junoser 0.4.1 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +16 -1
  3. data/Gemfile.lock +1 -1
  4. data/Rakefile +10 -1
  5. data/example/mx-19.3R3-S1.3.rb +161 -297
  6. data/example/vsrx-18.3R1.9.rb +1305 -1305
  7. data/lib/junoser/parser.rb +170 -306
  8. data/lib/junoser/ruler.rb +8 -0
  9. data/lib/junoser/version.rb +1 -1
  10. data/lib/junoser/xsd/base.rb +4 -2
  11. metadata +3 -3
data/lib/junoser/parser.rb CHANGED
@@ -2084,10 +2084,10 @@ module Junoser
2084
2084
  ),
2085
2085
  b(str("wildcard-address"),
2086
2086
  sc(
2087
- ipaddr,
2088
2087
  b(str("wildcard-mask"),
2089
2088
  ipaddr
2090
- )
2089
+ ),
2090
+ ipaddr
2091
2091
  )
2092
2092
  ).as(:oneline),
2093
2093
  b(str("port-range"),
@@ -2105,10 +2105,10 @@ module Junoser
2105
2105
  ),
2106
2106
  b(str("wildcard-address"),
2107
2107
  sc(
2108
- ipaddr,
2109
2108
  b(str("wildcard-mask"),
2110
2109
  ipaddr
2111
- )
2110
+ ),
2111
+ ipaddr
2112
2112
  )
2113
2113
  ).as(:oneline),
2114
2114
  b(str("port-range"),
@@ -5998,34 +5998,34 @@ module Junoser
5998
5998
  c(
5999
5999
  b(str("source-ip"),
6000
6000
  sc(
6001
- ipaddr,
6002
6001
  b(str("wildcard"),
6003
6002
  ipaddr
6004
- )
6003
+ ),
6004
+ ipaddr
6005
6005
  )
6006
6006
  ).as(:oneline),
6007
6007
  b(str("dest-ip"),
6008
6008
  sc(
6009
- ipaddr,
6010
6009
  b(str("wildcard"),
6011
6010
  ipaddr
6012
- )
6011
+ ),
6012
+ ipaddr
6013
6013
  )
6014
6014
  ).as(:oneline),
6015
6015
  b(str("sw-sip"),
6016
6016
  sc(
6017
- ipv6addr,
6018
6017
  b(str("wildcard"),
6019
6018
  ipv6addr
6020
- )
6019
+ ),
6020
+ ipv6addr
6021
6021
  )
6022
6022
  ).as(:oneline),
6023
6023
  b(str("sw-dip"),
6024
6024
  sc(
6025
- ipaddr,
6026
6025
  b(str("wildcard"),
6027
6026
  ipaddr
6028
- )
6027
+ ),
6028
+ ipaddr
6029
6029
  )
6030
6030
  ).as(:oneline),
6031
6031
  b(str("sport-range"),
@@ -10675,7 +10675,8 @@ module Junoser
10675
10675
  str("no-auto-conversion"),
10676
10676
  str("auto-conversion")
10677
10677
  ),
10678
- str("vcp-no-hold-time")
10678
+ str("vcp-no-hold-time"),
10679
+ str("vcp-snmp-statistics")
10679
10680
  )
10680
10681
  ),
10681
10682
  b(str("ethernet-switching-options"),
@@ -17960,53 +17961,6 @@ module Junoser
17960
17961
  )
17961
17962
  end
17962
17963
 
17963
- rule(:application_object) do
17964
- b(arg.as(:arg),
17965
- c(
17966
- b(str("application-protocol"),
17967
- (str("bootp") | str("dce-rpc") | str("dce-rpc-portmap") | str("dns") | str("exec") | str("ftp") | str("ftp-data") | str("gprs-gtp-c") | str("gprs-gtp-u") | str("gprs-gtp-v0") | str("gprs-sctp") | str("h323") | str("icmpv6") | str("icmp") | str("ignore") | str("iiop") | str("ike-esp-nat") | str("ip") | str("login") | str("mgcp-ca") | str("mgcp-ua") | str("ms-rpc") | str("netbios") | str("netshow") | str("none") | str("pptp") | str("q931") | str("ras") | str("realaudio") | str("rpc") | str("rpc-portmap") | str("rsh") | str("rtsp") | str("sccp") | str("sip") | str("shell") | str("snmp") | str("sqlnet") | str("sqlnet-v2") | str("sun-rpc") | str("talk") | str("tftp") | str("traceroute") | str("https") | str("winframe") | str("http") | str("imap") | str("smtp") | str("ssh") | str("telnet") | str("twamp"))
17968
- ),
17969
- b(str("protocol"),
17970
- (str("icmp6") | str("icmpv6") | str("igmp") | str("ipip") | str("tcp") | str("egp") | str("udp") | str("rsvp") | str("gre") | str("esp") | str("ah") | str("icmp") | str("ospf") | str("pim") | str("sctp") | arg)
17971
- ),
17972
- b(str("source-port"),
17973
- (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg)
17974
- ),
17975
- b(str("destination-port"),
17976
- (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg)
17977
- ),
17978
- a(str("ether-type"), arg),
17979
- b(str("snmp-command"),
17980
- (str("get") | str("get-next") | str("get-response") | str("set") | str("trap"))
17981
- ),
17982
- b(str("icmp-type"),
17983
- (str("echo-request") | str("echo-reply") | str("unreachable") | str("source-quench") | str("redirect") | str("router-advertisement") | str("router-solicit") | str("time-exceeded") | str("parameter-problem") | str("timestamp") | str("timestamp-reply") | str("info-request") | str("info-reply") | str("mask-request") | str("mask-reply") | arg)
