lib/junoser/parser.rb in junoser-0.3.7 vs lib/junoser/parser.rb in junoser-0.3.8
- old
+ new
@@ -2860,10 +2860,12 @@
b(str("access-profile"),
c(
arg
)
).as(:oneline),
+
+ # Ported from vSRX 18.3R1.9
b(str("security"),
c(
b(str("alarms"),
c(
b(str("audible"),
@@ -2873,17 +2875,64 @@
),
b(str("potential-violation"),
c(
a(str("authentication"), arg),
str("cryptographic-self-test"),
- str("decryption-failures"),
- str("encryption-failures"),
- str("ike-phase1-failures"),
- str("ike-phase2-failures"),
+ b(str("decryption-failures"),
+ c(
+ a(str("threshold"), arg)
+ )
+ ),
+ b(str("encryption-failures"),
+ c(
+ a(str("threshold"), arg)
+ )
+ ),
+ b(str("ike-phase1-failures"),
+ c(
+ a(str("threshold"), arg)
+ )
+ ),
+ b(str("ike-phase2-failures"),
+ c(
+ a(str("threshold"), arg)
+ )
+ ),
str("key-generation-self-test"),
str("non-cryptographic-self-test"),
- str("policy"),
+ b(str("policy"),
+ c(
+ b(str("source-ip"),
+ c(
+ a(str("threshold"), arg),
+ a(str("duration"), arg),
+ a(str("size"), arg)
+ )
+ ),
+ b(str("destination-ip"),
+ c(
+ a(str("threshold"), arg),
+ a(str("duration"), arg),
+ a(str("size"), arg)
+ )
+ ),
+ b(str("application"),
+ c(
+ a(str("threshold"), arg),
+ a(str("duration"), arg),
+ a(str("size"), arg)
+ )
+ ),
+ b(str("policy-match"),
+ c(
+ a(str("threshold"), arg),
+ a(str("duration"), arg),
+ a(str("size"), arg)
+ )
+ )
+ )
+ ),
b(str("replay-attacks"),
c(
a(str("threshold"), arg)
)
),
@@ -2938,10 +2987,94 @@
a(str("username"), arg)
)
),
a(str("limit"), arg)
)
+ ),
+ str("disable"),
+ str("utc-timestamp"),
+ b(str("mode"),
+ (str("stream") | str("event"))
+ ),
+ a(str("event-rate"), arg),
+ b(str("format"),
+ (str("syslog") | str("sd-syslog") | str("binary"))
+ ),
+ a(str("rate-cap"), arg),
+ a(str("max-database-record"), arg),
+ str("report"),
+ c(
+ b(str("source-address"),
+ ipaddr
+ ),
+ b(str("source-interface"),
+ interface_name
+ )
+ ),
+ b(str("transport"),
+ c(
+ a(str("tcp-connections"), arg),
+ b(str("protocol"),
+ (str("udp") | str("tcp") | str("tls"))
+ ),
+ a(str("tls-profile"), arg)
+ )
+ ),
+ b(str("facility-override"),
+ (str("authorization") | str("daemon") | str("ftp") | str("kernel") | str("user") | str("local0") | str("local1") | str("local2") | str("local3") | str("local4") | str("local5") | str("local6") | str("local7"))
+ ),
+ b(a(str("stream"), arg),
+ c(
+ b(str("severity"),
+ (str("emergency") | str("alert") | str("critical") | str("error") | str("warning") | str("notice") | str("info") | str("debug"))
+ ),
+ b(str("format"),
+ (str("syslog") | str("sd-syslog") | str("welf") | str("binary"))
+ ),
+ a(str("category"), enum(str("all") | str("content-security") | str("fw-auth") | str("screen") | str("alg") | str("nat") | str("flow") | str("sctp") | str("gtp") | str("ipsec") | str("idp") | str("rtlog") | str("pst-ds-lite") | str("appqos") | str("secintel") | str("aamw"))),
+ a(str("filter"), enum(str("threat-attack"))),
+ b(str("host"),
+ host_object
+ ),
+ b(str("rate-limit"),
+ c(
+ arg
+ )
+ ),
+ b(str("file"),
+ c(
+ a(str("localfilename"), arg),
+ a(str("size"), arg),
+ a(str("rotation"), arg),
