lib/junoser/parser.rb in junoser-0.3.7 vs lib/junoser/parser.rb in junoser-0.3.8

- old
+ new

@@ -2860,10 +2860,12 @@ b(str("access-profile"), c( arg ) ).as(:oneline), + + # Ported from vSRX 18.3R1.9 b(str("security"), c( b(str("alarms"), c( b(str("audible"), @@ -2873,17 +2875,64 @@ ), b(str("potential-violation"), c( a(str("authentication"), arg), str("cryptographic-self-test"), - str("decryption-failures"), - str("encryption-failures"), - str("ike-phase1-failures"), - str("ike-phase2-failures"), + b(str("decryption-failures"), + c( + a(str("threshold"), arg) + ) + ), + b(str("encryption-failures"), + c( + a(str("threshold"), arg) + ) + ), + b(str("ike-phase1-failures"), + c( + a(str("threshold"), arg) + ) + ), + b(str("ike-phase2-failures"), + c( + a(str("threshold"), arg) + ) + ), str("key-generation-self-test"), str("non-cryptographic-self-test"), - str("policy"), + b(str("policy"), + c( + b(str("source-ip"), + c( + a(str("threshold"), arg), + a(str("duration"), arg), + a(str("size"), arg) + ) + ), + b(str("destination-ip"), + c( + a(str("threshold"), arg), + a(str("duration"), arg), + a(str("size"), arg) + ) + ), + b(str("application"), + c( + a(str("threshold"), arg), + a(str("duration"), arg), + a(str("size"), arg) + ) + ), + b(str("policy-match"), + c( + a(str("threshold"), arg), + a(str("duration"), arg), + a(str("size"), arg) + ) + ) + ) + ), b(str("replay-attacks"), c( a(str("threshold"), arg) ) ), @@ -2938,10 +2987,94 @@ a(str("username"), arg) ) ), a(str("limit"), arg) ) + ), + str("disable"), + str("utc-timestamp"), + b(str("mode"), + (str("stream") | str("event")) + ), + a(str("event-rate"), arg), + b(str("format"), + (str("syslog") | str("sd-syslog") | str("binary")) + ), + a(str("rate-cap"), arg), + a(str("max-database-record"), arg), + str("report"), + c( + b(str("source-address"), + ipaddr + ), + b(str("source-interface"), + interface_name + ) + ), + b(str("transport"), + c( + a(str("tcp-connections"), arg), + b(str("protocol"), + (str("udp") | str("tcp") | str("tls")) + ), + a(str("tls-profile"), arg) + ) + ), + b(str("facility-override"), + (str("authorization") | str("daemon") | str("ftp") | str("kernel") | str("user") | str("local0") | str("local1") | str("local2") | str("local3") | str("local4") | str("local5") | str("local6") | str("local7")) + ), + b(a(str("stream"), arg), + c( + b(str("severity"), + (str("emergency") | str("alert") | str("critical") | str("error") | str("warning") | str("notice") | str("info") | str("debug")) + ), + b(str("format"), + (str("syslog") | str("sd-syslog") | str("welf") | str("binary")) + ), + a(str("category"), enum(str("all") | str("content-security") | str("fw-auth") | str("screen") | str("alg") | str("nat") | str("flow") | str("sctp") | str("gtp") | str("ipsec") | str("idp") | str("rtlog") | str("pst-ds-lite") | str("appqos") | str("secintel") | str("aamw"))), + a(str("filter"), enum(str("threat-attack"))), + b(str("host"), + host_object + ), + b(str("rate-limit"), + c( + arg + ) + ), + b(str("file"), + c( + a(str("localfilename"), arg), + a(str("size"), arg), + a(str("rotation"), arg), + str("allow-duplicates") + ) + ) + ) + ), + b(str("file"), + sca( + a(str("size"), arg), + a(str("path"), arg), + a(str("files"), arg) + ) + ), + b(str("traceoptions"), + c( + str("no-remote-trace"), + b(str("file"), + sca( + a(str("size"), arg), + a(str("files"), arg), + str("world-readable"), + str("no-world-readable"), + b(str("match"), + regular_expression + ) + ) + ).as(:oneline), + a(str("flag"), enum(str("source") | str("configuration") | str("all") | str("report") | str("hpl"))).as(:oneline) + ) ) ) ), b(str("certificates"), c( @@ -2965,10 +3098,13 @@ ) ) ) ) ), + b(str("authentication-key-chains"), + security_authentication_key_chains + ), b(str("ssh-known-hosts"), c( b(a(str("host"), arg), c( a(str("rsa1-key"), arg), @@ -2985,31 +3121,29 @@ ), str("key-protection"), b(str("pki"), security_pki ), - b(str("group-vpn"), - security_group_vpn + b(str("ike"), + security_ike ), - b(str("traceoptions"), - security_traceoptions - ), b(str("ipsec"), - security_ipsec + security_ipsec_vpn ), - b(str("ike"), - security_ike + b(str("group-vpn"), + security_group_vpn ), - b(str("authentication-key-chains"), - security_authentication_key_chains + b(str("ipsec-policy"), + security_ipsec_policies ), b(str("idp"), c( b(str("idp-policy"), idp_policy_type ), a(str("active-policy"), arg), + a(str("default-policy"), arg), b(str("custom-attack"), custom_attack_type ), b(str("custom-attack-group"), custom_attack_group_type @@ -3024,10 +3158,11 @@ c( a(str("url"), arg), b(str("source-address"), ipv4addr ), + a(str("proxy-profile"), arg), b(str("install"), c( str("ignore-version-check") ) ), @@ -3195,18 +3330,1570 @@ (str("datacenter") | str("datacenter-full") | str("perimeter") | str("perimeter-full")) ) ) ) ) + ), + a(str("max-sessions"), arg), + b(str("logical-system"), + logical_system_type + ), + str("processes") + ) + ), + b(str("address-book"), + named_address_book_type + ), + b(str("alg"), + alg_object + ), + b(str("application-firewall"), + c( + b(str("traceoptions"), + c( + str("no-remote-trace"), + b(str("file"), + sca( + a(str("size"), arg), + a(str("files"), arg), + str("world-readable"), + str("no-world-readable"), + b(str("match"), + regular_expression + ) + ) + ).as(:oneline), + a(str("flag"), enum(str("configuration") | str("lookup") | str("compilation") | str("ipc") | str("all"))).as(:oneline) + ) + ), + b(a(str("profile"), arg), + c( + b(str("block-message"), + c( + b(str("type"), + c( + c( + b(str("custom-text"), + c( + a(str("content"), arg) + ) + ), + b(str("custom-redirect-url"), + c( + a(str("content"), arg) + ) + ) + ) + ) + ) + ) + ) + ) + ), + b(a(str("rule-sets"), arg), + c( + b(str("rule"), + appfw_rule_type + ), + b(str("default-rule"), + c( + c( + str("permit"), + b(str("deny"), + c( + str("block-message") + ) + ), + b(str("reject"), + c( + str("block-message") + ) + ) + ) + ) + ), + a(str("profile"), arg) + ) + ), + b(str("nested-application"), + c( + b(str("dynamic-lookup"), + c( + str("enable") + ) + ) + ) ) ) ), + b(str("application-tracking"), + c( + str("disable"), + c( + a(str("first-update-interval"), arg), + str("first-update") + ), + a(str("session-update-interval"), arg) + ) + ), + b(str("utm"), + c( + b(str("traceoptions"), + utm_traceoptions + ), + b(str("application-proxy"), + c( + b(str("traceoptions"), + utm_apppxy_traceoptions + ) + ) + ), + b(str("ipc"), + c( + b(str("traceoptions"), + utm_ipc_traceoptions + ) + ) + ), + b(str("custom-objects"), + c( + b(str("category-package"), + c( + a(str("url"), arg), + a(str("proxy-profile"), arg), + a(str("routing-instance"), arg), + b(str("automatic"), + c( + b(str("start-time"), + time + ), + a(str("interval"), arg), + str("enable") + ) + ) + ) + ), + b(str("mime-pattern"), + mime_list_type + ), + b(str("filename-extension"), + extension_list_type + ), + b(str("url-pattern"), + url_list_type + ), + b(str("custom-url-category"), + category_list_type + ), + b(str("protocol-command"), + command_list_type + ), + b(str("custom-message"), + custom_message_type + ) + ) + ), + b(str("default-configuration"), + c( + b(str("anti-virus"), + default_anti_virus_feature + ), + b(str("web-filtering"), + default_webfilter_feature + ), + b(str("anti-spam"), + default_anti_spam_feature + ), + b(str("content-filtering"), + default_content_filtering_feature + ) + ) + ), + b(str("feature-profile"), + c( + b(str("anti-virus"), + anti_virus_feature + ), + b(str("web-filtering"), + webfilter_feature + ), + b(str("anti-spam"), + anti_spam_feature + ), + b(str("content-filtering"), + content_filtering_feature + ) + ) + ), + b(str("utm-policy"), + profile_setting + ) + ) + ), + b(str("dynamic-address"), + c( + b(str("traceoptions"), + c( + str("no-remote-trace"), + b(str("file"), + sca( + a(str("size"), arg), + a(str("files"), arg), + str("world-readable"), + str("no-world-readable"), + b(str("match"), + regular_expression + ) + ) + ).as(:oneline), + b(str("level"), + (str("error") | str("warning") | str("notice") | str("info") | str("verbose") | str("all")) + ), + a(str("flag"), enum(str("configuration") | str("control") | str("ipc") | str("ip-entry") | str("file-retrieval") | str("lookup") | str("all"))).as(:oneline) + ) + ), + b(a(str("feed-server"), arg), + c( + a(str("description"), quote | arg), + a(str("hostname"), arg), + a(str("update-interval"), arg), + a(str("hold-interval"), arg), + b(a(str("feed-name"), arg), + c( + a(str("description"), quote | arg), + a(str("path"), arg), + a(str("update-interval"), arg), + a(str("hold-interval"), arg) + ) + ) + ) + ), + b(a(str("address-name"), arg), + c( + a(str("description"), quote | arg), + b(str("profile"), + c( + a(str("feed-name"), arg), + b(a(str("category"), arg), + c( + a(str("feed"), arg), + b(a(str("property"), arg), + c( + c( + a(str("string"), arg) + ) + ) + ) + ) + ) + ) + ) + ) + ) + ) + ), + str("dynamic-vpn"), + b(str("dynamic-application"), + c( + b(str("traceoptions"), + c( + str("no-remote-trace"), + b(str("file"), + sca( + a(str("size"), arg), + a(str("files"), arg), + str("world-readable"), + str("no-world-readable"), + b(str("match"), + regular_expression + ) + ) + ).as(:oneline), + a(str("flag"), enum(str("configuration") | str("lookup") | str("compilation") | str("ipc") | str("all"))).as(:oneline) + ) + ), + b(a(str("profile"), arg), + c( + b(str("redirect-message"), + c( + b(str("type"), + c( + c( + b(str("custom-text"), + c( + a(str("content"), arg) + ) + ), + b(str("redirect-url"), + c( + a(str("content"), arg) + ) + ) + ) + ) + ) + ) + ) + ) + ) + ) + ), + b(str("softwires"), + softwires_object + ), + b(str("forwarding-options"), + c( + b(str("family"), + c( + b(str("inet6"), + c( + b(str("mode"), + (str("packet-based") | str("flow-based") | str("drop")) + ) + ) + ), + b(str("mpls"), + c( + b(str("mode"), + (str("packet-based")) + ) + ) + ), + b(str("iso"), + c( + b(str("mode"), + (str("packet-based")) + ) + ) + ) + ) + ), + b(str("mirror-filter"), + mirror_filter_type + ), + b(str("secure-wire"), + secure_wire_type + ) + ) + ), + str("advanced-services"), + b(str("flow"), + c( + str("enhanced-routing-mode"), + b(str("traceoptions"), + c( + str("no-remote-trace"), + b(str("file"), + sca( + a(str("size"), arg), + a(str("files"), arg), + str("world-readable"), + str("no-world-readable"), + b(str("match"), + regular_expression + ) + ) + ).as(:oneline), + a(str("flag"), enum(str("all") | str("basic-datapath") | str("high-availability") | str("host-traffic") | str("fragmentation") | str("multicast") | str("route") | str("session") | str("session-scan") | str("tcp-basic") | str("tunnel"))).as(:oneline), + a(str("rate-limit"), arg), + b(str("packet-filter"), + flow_filter_type + ), + b(str("trace-level"), + c( + c( + str("error"), + str("brief"), + str("detail") + ) + ) + ) + ) + ), + b(str("pending-sess-queue-length"), + (str("normal") | str("moderate") | str("high")) + ), + b(str("enable-reroute-uniform-link-check"), + c( + str("nat") + ) + ), + str("allow-dns-reply"), + a(str("route-change-timeout"), arg), + b(str("syn-flood-protection-mode"), + (str("syn-cookie") | str("syn-proxy")) + ), + str("allow-embedded-icmp"), + str("mcast-buffer-enhance"), + str("allow-reverse-ecmp"), + str("sync-icmp-session"), + str("ipsec-performance-acceleration"), + b(str("aging"), + c( + a(str("early-ageout"), arg), + a(str("low-watermark"), arg), + a(str("high-watermark"), arg) + ) + ), + b(str("ethernet-switching"), + c( + str("block-non-ip-all"), + str("bypass-non-ip-unicast"), + b(str("no-packet-flooding"), + c( + str("no-trace-route") + ) + ), + str("bpdu-vlan-flooding") + ) + ), + b(str("tcp-mss"), + c( + b(str("all-tcp"), + c( + a(str("mss"), arg) + ) + ), + b(str("ipsec-vpn"), + c( + a(str("mss"), arg) + ) + ), + b(str("gre-in"), + c( + a(str("mss"), arg) + ) + ), + b(str("gre-out"), + c( + a(str("mss"), arg) + ) + ) + ) + ), + b(str("tcp-session"), + c( + str("rst-invalidate-session"), + str("fin-invalidate-session"), + str("rst-sequence-check"), + str("no-syn-check"), + str("strict-syn-check"), + str("no-syn-check-in-tunnel"), + str("no-sequence-check"), + a(str("tcp-initial-timeout"), arg), + b(str("maximum-window"), + (str("64K") | str("128K") | str("256K") | str("512K") | str("1M")) + ), + b(str("time-wait-state"), + c( + c( + str("session-ageout"), + a(str("session-timeout"), arg) + ), + str("apply-to-half-close-state") + ) + ) + ) + ), + str("force-ip-reassembly"), + str("preserve-incoming-fragment-size"), + b(str("advanced-options"), + c( + str("drop-matching-reserved-ip-address"), + str("drop-matching-link-local-address"), + str("reverse-route-packet-mode-vr") + ) + ), + b(str("load-distribution"), + c( + str("session-affinity") + ) + ), + b(str("packet-log"), + c( + str("enable"), + a(str("throttle-interval"), arg), + b(str("packet-filter"), + flow_filter_type + ) + ) + ), + str("power-mode-ipsec") + ) + ), + b(str("firewall-authentication"), + c( + b(str("traceoptions"), + c( + a(str("flag"), enum(str("authentication") | str("proxy") | str("all")), + c( + c( + str("terse"), + str("detail"), + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ), + b(str("screen"), + c( + b(str("trap"), + c( + a(str("interval"), arg) + ) + ).as(:oneline), + b(str("ids-option"), + ids_option_type + ), + b(str("traceoptions"), + c( + str("no-remote-trace"), + b(str("file"), + sca( + a(str("size"), arg), + a(str("files"), arg), + str("world-readable"), + str("no-world-readable"), + b(str("match"), + regular_expression + ) + ) + ).as(:oneline), + a(str("flag"), enum(str("configuration") | str("flow") | str("all"))).as(:oneline) + ) + ), + b(str("white-list"), + ids_wlist_type + ) + ) + ), + b(str("nat"), + nat_object + ), + b(str("forwarding-process"), + c( + str("enhanced-services-mode"), + b(str("application-services"), + c( + str("maximize-alg-sessions"), + str("maximize-persistent-nat-capacity"), + str("maximize-cp-sessions"), + a(str("session-distribution-mode"), arg), + str("enable-gtpu-distribution"), + a(str("packet-ordering-mode"), arg), + str("maximize-idp-sessions") + ) + ) + ) + ), + b(str("policies"), + policy_object_type + ), + b(str("tcp-encap"), + c( + b(str("traceoptions"), + ragw_traceoptions + ), + b(a(str("profile"), arg), + c( + a(str("ssl-profile"), arg), + str("log") + ) + ), + b(str("global-options"), + c( + str("enable-tunnel-tracking") + ) + ) + ) + ), + b(str("resource-manager"), + c( + b(str("traceoptions"), + c( + a(str("flag"), enum(str("client") | str("group") | str("resource") | str("gate") | str("session") | str("chassis cluster") | str("messaging") | str("service pinhole") | str("error") | str("all")), + c( + c( + str("terse"), + str("detail"), + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ), + b(str("analysis"), + c( + str("no-report") + ) + ), + b(str("traceoptions"), + c( + str("no-remote-trace"), + b(str("file"), + sca( + a(str("size"), arg), + a(str("files"), arg), + str("world-readable"), + str("no-world-readable"), + b(str("match"), + regular_expression + ) + ) + ).as(:oneline), + a(str("flag"), enum(str("configuration") | str("routing-socket") | str("compilation") | str("all"))).as(:oneline), + a(str("rate-limit"), arg) + ) + ), + b(str("datapath-debug"), + c( + b(str("traceoptions"), + c( + str("no-remote-trace"), + b(str("file"), + sca( + a(str("size"), arg), + a(str("files"), arg), + str("world-readable"), + str("no-world-readable"), + b(str("match"), + regular_expression + ) + ) + ).as(:oneline) + ) + ), + b(str("capture-file"), + ca( + b(str("format"), + (str("pcap")) + ), + a(str("size"), arg), + a(str("files"), arg), + str("world-readable"), + str("no-world-readable") + ) + ).as(:oneline), + a(str("maximum-capture-size"), arg), + b(str("action-profile"), + e2e_action_profile + ), + b(str("packet-filter"), + end_to_end_debug_filter + ) + ) + ), + b(str("user-identification"), + c( + b(str("traceoptions"), + c( + str("no-remote-trace"), + b(str("file"), + sca( + a(str("size"), arg), + a(str("files"), arg), + str("world-readable"), + str("no-world-readable"), + b(str("match"), + regular_expression + ) + ) + ).as(:oneline), + a(str("flag"), enum(str("all"))).as(:oneline) + ) + ), + b(str("authentication-source"), + authentication_source_type + ) + ) + ), + b(str("zones"), + c( + b(str("functional-zone"), + c( + b(str("management"), + c( + b(str("interfaces"), + zone_interface_list_type + ), + a(str("screen"), arg), + b(str("host-inbound-traffic"), + zone_host_inbound_traffic_t + ), + a(str("description"), quote | arg) + ) + ) + ) + ), + b(str("security-zone"), + security_zone_type + ) + ) + ), + b(str("advance-policy-based-routing"), + c( + b(str("traceoptions"), + c( + str("no-remote-trace"), + b(str("file"), + sca( + a(str("size"), arg), + a(str("files"), arg), + str("world-readable"), + str("no-world-readable"), + b(str("match"), + regular_expression + ) + ) + ).as(:oneline), + a(str("flag"), enum(str("configuration") | str("lookup") | str("compilation") | str("ipc") | str("all"))).as(:oneline) + ) + ), + b(str("tunables"), + c( + a(str("max-route-change"), arg), + str("drop-on-zone-mismatch"), + str("enable-logging") + ) + ), + b(a(str("profile"), arg), + c( + b(str("rule"), + apbr_rule_type + ) + ) + ), + b(a(str("active-probe-params"), arg), + c( + b(str("settings"), + appqoe_probe_params + ) + ) + ), + b(a(str("metrics-profile"), arg), + c( + b(str("sla-threshold"), + appqoe_sla_metric_profile + ) + ) + ), + b(a(str("overlay-path"), arg), + c( + b(str("tunnel-path"), + appqoe_probe_path + ), + b(str("probe-path"), + appqoe_probe_path + ) + ) + ), + b(a(str("destination-path-group"), arg), + c( + b(str("probe-routing-instance"), + c( + arg + ) + ), + a(str("overlay-path"), arg) + ) + ), + b(str("sla-options"), + c( + b(str("local-route-switch"), + c( + c( + str("enabled"), + str("disabled") + ) + ) + ), + b(str("log-type"), + c( + c( + str("syslog") + ) + ) + ), + b(str("max-passive-probe-limit"), + c( + b(str("number-of-probes"), + c( + arg + ) + ), + b(str("interval"), + c( + arg + ) + ) + ) + ) + ) + ), + b(a(str("sla-rule"), arg), + c( + b(str("switch-idle-time"), + c( + arg + ) + ), + b(str("metrics-profile"), + c( + arg + ) + ), + b(str("active-probe-params"), + c( + arg + ) + ), + b(str("passive-probe-params"), + c( + b(str("sampling-percentage"), + c( + arg + ) + ), + b(str("violation-count"), + c( + arg + ) + ), + b(str("sampling-period"), + c( + arg + ) + ), + b(str("sla-export-factor"), + c( + arg + ) + ), + b(str("type"), + c( + c( + str("book-ended") + ) + ) + ), + b(str("sampling-frequency"), + c( + b(str("interval"), + c( + arg + ) + ), + b(str("ratio"), + c( + arg + ) + ) + ) + ) + ) + ) + ) + ), + b(a(str("policy"), arg), + c( + b(str("policy"), + sla_policy_type + ) + ) + ) + ) + ), + b(str("gprs"), + c( + b(str("gtp"), + c( + b(a(str("profile"), arg), + c( + a(str("min-message-length"), arg), + a(str("max-message-length"), arg), + a(str("timeout"), arg), + a(str("rate-limit"), arg), + b(str("log"), + c( + b(str("forwarded"), + (str("basic") | str("detail")) + ), + b(str("state-invalid"), + (str("basic") | str("detail")) + ), + b(str("prohibited"), + (str("basic") | str("detail")) + ), + a(str("gtp-u"), enum(str("all") | str("dropped"))), + b(str("rate-limited"), + c( + c( + str("basic"), + str("detail") + ), + a(str("frequency-number"), arg) + ) + ) + ) + ), + b(str("remove-ie"), + c( + a(str("version"), enum(str("v1")), + c( + a(str("release"), enum(str("R6") | str("R7") | str("R8") | str("R9"))), + b(str("number"), + c( + arg + ) + ) + ) + ) + ) + ), + b(str("path-rate-limit"), + c( + a(str("message-type"), enum(str("create-req") | str("delete-req") | str("echo-req") | str("other")), + c( + b(str("drop-threshold"), + c( + a(str("forward"), arg), + a(str("reverse"), arg) + ) + ), + b(str("alarm-threshold"), + c( + a(str("forward"), arg), + a(str("reverse"), arg) + ) + ) + ) + ) + ) + ), + b(str("drop"), + c( + b(str("aa-create-pdp"), + c( + c( + str("0") + ) + ) + ), + b(str("aa-delete-pdp"), + c( + c( + str("0") + ) + ) + ), + b(str("bearer-resource"), + c( + c( + str("2") + ) + ) + ), + b(str("change-notification"), + c( + c( + str("2") + ) + ) + ), + b(str("config-transfer"), + c( + c( + str("2") + ) + ) + ), + b(str("context"), + c( + c( + str("2") + ) + ) + ), + b(str("create-bearer"), + c( + c( + str("2") + ) + ) + ), + b(str("create-data-forwarding"), + c( + c( + str("2") + ) + ) + ), + b(str("create-pdp"), + c( + c( + str("0"), + str("1"), + str("all") + ) + ) + ), + b(str("create-session"), + c( + c( + str("2") + ) + ) + ), + b(str("create-tnl-forwarding"), + c( + c( + str("2") + ) + ) + ), + b(str("cs-paging"), + c( + c( + str("2") + ) + ) + ), + b(str("data-record"), + c( + c( + str("0"), + str("1"), + str("all") + ) + ) + ), + b(str("delete-bearer"), + c( + c( + str("2") + ) + ) + ), + b(str("delete-command"), + c( + c( + str("2") + ) + ) + ), + b(str("delete-data-forwarding"), + c( + c( + str("2") + ) + ) + ), + b(str("delete-pdn"), + c( + c( + str("2") + ) + ) + ), + b(str("delete-pdp"), + c( + c( + str("0"), + str("1"), + str("all") + ) + ) + ), + b(str("delete-session"), + c( + c( + str("2") + ) + ) + ), + b(str("detach"), + c( + c( + str("2") + ) + ) + ), + b(str("downlink-notification"), + c( + c( + str("2") + ) + ) + ), + b(str("echo"), + c( + c( + str("0"), + str("1"), + str("2"), + str("all") + ) + ) + ), + b(str("error-indication"), + c( + c( + str("0"), + str("1"), + str("all") + ) + ) + ), + b(str("failure-report"), + c( + c( + str("0"), + str("1"), + str