- ),
107409
- b(str("remote"),
107410
- ipprefix_mandatory
107411
- ),
107412
- a(str("service"), arg)
107413
- )
107414
- end
107415
-
107416
107223
  rule(:security_macsec) do
107417
107224
  c(
107418
107225
  b(str("traceoptions"),
@@ -107972,14 +107779,14 @@ module Junoser
107972
107779
  a(str("trusted-ca"), arg),
107973
107780
  b(str("local-gateway"),
107974
107781
  sc(
107975
- ipaddr,
107976
107782
  a(str("routing-instance"), arg),
107977
107783
  b(str("interface"),
107978
107784
  interface_unit
107979
107785
  ),
107980
107786
  b(str("gw-interface"),
107981
107787
  interface_unit
107982
- )
107788
+ ),
107789
+ ipaddr
107983
107790
  )
107984
107791
  ).as(:oneline),
107985
107792
  a(str("ike-access-profile"), arg),
@@ -109764,10 +109571,10 @@ module Junoser
109764
109571
  c(
109765
109572
  str("self"),
109766
109573
  str("peer-address"),
109767
- ipaddr,
109768
109574
  str("reject"),
109769
109575
  str("discard"),
109770
- a(str("next-table"), arg)
109576
+ a(str("next-table"), arg),
109577
+ ipaddr
109771
109578
  )
109772
109579
  )
109773
109580
  ).as(:oneline),
@@ -110064,7 +109871,7 @@ module Junoser
110064
109871
  c(
110065
109872
  str("enable-flow-tracing"),
110066
109873
  b(str("protocol-version"),
110067
- (str("all") | str("ssl3") | str("tls1") | str("tls11") | str("tls12"))
109874
+ (str("all") | str("ssl3") | str("tls11") | str("tls12") | str("tls1"))
110068
109875
  ),
110069
109876
  b(str("preferred-ciphers"),
110070
109877
  (str("strong") | str("medium") | str("weak") | str("custom"))
@@ -110114,7 +109921,7 @@ module Junoser
110114
109921
  c(
110115
109922
  str("enable-flow-tracing"),
110116
109923
  b(str("protocol-version"),
110117
- (str("all") | str("ssl3") | str("tls1") | str("tls11") | str("tls12"))
109924
+ (str("all") | str("ssl3") | str("tls11") | str("tls12") | str("tls1"))
110118
109925
  ),
110119
109926
  b(str("preferred-ciphers"),
110120
109927
  (str("strong") | str("medium") | str("weak") | str("custom"))
@@ -110187,7 +109994,7 @@ module Junoser
110187
109994
  c(
110188
109995
  str("enable-flow-tracing"),
110189
109996
  b(str("protocol-version"),
110190
- (str("all") | str("ssl3") | str("tls1") | str("tls11") | str("tls12"))
109997
+ (str("all") | str("ssl3") | str("tls11") | str("tls12") | str("tls1"))
110191
109998
  ),
110192
109999
  b(str("preferred-ciphers"),
110193
110000
  (str("strong") | str("medium") | str("weak") | str("custom"))
@@ -115629,8 +115436,8 @@ module Junoser
115629
115436
  c(
115630
115437
  b(str("server"),
115631
115438
  c(
115632
- ipaddr,
115633
- a(str("routing-instance"), arg)
115439
+ a(str("routing-instance"), arg),
115440
+ ipaddr
115634
115441
  )
115635
115442
  ),
115636
115443
  a(str("sxl-timeout"), arg),
@@ -115970,9 +115777,9 @@ module Junoser
115970
115777
 
115971
115778
  rule(:host_object) do
115972
115779
  c(
115973
- ipaddr,
115974
115780
  a(str("port"), arg),
115975
- a(str("routing-instance"), arg)
115781
+ a(str("routing-instance"), arg),
115782
+ ipaddr
115976
115783
  )
115977
115784
  end
115978
115785
 
@@ -116370,7 +116177,6 @@ module Junoser
116370
116177
  c(
116371
116178
  a(str("description"), quote | arg),
116372
116179
  c(
116373
- ipprefix,
116374
116180
  b(str("dns-name"),
116375
116181
  dns_name_type
116376
116182
  ),
@@ -116379,7 +116185,8 @@ module Junoser
116379
116185
  ),
116380
116186
  b(str("range-address"),
116381
116187
  range_address_type
116382
- )
116188
+ ),
116189
+ ipprefix
116383
116190
  )
116384
116191
  )
116385
116192
  )
@@ -116877,36 +116684,6 @@ module Junoser
116877
116684
  )
116878
116685
  end
116879
116686
 
116880
- rule(:security_ipsec_vpn) do
116881