17984
- ),
17985
- b(str("icmp6-type"),
17986
- (str("echo-request") | str("echo-reply") | str("destination-unreachable") | str("router-advertisement") | str("router-solicit") | str("time-exceeded") | str("parameter-problem") | str("packet-too-big") | str("membership-query") | str("membership-report") | str("membership-termination") | str("redirect") | str("neighbor-solicit") | str("neighbor-advertisement") | str("router-renumbering") | str("node-information-request") | str("node-information-reply") | arg)
17987
- ),
17988
- b(str("icmp-code"),
17989
- (str("network-unreachable") | str("host-unreachable") | str("protocol-unreachable") | str("port-unreachable") | str("fragmentation-needed") | str("source-route-failed") | str("destination-network-unknown") | str("destination-host-unknown") | str("source-host-isolated") | str("destination-network-prohibited") | str("destination-host-prohibited") | str("network-unreachable-for-tos") | str("host-unreachable-for-tos") | str("communication-prohibited-by-filtering") | str("host-precedence-violation") | str("precedence-cutoff-in-effect") | str("redirect-for-network") | str("redirect-for-host") | str("redirect-for-tos-and-net") | str("redirect-for-tos-and-host") | str("ttl-eq-zero-during-transit") | str("ttl-eq-zero-during-reassembly") | str("ip-header-bad") | str("required-option-missing") | arg)
17990
- ),
17991
- b(str("icmp6-code"),
17992
- (str("no-route-to-destination") | str("administratively-prohibited") | str("address-unreachable") | str("port-unreachable") | str("ttl-eq-zero-during-transit") | str("ttl-eq-zero-during-reassembly") | str("ip6-header-bad") | str("unrecognized-next-header") | str("unrecognized-option") | arg)
17993
- ),
17994
- a(str("ttl-threshold"), arg),
17995
- a(str("rpc-program-number"), arg),
17996
- a(str("uuid"), arg),
17997
- b(str("inactivity-timeout"),
17998
- (str("never") | arg)
17999
- ),
18000
- a(str("gate-timeout"), arg),
18001
- a(str("child-inactivity-timeout"), arg),
18002
- c(
18003
- str("do-not-translate-AAAA-query-to-A-query"),
18004
- str("do-not-translate-A-query-to-AAAA-query")
18005
- )
18006
- )
18007
- )
18008
- end
18009
-
18010
17964
  rule(:application_set_object) do
18011
17965
  b(arg.as(:arg),
18012
17966
  c(
@@ -28398,34 +28352,34 @@ module Junoser
28398
28352
  c(
28399
28353
  b(str("source-ip"),
28400
28354
  sc(
28401
- ipaddr,
28402
28355
  b(str("wildcard"),
28403
28356
  ipaddr
28404
- )
28357
+ ),
28358
+ ipaddr
28405
28359
  )
28406
28360
  ).as(:oneline),
28407
28361
  b(str("dest-ip"),
28408
28362
  sc(
28409
- ipaddr,
28410
28363
  b(str("wildcard"),
28411
28364
  ipaddr
28412
- )
28365
+ ),
28366
+ ipaddr
28413
28367
  )
28414
28368
  ).as(:oneline),
28415
28369
  b(str("sw-sip"),
28416
28370
  sc(
28417
- ipv6addr,
28418
28371
  b(str("wildcard"),
28419
28372
  ipv6addr
28420
- )
28373
+ ),
28374
+ ipv6addr
28421
28375
  )
28422
28376
  ).as(:oneline),
28423
28377
  b(str("sw-dip"),
28424
28378
  sc(
28425
- ipaddr,
28426
28379
  b(str("wildcard"),
28427
28380
  ipaddr
28428
- )
28381
+ ),
28382
+ ipaddr
28429
28383
  )
28430
28384
  ).as(:oneline),
28431
28385
  b(str("sport-range"),
@@ -43800,34 +43754,34 @@ module Junoser
43800
43754
  c(
43801
43755
  b(str("source-ip"),
43802
43756
  sc(
43803
- ipaddr,
43804
43757
  b(str("wildcard"),
43805
43758
  ipaddr
43806
- )
43759
+ ),
43760
+ ipaddr
43807
43761
  )
43808
43762
  ).as(:oneline),
43809
43763
  b(str("dest-ip"),
43810
43764
  sc(
43811
- ipaddr,
43812
43765
  b(str("wildcard"),
43813
43766
  ipaddr
43814
- )
43767
+ ),
43768
+ ipaddr
43815
43769
  )
43816
43770
  ).as(:oneline),
43817
43771
  b(str("sw-sip"),
43818
43772
  sc(
43819
- ipv6addr,
43820
43773
  b(str("wildcard"),
43821
43774
  ipv6addr
43822
- )
43775
+ ),
43776
+ ipv6addr
43823
43777
  )
43824
43778
  ).as(:oneline),
43825
43779
  b(str("sw-dip"),
43826
43780
  sc(
43827
- ipaddr,
43828
43781
  b(str("wildcard"),
43829
43782
  ipaddr
43830
- )
43783
+ ),
43784
+ ipaddr
43831
43785