("all") + ) + ) + ), + b(str("fwd-access"), + c( + c( + str("2") + ) + ) + ), + b(str("fwd-relocation"), + c( + c( + str("1"), + str("2"), + str("all") + ) + ) + ), + b(str("fwd-srns-context"), + c( + c( + str("1") + ) + ) + ), + b(str("g-pdu"), + c( + c( + str("0"), + str("1"), + str("all") + ) + ) + ), + b(str("identification"), + c( + c( + str("0"), + str("1"), + str("2"), + str("all") + ) + ) + ), + b(str("mbms-session-start"), + c( + c( + str("1"), + str("2"), + str("all") + ) + ) + ), + b(str("mbms-session-stop"), + c( + c( + str("1"), + str("2"), + str("all") + ) + ) + ), + b(str("mbms-session-update"), + c( + c( + str("1"), + str("2"), + str("all") + ) + ) + ), + b(str("modify-bearer"), + c( + c( + str("2") + ) + ) + ), + b(str("modify-command"), + c( + c( + str("2") + ) + ) + ), + b(str("node-alive"), + c( + c( + str("0"), + str("1"), + str("all") + ) + ) + ), + b(str("note-ms-present"), + c( + c( + str("0"), + str("1"), + str("all") + ) + ) + ), + b(str("pdu-notification"), + c( + c( + str("0"), + str("1"), + str("all") + ) + ) + ), + b(str("ran-info"), + c( + c( + str("1"), + str("2"), + str("all") + ) + ) + ), + b(str("redirection"), + c( + c( + str("0"), + str("1"), + str("all") + ) + ) + ), + b(str("release-access"), + c( + c( + str("2") + ) + ) + ), + b(str("relocation-cancel"), + c( + c( + str("1"), + str("2"), + str("all") + ) + ) + ), + b(str("resume"), + c( + c( + str("2") + ) + ) + ), + b(str("send-route"), + c( + c( + str("0"), + str("1"), + str("all") + ) + ) + ), + b(str("sgsn-context"), + c( + c( + str("0"), + str("1"), + str("all") + ) + ) + ), + b(str("stop-paging"), + c( + c( + str("2") + ) + ) + ), + b(str("supported-extension"), + c( + c( + str("1") + ) + ) + ), + b(str("suspend"), + c( + c( + str("2") + ) + ) + ), + b(str("trace-session"), + c( + c( + str("2") + ) + ) + ), + b(str("update-bearer"), + c( + c( + str("2") + ) + ) + ), + b(str("update-pdn"), + c( + c( + str("2") + ) + ) + ), + b(str("update-pdp"), + c( + c( + str("0"), + str("1"), + str("all") + ) + ) + ), + b(str("ver-not-supported"), + c( + c( + str("0"), + str("1"), + str("2"), + str("all") + ) + ) + ) + ) + ), + b(a(str("apn"), arg), + c( + b(a(str("imsi-prefix"), arg), + c( + b(str("action"), + c( + c( + str("pass"), + str("drop"), + b(str("selection"), + c( + str("ms"), + str("net"), + str("vrf") + ) + ) + ) + ) + ) + ) + ) + ) + ), + b(str("restart-path"), + (str("echo") | str("create") | str("all")) + ), + str("seq-number-validated"), + str("gtp-in-gtp-denied"), + str("u-tunnel-validated"), + str("end-user-address-validated"), + a(str("req-timeout"), arg), + str("handover-on-roaming-intf"), + b(str("handover-group"), + c( + arg + ) + ) + ) + ), + b(str("traceoptions"), + c( + str("no-remote-trace"), + b(str("file"), + sca( + a(str("size"), arg), + a(str("files"), arg), + str("world-readable"), + str("no-world-readable"), + b(str("match"), + regular_expression + ) + ) + ).as(:oneline), + a(str("flag"), enum(str("configuration") | str("flow") | str("parser") | str("chassis-cluster") | str("gsn") | str("jmpi") | str("tnl") | str("req") | str("path") | str("all"))).as(:oneline), + b(str("trace-level"), + c( + c( + str("error"), + str("warning"), + str("notice"), + str("info"), + str("verbose") + ) + ) + ) + ) + ), + b(a(str("handover-group"), arg), + c( + b(a(str("address-book"), arg), + c( + b(str("address-set"), + c( + arg + ) + ) + ) + ) + ) + ), + b(str("handover-default"), + c( + str("deny") + ) + ) + ) + ), + b(str("sctp"), + c( + b(a(str("profile"), arg), + c( + str("nat-only"), + a(str("association-timeout"), arg), + a(str("handshake-timeout"), arg), + b(str("drop"), + c( + a(str("m3ua-service"), enum(str("sccp") | str("tup") | str("isup"))).as(:oneline), + a(str("payload-protocol"), enum(str("reserved") | str("iua") | str("m2ua") | str("m3ua") | str("sua") | str("m2pa") | str("v5ua") | str("h248") | str("bicc") | str("tali") | str("dua") | str("asap") | str("enrp") | str("h323") | str("qipc") | str("simco") | str("ddp-segment") | str("ddp-stream") | str("s1ap") | str("x2ap") | str("diameter-sctp") | str("diameter-dtls") | str("all") | arg)).as(:oneline) + ) + ), + b(str("permit"), + c( + a(str("payload-protocol"), enum(str("reserved") | str("iua") | str("m2ua") | str("m3ua") | str("sua") | str("m2pa") | str("v5ua") | str("h248") | str("bicc") | str("tali") | str("dua") | str("asap") | str("enrp") | str("h323") | str("qipc") | str("simco") | str("ddp-segment") | str("ddp-stream") | str("s1ap") | str("x2ap") | str("diameter-sctp") | str("diameter-dtls") | str("all") | arg)).as(:oneline) + ) + ), + b(str("limit"), + c( + a(str("payload-protocol"), enum(str("reserved") | str("iua") | str("m2ua") | str("m3ua") | str("sua") | str("m2pa") | str("v5ua") | str("h248") | str("bicc") | str("tali") | str("dua") | str("asap") | str("enrp") | str("h323") | str("qipc") | str("simco") | str("ddp-segment") | str("ddp-stream") | str("s1ap") | str("x2ap") | str("diameter-sctp") | str("diameter-dtls") | str("others") | arg), + c( + a(str("rate"), arg) + ) + ).as(:oneline), + b(a(str("address"), arg), + c( + a(str("payload-protocol"), enum(str("reserved") | str("iua") | str("m2ua") | str("m3ua") | str("sua") | str("m2pa") | str("v5ua") | str("h248") | str("bicc") | str("tali") | str("dua") | str("asap") | str("enrp") | str("h323") | str("qipc") | str("simco") | str("ddp-segment") | str("ddp-stream") | str("s1ap") | str("x2ap") | str("diameter-sctp") | str("diameter-dtls") | str("others") | arg), + c( + a(str("rate"), arg) + ) + ).as(:oneline) + ) + ), + b(str("rate"), + c( + a(str("sccp"), arg), + a(str("ssp"), arg), + a(str("sst"), arg), + b(a(str("address"), arg), + c( + a(str("sccp"), arg), + a(str("ssp"), arg), + a(str("sst"), arg) + ) + ) + ) + ) + ) + ) + ) + ), + b(str("multichunk-inspection"), + c( + c( + str("disable") + ) + ) + ), + b(str("nullpdu"), + c( + b(str("protocol"), + c( + c( + str("ID-0x0000"), + str("ID-0xFFFF") + ) + ) + ) + ) + ), + a(str("log"), enum(str("configuration") | str("rate-limit") | str("association") | str("data-message-drop") | str("control-message-drop") | str("control-message-all"))).as(:oneline), + b(str("traceoptions"), + c( + str("no-remote-trace"), + b(str("file"), + sca( + a(str("size"), arg), + a(str("files"), arg), + str("world-readable"), + str("no-world-readable"), + b(str("match"), + regular_expression + ) + ) + ).as(:oneline), + a(str("flag"), enum(str("configuration") | str("detail") | str("flow") | str("parser") | str("chassis-cluster") | str("all"))).as(:oneline) + ) + ) + ) + ) + ) + ), + b(str("ngfw"), + c( + b(str("default-profile"), + c( + b(str("ssl-proxy"), + c( + a(str("profile-name"), arg) + ) + ), + b(str("application-traffic-control"), + jsf_application_traffic_control_rule_set_type + ) + ) + ) + ) + ), b(str("macsec"), security_macsec ) ) ), + # End of vSRX 18.3R1.9 + b(str("interfaces"), c( b(a(str("pic-set"), arg), c( a(str("interface"), arg), @@ -94560,7 +96247,3404 @@ pm_rspan_vlan ) ) ) end + + # Ported from vSRX 18.3R1.9 + rule(:alg_object) do + c( + b(str("traceoptions"), + c( + str("no-remote-trace"), + b(str("file"), + sca( + a(str("size"), arg), + a(str("files"), arg), + str("world-readable"), + str("no-world-readable"), + b(str("match"), + regular_expression + ) + ) + ).as(:oneline), + b(str("level"), + (str("brief") | str("detail") | str("extensive") | str("verbose")) + ) + ) + ), + b(str("alg-manager"), + c( + b(str("traceoptions"), + c( + a(str("flag"), enum(str("all")), + c( + c( + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ).as(:oneline), + b(str("alg-support-lib"), + c( + b(str("traceoptions"), + c( + a(str("flag"), enum(str("all")), + c( + c( + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ).as(:oneline), + b(str("dns"), + c( + str("disable"), + a(str("maximum-message-length"), arg), + str("oversize-message-drop"), + b(str("doctoring"), + c( + c( + str("none"), + str("sanity-check") + ) + ) + ), + b(str("traceoptions"), + c( + a(str("flag"), enum(str("all")), + c( + c( + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ), + b(str("ftp"), + c( + str("disable"), + str("ftps-extension"), + str("line-break-extension"), + str("allow-mismatch-ip-address"), + b(str("traceoptions"), + c( + a(str("flag"), enum(str("all")), + c( + c( + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ).as(:oneline), + b(str("h323"), + c( + str("disable"), + a(str("endpoint-registration-timeout"), arg), + str("media-source-port-any"), + b(str("application-screen"), + c( + b(str("unknown-message"), + c( + str("permit-nat-applied"), + str("permit-routed") + ) + ), + b(str("message-flood"), + c( + b(str("gatekeeper"), + c( + a(str("threshold"), arg) + ) + ).as(:oneline) + ) + ) + ) + ), + b(str("dscp-rewrite"), + c( + a(str("code-point"), arg) + ) + ), + b(str("traceoptions"), + c( + a(str("flag"), enum(str("q931") | str("h245") | str("ras") | str("h225-asn1") | str("h245-asn1") | str("ras-asn1") | str("chassis-cluster") | str("all")), + c( + c( + str("terse"), + str("detail"), + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ), + b(str("mgcp"), + c( + str("disable"), + a(str("inactive-media-timeout"), arg), + a(str("transaction-timeout"), arg), + a(str("maximum-call-duration"), arg), + b(str("application-screen"), + c( + b(str("unknown-message"), + c( + str("permit-nat-applied"), + str("permit-routed") + ) + ), + b(str("message-flood"), + c( + a(str("threshold"), arg) + ) + ).as(:oneline), + b(str("connection-flood"), + c( + a(str("threshold"), arg) + ) + ).as(:oneline) + ) + ), + b(str("dscp-rewrite"), + c( + a(str("code-point"), arg) + ) + ), + b(str("traceoptions"), + c( + a(str("flag"), enum(str("call") | str("decode") | str("error") | str("chassis-cluster") | str("nat") | str("packet") | str("rm") | str("all")), + c( + c( + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ), + b(str("msrpc"), + c( + str("disable"), + a(str("group-max-usage"), arg), + a(str("map-entry-timeout"), arg), + b(str("traceoptions"), + c( + a(str("flag"), enum(str("all")), + c( + c( + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ).as(:oneline), + b(str("sunrpc"), + c( + str("disable"), + a(str("group-max-usage"), arg), + a(str("map-entry-timeout"), arg), + b(str("traceoptions"), + c( + a(str("flag"), enum(str("all")), + c( + c( + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ).as(:oneline), + b(str("rsh"), + c( + str("disable"), + b(str("traceoptions"), + c( + a(str("flag"), enum(str("all")), + c( + c( + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ), + b(str("rtsp"), + c( + str("disable"), + b(str("traceoptions"), + c( + a(str("flag"), enum(str("all")), + c( + c( + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ).as(:oneline), + b(str("sccp"), + c( + str("disable"), + a(str("inactive