+ str("allow-duplicates")
+ )
+ )
+ )
+ ),
+ b(str("file"),
+ sca(
+ a(str("size"), arg),
+ a(str("path"), arg),
+ a(str("files"), arg)
+ )
+ ),
+ b(str("traceoptions"),
+ c(
+ str("no-remote-trace"),
+ b(str("file"),
+ sca(
+ a(str("size"), arg),
+ a(str("files"), arg),
+ str("world-readable"),
+ str("no-world-readable"),
+ b(str("match"),
+ regular_expression
+ )
+ )
+ ).as(:oneline),
+ a(str("flag"), enum(str("source") | str("configuration") | str("all") | str("report") | str("hpl"))).as(:oneline)
+ )
)
)
),
b(str("certificates"),
c(
@@ -2965,10 +3098,13 @@
)
)
)
)
),
+ b(str("authentication-key-chains"),
+ security_authentication_key_chains
+ ),
b(str("ssh-known-hosts"),
c(
b(a(str("host"), arg),
c(
a(str("rsa1-key"), arg),
@@ -2985,31 +3121,29 @@
),
str("key-protection"),
b(str("pki"),
security_pki
),
- b(str("group-vpn"),
- security_group_vpn
+ b(str("ike"),
+ security_ike
),
- b(str("traceoptions"),
- security_traceoptions
- ),
b(str("ipsec"),
- security_ipsec
+ security_ipsec_vpn
),
- b(str("ike"),
- security_ike
+ b(str("group-vpn"),
+ security_group_vpn
),
- b(str("authentication-key-chains"),
- security_authentication_key_chains
+ b(str("ipsec-policy"),
+ security_ipsec_policies
),
b(str("idp"),
c(
b(str("idp-policy"),
idp_policy_type
),
a(str("active-policy"), arg),
+ a(str("default-policy"), arg),
b(str("custom-attack"),
custom_attack_type
),
b(str("custom-attack-group"),
custom_attack_group_type
@@ -3024,10 +3158,11 @@
c(
a(str("url"), arg),
b(str("source-address"),
ipv4addr
),
+ a(str("proxy-profile"), arg),
b(str("install"),
c(
str("ignore-version-check")
)
),
@@ -3195,18 +3330,1570 @@
(str("datacenter") | str("datacenter-full") | str("perimeter") | str("perimeter-full"))
)
)
)
)
+ ),
+ a(str("max-sessions"), arg),
+ b(str("logical-system"),
+ logical_system_type
+ ),
+ str("processes")
+ )
+ ),
+ b(str("address-book"),
+ named_address_book_type
+ ),
+ b(str("alg"),
+ alg_object
+ ),
+ b(str("application-firewall"),
+ c(
+ b(str("traceoptions"),
+ c(
+ str("no-remote-trace"),
+ b(str("file"),
+ sca(
+ a(str("size"), arg),
+ a(str("files"), arg),
+ str("world-readable"),
+ str("no-world-readable"),
+ b(str("match"),
+ regular_expression
+ )
+ )
+ ).as(:oneline),
+ a(str("flag"), enum(str("configuration") | str("lookup") | str("compilation") | str("ipc") | str("all"))).as(:oneline)
+ )
+ ),
+ b(a(str("profile"), arg),
+ c(
+ b(str("block-message"),
+ c(
+ b(str("type"),
+ c(
+ c(
+ b(str("custom-text"),
+ c(
+ a(str("content"), arg)
+ )
+ ),
+ b(str("custom-redirect-url"),
+ c(
+ a(str("content"), arg)
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ ),
+ b(a(str("rule-sets"), arg),
+ c(
+ b(str("rule"),
+ appfw_rule_type
+ ),
+ b(str("default-rule"),
+ c(
+ c(
+ str("permit"),
+ b(str("deny"),
+ c(
+ str("block-message")
+ )
+ ),
+ b(str("reject"),
+ c(
+ str("block-message")
+ )
+ )
+ )
+ )
+ ),
+ a(str("profile"), arg)
+ )
+ ),
+ b(str("nested-application"),
+ c(
+ b(str("dynamic-lookup"),
+ c(
+ str("enable")
+ )
+ )
+ )
)
)
),
+ b(str("application-tracking"),
+ c(
+ str("disable"),
+ c(
+ a(str("first-update-interval"), arg),