  )
43832
43786
  ).as(:oneline),
43833
43787
  b(str("sport-range"),
@@ -47252,34 +47206,34 @@ module Junoser
47252
47206
  c(
47253
47207
  b(str("source-ip"),
47254
47208
  sc(
47255
- ipaddr,
47256
47209
  b(str("wildcard"),
47257
47210
  ipaddr
47258
- )
47211
+ ),
47212
+ ipaddr
47259
47213
  )
47260
47214
  ).as(:oneline),
47261
47215
  b(str("dest-ip"),
47262
47216
  sc(
47263
- ipaddr,
47264
47217
  b(str("wildcard"),
47265
47218
  ipaddr
47266
- )
47219
+ ),
47220
+ ipaddr
47267
47221
  )
47268
47222
  ).as(:oneline),
47269
47223
  b(str("sw-sip"),
47270
47224
  sc(
47271
- ipv6addr,
47272
47225
  b(str("wildcard"),
47273
47226
  ipv6addr
47274
- )
47227
+ ),
47228
+ ipv6addr
47275
47229
  )
47276
47230
  ).as(:oneline),
47277
47231
  b(str("sw-dip"),
47278
47232
  sc(
47279
- ipaddr,
47280
47233
  b(str("wildcard"),
47281
47234
  ipaddr
47282
- )
47235
+ ),
47236
+ ipaddr
47283
47237
  )
47284
47238
  ).as(:oneline),
47285
47239
  b(str("sport-range"),
@@ -55338,10 +55292,10 @@ module Junoser
55338
55292
  c(
55339
55293
  str("self"),
55340
55294
  str("peer-address"),
55341
- ipaddr,
55342
55295
  str("reject"),
55343
55296
  str("discard"),
55344
- a(str("next-table"), arg)
55297
+ a(str("next-table"), arg),
55298
+ ipaddr
55345
55299
  )
55346
55300
  )
55347
55301
  ).as(:oneline),
@@ -55937,10 +55891,10 @@ module Junoser
55937
55891
  c(
55938
55892
  str("self"),
55939
55893
  str("peer-address"),
55940
- ipaddr,
55941
55894
  str("reject"),
55942
55895
  str("discard"),
55943
- a(str("next-table"), arg)
55896
+ a(str("next-table"), arg),
55897
+ ipaddr
55944
55898
  )
55945
55899
  )
55946
55900
  ).as(:oneline),
@@ -56152,8 +56106,8 @@ module Junoser
56152
56106
  c(
56153
56107
  b(str("inet"),
56154
56108
  c(
56155
- ipprefix,
56156
- a(str("table"), arg)
56109
+ a(str("table"), arg),
56110
+ ipprefix
56157
56111
  )
56158
56112
  ),
56159
56113
  b(str("ccc"),
@@ -56167,8 +56121,8 @@ module Junoser
56167
56121
  )
56168
56122
  )
56169
56123
  ),
56170
- ipprefix,
56171
- a(str("table"), arg)
56124
+ a(str("table"), arg),
56125
+ ipprefix
56172
56126
  )
56173
56127
  )
56174
56128
  )
@@ -56445,10 +56399,10 @@ module Junoser
56445
56399
  c(
56446
56400
  str("self"),
56447
56401
  str("peer-address"),
56448
- ipaddr,
56449
56402
  str("reject"),
56450
56403
  str("discard"),
56451
- a(str("next-table"), arg)
56404
+ a(str("next-table"), arg),
56405
+ ipaddr
56452
56406
  )
56453
56407
  )
56454
56408
  ).as(:oneline),
@@ -56827,10 +56781,10 @@ module Junoser
56827
56781
  c(
56828
56782
  str("self"),
56829
56783
  str("peer-address"),
56830
- ipaddr,
56831
56784
  str("reject"),
56832
56785
  str("discard"),
56833
- a(str("next-table"), arg)
56786
+ a(str("next-table"), arg),
56787
+ ipaddr
56834
56788
  )
56835
56789
  )
56836
56790
  ).as(:oneline),
@@ -57193,10 +57147,10 @@ module Junoser
57193
57147
  c(
57194
57148
  str("self"),
57195
57149
  str("peer-address"),
57196
- ipaddr,
57197
57150
  str("reject"),
57198
57151
  str("discard"),
57199
- a(str("next-table"), arg)
57152
+ a(str("next-table"), arg),
57153
+ ipaddr
57200
57154
  )
57201
57155
  )
57202
57156
  ).as(:oneline),
@@ -77377,9 +77331,9 @@ module Junoser
77377
77331
  ).as(:oneline),
77378
77332
  b(str("inet6-backup-router"),
77379
77333
  sc(
77380
- ipv6addr,
77381
77334
  b(str("destination"),
77382
- ipv6prefix
77335
+ ipv6prefix,
77336
+ ipv6addr
77383
77337
  )
77384
77338
  )
77385
77339
  ).as(:oneline),
@@ -98225,14 +98179,6 @@ module Junoser
98225
98179
  )
98226
98180
  end
98227
98181
 
98228
- rule(:logical_system_type) do
98229
- b(arg.as(:arg),
98230
- c(
98231
- a(str("max-sessions"), arg)
98232
- )
98233
- )
98234
- end
98235
-
98236
98182
  rule(:login_class_object) do
98237
98183
  b(arg.as(:arg),
98238
98184
  c(
@@ -101379,31 +101325,6 @@ module Junoser
101379
101325
  )
101380
101326
  end
101381
101327
 
101382
- rule(:nat_object) do
101383
- c(
101384
- b(str("pool"),
101385
- nat_pool_object
101386
- ),
101387
- a(str("ipv6-multicast-interfaces"), str("all") | str("interface-name"),
101388
- c(
101389