-media-timeout"), arg), + b(str("application-screen"), + c( + b(str("unknown-message"), + c( + str("permit-nat-applied"), + str("permit-routed") + ) + ), + b(str("call-flood"), + c( + a(str("threshold"), arg) + ) + ).as(:oneline) + ) + ), + b(str("dscp-rewrite"), + c( + a(str("code-point"), arg) + ) + ), + b(str("traceoptions"), + c( + a(str("flag"), enum(str("call") | str("cli") | str("decode") | str("error") | str("chassis-cluster") | str("init") | str("nat") | str("rm") | str("all")), + c( + c( + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ), + b(str("sip"), + c( + str("disable"), + a(str("inactive-media-timeout"), arg), + a(str("maximum-call-duration"), arg), + a(str("t1-interval"), arg), + a(str("t4-interval"), arg), + a(str("c-timeout"), arg), + str("disable-call-id-hiding"), + str("retain-hold-resource"), + b(str("hide-via-headers"), + c( + str("disable") + ) + ), + str("distribution-ip"), + b(str("application-screen"), + c( + b(str("unknown-message"), + c( + str("permit-nat-applied"), + str("permit-routed") + ) + ), + b(str("protect"), + c( + b(str("deny"), + c( + c( + a(str("destination-ip"), arg), + str("all") + ), + a(str("timeout"), arg) + ) + ) + ) + ) + ) + ), + b(str("dscp-rewrite"), + c( + a(str("code-point"), arg) + ) + ), + b(str("traceoptions"), + c( + a(str("flag"), enum(str("call") | str("chassis-cluster") | str("nat") | str("parser") | str("rm") | str("all")), + c( + c( + str("terse"), + str("detail"), + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ), + b(str("sql"), + c( + str("disable"), + b(str("traceoptions"), + c( + a(str("flag"), enum(str("all")), + c( + c( + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ).as(:oneline), + b(str("talk"), + c( + str("disable"), + b(str("traceoptions"), + c( + a(str("flag"), enum(str("all")), + c( + c( + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ).as(:oneline), + b(str("tftp"), + c( + str("disable"), + b(str("traceoptions"), + c( + a(str("flag"), enum(str("all")), + c( + c( + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ).as(:oneline), + b(str("pptp"), + c( + str("disable"), + b(str("traceoptions"), + c( + a(str("flag"), enum(str("all")), + c( + c( + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ).as(:oneline), + b(str("ike-esp-nat"), + c( + str("enable"), + a(str("esp-gate-timeout"), arg), + a(str("esp-session-timeout"), arg), + a(str("state-timeout"), arg), + b(str("traceoptions"), + c( + a(str("flag"), enum(str("all")), + c( + c( + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ), + b(str("twamp"), + c( + b(str("traceoptions"), + c( + a(str("flag"), enum(str("all")), + c( + c( + str("extensive") + ) + ) + ).as(:oneline) + ) + ) + ) + ) + ) + end + + rule(:anti_spam_feature) do + c( + b(str("sbl"), + sbl_type + ) + ) + end + + rule(:anti_virus_feature) do + c( + b(str("sophos-engine"), + c( + b(a(str("profile"), arg), + c( + b(str("fallback-options"), + sophos_fallback_settings + ), + b(str("scan-options"), + sophos_scan_options + ), + b(str("trickling"), + anti_virus_trickling + ), + b(str("notification-options"), + anti_virus_notification_options + ), + b(str("mime-whitelist"), + c( + a(str("list"), arg), + a(str("exception"), arg) + ) + ), + a(str("url-whitelist"), arg) + ) + ) + ) + ) + ) + end + + rule(:anti_virus_notification_options) do + c( + b(str("virus-detection"), + c( + b(str("type"), + (str("protocol-only") | str("message")) + ), + str("notify-mail-sender"), + str("no-notify-mail-sender"), + a(str("custom-message"), arg), + a(str("custom-message-subject"), arg) + ) + ), + b(str("fallback-block"), + c( + b(str("type"), + (str("protocol-only") | str("message")) + ), + str("notify-mail-sender"), + str("no-notify-mail-sender"), + a(str("custom-message"), arg), + a(str("custom-message-subject"), arg) + ) + ), + b(str("fallback-non-block"), + c( + str("notify-mail-recipient"), + str("no-notify-mail-recipient"), + a(str("custom-message"), arg), + a(str("custom-message-subject"), arg) + ) + ) + ) + end + + rule(:anti_virus_trickling) do + c( + a(str("timeout"), arg) + ).as(:oneline) + end + + rule(:apbr_rule_type) do + b(arg.as(:arg), + c( + b(str("match"), + c( + b(str("dynamic-application"), + (str("junos:UNKNOWN") | arg) + ), + b(str("dynamic-application-group"), + (str("junos:unassigned") | arg) + ), + b(str("category"), + (arg | arg) + ) + ) + ), + b(str("then"), + c( + b(str("routing-instance"), + c( + arg + ) + ).as(:oneline), + b(str("sla-rule"), + c( + arg + ) + ) + ) + ) + ) + ) + end + + rule(:appfw_rule_type) do + b(arg.as(:arg), + c( + b(str("match"), + c( + b(str("dynamic-application"), + (str("junos:UNKNOWN") | arg) + ), + b(str("dynamic-application-group"), + (str("junos:unassigned") | arg) + ), + b(str("ssl-encryption"), + (str("any") | str("yes") | str("no")) + ) + ) + ), + b(str("then"), + c( + c( + str("permit"), + b(str("deny"), + c( + str("block-message") + ) + ), + b(str("reject"), + c( + str("block-message") + ) + ) + ) + ) + ) + ) + ) + end + + rule(:appqoe_probe_params) do + c( + b(str("data-fill"), + c( + arg + ) + ), + b(str("data-size"), + c( + arg + ) + ), + b(str("probe-interval"), + c( + arg + ) + ), + b(str("probe-count"), + c( + arg + ) + ), + b(str("burst-size"), + c( + arg + ) + ), + b(str("sla-export-interval"), + c( + arg + ) + ), + b(str("dscp-code-points"), + c( + arg + ) + ) + ) + end + + rule(:appqoe_probe_path) do + c( + b(str("local"), + appqoe_node + ), + b(str("remote"), + appqoe_node + ) + ) + end + + rule(:appqoe_node) do + c( + b(str("ip-address"), + c( + ipv4addr + ) + ) + ) + end + + rule(:appqoe_sla_metric_profile) do + c( + b(str("delay-round-trip"), + c( + arg + ) + ), + b(str("jitter"), + c( + arg + ) + ), + b(str("jitter-type"), + c( + c( + str("two-way-jitter"), + str("egress-jitter"), + str("ingress-jitter") + ) + ) + ), + b(str("packet-loss"), + c( + arg + ) + ), + b(str("match"), + c( + c( + str("any-one"), + str("all") + ) + ) + ) + ) + end + + rule(:authentication_source_type) do + b((str("local-authentication-table") | str("unified-access-control") | str("firewall-authentication") | str("active-directory-authentication-table") | str("aruba-clearpass")).as(:arg), + c( + c( + a(str("priority"), arg) + ) + ) + ) + end + + rule(:category_list_type) do + b(arg.as(:arg), + c( + a(str("value"), arg) + ) + ) + end + + rule(:command_list_type) do + b(arg.as(:arg), + c( + a(str("value"), arg) + ) + ) + end + + rule(:content_filtering_feature) do + c( + b(a(str("profile"), arg), + c( + a(str("permit-command"), arg), + a(str("block-command"), arg), + a(str("block-extension"), arg), + b(str("block-mime"), + c( + a(str("list"), arg), + a(str("exception"), arg) + ) + ), + b(str("block-content-type"), + c( + str("activex"), + str("java-applet"), + str("exe"), + str("zip"), + str("http-cookie") + ) + ), + b(str("notification-options"), + c( + b(str("type"), + (str("protocol-only") | str("message")) + ), + str("notify-mail-sender"), + str("no-notify-mail-sender"), + a(str("custom-message"), arg) + ) + ) + ) + ) + ) + end + + rule(:custom_message_type) do + b(arg.as(:arg), + c( + b(str("type"), + (str("redirect-url") | str("user-message")) + ), + a(str("content"), arg) + ) + ) + end + + rule(:default_anti_spam_feature) do + c( + b(str("type"), + (str("sbl") | str("anti-spam-none")) + ), + a(str("address-whitelist"), arg), + a(str("address-blacklist"), arg), + b(str("traceoptions"), + anti_spam_traceoptions + ), + b(str("sbl"), + default_sbl_type + ) + ) + end + + rule(:anti_spam_traceoptions) do + c( + a(str("flag"), enum(str("manager") | str("sbl") | str("all"))).as(:oneline) + ) + end + + rule(:default_anti_virus_feature) do + c( + b(str("mime-whitelist"), + c( + a(str("list"), arg), + a(str("exception"), arg) + ) + ), + a(str("url-whitelist"), arg), + b(str("type"), + (str("sophos-engine") | str("anti-virus-none")) + ), + b(str("traceoptions"), + anti_virus_traceoptions + ), + b(str("sophos-engine"), + c( + b(str("server"), + c( + ipaddr, + a(str("routing-instance"), arg) + ) + ), + a(str("sxl-timeout"), arg), + a(str("sxl-retry"), arg), + b(str("pattern-update"), + anti_virus_pattern_update + ), + b(str("fallback-options"), + sophos_fallback_settings + ), + b(str("scan-options"), + default_sophos_scan_options + ), + b(str("trickling"), + anti_virus_trickling + ), + b(str("notification-options"), + anti_virus_notification_options + ) + ) + ) + ) + end + + rule(:anti_virus_pattern_update) do + c( + b(str("email-notify"), + c( + a(str("admin-email"), arg), + a(str("custom-message"), arg), + a(str("custom-message-subject"), arg) + ) + ), + a(str("url"), arg), + a(str("proxy-profile"), arg), + a(str("routing-instance"), arg), + a(str("interval"), arg), + str("no-autoupdate") + ) + end + + rule(:anti_virus_traceoptions) do + c( + a(str("flag"), enum(str("basic") | str("detail") | str("engine") | str("pattern") | str("updater") | str("manager") | str("worker") | str("sendmail") | str("ipc") | str("event") | str("statistics") | str("all"))).as(:oneline) + ) + end + + rule(:default_content_filtering_feature) do + c( + b(str("type"), + (str("local") | str("content-filtering-none")) + ), + b(str("traceoptions"), + content_filtering_traceoptions + ), + a(str("permit-command"), arg), + a(str("block-command"), arg), + a(str("block-extension"), arg), + b(str("block-mime"), + c( + a(str("list"), arg), + a(str("exception"), arg) + ) + ), + b(str("block-content-type"), + c( + str("activex"), + str("java-applet"), + str("exe"), + str("zip"), + str("http-cookie") + ) + ), + b(str("notification-options"), + c( + b(str("type"), + (str("protocol-only") | str("message")) + ), + str("notify-mail-sender"), + str("no-notify-mail-sender"), + a(str("custom-message"), arg) + ) + ) + ) + end + + rule(:content_filtering_traceoptions) do + c( + a(str("flag"), enum(str("basic") | str("detail") | str("all"))).as(:oneline) + ) + end + + rule(:default_sbl_type) do + c( + str("sbl-default-server"), + str("no-sbl-default-server"), + b(str("spam-action"), + (str("block") | str("tag-header") | str("tag-subject")) + ), + a(str("custom-tag-string"), arg) + ) + end + + rule(:default_sophos_scan_options) do + c( + str("uri-check"), + str("no-uri-check"), + a(str("content-size-limit"), arg), + a(str("timeout"), arg) + ) + end + + rule(:default_webfilter_feature) do + c( + a(str("url-whitelist"), arg), + a(str("url-blacklist"), arg), + str("http-reassemble"), + str("http-persist"), + b(str("type"), + (str("websense-redirect") | str("juniper-local") | str("juniper-enhanced") | str("web-filtering-none")) + ), + b(str("traceoptions"), + web_filtering_traceoptions + ), + b(str("websense-redirect"), + default_websense_type + ), + b(str("juniper-local"), + default_juniper_local_type + ), + b(str("juniper-enhanced"), + default_juniper_enhanced_type + ) + ) + end + + rule(:default_juniper_enhanced_type) do + c( + b(str("cache"), + c( + a(str("timeout"), arg), + a(str("size"), arg) + ) + ), + b(str("server"), + juniper_enhanced_server + ), + b(str("reputation"), + c( + a(str("reputation-very-safe"), arg), + a(str("reputation-moderately-safe"), arg), + a(str("reputation-fairly-safe"), arg), + a(str("reputation-suspicious"), arg) + ) + ), + a(str("base-filter"), arg), + b(str("category"), + juniper_enhanced_category_type + ), + b(str("site-reputation-action"), + juniper_enhanced_site_reputation_setting + ), + b(str("default"), + (str("permit") | str("block") | str("log-and-permit") | str("quarantine")) + ), + a(str("custom-block-message"), arg), + a(str("quarantine-custom-message"), arg), + b(str("fallback-settings"), + web_filtering_fallback_setting + ), + a(str("timeout"), arg), + str("no-safe-search"), + b(str("block-message"), + web_filtering_block_message + ), + b(str("quarantine-message"), + web_filtering_quarantine_message + ) + ) + end + + rule(:default_juniper_local_type) do + c( + b(str("default"), + (str("permit") | str("block") | str("log-and-permit")) + ), + b(str("category"), + custom_category_type + ), + a(str("custom-block-message"), arg), + a(str("quarantine-custom-message"), arg), + b(str("block-message"), + web_filtering_block_message + ), + b(str("quarantine-message"), + web_filtering_quarantine_message + ), + b(str("fallback-settings"), + web_filtering_fallback_setting + ), + a(str("timeout"), arg) + ) + end + + rule(:custom_category_type) do + b(arg.as(:arg), + c( + b(str("action"), + (str("permit") | str("log-and-permit") | str("block") | str("quarantine")) + ), + a(str("custom-message"), arg) + ) + ) + end + + rule(:default_websense_type) do + c( + b(str("server"), + server + ), + b(str("category"), + custom_category_type + ), + a(str("custom-block-message"), arg), + a(str("quarantine-custom-message"), arg), + b(str("block-message"), + web_filtering_block_message + ), + b(str("quarantine-message"), + web_filtering_quarantine_message + ), + b(str("fallback-settings"), + web_filtering_fallback_setting + ), + a(str("timeout"), arg), + a(str("sockets"), arg), + a(str("account"), arg) + ) + end + + rule(:e2e_action_profile) do + b(arg.as(:arg), + c( + str("preserve-trace-order"), + str("record-pic-history"), + b(str("event"), + e2e_event + ), + b(str("module"), + e2e_module + ) + ) + ) + end + + rule(:e2e_event) do + b((str("np-ingress") | str("np-egress") | str("mac-ingress") | str("mac-egress") | str("lbt") | str("pot") | str("jexec") | str("lt-enter") | str("lt-leave")).as(:arg), + c( + str("trace"), + str("count"), + str("packet-summary"), + str("packet-dump") + ) + ) + end + + rule(:e2e_module) do + b((str("flow")).as(:arg), + c( + a(str("flag"), enum(str("all"))).as(:oneline) + ) + ) + end + + rule(:end_to_end_debug_filter) do + b(arg.as(:arg), + c( + b(str("action-profile"), + (str("default") | arg) + ), + b(str("protocol"), + (str("icmp6") | str("icmpv6") | str("igmp") | str("ipip") | str("tcp") | str("egp") | str("udp") | str("rsvp") | str("gre") | str("esp") | str("ah") | str("icmp") | str("ospf") | str("pim") | str("sctp") | arg) + ), + b(str("source-prefix"), + ipprefix + ), + b(str("destination-prefix"), + ipprefix + ), + b(str("source-port"), + (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg) + ), + b(str("destination-port"), + (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg) + ), + b(str("interface"), + interface_name + ) + ) + ) + end + + rule(:extension_list_type) do + b(arg.as(:arg), + c( + a(str("value"), arg) + ) + ) + end + + rule(:flow_filter_type) do + b(arg.as(:arg), + c( + b(str("protocol"), + (str("icmp6") | str("icmpv6") | str("igmp") | str("ipip") | str("tcp") | str("egp") | str("udp") | str("rsvp") | str("gre") | str("esp") | str("ah") | str("icmp") | str("ospf") | str("pim") | str("sctp") | arg) + ), + b(str("source-prefix"), + ipprefix + ), + b(str("destination-prefix"), + ipprefix + ), + a(str("conn-tag"), arg), + a(str("logical-system"), arg), + b(str("source-port"), + (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg) + ), + b(str("destination-port"), + (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg) + ), + b(str("interface"), + interface_name + ) + ) + ) + end + + rule(:host_object) do + c( + ipaddr, + a(str("port"), arg), + a(str("routing-instance"), arg) + ) + end + + rule(:ids_option_type) do + b(arg.as(:arg), + c( + a(str("description"), quote | arg), + str("alarm-without-drop"), + b(str("match-direction"), + (str("input") | str("output") | str("input-output")) + ), + b(str("icmp"), + c( + b(str("ip-sweep"), + c( + a(str("threshold"), arg) + ) + ).as(:oneline), + str("fragment"), + str("large"), + b(str("flood"), + c( + a(str("threshold"), arg) + ) + ).as(:oneline), + str("ping-death"), + str("icmpv6-malformed") + ) + ), + b(str("ip"), + c( + str("bad-option"), + str("record-route-option"), + str("timestamp-option"), + str("security-option"), + str("stream-option"), + str("spoofing"), + str("source-route-option"), + str("loose-source-route-option"), + str("strict-source-route-option"), + str("unknown-protocol"), + str("block-frag"), + str("tear-drop"), + b(str("ipv6-extension-header"), + c( + b(str("hop-by-hop-header"), + c( + str("jumbo-payload-option"), + str("router-alert-option"), + str("quick-start-option"), + str("CALIPSO-option"), + str("SMF-DPD-option"), + str("RPL-option"), + b(a(str("user-defined-option-type"), arg), + c( + b(str("to"), + c( + arg + ) + ) + ) + ).as(:oneline) + ) + ), + str("routing-header"), + str("fragment-header"), + str("ESP-header"), + str("AH-header"), + str("no-next-header"), + b(str("destination-header"), + c( + str("tunnel-encapsulation-limit-option"), + str("home-address-option"), + str("ILNP-nonce-option"), + str("line-identification-option"), + b(a(str("user-defined-option-type"), arg), + c( + b(str("to"), + c( + arg + ) + ) + ) + ).as(:oneline) + ) + ), + str("shim6-header"), + str("mobility-header"), + str("HIP-header"), + b(a(str("user-defined-header-type"), arg), + c( + b(str("to"), + c( + arg + ) + ) + ) + ).as(:oneline) + ) + ), + a(str("ipv6-extension-header-limit"), arg), + str("ipv6-malformed-header"), + b(str("tunnel"), + c( + str("bad-inner-header"), + b(str("gre"), + c( + str("gre-6in4"), + str("gre-4in6"), + str("gre-6in6"), + str("gre-4in4") + ) + ), + b(str("ip-in-udp"), + c( + str("teredo") + ) + ), + b(str("ipip"), + c( + str("ipip-6to4relay"), + str("ipip-6in4"), + str("ipip-4in6"), + str("ipip-4in4"), + str("ipip-6in6"), + str("ipip-6over4"), + str("isatap"), + str("dslite") + ) + ) + ) + ) + ) + ), + b(str("tcp"), + c( + str("syn-fin"), + str("fin-no-ack"), + str("tcp-no-flag"), + str("syn-frag"), + b(str("port-scan"), + c( + a(str("threshold"), arg) + ) + ).as(:oneline), + b(str("syn-ack-ack-proxy"), + c( + a(str("threshold"), arg) + ) + ).as(:oneline), + b(str("syn-flood"), + c( + a(str("alarm-threshold"), arg), + a(str("attack-threshold"), arg), + a(str("source-threshold"), arg), + a(str("destination-threshold"), arg), + a(str("queue-size"), arg), + a(str("timeout"), arg), + b(a(str("white-list"), arg), + c( + b(str("source-address"), + ipprefix + ), + b(str("destination-address"), + ipprefix + ) + ) + ) + ) + ), + str("land"), + str("winnuke"), + b(str("tcp-sweep"), + c( + a(str("threshold"), arg) + ) + ).as(:oneline) + ) + ), + b(str("udp"), + c( + b(str("flood"), + c( + a(str("threshold"), arg), + a(str("white-list"), arg) + ) + ), + b(str("udp-sweep"), + c( + a(str("threshold"), arg) + ) + ).as(:oneline), + b(str("port-scan"), + c( + a(str("threshold"), arg) + ) + ).as(:oneline) + ) + ), + b(str("limit-session"), + c( + a(str("source-ip-based"), arg), + a(str("destination-ip-based"), arg), + b(str("by-source"), + c( + a(str("maximum-sessions"), arg), + a(str("packet-rate"), arg), + a(str("session-rate"), arg), + b(str("by-protocol"), + by_protocol_object_type + ) + ) + ), + b(str("by-destination"), + c( + a(str("maximum-sessions"), arg), + a(str("packet-rate"), arg), + a(str("session-rate"), arg), + b(str("by-protocol"), + by_protocol_object_type + ) + ) + ) + ) + ) + ) + ) + end + + rule(:by_protocol_object_type) do + c( + b(str("tcp"), + c( + a(str("maximum-sessions"), arg), + a(str("packet-rate"), arg), + a(str("session-rate"), arg) + ) + ), + b(str("udp"), + c( + a(str("maximum-sessions"), arg), + a(str("packet-rate"), arg), + a(str("session-rate"), arg) + ) + ), + b(str("icmp"), + c( + a(str("maximum-sessions"), arg), + a(str("packet-rate"), arg), + a(str("session-rate"), arg) + ) + ) + ) + end + + rule(:ids_wlist_type) do + b(arg.as(:arg), + c( + b(str("address"), + ipprefix + ) + ) + ) + end + + rule(:jsf_application_traffic_control_rule_set_type) do + c( + a(str("rule-set"), arg) + ) + end + + rule(:juniper_enhanced_category_type) do + b(arg.as(:arg), + c( + b(str("action"), + (str("permit") | str("log-and-permit") | str("block") | str("quarantine")) + ), + a(str("custom-message"), arg) + ) + ) + end + + rule(:juniper_enhanced_server) do + c( + a(str("host"), arg), + a(str("port"), arg), + a(str("proxy-profile"), arg), + a(str("routing-instance"), arg) + ) + end + + rule(:juniper_enhanced_site_reputation_setting) do + c( + b(str("very-safe"), + (str("permit") | str("log-and-permit") | str("block") | str("quarantine")) + ), + b(str("moderately-safe"), + (str("permit") | str("log-and-permit") | str("block") | str("quarantine")) + ), + b(str("fairly-safe"), + (str("permit") | str("log-and-permit") | str("block") | str("quarantine")) + ), + b(str("suspicious"), + (str("permit") | str("log-and-permit") | str("block") | str("quarantine")) + ), + b(str("harmful"), + (str("permit") | str("log-and-permit") | str("block") | str("quarantine")) + ) + ) + end + + rule(:logical_system_type) do + b(arg.as(:arg), + c( + a(str("max-sessions"), arg) + ) + ) + end + + rule(:mime_list_type) do + b(arg.as(:arg), + c( + a(str("value"), arg) + ) + ) + end + + rule(:mirror_filter_type) do + b(arg.as(:arg), + c( + b(str("protocol"), + (str("icmp6") | str("icmpv6") | str("igmp") | str("ipip") | str("tcp") | str("egp") | str("udp") | str("rsvp") | str("gre") | str("esp") | str("ah") | str("icmp") | str("ospf") | str("pim") | str("sctp") | arg) + ), + b(str("source-prefix"), + ipprefix + ), + b(str("destination-prefix"), + ipprefix + ), + b(str("source-port"), + (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg) + ), + b(str("destination-port"), + (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg) + ), + b(str("interface-in"), + interface_name + ), + b(str("interface-out"), + interface_name + ), + b(str("output"), + c( + b(str("interface"), + interface_name + ), + a(str("destination-mac"), arg) + ) + ) + ) + ) + end + + rule(:named_address_book_type) do + b((str("global") | arg).as(:arg), + c( + a(str("description"), quote | arg), + b(str("address"), + address_type + ), + b(str("address-set"), + address_set_type + ), + b(str("attach"), + c( + a(str("zone"), arg) + ) + ) + ) + ) + end + + rule(:address_set_type) do + b(arg.as(:arg), + c( + a(str("description"), quote | arg), + a(str("address"), arg), + a(str("address-set"), arg) + ) + ) + end + + rule(:address_type) do + b(arg.as(:arg), + c( + a(str("description"), quote | arg), + c( + ipprefix, + b(str("dns-name"), + dns_name_type + ), + b(str("wildcard-address"), + wildcard_address_type + ), + b(str("range-address"), + range_address_type + ) + ) + ) + ) + end + + rule(:dns_name_type) do + b(arg.as(:arg), + c( + str("ipv4-only"), + str("ipv6-only") + ) + ) + end + + rule(:nat_object) do + c( + b(str("source"), + ssg_source_nat_object + ), + b(str("destination"), + ssg_destination_nat_object + ), + b(str("static"), + ssg_static_nat_object + ), + b(str("proxy-arp"), + ssg_proxy_arp_object + ), + b(str("proxy-ndp"), + ssg_proxy_ndp_object + ), + b(str("natv6v4"), + c( + str("no-v6-frag-header") + ) + ), + str("allow-overlapping-pools"), + b(str("traceoptions"), + c( + str("no-remote-trace"), + b(str("file"), + sca( + a(str("size"), arg), + a(str("files"), arg), + str("world-readable"), + str("no-world-readable"), + b(str("match"), + regular_expression + ) + ) + ).as(:oneline), + a(str("flag"), enum(str("configuration") | str("flow") | str("routing-socket") | str("routing-protocol") | str("all") | str("source-nat-re") | str("source-nat-rt") | str("source-nat-pfe") | str("destination-nat-re") | str("destination-nat-rt") | str("destination-nat-pfe") | str("static-nat-re") | str("static-nat-rt") | str("static-nat-pfe") | str("nat-svc-set-re")), + c( + str("syslog") + ) + ).as(:oneline) + ) + ), + b(str("pool"), + nat_pool_object + ), + str("ipv6-multicast-interfaces"), + str("allow-overlapping-nat-pools"), + b(str("rule"), + nat_rule_object + ), + b(str("port-forwarding"), + pf_mapping + ), + str("rule-set") + ) + end + + rule(:policy_object_type) do + c( + b(str("traceoptions"), + c( + str("no-remote-trace"), + b(str("file"), + sca( + a(str("size"), arg), + a(str("files"), arg), + str("world-readable"), + str("no-world-readable"), + b(str("match"), + regular_expression + ) + ) + ).as(:oneline), + a(str("flag"), enum(str("configuration") | str("routing-socket") | str("compilation") | str("ipc") | str("rules") | str("lookup") | str("all"))).as(:oneline) + ) + ), + b(str("policy"), + s( + arg, + a(str("to-zone-name"), arg), + c( + b(str("policy"), + policy_type + ) + ) + ) + ), + b(str("global"), + c( + b(str("policy"), + policy_type + ) + ) + ), + b(str("default-policy"), + c( + c( + str("permit-all"), + str("deny-all") + ) + ) + ), + b(str("policy-rematch"), + c( + str("extensive") + ) + ).as(:oneline), + b(str("policy-stats"), + c( + b(str("system-wide"), + (str("enable") | str("disable")) + ) + ) + ), + b(str("pre-id-default-policy"), + c( + b(str("then"), + c( + b(str("log"), + log_type + ), + b(str("session-timeout"), + session_timeout_type + ) + ) + ) + ) + ), + b(a(str("stateful-firewall-rule"), arg), + c( + b(str("match-direction"), + (str("input") | str("output") | str("input-output")) + ), + b(str("policy"), + policy_type + ) + ) + ), + b(a(str("stateful-firewall-rule-set"), arg), + c( + a(str("stateful-firewall-rule"), arg) + ) + ) + ) + end + + rule(:log_type) do + c( + str("session-init"), + str("session-close") + ) + end + + rule(:policy_type) do + b(arg.as(:arg), + c( + a(str("description"), quote | arg), + b(str("match"), + c( + c( + b(str("source-address"), + (str("any") | str("any-ipv4") | str("any-ipv6") | arg) + ) + ), + c( + b(str("destination-address"), + (str("any") | str("any-ipv4") | str("any-ipv6") | arg) + ) + ), + str("source-address-excluded"), + str("destination-address-excluded"), + c( + b(str("application"), + (str("junos-defaults") | arg) + ) + ), + c( + b(str("source-identity"), + (str("any") | str("authenticated-user") | str("unauthenticated-user") | str("unknown-user") | arg) + ) + ), + c( + b(str("source-end-user-profile"), + match_source_end_user_profile_value + ) + ), + c( + b(str("dynamic-application"), + (str("junos:UNKNOWN") | str("junos:unassigned") | str("any") | str("none") | arg) + ) + ), + c( + b(str("from-zone"), + (str("any") | arg) + ) + ), + c( + b(str("to-zone"), + (str("any") | arg) + ) + ) + ) + ), + b(str("then"), + c( + c( + str("deny"), + b(str("reject"), + c( + a(str("profile"), arg), + b(str("ssl-proxy"), + c( + a(str("profile-name"), arg) + ) + ) + ) + ), + b(str("permit"), + c( + b(str("tunnel"), + tunnel_type + ), + b(str("firewall-authentication"), + firewall_authentication_type + ), + b(str("destination-address"), + destination_nat_enable_type + ), + b(str("application-services"), + application_services_type + ), + b(str("tcp-options"), + c( + str("syn-check-required"), + str("sequence-check-required"), + a(str("initial-tcp-mss"), arg), + a(str("reverse-tcp-mss"), arg), + str("window-scale") + ) + ), + str("services-offload") + ) + ) + ), + b(str("log"), + log_type + ), + b(str("count"), + count_type + ) + ) + ), + a(str("scheduler-name"), arg) + ) + ) + end + + rule(:application_services_type) do + c( + a(str("gprs-gtp-profile"), arg), + a(str("gprs-sctp-profile"), arg), + str("idp"), + a(str("idp-policy"), arg), + b(str("ssl-proxy"), + c( + a(str("profile-name"), arg) + ) + ), + b(str("uac-policy"), + c( + a(str("captive-portal"), arg) + ) + ), + a(str("utm-policy"), arg), + a(str("icap-redirect"), arg), + b(str("application-firewall"), + jsf_service_rule_set_type + ), + b(str("application-traffic-control"), + jsf_application_traffic_control_rule_set_type + ), + c( + str("redirect-wx"), + str("reverse-redirect-wx") + ), + a(str("security-intelligence-policy"), arg), + a(str("advanced-anti-malware-policy"), arg) + ) + end + + rule(:count_type) do + + end + + rule(:destination_nat_enable_type) do + c( + c( + str("drop-translated"), + str("drop-untranslated") + ) + ) + end + + rule(:firewall_authentication_type) do + c( + c( + b(str("pass-through"), + c( + a(str("access-profile"), arg), + a(str("client-match"), arg), + str("web-redirect"), + str("web-redirect-to-https"), + a(str("ssl-termination-profile"), arg), + str("auth-only-browser"), + a(str("auth-user-agent"), arg) + ) + ), + b(str("web-authentication"), + c( + a(str("client-match"), arg) + ) + ), + b(str("user-firewall"), + c( + a(str("access-profile"), arg), + str("web-redirect"), + str("web-redirect-to-https"), + a(str("ssl-termination-profile"), arg), + str("auth-only-browser"), + a(str("auth-user-agent"), arg), + a(str("domain"), arg) + ) + ) + ), + str("push-to-identity-management") + ) + end + + rule(:jsf_service_rule_set_type) do + c( + a(str("rule-set"), arg) + ) + end + + rule(:match_source_end_user_profile_value) do + c( + arg + ) + end + + rule(:profile_setting) do + b(arg.as(:arg), + c( + b(str("anti-virus"), + c( + a(str("http-profile"), arg), + b(str("ftp"), + c( + a(str("upload-profile"), arg), + a(str("download-profile"), arg) + ) + ), + a(str("smtp-profile"), arg), + a(str("pop3-profile"), arg), + a(str("imap-profile"), arg) + ) + ), + b(str("content-filtering"), + c( + a(str("http-profile"), arg), + b(str("ftp"), + c( + a(str("upload-profile"), arg), + a(str("download-profile"), arg) + ) + ), + a(str("smtp-profile"), arg), + a(str("pop3-profile"), arg), + a(str("imap-profile"), arg) + ) + ), + b(str("web-filtering"), + c( + a(str("http-profile"), arg) + ) + ), + b(str("anti-spam"), + c( + a(str("smtp-profile"), arg) + ) + ), + b(str("traffic-options"), + c( + b(str("sessions-per-client"), + c( + a(str("limit"), arg), + b(str("over-limit"), + (str("log-and-permit") | str("block")) + ) + ) + ) + ) + ) + ) + ) + end + + rule(:ragw_traceoptions) do + c( + str("no-remote-trace"), + b(str("file"), + sca( + a(str("size"), arg), + a(str("files"), arg), + str("world-readable"), + str("no-world-readable"), + b(str("match"), + regular_expression + ) + ) + ).as(:oneline), + b(str("level"), + (str("brief") | str("detail") | str("extensive") | str("verbose")) + ), + a(str("flag"), enum(str("configuration") | str("tunnel") | str("session") | str("all"))).as(:oneline) + ) + end + + rule(:range_address_type) do + b(arg.as(:arg), + c( + b(str("to"), + c( + ipv4addr + ) + ) + ) + ) + end + + rule(:sbl_type) do + c( + b(a(str("profile"), arg), + c( + str("sbl-default-server"), + str("no-sbl-default-server"), + b(str("spam-action"), + (str("block") | str("tag-header") | str("tag-subject")) + ), + a(str("custom-tag-string"), arg), + a(str("address-whitelist"), arg), + a(str("address-blacklist"), arg) + ) + ) + ) + end + + rule(:secure_wire_type) do + b(arg.as(:arg), + c( + b(str("interface"), + interface_unit + ) + ) + ) + end + + rule(:security_ipsec_policies) do + c( + b(str("from-zone"), + security_ipsec_policy + ) + ) + end + + rule(:security_ipsec_policy) do + s( + arg, + a(str("to-zone"), arg), + c( + a(str("ipsec-group-vpn"), arg) + ) + ) + end + + rule(:security_ipsec_vpn) do + c( + b(str("internal"), + c( + b(str("security-association"), + ipsec_internal_sa + ) + ) + ), + b(str("traceoptions"), + ipsec_traceoptions + ), + b(str("vpn-monitor-options"), + ipsec_vpn_monitor + ), + b(str("proposal"), + ipsec_proposal + ), + b(str("policy"), + ipsec_policy + ), + b(str("vpn"), + ipsec_vpn_template + ), + b(str("security-association"), + ipsec_sa + ) + ) + end + + rule(:ipsec_traceoptions) do + c( + a(str("flag"), enum(str("packet-processing") | str("packet-drops") | str("security-associations") | str("next-hop-tunnel-binding") | str("all"))).as(:oneline) + ) + end + + rule(:ipsec_vpn_monitor) do + c( + a(str("interval"), arg), + a(str("threshold"), arg) + ) + end + + rule(:ipsec_vpn_template) do + b(arg.as(:arg), + c( + b(str("bind-interface"), + interface_name + ), + b(str("df-bit"), + (str("clear") | str("set") | str("copy")) + ), + b(str("multi-sa"), + c( + c( + a(str("forwarding-class"), arg) + ) + ) + ), + str("copy-outer-dscp"), + b(str("vpn-monitor"), + ipsec_template_monitor + ), + c( + b(str("manual"), + c( + b(str("gateway"), + hostname + ), + b(str("external-interface"), + interface_unit + ), + b(str("protocol"), + (str("ah") | str("esp")) + ), + a(str("spi"), arg), + b(str("authentication"), + c( + b(str("algorithm"), + (str("hmac-md5-96") | str("hmac-sha1-96") | str("hmac-sha-256-128") | str("hmac-sha-256-96")) + ), + b(str("key"), + c( + c( + a(str("ascii-text"), arg), + a(str("hexadecimal"), arg) + ) + ) + ).as(:oneline) + ) + ), + b(str("encryption"), + c( + b(str("algorithm"), + (str("des-cbc") | str("3des-cbc") | str("aes-128-cbc") | str("aes-192-cbc") | str("aes-256-cbc") | str("aes-128-gcm") | str("aes-256-gcm")) + ), + b(str("key"), + c( + c( + a(str("ascii-text"), arg), + a(str("hexadecimal"), arg) + ) + ) + ).as(:oneline) + ) + ) + ) + ), + b(str("ike"), + c( + a(str("gateway"), arg), + a(str("idle-time"), arg), + str("no-anti-replay"), + b(str("proxy-identity"), + ipsec_template_proxy_id + ), + a(str("ipsec-policy"), arg), + a(str("install-interval"), arg) + ) + ) + ), + b(a(str("traffic-selector"), arg), + c( + b(str("local-ip"), + ipprefix_mandatory + ), + b(str("remote-ip"), + ipprefix_mandatory + ) + ) + ), + b(str("establish-tunnels"), + (str("immediately") | str("on-traffic")) + ), + str("passive-mode-tunneling"), + a(str("match-direction"), arg), + a(str("tunnel-mtu"), arg), + b(str("udp-encapsulate"), + c( + a(str("dest-port"), arg) + ) + ).as(:oneline) + ) + ) + end + + rule(:ipsec_template_monitor) do + c( + str("optimized"), + b(str("source-interface"), + interface_unit + ), + b(str("destination-ip"), + ipaddr + ), + b(str("verify-path"), + c( + b(str("destination-ip"), + ipaddr + ), + a(str("packet-size"), arg) + ) + ) + ) + end + + rule(:ipsec_template_proxy_id) do + c( + b(str("local"), + ipprefix_mandatory + ), + b(str("remote"), + ipprefix_mandatory + ), + a(str("service"), arg) + ) + end + + rule(:security_zone_type) do + b(arg.as(:arg), + c( + a(str("description"), quote | arg), + str("tcp-rst"), + b(str("address-book"), + address_book_type + ), + a(str("screen"), arg), + b(str("host-inbound-traffic"), + zone_host_inbound_traffic_t + ), + b(str("interfaces"), + zone_interface_list_type + ), + str("application-tracking"), + str("source-identity-log"), + b(str("advance-policy-based-routing-profile"), + c( + arg + ) + ), + str("enable-reverse-reroute") + ) + ) + end + + rule(:address_book_type) do + c( + b(str("address"), + address_type + ), + b(str("address-set"), + address_set_type + ) + ) + end + + rule(:server) do + c( + a(str("host"), arg), + a(str("port"), arg), + a(str("routing-instance"), arg) + ) + end + + rule(:session_timeout_type) do + c( + a(str("tcp"), arg), + a(str("udp"), arg), + a(str("ospf"), arg), + a(str("icmp"), arg), + a(str("icmp6"), arg), + a(str("others"), arg) + ) + end + + rule(:sla_policy_type) do + b(arg.as(:arg), + c( + a(str("description"), quote | arg), + b(str("match"), + c( + c( + b(str("source-address"), + (str("any") | str("any-ipv4") | str("any-ipv6") | arg) + ) + ), + c( + b(str("destination-address"), + (str("any") | str("any-ipv4") | str("any-ipv6") | arg) + ) + ), + str("source-address-excluded"), + str("destination-address-excluded"), + c( + a(str("application"), arg) + ) + ) + ), + b(str("then"), + c( + c( + b(str("application-services"), + sla_application_services_type + ) + ) + ) + ) + ) + ) + end + + rule(:sla_application_services_type) do + c( + a(str("advance-policy-based-routing-profile"), arg) + ) + end + + rule(:softwires_object) do + c( + b(str("softwire-name"), + softwire_option_type + ), + b(str("traceoptions"), + c( + str("no-remote-trace"), + b(str("file"), + sca( + a(str("size"), arg), + a(str("files"), arg), + str("world-readable"), + str("no-world-readable"), + b(str("match"), + regular_expression + ) + ) + ).as(:oneline), + a(str("flag"), enum(str("configuration") | str("flow") | str("all"))).as(:oneline) + ) + ), + b(str("rule-set"), + sw_rule_set_object + ) + ) + end + + rule(:softwire_option_type) do + b(arg.as(:arg), + c( + b(str("softwire-concentrator"), + ipaddr + ), + b(str("softwire-type"), + (str("IPv4-in-IPv6") | str("v6rd")) + ), + b(str("ipv4-prefix"), + ipv4prefix + ), + b(str("v6rd-prefix"), + ipv6prefix + ), + a(str("mtu-v4"), arg) + ) + ) + end + + rule(:sophos_fallback_settings) do + c( + b(str("default"), + (str("permit") | str("log-and-permit") | str("block")) + ), + b(str("content-size"), + (str("permit") | str("log-and-permit") | str("block")) + ), + b(str("engine-not-ready"), + (str("permit") | str("log-and-permit") | str("block")) + ), + b(str("timeout"), + (str("permit") | str("log-and-permit") | str("block")) + ), + b(str("out-of-resources"), + (str("permit") | str("log-and-permit") | str("block")) + ), + b(str("too-many-requests"), + (str("permit") | str("log-and-permit") | str("block")) + ) + ) + end + + rule(:sophos_scan_options) do + c( + str("uri-check"), + str("no-uri-check"), + a(str("content-size-limit"), arg), + a(str("timeout"), arg) + ) + end + + rule(:ssg_destination_nat_object) do + c( + b(a(str("pool"), arg), + c( + a(str("description"), quote | arg), + b(str("routing-instance"), + c( + c( + str("default"), + arg + ) + ) + ), + b(str("address"), + c( + ipprefix, + c( + b(str("to"), + c( + ipprefix + ) + ), + a(str("port"), arg) + ) + ) + ).as(:oneline) + ) + ), + b(a(str("port-forwarding"), arg), + c( + a(str("description"), quote | arg), + b(str("destined-port"), + s( + arg, + a(str("translated-port"), arg) + ) + ).as(:oneline) + ) + ), + b(a(str("rule-set"), arg), + c( + a(str("description"), quote | arg), + b(str("from"), + c( + c( + b(str("routing-instance"), + (str("default") | arg) + ), + a(str("zone"), arg), + b(str("interface"), + interface_name + ) + ) + ) + ).as(:oneline), + b(str("rule"), + dest_nat_rule_object + ), + b(str("match-direction"), + (str("input") | str("output")) + ) + ) + ) + ) + end + + rule(:dest_nat_rule_object) do + b(arg.as(:arg), + c( + a(str("description"), quote | arg), + b(str("dest-nat-rule-match"), + c( + b(str("source-address"), + ipprefix + ), + a(str("source-address-name"), arg), + c( + b(str("destination-address"), + c( + ipprefix + ) + ).as(:oneline), + b(str("destination-address-name"), + c( + arg + ) + ).as(:oneline) + ), + b(a(str("destination-port"), arg), + c( + b(str("to"), + c( + arg + ) + ) + ) + ).as(:oneline), + b(str("protocol"), + (str("icmp6") | str("icmpv6") | str("igmp") | str("ipip") | str("tcp") | str("egp") | str("udp") | str("rsvp") | str("gre") | str("esp") | str("ah") | str("icmp") | str("ospf") | str("pim") | str("sctp") | arg) + ), + a(str("application"), arg) + ) + ), + b(str("then"), + c( + b(str("destination-nat"), + c( + c( + str("off"), + b(str("pool"), + c( + arg + ) + ), + b(str("destination-prefix"), + ipprefix_only + ) + ), + b(str("port-forwarding-mappings"), + c( + arg + ) + ), + b(str("rule-session-count-alarm"), + nat_rule_session_count_alarm_object + ).as(:oneline) + ) + ) + ) + ) + ) + ) + end + + rule(:nat_rule_session_count_alarm_object) do + c( + a(str("raise-threshold"), arg), + a(str("clear-threshold"), arg) + ).as(:oneline) + end + + rule(:ssg_proxy_arp_object) do + c( + b(str("interface"), + ssg_interface_object + ) + ) + end + + rule(:ssg_interface_object) do + b(arg.as(:arg), + c( + b(a(str("address"), arg), + c( + b(str("to"), + c( + ipv4prefix + ) + ) + ) + ).as(:oneline) + ) + ) + end + + rule(:ssg_proxy_ndp_object) do + c( + b(str("interface"), + ssg_proxy_ndp_interface_object + ) + ) + end + + rule(:ssg_proxy_ndp_interface_object) do + b(arg.as(:arg), + c( + b(a(str("address"), arg), + c( + b(str("to"), + c( + ipv6addr + ) + ) + ) + ).as(:oneline) + ) + ) + end + + rule(:ssg_source_nat_object) do + c( + b(a(str("pool"), arg), + c( + a(str("description"), quote | arg), + b(str("routing-instance"), + c( + arg + ) + ), + b(a(str("address"), arg), + c( + b(str("to"), + c( + ipprefix + ) + ) + ) + ).as(:oneline), + b(str("host-address-base"), + c( + ipprefix + ) + ).as(:oneline), + b(str("port"), + c( + c( + str("no-translation"), + b(str("range"), + ca( + b(str("to"), + c( + arg + ) + ), + b(str("twin-port"), + ca( + b(str("to"), + c( + arg + ) + ) + ) + ) + ) + ) + ), + a(str("port-overloading-factor"), arg), + b(str("block-allocation"), + block_allocation_object + ), + b(str("deterministic"), + deterministic_object + ), + str("preserve-parity"), + str("preserve-range"), + b(str("automatic"), + c( + c( + str("random-allocation"), + str("round-robin") + ) + ) + ) + ) + ), + b(str("overflow-pool"), + c( + ca( + str("interface") + ) + ) + ).as(:oneline), + str("address-shared"), + b(str("address-pooling"), + c( + c( + str("paired"), + str("no-paired") + ) + ) + ).as(:oneline), + b(str("address-persistent"), + c( + b(str("subscriber"), + c( + a(str("ipv6-prefix-length"), arg) + ) + ).as(:oneline) + ) + ).as(:oneline), + b(str("pool-utilization-alarm"), + source_nat_pool_utilization_alarm_object + ).as(:oneline), + a(str("ei-mapping-timeout"), arg), + a(str("mapping-timeout"), arg), + a(str("limit-ports-per-host"), arg) + ) + ), + str("address-persistent"), + str("session-persistence-scan"), + a(str("session-drop-hold-down"), arg), + b(str("pool-utilization-alarm"), + source_nat_pool_utilization_alarm_object + ).as(:oneline), + b(str("port-randomization"), + c( + (str("disable")) + ) + ).as(:oneline), + str("port-round-robin").as(:oneline), + str("port-scaling-enlargement"), + str("pool-distribution"), + b(str("pool-default-port-range"), + ca( + b(str("to"), + c( + arg + ) + ) + ) + ).as(:oneline), + b(str("pool-default-twin-port-range"), + ca( + b(str("to"), + c( + arg + ) + ) + ) + ).as(:oneline), + b(str("interface"), + c( + c( + b(str("port-overloading"), + c( + str("off") + ) + ).as(:oneline), + a(str("port-overloading-factor"), arg) + ) + ) + ), + b(a(str("rule-set"), arg), + c( + a(str("description"), quote | arg), + b(str("from"), + c( + c( + b(str("routing-instance"), + (str("default") | arg) + ), + a(str("zone"), arg), + b(str("interface"), + interface_name + ) + ) + ) + ).as(:oneline), + b(str("to"), + c( + c( + b(str("routing-instance"), + (str("default") | arg) + ), + a(str("zone"), arg), + b(str("interface"), + interface_name + ) + ) + ) + ).as(:oneline), + b(str("rule"), + src_nat_rule_object + ), + b(str("match-direction"), + (str("input") | str("output")) + ) + ) + ) + ) + end + + rule(:block_allocation_object) do + c( + a(str("block-size"), arg), + a(str("maximum-blocks-per-host"), arg), + a(str("active-block-timeout"), arg), + a(str("interim-logging-interval"), arg), + a(str("last-block-recycle-timeout"), arg), + b(str("log"), + c( + (str("disable")) + ) + ).as(:oneline) + ) + end + + rule(:deterministic_object) do + c( + a(str("block-size"), arg), + a(str("det-nat-configuration-log-interval"), arg), + b(str("host"), + c( + b(str("address"), + ipprefix + ), + a(str("address-name"), arg) + ) + ).as(:oneline), + str("include-boundary-addresses") + ) + end + + rule(:source_nat_pool_utilization_alarm_object) do + c( + a(str("raise-threshold"), arg), + a(str("clear-threshold"), arg) + ).as(:oneline) + end + + rule(:src_nat_rule_object) do + b(arg.as(:arg), + c( + a(str("description"), quote | arg), + b(str("src-nat-rule-match"), + c( + b(str("source-address"), + ipprefix + ), + a(str("source-address-name"), arg), + b(a(str("source-port"), arg), + c( + b(str("to"), + c( + arg + ) + ) + ) + ).as(:oneline), + b(str("destination-address"), + ipprefix + ), + a(str("destination-address-name"), arg), + b(a(str("destination-port"), arg), + c( + b(str("to"), + c( + arg + ) + ) + ) + ).as(:oneline), + b(str("protocol"), + (str("icmp6") | str("icmpv6") | str("igmp") | str("ipip") | str("tcp") | str("egp") | str("udp") | str("rsvp") | str("gre") | str("esp") | str("ah") | str("icmp") | str("ospf") | str("pim") | str("sctp") | arg) + ), + a(str("application"), arg) + ) + ), + b(str("then"), + c( + b(str("source-nat"), + c( + c( + str("off"), + b(str("pool"), + ca( + b(str("persistent-nat"), + persistent_nat_object + ) + ) + ), + b(str("interface"), + c( + b(str("persistent-nat"), + persistent_nat_object + ) + ) + ) + ), + b(str("clat-prefix"), + ipprefix_only + ), + b(str("rule-session-count-alarm"), + nat_rule_session_count_alarm_object + ).as(:oneline), + b(str("mapping-type"), + c( + str("endpoint-independent") + ) + ).as(:oneline), + b(str("secure-nat-mapping"), + c( + a(str("eif-flow-limit"), arg), + b(str("mapping-refresh"), + c( + c( + str("inbound"), + str("outbound"), + str("inbound-outbound") + ) + ) + ).as(:oneline) + ) + ).as(:oneline), + b(str("filtering-type"), + c( + b(str("endpoint-independent"), + c( + b(a(str("prefix-list"), arg), + c( + str("except") + ) + ).as(:oneline) + ) + ) + ) + ) + ) + ) + ) + ) + ) + ) + end + + rule(:persistent_nat_object) do + c( + b(str("permit"), + c( + c( + str("any-remote-host"), + str("target-host"), + str("target-host-port") + ) + ) + ).as(:oneline), + str("address-mapping"), + a(str("inactivity-timeout"), arg), + a(str("max-session-number"), arg) + ) + end + + rule(:ssg_static_nat_object) do + c( + b(a(str("rule-set"), arg), + c( + a(str("description"), quote | arg), + b(str("from"), + c( + c( + b(str("routing-instance"), + (str("default") | arg) + ), + a(str("zone"), arg), + b(str("interface"), + interface_name + ) + ) + ) + ).as(:oneline), + b(str("rule"), + static_nat_rule_object + ) + ) + ) + ) + end + + rule(:static_nat_rule_object) do + b(arg.as(:arg), + c( + a(str("description"), quote | arg), + b(str("static-nat-rule-match"), + c( + b(str("source-address"), + ipprefix + ), + a(str("source-address-name"), arg), + b(a(str("source-port"), arg), + c( + b(str("to"), + c( + arg + ) + ) + ) + ).as(:oneline), + c( + b(str("destination-address"), + c( + ipprefix + ) + ).as(:oneline), + b(str("destination-address-name"), + c( + arg + ) + ).as(:oneline) + ), + b(str("destination-port"), + ca( + b(str("to"), + c( + arg + ) + ) + ) + ).as(:oneline) + ) + ), + b(str("then"), + c( + b(str("static-nat"), + c( + c( + b(str("inet"), + c( + b(str("routing-instance"), + (str("default") | arg) + ) + ) + ), + b(str("prefix"), + c( + ipprefix, + b(str("mapped-port"), + static_nat_rule_mapped_port_object + ).as(:oneline), + b(str("routing-instance"), + (str("default") | arg) + ) + ) + ), + b(str("prefix-name"), + ca( + b(str("mapped-port"), + static_nat_rule_mapped_port_object + ).as(:oneline), + b(str("routing-instance"), + (str("default") | arg) + ) + ) + ), + b(str("nptv6-prefix"), + c( + ipprefix, + b(str("routing-instance"), + (str("default") | arg) + ) + ) + ), + b(str("nptv6-prefix-name"), + ca( + b(str("routing-instance"), + (str("default") | arg) + ) + ) + ) + ), + b(str("rule-session-count-alarm"), + nat_rule_session_count_alarm_object + ).as(:oneline) + ) + ) + ) + ) + ) + ) + end + + rule(:static_nat_rule_mapped_port_object) do + ca( + b(str("to"), + c( + arg + ) + ) + ).as(:oneline) + end + + rule(:sw_rule_set_object) do + b(arg.as(:arg), + c( + b(a(str("rule"), arg), + c( + b(str("then"), + c( + c( + a(str("v6rd"), arg) + ) + ) + ) + ) + ), + b(str("match-direction"), + (str("input") | str("output")) + ) + ) + ) + end + + rule(:tunnel_type) do + c( + c( + a(str("ipsec-vpn"), arg), + a(str("ipsec-group-vpn"), arg) + ), + a(str("pair-policy"), arg) + ) + end + + rule(:url_list_type) do + b(arg.as(:arg), + c( + a(str("value"), arg) + ) + ) + end + + rule(:utm_apppxy_traceoptions) do + c( + a(str("flag"), enum(str("abort") | str("application-objects") | str("utm-realtime") | str("anti-virus") | str("basic") | str("buffer") | str("detail") | str("ftp-data") | str("ftp-control") | str("http") | str("imap") | str("memory") | str("parser") | str("pfe") | str("pop3") | str("queue") | str("smtp") | str("tcp") | str("timer") | str("connection-rating") | str("mime") | str("regex-engine") | str("sophos-anti-virus") | str("all"))).as(:oneline) + ) + end + + rule(:utm_ipc_traceoptions) do + c( + a(str("flag"), enum(str("basic") | str("detail") | str("connection-manager") | str("connection-status") | str("pfe") | str("utm-realtime") | str("all"))).as(:oneline) + ) + end + + rule(:utm_traceoptions) do + c( + a(str("flag"), enum(str("cli") | str("daemon") | str("ipc") | str("pfe") | str("all"))).as(:oneline) + ) + end + + rule(:web_filtering_block_message) do + c( + b(str("type"), + (str("custom-redirect-url")) + ), + a(str("url"), arg) + ) + end + + rule(:web_filtering_fallback_setting) do + c( + b(str("default"), + (str("log-and-permit") | str("block")) + ), + b(str("server-connectivity"), + (str("log-and-permit") | str("block")) + ), + b(str("timeout"), + (str("log-and-permit") | str("block")) + ), + b(str("too-many-requests"), + (str("log-and-permit") | str("block")) + ) + ) + end + + rule(:web_filtering_quarantine_message) do + c( + b(str("type"), + (str("custom-redirect-url")) + ), + a(str("url"), arg) + ) + end + + rule(:web_filtering_traceoptions) do + c( + a(str("flag"), enum(str("basic") | str("session-manager") | str("heartbeat") | str("packet") | str("profile") | str("requests") | str("response") | str("socket") | str("timer") | str("ipc") | str("cache") | str("enhanced") | str("all"))).as(:oneline) + ) + end + + rule(:webfilter_feature) do + c( + b(str("surf-control-integrated"), + surf_control_integrated_type + ), + b(str("websense-redirect"), + websense_type + ), + b(str("juniper-local"), + juniper_local_type + ), + b(str("juniper-enhanced"), + juniper_enhanced_type + ) + ) + end + + rule(:juniper_enhanced_type) do + c( + b(a(str("profile"), arg), + c( + a(str("base-filter"), arg), + b(str("category"), + juniper_enhanced_category_type + ), + b(str("site-reputation-action"), + juniper_enhanced_site_reputation_setting + ), + b(str("default"), + (str("permit") | str("block") | str("log-and-permit") | str("quarantine")) + ), + a(str("custom-block-message"), arg), + a(str("quarantine-custom-message"), arg), + b(str("fallback-settings"), + web_filtering_fallback_setting + ), + a(str("timeout"), arg), + str("no-safe-search"), + b(str("block-message"), + web_filtering_block_message + ), + b(str("quarantine-message"), + web_filtering_quarantine_message + ) + ) + ) + ) + end + + rule(:juniper_local_type) do + c( + b(a(str("profile"), arg), + c( + b(str("default"), + (str("permit") | str("block") | str("log-and-permit")) + ), + b(str("category"), + custom_category_type + ), + a(str("custom-block-message"), arg), + a(str("quarantine-custom-message"), arg), + b(str("block-message"), + web_filtering_block_message + ), + b(str("quarantine-message"), + web_filtering_quarantine_message + ), + b(str("fallback-settings"), + web_filtering_fallback_setting + ), + a(str("timeout"), arg) + ) + ) + ) + end + + rule(:surf_control_integrated_type) do + c( + b(str("cache"), + c( + a(str("timeout"), arg), + a(str("size"), arg) + ) + ), + b(str("server"), + server + ), + b(a(str("profile"), arg), + c( + b(str("category"), + surf_control_integrated_category_type + ), + b(str("default"), + (str("permit") | str("block") | str("log-and-permit")) + ), + a(str("custom-block-message"), arg), + b(str("fallback-settings"), + web_filtering_fallback_setting + ), + a(str("timeout"), arg) + ) + ) + ) + end + + rule(:surf_control_integrated_category_type) do + b(arg.as(:arg), + c( + b(str("action"), + (str("permit") | str("block") | str("log-and-permit")) + ) + ) + ) + end + + rule(:websense_type) do + c( + b(a(str("profile"), arg), + c( + b(str("server"), + server + ), + b(str("category"), + custom_category_type + ), + a(str("custom-block-message"), arg), + a(str("quarantine-custom-message"), arg), + b(str("block-message"), + web_filtering_block_message + ), + b(str("quarantine-message"), + web_filtering_quarantine_message + ), + b(str("fallback-settings"), + web_filtering_fallback_setting + ), + a(str("timeout"), arg), + a(str("sockets"), arg), + a(str("account"), arg) + ) + ) + ) + end + + rule(:wildcard_address_type) do + arg.as(:arg) + end + + rule(:zone_interface_list_type) do + b(arg.as(:arg), + c( + b(str("host-inbound-traffic"), + interface_host_inbound_traffic_t + ) + ) + ) + end + + rule(:interface_host_inbound_traffic_t) do + c( + b(str("system-services"), + interface_system_services_object_type + ), + b(str("protocols"), + host_inbound_protocols_object_type + ) + ) + end + + rule(:host_inbound_protocols_object_type) do + b(enum((str("all") | str("bfd") | str("bgp") | str("dvmrp") | str("igmp") | str("ldp") | str("msdp") | str("ndp") | str("nhrp") | str("ospf") | str("ospf3") | str("pgm") | str("pim") | str("rip") | str("ripng") | str("router-discovery") | str("rsvp") | str("sap") | str("vrrp"))).as(:arg), + c( + str("except") + ) + ) + end + + rule(:interface_system_services_object_type) do + b(enum((str("all") | str("bootp") | str("dhcp") | str("dhcpv6") | str("dns") | str("finger") | str("ftp") | str("ident-reset") | str("https") | str("http") | str("ike") | str("netconf") | str("ping") | str("rlogin") | str("reverse-telnet") | str("reverse-ssh") | str("rpm") | str("rsh") | str("snmp") | str("snmp-trap") | str("ssh") | str("telnet") | str("traceroute") | str("xnm-ssl") | str("xnm-clear-text") | str("tftp") | str("lsping") | str("ntp") | str("sip") | str("r2cp") | str("webapi-clear-text") | str("webapi-ssl") | str("tcp-encap") | str("appqoe") | str("any-service"))).as(:arg), + c( + str("except") + ) + ) + end + + rule(:zone_host_inbound_traffic_t) do + c( + b(str("system-services"), + zone_system_services_object_type + ), + b(str("protocols"), + host_inbound_protocols_object_type + ) + ) + end + + rule(:zone_system_services_object_type) do + b(enum((str("all") | str("bootp") | str("dhcp") | str("dhcpv6") | str("dns") | str("finger") | str("ftp") | str("ident-reset") | str("https") | str("http") | str("ike") | str("netconf") | str("ping") | str("rlogin") | str("reverse-telnet") | str("reverse-ssh") | str("rpm") | str("rsh") | str("snmp") | str("snmp-trap") | str("ssh") | str("telnet") | str("traceroute") | str("xnm-ssl") | str("xnm-clear-text") | str("tftp") | str("lsping") | str("ntp") | str("sip") | str("r2cp") | str("webapi-clear-text") | str("webapi-ssl") | str("tcp-encap") | str("appqoe") | str("any-service"))).as(:arg), + c( + str("except") + ) + ) + end + # End of vSRX 18.3R1.9 end end