+ str("first-update")
+ ),
+ a(str("session-update-interval"), arg)
+ )
+ ),
+ b(str("utm"),
+ c(
+ b(str("traceoptions"),
+ utm_traceoptions
+ ),
+ b(str("application-proxy"),
+ c(
+ b(str("traceoptions"),
+ utm_apppxy_traceoptions
+ )
+ )
+ ),
+ b(str("ipc"),
+ c(
+ b(str("traceoptions"),
+ utm_ipc_traceoptions
+ )
+ )
+ ),
+ b(str("custom-objects"),
+ c(
+ b(str("category-package"),
+ c(
+ a(str("url"), arg),
+ a(str("proxy-profile"), arg),
+ a(str("routing-instance"), arg),
+ b(str("automatic"),
+ c(
+ b(str("start-time"),
+ time
+ ),
+ a(str("interval"), arg),
+ str("enable")
+ )
+ )
+ )
+ ),
+ b(str("mime-pattern"),
+ mime_list_type
+ ),
+ b(str("filename-extension"),
+ extension_list_type
+ ),
+ b(str("url-pattern"),
+ url_list_type
+ ),
+ b(str("custom-url-category"),
+ category_list_type
+ ),
+ b(str("protocol-command"),
+ command_list_type
+ ),
+ b(str("custom-message"),
+ custom_message_type
+ )
+ )
+ ),
+ b(str("default-configuration"),
+ c(
+ b(str("anti-virus"),
+ default_anti_virus_feature
+ ),
+ b(str("web-filtering"),
+ default_webfilter_feature
+ ),
+ b(str("anti-spam"),
+ default_anti_spam_feature
+ ),
+ b(str("content-filtering"),
+ default_content_filtering_feature
+ )
+ )
+ ),
+ b(str("feature-profile"),
+ c(
+ b(str("anti-virus"),
+ anti_virus_feature
+ ),
+ b(str("web-filtering"),
+ webfilter_feature
+ ),
+ b(str("anti-spam"),
+ anti_spam_feature
+ ),
+ b(str("content-filtering"),
+ content_filtering_feature
+ )
+ )
+ ),
+ b(str("utm-policy"),
+ profile_setting
+ )
+ )
+ ),
+ b(str("dynamic-address"),
+ c(
+ b(str("traceoptions"),
+ c(
+ str("no-remote-trace"),
+ b(str("file"),
+ sca(
+ a(str("size"), arg),
+ a(str("files"), arg),
+ str("world-readable"),
+ str("no-world-readable"),
+ b(str("match"),
+ regular_expression
+ )
+ )
+ ).as(:oneline),
+ b(str("level"),
+ (str("error") | str("warning") | str("notice") | str("info") | str("verbose") | str("all"))
+ ),
+ a(str("flag"), enum(str("configuration") | str("control") | str("ipc") | str("ip-entry") | str("file-retrieval") | str("lookup") | str("all"))).as(:oneline)
+ )
+ ),
+ b(a(str("feed-server"), arg),
+ c(
+ a(str("description"), quote | arg),
+ a(str("hostname"), arg),
+ a(str("update-interval"), arg),
+ a(str("hold-interval"), arg),
+ b(a(str("feed-name"), arg),
+ c(
+ a(str("description"), quote | arg),
+ a(str("path"), arg),
+ a(str("update-interval"), arg),
+ a(str("hold-interval"), arg)
+ )
+ )
+ )
+ ),
+ b(a(str("address-name"), arg),
+ c(
+ a(str("description"), quote | arg),
+ b(str("profile"),
+ c(
+ a(str("feed-name"), arg),
+ b(a(str("category"), arg),
+ c(
+ a(str("feed"), arg),
+ b(a(str("property"), arg),
+ c(
+ c(
+ a(str("string"), arg)
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ ),
+ str("dynamic-vpn"),
+ b(str("dynamic-application"),
+ c(
+ b(str("traceoptions"),
+ c(
+ str("no-remote-trace"),
+ b(str("file"),
+ sca(
+ a(str("size"), arg),
+ a(str("files"), arg),
+ str("world-readable"),
+ str("no-world-readable"),
+ b(str("match"),
+ regular_expression
+ )
+ )
+ ).as(:oneline),