- str("disable")
101390
- )
101391
- ),
101392
- str("allow-overlapping-nat-pools"),
101393
- b(str("rule"),
101394
- nat_rule_object
101395
- ),
101396
- b(str("port-forwarding"),
101397
- pf_mapping
101398
- ),
101399
- b(a(str("rule-set"), arg),
101400
- c(
101401
- a(str("rule"), arg)
101402
- )
101403
- )
101404
- )
101405
- end
101406
-
101407
101328
  rule(:nat_pool_object) do
101408
101329
  b(arg.as(:arg),
101409
101330
  c(
@@ -105125,10 +105046,10 @@ module Junoser
105125
105046
  c(
105126
105047
  str("self"),
105127
105048
  str("peer-address"),
105128
- ipaddr,
105129
105049
  str("reject"),
105130
105050
  str("discard"),
105131
- a(str("next-table"), arg)
105051
+ a(str("next-table"), arg),
105052
+ ipaddr
105132
105053
  )
105133
105054
  )
105134
105055
  ).as(:oneline),
@@ -105392,11 +105313,11 @@ module Junoser
105392
105313
 
105393
105314
  rule(:routing_destination_address) do
105394
105315
  c(
105395
- ipaddr,
105396
105316
  a(str("port"), arg),
105397
105317
  b(str("transport-protocol"),
105398
105318
  transport_protocol
105399
- )
105319
+ ),
105320
+ ipaddr
105400
105321
  ).as(:oneline)
105401
105322
  end
105402
105323
 
@@ -106808,7 +106729,7 @@ module Junoser
106808
106729
  (str("pre-shared-keys") | str("rsa-signatures") | str("dsa-signatures"))
106809
106730
  ),
106810
106731
  b(str("dh-group"),
106811
- (str("group1") | str("group2") | str("group5") | str("group14"))
106732
+ (str("group14") | str("group1") | str("group2") | str("group5"))
106812
106733
  ),
106813
106734
  b(str("authentication-algorithm"),
106814
106735
  (str("md5") | str("sha1") | str("sha-256"))
@@ -107049,7 +106970,7 @@ module Junoser
107049
106970
  (str("pre-shared-keys") | str("rsa-signatures") | str("dsa-signatures") | str("ecdsa-signatures-256") | str("ecdsa-signatures-384"))
107050
106971
  ),
107051
106972
  b(str("dh-group"),
107052
- (str("group1") | str("group2") | str("group5") | str("group14") | str("group15") | str("group16") | str("group19") | str("group20") | str("group24"))
106973
+ (str("group14") | str("group15") | str("group16") | str("group19") | str("group20") | str("group24") | str("group1") | str("group2") | str("group5"))
107053
106974
  ),
107054
106975
  b(str("authentication-algorithm"),
107055
106976
  (str("md5") | str("sha1") | str("sha-256") | str("sha-384"))
@@ -107156,7 +107077,7 @@ module Junoser
107156
107077
  b(str("perfect-forward-secrecy"),
107157
107078
  c(
107158
107079
  b(str("keys"),
107159
- (str("group1") | str("group2") | str("group5") | str("group14") | str("group15") | str("group16") | str("group19") | str("group20") | str("group24"))
107080
+ (str("group14") | str("group15") | str("group16") | str("group19") | str("group20") | str("group24") | str("group1") | str("group2") | str("group5"))
107160
107081
  )
107161
107082
  )
107162
107083
  ),
@@ -107250,12 +107171,6 @@ module Junoser
107250
107171
  )
107251
107172
  end
107252
107173
 
107253
- rule(:ipsec_traceoptions) do
107254
- c(
107255
- a(str("flag"), enum(str("packet-processing") | str("packet-drops") | str("security-associations") | str("next-hop-tunnel-binding") | str("all"))).as(:oneline)
107256
- )
107257
- end
107258
-
107259
107174
  rule(:ipsec_trusted_channel_sa) do
107260
107175
  c(
107261
107176
  a(str("description"), quote | arg),
@@ -107305,114 +107220,6 @@ module Junoser
107305
107220
  )
107306
107221
  end
107307
107222
 
107308
- rule(:ipsec_vpn_monitor) do
107309
- c(
107310
- a(str("interval"), arg),
107311
- a(str("threshold"), arg)
107312
- )
107313
- end
107314
-
107315
- rule(:ipsec_vpn_template) do
107316
- b(arg.as(:arg),
107317
- c(
107318
- b(str("bind-interface"),
107319
- interface_name
107320
- ),
107321
- b(str("df-bit"),
107322
- (str("clear") | str("set") | str("copy"))
107323
- ),
107324
- b(str("vpn-monitor"),
107325
- ipsec_template_monitor
107326
- ),
107327
- c(
107328
- b(str("manual"),
107329
- c(
107330
- b(str("gateway"),
107331
- hostname
107332
- ),
107333
- b(str("external-interface"),
107334
- interface_unit
107335
- ),
107336
- b(str("protocol"),
107337