- c(
116882
- b(str("internal"),
116883
- c(
116884
- b(str("security-association"),
116885
- ipsec_internal_sa
116886
- )
116887
- )
116888
- ),
116889
- b(str("traceoptions"),
116890
- ipsec_traceoptions
116891
- ),
116892
- b(str("vpn-monitor-options"),
116893
- ipsec_vpn_monitor
116894
- ),
116895
- b(str("proposal"),
116896
- ipsec_proposal
116897
- ),
116898
- b(str("policy"),
116899
- ipsec_policy
116900
- ),
116901
- b(str("vpn"),
116902
- ipsec_vpn_template
116903
- ),
116904
- b(str("security-association"),
116905
- ipsec_sa
116906
- )
116907
- )
116908
- end
116909
-
116910
116687
  rule(:ipsec_traceoptions) do
116911
116688
  c(
116912
116689
  a(str("flag"), enum(str("packet-processing") | str("packet-drops") | str("security-associations") | str("next-hop-tunnel-binding") | str("all"))).as(:oneline)
@@ -117250,7 +117027,6 @@ module Junoser
117250
117027
  ),
117251
117028
  b(str("address"),
117252
117029
  sc(
117253
- ipprefix,
117254
117030
  c(
117255
117031
  b(str("to"),
117256
117032
  c(
@@ -117258,7 +117034,8 @@ module Junoser
117258
117034
  )
117259
117035
  ),
117260
117036
  a(str("port"), arg)
117261
- )
117037
+ ),
117038
+ ipprefix
117262
117039
  )
117263
117040
  ).as(:oneline)
117264
117041
  )
@@ -117305,7 +117082,7 @@ module Junoser
117305
117082
  b(arg.as(:arg),
117306
117083
  c(
117307
117084
  a(str("description"), quote | arg),
117308
- b(str("dest-nat-rule-match"),
117085
+ b(str("match"),
117309
117086
  c(
117310
117087
  b(str("source-address"),
117311
117088
  ipprefix
@@ -117651,7 +117428,7 @@ module Junoser
117651
117428
  b(arg.as(:arg),
117652
117429
  c(
117653
117430
  a(str("description"), quote | arg),
117654
- b(str("src-nat-rule-match"),
117431
+ b(str("match"),
117655
117432
  c(
117656
117433
  b(str("source-address"),
117657
117434
  ipprefix
@@ -117799,7 +117576,7 @@ module Junoser
117799
117576
  b(arg.as(:arg),
117800
117577
  c(
117801
117578
  a(str("description"), quote | arg),
117802
- b(str("static-nat-rule-match"),
117579
+ b(str("match"),
117803
117580
  c(
117804
117581
  b(str("source-address"),
117805
117582
  ipprefix
@@ -117852,13 +117629,13 @@ module Junoser
117852
117629
  ),
117853
117630
  b(str("prefix"),
117854
117631
  c(
117855
- ipprefix,
117856
117632
  b(str("mapped-port"),
117857
117633
  static_nat_rule_mapped_port_object
117858
117634
  ).as(:oneline),
117859
117635
  b(str("routing-instance"),
117860
117636
  (str("default") | arg)
117861
- )
117637
+ ),
117638
+ ipprefix
117862
117639
  )
117863
117640
  ),
117864
117641
  b(str("prefix-name"),
@@ -117873,10 +117650,10 @@ module Junoser
117873
117650
  ),
117874
117651
  b(str("nptv6-prefix"),
117875
117652
  c(
117876
- ipprefix,
117877
117653
  b(str("routing-instance"),
117878
117654
  (str("default") | arg)
117879
- )
117655
+ ),
117656
+ ipprefix
117880
117657
  )
117881
117658
  ),
117882
117659
  b(str("nptv6-prefix-name"),
@@ -118209,6 +117986,93 @@ module Junoser
118209
117986
  )
118210
117987
  )
118211
117988
  end
117989
+
117990
+ rule(:application_object) do
117991
+ b(arg.as(:arg),
117992
+ c(
117993
+ a(str("description"), quote | arg),
117994
+ b(str("term"),
117995
+ term_object
117996
+ ),
117997
+ b(str("application-protocol"),
117998
+ (str("bootp") | str("dce-rpc") | str("dce-rpc-portmap") | str("dns") | str("exec") | str("ftp") | str("ftp-data") | str("gprs-gtp-c") | str("gprs-gtp-u") | str("gprs-gtp-v0") | str("gprs-sctp") | str("h323") | str("icmpv6") | str("icmp") | str("ignore") | str("iiop") | str("ike-esp-nat") | str("ip") | str("login") | str("mgcp-ca") | str("mgcp-ua") | str("ms-rpc") | str("netbios") | str("netshow") | str("none") | str("pptp") | str("q931") | str("ras") | str("realaudio") | str("rpc") | str("rpc-portmap") | str("rsh") | str("rtsp") | str("sccp") | str("sip") | str("shell") | str("snmp") | str("sqlnet") | str("sqlnet-v2") | str("sun-rpc") | str("talk") | str("tftp") | str("traceroute") | str("https") | str("winframe") | str("http") | str("imap") | str("smtp") | str("ssh") | str("telnet") | str("twamp"))