+ a(str("flag"), enum(str("configuration") | str("lookup") | str("compilation") | str("ipc") | str("all"))).as(:oneline)
+ )
+ ),
+ b(a(str("profile"), arg),
+ c(
+ b(str("redirect-message"),
+ c(
+ b(str("type"),
+ c(
+ c(
+ b(str("custom-text"),
+ c(
+ a(str("content"), arg)
+ )
+ ),
+ b(str("redirect-url"),
+ c(
+ a(str("content"), arg)
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ ),
+ b(str("softwires"),
+ softwires_object
+ ),
+ b(str("forwarding-options"),
+ c(
+ b(str("family"),
+ c(
+ b(str("inet6"),
+ c(
+ b(str("mode"),
+ (str("packet-based") | str("flow-based") | str("drop"))
+ )
+ )
+ ),
+ b(str("mpls"),
+ c(
+ b(str("mode"),
+ (str("packet-based"))
+ )
+ )
+ ),
+ b(str("iso"),
+ c(
+ b(str("mode"),
+ (str("packet-based"))
+ )
+ )
+ )
+ )
+ ),
+ b(str("mirror-filter"),
+ mirror_filter_type
+ ),
+ b(str("secure-wire"),
+ secure_wire_type
+ )
+ )
+ ),
+ str("advanced-services"),
+ b(str("flow"),
+ c(
+ str("enhanced-routing-mode"),
+ b(str("traceoptions"),
+ c(
+ str("no-remote-trace"),
+ b(str("file"),
+ sca(
+ a(str("size"), arg),
+ a(str("files"), arg),
+ str("world-readable"),
+ str("no-world-readable"),
+ b(str("match"),
+ regular_expression
+ )
+ )
+ ).as(:oneline),
+ a(str("flag"), enum(str("all") | str("basic-datapath") | str("high-availability") | str("host-traffic") | str("fragmentation") | str("multicast") | str("route") | str("session") | str("session-scan") | str("tcp-basic") | str("tunnel"))).as(:oneline),
+ a(str("rate-limit"), arg),
+ b(str("packet-filter"),
+ flow_filter_type
+ ),
+ b(str("trace-level"),
+ c(
+ c(
+ str("error"),
+ str("brief"),
+ str("detail")
+ )
+ )
+ )
+ )
+ ),
+ b(str("pending-sess-queue-length"),
+ (str("normal") | str("moderate") | str("high"))
+ ),
+ b(str("enable-reroute-uniform-link-check"),
+ c(
+ str("nat")
+ )
+ ),
+ str("allow-dns-reply"),
+ a(str("route-change-timeout"), arg),
+ b(str("syn-flood-protection-mode"),
+ (str("syn-cookie") | str("syn-proxy"))
+ ),
+ str("allow-embedded-icmp"),
+ str("mcast-buffer-enhance"),
+ str("allow-reverse-ecmp"),
+ str("sync-icmp-session"),
+ str("ipsec-performance-acceleration"),
+ b(str("aging"),
+ c(
+ a(str("early-ageout"), arg),
+ a(str("low-watermark"), arg),
+ a(str("high-watermark"), arg)
+ )
+ ),
+ b(str("ethernet-switching"),
+ c(
+ str("block-non-ip-all"),
+ str("bypass-non-ip-unicast"),
+ b(str("no-packet-flooding"),
+ c(
+ str("no-trace-route")
+ )
+ ),
+ str("bpdu-vlan-flooding")
+ )
+ ),
+ b(str("tcp-mss"),
+ c(
+ b(str("all-tcp"),
+ c(
+ a(str("mss"), arg)
+ )
+ ),
+ b(str("ipsec-vpn"),
+ c(
+ a(str("mss"), arg)
+ )
+ ),
+ b(str("gre-in"),
+ c(
+ a(str("mss"), arg)
+ )
+ ),
+ b(str("gre-out"),
+ c(
+ a(str("mss"), arg)
+ )
+ )
+ )
+ ),
+ b(str("tcp-session"),
+ c(
+ str("rst-invalidate-session"),
+ str("fin-invalidate-session"),
+ str("rst-sequence-check"),
+ str("no-syn-check"),
+ str("strict-syn-check"),
+ str("no-syn-check-in-tunnel"),
+ str("no-sequence-check"),
+ a(str("tcp-initial-timeout"), arg),
+ b(str("maximum-window"),
+ (str("64K") | str("128K") | str("256K") | str("512K") | str("1M"))
+ ),
+ b(str("time-wait-state"),
+ c(
+ c(
+ str("session-ageout"),