- (str("ah") | str("esp"))
107338
- ),
107339
- a(str("spi"), arg),
107340
- b(str("authentication"),
107341
- c(
107342
- b(str("algorithm"),
107343
- (str("hmac-md5-96") | str("hmac-sha1-96") | str("hmac-sha-256-128") | str("hmac-sha-256-96"))
107344
- ),
107345
- b(str("key"),
107346
- sc(
107347
- c(
107348
- a(str("ascii-text"), arg),
107349
- a(str("hexadecimal"), arg)
107350
- )
107351
- )
107352
- ).as(:oneline)
107353
- )
107354
- ),
107355
- b(str("encryption"),
107356
- c(
107357
- b(str("algorithm"),
107358
- (str("des-cbc") | str("3des-cbc") | str("aes-128-cbc") | str("aes-192-cbc") | str("aes-256-cbc"))
107359
- ),
107360
- b(str("key"),
107361
- sc(
107362
- c(
107363
- a(str("ascii-text"), arg),
107364
- a(str("hexadecimal"), arg)
107365
- )
107366
- )
107367
- ).as(:oneline)
107368
- )
107369
- )
107370
- )
107371
- ),
107372
- b(str("ike"),
107373
- c(
107374
- a(str("gateway"), arg),
107375
- a(str("idle-time"), arg),
107376
- str("no-anti-replay"),
107377
- b(str("proxy-identity"),
107378
- ipsec_template_proxy_id
107379
- ),
107380
- a(str("ipsec-policy"), arg),
107381
- a(str("install-interval"), arg)
107382
- )
107383
- )
107384
- ),
107385
- b(str("establish-tunnels"),
107386
- (str("immediately") | str("on-traffic"))
107387
- )
107388
- )
107389
- )
107390
- end
107391
-
107392
- rule(:ipsec_template_monitor) do
107393
- c(
107394
- str("optimized"),
107395
- b(str("source-interface"),
107396
- interface_unit
107397
- ),
107398
- b(str("destination-ip"),
107399
- ipaddr
107400
- )
107401
- )
107402
- end
107403
-
107404
- rule(:ipsec_template_proxy_id) do
107405
- c(
107406
- b(str("local"),
107407
- ipprefix_mandatory
107408
- ),
107409
- b(str("remote"),
107410
- ipprefix_mandatory
107411
- ),
107412
- a(str("service"), arg)
107413
- )
107414
- end
107415
-
107416
107223
  rule(:security_macsec) do
107417
107224
  c(
107418
107225
  b(str("traceoptions"),
@@ -107972,14 +107779,14 @@ module Junoser
107972
107779
  a(str("trusted-ca"), arg),
107973
107780
  b(str("local-gateway"),
107974
107781
  sc(
107975
- ipaddr,
107976
107782
  a(str("routing-instance"), arg),
107977
107783
  b(str("interface"),
107978
107784
  interface_unit
107979
107785
  ),
107980
107786
  b(str("gw-interface"),
107981
107787
  interface_unit
107982
- )
107788
+ ),
107789
+ ipaddr
107983
107790
  )
107984
107791
  ).as(:oneline),
107985
107792
  a(str("ike-access-profile"), arg),
@@ -109764,10 +109571,10 @@ module Junoser
109764
109571
  c(
109765
109572
  str("self"),
109766
109573
  str("peer-address"),
109767
- ipaddr,
109768
109574
  str("reject"),
109769
109575
  str("discard"),
109770
- a(str("next-table"), arg)
109576
+ a(str("next-table"), arg),
109577
+ ipaddr
109771
109578
  )
109772
109579
  )
109773
109580
  ).as(:oneline),
@@ -110064,7 +109871,7 @@ module Junoser
110064
109871
  c(
110065
109872
  str("enable-flow-tracing"),
110066
109873
  b(str("protocol-version"),
110067
- (str("all") | str("ssl3") | str("tls1") | str("tls11") | str("tls12"))
109874
+ (str("all") | str("ssl3") | str("tls11") | str("tls12") | str("tls1"))
110068
109875
  ),
110069
109876
  b(str("preferred-ciphers"),
110070
109877
  (str("strong") | str("medium") | str("weak") | str("custom"))
@@ -110114,7 +109921,7 @@ module Junoser
110114
109921
  c(
110115
109922
  str("enable-flow-tracing"),
110116
109923
  b(str("protocol-version"),
110117
- (str("all") | str("ssl3") | str("tls1") | str("tls11") | str("tls12"))
109924
+ (str("all") | str("ssl3") | str("tls11") | str("tls12") | str("tls1"))
110118
109925
  ),
110119
109926
  b(str("preferred-ciphers"),
110120
109927
  (str("strong") | str("medium") | str("weak") | str("custom"))
@@ -110187,7 +109994,7 @@ module Junoser
110187
109994
  c(
110188
109995
  str("enable-flow-tracing"),
110189
109996
  b(str("protocol-version"),
110190
- (str("all") | str("ssl3") | str("tls1") | str("tls11") | str("tls12"))
109997
+ (str("all") | str("ssl3") | str("tls11") | str("tls12") | str("tls1"))
110191
109998
  ),
110192
109999
  b(str("preferred-ciphers"),
110193
110000
  (str("strong") | str("medium") | str("weak") | str("custom"))