117999
+ ),
118000
+ b(str("protocol"),
118001
+ (str("icmp6") | str("icmpv6") | str("igmp") | str("ipip") | str("tcp") | str("egp") | str("udp") | str("rsvp") | str("gre") | str("esp") | str("ah") | str("icmp") | str("ospf") | str("pim") | str("sctp") | arg)
118002
+ ),
118003
+ b(str("source-port"),
118004
+ (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg)
118005
+ ),
118006
+ b(str("destination-port"),
118007
+ (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg)
118008
+ ),
118009
+ a(str("ether-type"), arg),
118010
+ a(str("snmp-command"), arg),
118011
+ b(str("icmp-type"),
118012
+ (str("echo-request") | str("echo-reply") | str("unreachable") | str("source-quench") | str("redirect") | str("router-advertisement") | str("router-solicit") | str("time-exceeded") | str("parameter-problem") | str("timestamp") | str("timestamp-reply") | str("info-request") | str("info-reply") | str("mask-request") | str("mask-reply") | arg)
118013
+ ),
118014
+ b(str("icmp6-type"),
118015
+ (str("echo-request") | str("echo-reply") | str("destination-unreachable") | str("router-advertisement") | str("router-solicit") | str("time-exceeded") | str("parameter-problem") | str("packet-too-big") | str("membership-query") | str("membership-report") | str("membership-termination") | str("redirect") | str("neighbor-solicit") | str("neighbor-advertisement") | str("router-renumbering") | str("node-information-request") | str("node-information-reply") | arg)
118016
+ ),
118017
+ b(str("icmp-code"),
118018
+ (str("network-unreachable") | str("host-unreachable") | str("protocol-unreachable") | str("port-unreachable") | str("fragmentation-needed") | str("source-route-failed") | str("destination-network-unknown") | str("destination-host-unknown") | str("source-host-isolated") | str("destination-network-prohibited") | str("destination-host-prohibited") | str("network-unreachable-for-tos") | str("host-unreachable-for-tos") | str("communication-prohibited-by-filtering") | str("host-precedence-violation") | str("precedence-cutoff-in-effect") | str("redirect-for-network") | str("redirect-for-host") | str("redirect-for-tos-and-net") | str("redirect-for-tos-and-host") | str("ttl-eq-zero-during-transit") | str("ttl-eq-zero-during-reassembly") | str("ip-header-bad") | str("required-option-missing") | arg)
118019
+ ),
118020
+ b(str("icmp6-code"),
118021
+ (str("no-route-to-destination") | str("administratively-prohibited") | str("address-unreachable") | str("port-unreachable") | str("ttl-eq-zero-during-transit") | str("ttl-eq-zero-during-reassembly") | str("ip6-header-bad") | str("unrecognized-next-header") | str("unrecognized-option") | arg)
118022
+ ),
118023
+ a(str("ttl-threshold"), arg),
118024
+ a(str("rpc-program-number"), arg),
118025
+ a(str("uuid"), arg),
118026
+ b(str("inactivity-timeout"),
118027
+ (str("never") | arg)
118028
+ ),
118029
+ a(str("gate-timeout"), arg),
118030
+ a(str("child-inactivity-timeout"), arg),
118031
+ str("learn-sip-register"),
118032
+ a(str("sip-call-hold-timeout"), arg),
118033
+ c(
118034
+ str("do-not-translate-AAAA-query-to-A-query"),
118035
+ str("do-not-translate-A-query-to-AAAA-query")
118036
+ )
118037
+ )
118038
+ )
118039
+ end
118040
+
118041
+ rule(:term_object) do
118042
+ b(arg.as(:arg),
118043
+ sc(
118044
+ b(str("alg"),
118045