+ a(str("session-timeout"), arg)
+ ),
+ str("apply-to-half-close-state")
+ )
+ )
+ )
+ ),
+ str("force-ip-reassembly"),
+ str("preserve-incoming-fragment-size"),
+ b(str("advanced-options"),
+ c(
+ str("drop-matching-reserved-ip-address"),
+ str("drop-matching-link-local-address"),
+ str("reverse-route-packet-mode-vr")
+ )
+ ),
+ b(str("load-distribution"),
+ c(
+ str("session-affinity")
+ )
+ ),
+ b(str("packet-log"),
+ c(
+ str("enable"),
+ a(str("throttle-interval"), arg),
+ b(str("packet-filter"),
+ flow_filter_type
+ )
+ )
+ ),
+ str("power-mode-ipsec")
+ )
+ ),
+ b(str("firewall-authentication"),
+ c(
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("authentication") | str("proxy") | str("all")),
+ c(
+ c(
+ str("terse"),
+ str("detail"),
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ),
+ b(str("screen"),
+ c(
+ b(str("trap"),
+ c(
+ a(str("interval"), arg)
+ )
+ ).as(:oneline),
+ b(str("ids-option"),
+ ids_option_type
+ ),
+ b(str("traceoptions"),
+ c(
+ str("no-remote-trace"),
+ b(str("file"),
+ sca(
+ a(str("size"), arg),
+ a(str("files"), arg),
+ str("world-readable"),
+ str("no-world-readable"),
+ b(str("match"),
+ regular_expression
+ )
+ )
+ ).as(:oneline),
+ a(str("flag"), enum(str("configuration") | str("flow") | str("all"))).as(:oneline)
+ )
+ ),
+ b(str("white-list"),
+ ids_wlist_type
+ )
+ )
+ ),
+ b(str("nat"),
+ nat_object
+ ),
+ b(str("forwarding-process"),
+ c(
+ str("enhanced-services-mode"),
+ b(str("application-services"),
+ c(
+ str("maximize-alg-sessions"),
+ str("maximize-persistent-nat-capacity"),
+ str("maximize-cp-sessions"),
+ a(str("session-distribution-mode"), arg),
+ str("enable-gtpu-distribution"),
+ a(str("packet-ordering-mode"), arg),
+ str("maximize-idp-sessions")
+ )
+ )
+ )
+ ),
+ b(str("policies"),
+ policy_object_type
+ ),
+ b(str("tcp-encap"),
+ c(
+ b(str("traceoptions"),
+ ragw_traceoptions
+ ),
+ b(a(str("profile"), arg),
+ c(
+ a(str("ssl-profile"), arg),
+ str("log")
+ )
+ ),
+ b(str("global-options"),
+ c(
+ str("enable-tunnel-tracking")
+ )
+ )
+ )
+ ),
+ b(str("resource-manager"),
+ c(
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("client") | str("group") | str("resource") | str("gate") | str("session") | str("chassis cluster") | str("messaging") | str("service pinhole") | str("error") | str("all")),
+ c(
+ c(
+ str("terse"),
+ str("detail"),
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ),
+ b(str("analysis"),
+ c(
+ str("no-report")
+ )
+ ),
+ b(str("traceoptions"),
+ c(
+ str("no-remote-trace"),
+ b(str("file"),
+ sca(
+ a(str("size"), arg),
+ a(str("files"), arg),
+ str("world-readable"),
+ str("no-world-readable"),
+ b(str("match"),
+ regular_expression
+ )
+ )
+ ).as(:oneline),
+ a(str("flag"), enum(str("configuration") | str("routing-socket") | str("compilation") | str("all"))).as(:oneline),
+ a(str("rate-limit"), arg)
+ )
+ ),
+ b(str("datapath-debug"),
+ c(
+ b(str("traceoptions"),
+ c(
+ str("no-remote-trace"),
+ b(str("file"),
+ sca(
+ a(str("size"), arg),
+ a(str("files"), arg),
+ str("world-readable"),
+ str("no-world-readable"),
+ b(str("match"),