@@ -115629,8 +115436,8 @@ module Junoser
115629
115436
  c(
115630
115437
  b(str("server"),
115631
115438
  c(
115632
- ipaddr,
115633
- a(str("routing-instance"), arg)
115439
+ a(str("routing-instance"), arg),
115440
+ ipaddr
115634
115441
  )
115635
115442
  ),
115636
115443
  a(str("sxl-timeout"), arg),
@@ -115970,9 +115777,9 @@ module Junoser
115970
115777
 
115971
115778
  rule(:host_object) do
115972
115779
  c(
115973
- ipaddr,
115974
115780
  a(str("port"), arg),
115975
- a(str("routing-instance"), arg)
115781
+ a(str("routing-instance"), arg),
115782
+ ipaddr
115976
115783
  )
115977
115784
  end
115978
115785
 
@@ -116370,7 +116177,6 @@ module Junoser
116370
116177
  c(
116371
116178
  a(str("description"), quote | arg),
116372
116179
  c(
116373
- ipprefix,
116374
116180
  b(str("dns-name"),
116375
116181
  dns_name_type
116376
116182
  ),
@@ -116379,7 +116185,8 @@ module Junoser
116379
116185
  ),
116380
116186
  b(str("range-address"),
116381
116187
  range_address_type
116382
- )
116188
+ ),
116189
+ ipprefix
116383
116190
  )
116384
116191
  )
116385
116192
  )
@@ -116877,36 +116684,6 @@ module Junoser
116877
116684
  )
116878
116685
  end
116879
116686
 
116880
- rule(:security_ipsec_vpn) do
116881
- c(
116882
- b(str("internal"),
116883
- c(
116884
- b(str("security-association"),
116885
- ipsec_internal_sa
116886
- )
116887
- )
116888
- ),
116889
- b(str("traceoptions"),
116890
- ipsec_traceoptions
116891
- ),
116892
- b(str("vpn-monitor-options"),
116893
- ipsec_vpn_monitor
116894
- ),
116895
- b(str("proposal"),
116896
- ipsec_proposal
116897
- ),
116898
- b(str("policy"),
116899
- ipsec_policy
116900
- ),
116901
- b(str("vpn"),
116902
- ipsec_vpn_template
116903
- ),
116904
- b(str("security-association"),
116905
- ipsec_sa
116906
- )
116907
- )
116908
- end
116909
-
116910
116687
  rule(:ipsec_traceoptions) do
116911
116688
  c(
116912
116689
  a(str("flag"), enum(str("packet-processing") | str("packet-drops") | str("security-associations") | str("next-hop-tunnel-binding") | str("all"))).as(:oneline)
@@ -117250,7 +117027,6 @@ module Junoser
117250
117027
  ),
117251
117028
  b(str("address"),
117252
117029
  sc(
117253
- ipprefix,
117254
117030
  c(
117255
117031
  b(str("to"),
117256
117032
  c(
@@ -117258,7 +117034,8 @@ module Junoser
117258
117034
  )
117259
117035
  ),
117260
117036
  a(str("port"), arg)
117261
- )
117037
+ ),
117038
+ ipprefix
117262
117039
  )
117263
117040
  ).as(:oneline)
117264
117041
  )
@@ -117305,7 +117082,7 @@ module Junoser
117305
117082
  b(arg.as(:arg),
117306
117083
  c(
117307
117084
  a(str("description"), quote | arg),
117308
- b(str("dest-nat-rule-match"),
117085
+ b(str("match"),
117309
117086
  c(
117310
117087
  b(str("source-address"),
117311
117088
  ipprefix
@@ -117651,7 +117428,7 @@ module Junoser
117651
117428
  b(arg.as(:arg),
117652
117429
  c(
117653
117430
  a(str("description"), quote | arg),
117654
- b(str("src-nat-rule-match"),
117431
+ b(str("match"),
117655
117432
  c(
117656
117433
  b(str("source-address"),
117657
117434
  ipprefix
@@ -117799,7 +117576,7 @@ module Junoser
117799
117576
  b(arg.as(:arg),
117800
117577
  c(
117801
117578
  a(str("description"), quote | arg),
117802
- b(str("static-nat-rule-match"),
117579
+ b(str("match"),
117803
117580
  c(
117804
117581
  b(str("source-address"),
117805
117582
  ipprefix
@@ -117852,13 +117629,13 @@ module Junoser
117852
117629
  ),
117853
117630
  b(str("prefix"),
117854
117631
  c(
117855
- ipprefix,
117856
117632
  b(str("mapped-port"),
117857
117633
  static_nat_rule_mapped_port_object
117858
117634
  ).as(:oneline),
117859
117635
  b(str("routing-instance"),
117860
117636
  (str("default") | arg)
117861
- )
117637
+ ),
117638
+ ipprefix
117862
117639
  )
117863
117640
  ),
117864
117641
  b(str("prefix-name"),
@@ -117873,10 +117650,10 @@ module Junoser
117873
117650
  ),
117874
117651
  b(str("nptv6-prefix"),
117875
117652
  c(
117876
- ipprefix,
117877
117653
  b(str("routing-instance"),
117878
117654
  (str("default") | arg)
117879
- )
117655
+ ),
117656
+ ipprefix
117880
117657
  )