+ (str("bootp") | str("dce-rpc") | str("dce-rpc-portmap") | str("dns") | str("exec") | str("ftp") | str("ftp-data") | str("gprs-gtp-c") | str("gprs-gtp-u") | str("gprs-gtp-v0") | str("gprs-sctp") | str("h323") | str("icmpv6") | str("icmp") | str("ignore") | str("iiop") | str("ike-esp-nat") | str("ip") | str("login") | str("mgcp-ca") | str("mgcp-ua") | str("ms-rpc") | str("netbios") | str("netshow") | str("none") | str("pptp") | str("q931") | str("ras") | str("realaudio") | str("rpc") | str("rpc-portmap") | str("rsh") | str("rtsp") | str("sccp") | str("sip") | str("shell") | str("snmp") | str("sqlnet") | str("sqlnet-v2") | str("sun-rpc") | str("talk") | str("tftp") | str("traceroute") | str("https") | str("winframe") | str("http") | str("imap") | str("smtp") | str("ssh") | str("telnet") | str("twamp"))
118046
+ ),
118047
+ b(str("protocol"),
118048
+ (str("icmp6") | str("icmpv6") | str("igmp") | str("ipip") | str("tcp") | str("egp") | str("udp") | str("rsvp") | str("gre") | str("esp") | str("ah") | str("icmp") | str("ospf") | str("pim") | str("sctp") | arg)
118049
+ ),
118050
+ b(str("source-port"),
118051
+ (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg)
118052
+ ),
118053
+ b(str("destination-port"),
118054
+ (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg)
118055
+ ),
118056
+ b(str("icmp-type"),
118057
+ (str("echo-request") | str("echo-reply") | str("unreachable") | str("source-quench") | str("redirect") | str("router-advertisement") | str("router-solicit") | str("time-exceeded") | str("parameter-problem") | str("timestamp") | str("timestamp-reply") | str("info-request") | str("info-reply") | str("mask-request") | str("mask-reply") | arg)
118058
+ ),
118059
+ b(str("icmp-code"),
118060
+ (str("network-unreachable") | str("host-unreachable") | str("protocol-unreachable") | str("port-unreachable") | str("fragmentation-needed") | str("source-route-failed") | str("destination-network-unknown") | str("destination-host-unknown") | str("source-host-isolated") | str("destination-network-prohibited") | str("destination-host-prohibited") | str("network-unreachable-for-tos") | str("host-unreachable-for-tos") | str("communication-prohibited-by-filtering") | str("host-precedence-violation") | str("precedence-cutoff-in-effect") | str("redirect-for-network") | str("redirect-for-host") | str("redirect-for-tos-and-net") | str("redirect-for-tos-and-host") | str("ttl-eq-zero-during-transit") | str("ttl-eq-zero-during-reassembly") | str("ip-header-bad") | str("required-option-missing") | arg)
118061
+ ),
118062
+ b(str("icmp6-type"),
118063
+ (str("echo-request") | str("echo-reply") | str("destination-unreachable") | str("router-advertisement") | str("router-solicit") | str("time-exceeded") | str("parameter-problem") | str("packet-too-big") | str("membership-query") | str("membership-report") | str("membership-termination") | str("redirect") | str("neighbor-solicit") | str("neighbor-advertisement") | str("router-renumbering") | str("node-information-request") | str("node-information-reply") | arg)
118064
+ ),
118065
+ b(str("icmp6-code"),
118066
+ (str("no-route-to-destination") | str("administratively-prohibited") | str("address-unreachable") | str("port-unreachable") | str("ttl-eq-zero-during-transit") | str("ttl-eq-zero-during-reassembly") | str("ip6-header-bad") | str("unrecognized-next-header") | str("unrecognized-option") | arg)
118067
+ ),
118068
+ a(str("rpc-program-number"), arg),
118069
+ a(str("uuid"), arg),
118070
+ b(str("inactivity-timeout"),
118071
+ (str("never") | arg)
118072
+ )
118073
+ )
118074
+ ).as(:oneline)
118075
+ end
118212
118076
  # End of vSRX 18.3R1.9
118213
118077
  end
118214
118078
  end