117881
117658
  ),
117882
117659
  b(str("nptv6-prefix-name"),
@@ -118209,6 +117986,93 @@ module Junoser
118209
117986
  )
118210
117987
  )
118211
117988
  end
117989
+
117990
+ rule(:application_object) do
117991
+ b(arg.as(:arg),
117992
+ c(
117993
+ a(str("description"), quote | arg),
117994
+ b(str("term"),
117995
+ term_object
117996
+ ),
117997
+ b(str("application-protocol"),
117998
+ (str("bootp") | str("dce-rpc") | str("dce-rpc-portmap") | str("dns") | str("exec") | str("ftp") | str("ftp-data") | str("gprs-gtp-c") | str("gprs-gtp-u") | str("gprs-gtp-v0") | str("gprs-sctp") | str("h323") | str("icmpv6") | str("icmp") | str("ignore") | str("iiop") | str("ike-esp-nat") | str("ip") | str("login") | str("mgcp-ca") | str("mgcp-ua") | str("ms-rpc") | str("netbios") | str("netshow") | str("none") | str("pptp") | str("q931") | str("ras") | str("realaudio") | str("rpc") | str("rpc-portmap") | str("rsh") | str("rtsp") | str("sccp") | str("sip") | str("shell") | str("snmp") | str("sqlnet") | str("sqlnet-v2") | str("sun-rpc") | str("talk") | str("tftp") | str("traceroute") | str("https") | str("winframe") | str("http") | str("imap") | str("smtp") | str("ssh") | str("telnet") | str("twamp"))
117999
+ ),
118000
+ b(str("protocol"),
118001
+ (str("icmp6") | str("icmpv6") | str("igmp") | str("ipip") | str("tcp") | str("egp") | str("udp") | str("rsvp") | str("gre") | str("esp") | str("ah") | str("icmp") | str("ospf") | str("pim") | str("sctp") | arg)
118002
+ ),
118003
+ b(str("source-port"),
118004
+ (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg)
118005
+ ),
118006
+ b(str("destination-port"),
118007
+ (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg)
118008
+ ),
118009
+ a(str("ether-type"), arg),
118010
+ a(str("snmp-command"), arg),
118011
+ b(str("icmp-type"),
118012
+ (str("echo-request") | str("echo-reply") | str("unreachable") | str("source-quench") | str("redirect") | str("router-advertisement") | str("router-solicit") | str("time-exceeded") | str("parameter-problem") | str("timestamp") | str("timestamp-reply") | str("info-request") | str("info-reply") | str("mask-request") | str("mask-reply") | arg)
118013
+ ),
118014
+ b(str("icmp6-type"),
118015
+ (str("echo-request") | str("echo-reply") | str("destination-unreachable") | str("router-advertisement") | str("router-solicit") | str("time-exceeded") | str("parameter-problem") | str("packet-too-big") | str("membership-query") | str("membership-report") | str("membership-termination") | str("redirect") | str("neighbor-solicit") | str("neighbor-advertisement") | str("router-renumbering") | str("node-information-request") | str("node-information-reply") | arg)
118016
+ ),
118017
+ b(str("icmp-code"),
118018
+ (str("network-unreachable") | str("host-unreachable") | str("protocol-unreachable") | str("port-unreachable") | str("fragmentation-needed") | str("source-route-failed") | str("destination-network-unknown") | str("destination-host-unknown") | str("source-host-isolated") | str("destination-network-prohibited") | str("destination-host-prohibited") | str("network-unreachable-for-tos") | str("host-unreachable-for-tos") | str("communication-prohibited-by-filtering") | str("host-precedence-violation") | str("precedence-cutoff-in-effect") | str("redirect-for-network") | str("redirect-for-host") | str("redirect-for-tos-and-net") | str("redirect-for-tos-and-host") | str("ttl-eq-zero-during-transit") | str("ttl-eq-zero-during-reassembly") | str("ip-header-bad") | str("required-option-missing") | arg)
118019
+ ),
118020
+ b(str("icmp6-code"),
118021
+ (str("no-route-to-destination") | str("administratively-prohibited") | str("address-unreachable") | str("port-unreachable") | str("ttl-eq-zero-during-transit") | str("ttl-eq-zero-during-reassembly") | str("ip6-header-bad") | str("unrecognized-next-header") | str("unrecognized-option") | arg)
118022
+ ),
118023
+ a(str("ttl-threshold"), arg),
118024
+ a(str("rpc-program-number"), arg),
118025
+ a(str("uuid"), arg),
118026
+ b(str("inactivity-timeout"),
118027
+ (str("never") | arg)
118028
+ ),
118029
+ a(str("gate-timeout"), arg),
118030
+ a(str("child-inactivity-timeout"), arg),
118031
+ str("learn-sip-register"),
118032
+ a(str("sip-call-hold-timeout"), arg),
118033
+ c(
118034
+ str("do-not-translate-AAAA-query-to-A-query"),
118035
+ str("do-not-translate-A-query-to-AAAA-query")
118036
+ )
118037
+ )
118038
+ )
118039
+ end
118040
+
118041
+ rule(:term_object) do
118042
+ b(arg.as(:arg),
118043
+ sc(
118044
+ b(str("alg"),
118045
+ (str("bootp") | str("dce-rpc") | str("dce-rpc-portmap") | str("dns") | str("exec") | str("ftp") | str("ftp-data") | str("gprs-gtp-c") | str("gprs-gtp-u") | str("gprs-gtp-v0") | str("gprs-sctp") | str("h323") | str("icmpv6") | str("icmp") | str("ignore") | str("iiop") | str("ike-esp-nat") | str("ip") | str("login") | str("mgcp-ca") | str("mgcp-ua") | str("ms-rpc") | str("netbios") | str("netshow") | str("none") | str("pptp") | str("q931") | str("ras") | str("realaudio") | str("rpc") | str("rpc-portmap") | str("rsh") | str("rtsp") | str("sccp") | str("sip") | str("shell") | str("snmp") | str("sqlnet") | str("sqlnet-v2") | str("sun-rpc") | str("talk") | str("tftp") | str("traceroute") | str("https") | str("winframe") | str("http") | str("imap") | str("smtp") | str("ssh") | str("telnet") | str("twamp"))
118046
+ ),
118047
+ b(str("protocol"),
118048
+ (str("icmp6") | str("icmpv6") | str("igmp") | str("ipip") | str("tcp") | str("egp") | str("udp") | str("rsvp") | str("gre") | str("esp") | str("ah") | str("icmp") | str("ospf") | str("pim") | str("sctp") | arg)
118049
+ ),
118050
+ b(str("source-port"),
118051
+ (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg)
118052
+ ),
118053
+ b(str("destination-port"),
118054
+ (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg)
118055
+ ),
118056
+ b(str("icmp-type"),
118057
+ (str("echo-request") | str("echo-reply") | str("unreachable") | str("source-quench") | str("redirect") | str("router-advertisement") | str("router-solicit") | str("time-exceeded") | str("parameter-problem") | str("timestamp") | str("timestamp-reply") | str("info-request") | str("info-reply") | str("mask-request") | str("mask-reply") | arg)
118058
+ ),
118059
+ b(str("icmp-code"),
118060
+ (str("network-unreachable") | str("host-unreachable") | str("protocol-unreachable") | str("port-unreachable") | str("fragmentation-needed") | str("source-route-failed") | str("destination-network-unknown") | str("destination-host-unknown") | str("source-host-isolated") | str("destination-network-prohibited") | str("destination-host-prohibited") | str("network-unreachable-for-tos") | str("host-unreachable-for-tos") | str("communication-prohibited-by-filtering") | str("host-precedence-violation") | str("precedence-cutoff-in-effect") | str("redirect-for-network") | str("redirect-for-host") | str("redirect-for-tos-and-net") | str("redirect-for-tos-and-host") | str("ttl-eq-zero-during-transit") | str("ttl-eq-zero-during-reassembly") | str("ip-header-bad") | str("required-option-missing") | arg)
118061
+ ),
118062
+ b(str("icmp6-type"),
118063
+ (str("echo-request") | str("echo-reply") | str("destination-unreachable") | str("router-advertisement") | str("router-solicit") | str("time-exceeded") | str("parameter-problem") | str("packet-too-big") | str("membership-query") | str("membership-report") | str("membership-termination") | str("redirect") | str("neighbor-solicit") | str("neighbor-advertisement") | str("router-renumbering") | str("node-information-request") | str("node-information-reply") | arg)
118064
+ ),
118065
+ b(str("icmp6-code"),
118066
+ (str("no-route-to-destination") | str("administratively-prohibited") | str("address-unreachable") | str("port-unreachable") | str("ttl-eq-zero-during-transit") | str("ttl-eq-zero-during-reassembly") | str("ip6-header-bad") | str("unrecognized-next-header") | str("unrecognized-option") | arg)
118067
+ ),
118068
+ a(str("rpc-program-number"), arg),
118069
+ a(str("uuid"), arg),
118070
+ b(str("inactivity-timeout"),
118071
+ (str("never") | arg)
118072
+ )
118073
+ )
118074
+ ).as(:oneline)
118075
+ end
118212
118076
  # End of vSRX 18.3R1.9
118213
118077
  end
118214
118078
  end