+ regular_expression
+ )
+ )
+ ).as(:oneline)
+ )
+ ),
+ b(str("capture-file"),
+ ca(
+ b(str("format"),
+ (str("pcap"))
+ ),
+ a(str("size"), arg),
+ a(str("files"), arg),
+ str("world-readable"),
+ str("no-world-readable")
+ )
+ ).as(:oneline),
+ a(str("maximum-capture-size"), arg),
+ b(str("action-profile"),
+ e2e_action_profile
+ ),
+ b(str("packet-filter"),
+ end_to_end_debug_filter
+ )
+ )
+ ),
+ b(str("user-identification"),
+ c(
+ b(str("traceoptions"),
+ c(
+ str("no-remote-trace"),
+ b(str("file"),
+ sca(
+ a(str("size"), arg),
+ a(str("files"), arg),
+ str("world-readable"),
+ str("no-world-readable"),
+ b(str("match"),
+ regular_expression
+ )
+ )
+ ).as(:oneline),
+ a(str("flag"), enum(str("all"))).as(:oneline)
+ )
+ ),
+ b(str("authentication-source"),
+ authentication_source_type
+ )
+ )
+ ),
+ b(str("zones"),
+ c(
+ b(str("functional-zone"),
+ c(
+ b(str("management"),
+ c(
+ b(str("interfaces"),
+ zone_interface_list_type
+ ),
+ a(str("screen"), arg),
+ b(str("host-inbound-traffic"),
+ zone_host_inbound_traffic_t
+ ),
+ a(str("description"), quote | arg)
+ )
+ )
+ )
+ ),
+ b(str("security-zone"),
+ security_zone_type
+ )
+ )
+ ),
+ b(str("advance-policy-based-routing"),
+ c(
+ b(str("traceoptions"),
+ c(
+ str("no-remote-trace"),
+ b(str("file"),
+ sca(
+ a(str("size"), arg),
+ a(str("files"), arg),
+ str("world-readable"),
+ str("no-world-readable"),
+ b(str("match"),
+ regular_expression
+ )
+ )
+ ).as(:oneline),
+ a(str("flag"), enum(str("configuration") | str("lookup") | str("compilation") | str("ipc") | str("all"))).as(:oneline)
+ )
+ ),
+ b(str("tunables"),
+ c(
+ a(str("max-route-change"), arg),
+ str("drop-on-zone-mismatch"),
+ str("enable-logging")
+ )
+ ),
+ b(a(str("profile"), arg),
+ c(
+ b(str("rule"),
+ apbr_rule_type
+ )
+ )
+ ),
+ b(a(str("active-probe-params"), arg),
+ c(
+ b(str("settings"),
+ appqoe_probe_params
+ )
+ )
+ ),
+ b(a(str("metrics-profile"), arg),
+ c(
+ b(str("sla-threshold"),
+ appqoe_sla_metric_profile
+ )
+ )
+ ),
+ b(a(str("overlay-path"), arg),
+ c(
+ b(str("tunnel-path"),
+ appqoe_probe_path
+ ),
+ b(str("probe-path"),
+ appqoe_probe_path
+ )
+ )
+ ),
+ b(a(str("destination-path-group"), arg),
+ c(
+ b(str("probe-routing-instance"),
+ c(
+ arg
+ )
+ ),
+ a(str("overlay-path"), arg)
+ )
+ ),
+ b(str("sla-options"),
+ c(
+ b(str("local-route-switch"),
+ c(
+ c(
+ str("enabled"),
+ str("disabled")
+ )
+ )
+ ),
+ b(str("log-type"),
+ c(
+ c(
+ str("syslog")
+ )
+ )
+ ),
+ b(str("max-passive-probe-limit"),
+ c(
+ b(str("number-of-probes"),
+ c(
+ arg
+ )
+ ),
+ b(str("interval"),
+ c(
+ arg
+ )
+ )
+ )
+ )
+ )
+ ),
+ b(a(str("sla-rule"), arg),
+ c(
+ b(str("switch-idle-time"),
+ c(
+ arg
+ )
+ ),
+ b(str("metrics-profile"),
+ c(
+ arg
+ )
+ ),
+ b(str("active-probe-params"),
+ c(
+ arg
+ )
+ ),
+ b(str("passive-probe-params"),
+ c(
+ b(str("sampling-percentage"),
+ c(
+ arg
+ )
+ ),
+ b(str("violation-count"),
+ c(
+ arg
+ )
+ ),
+ b(str("sampling-period"),
+ c(
+ arg
+ )
+ ),
+ b(str("sla-export-factor"),
+ c(
+ arg
+ )
+ ),
+ b(str("type"),
+ c(
+ c(
+ str("book-ended")
+ )
+ )
+ ),
+ b(str("sampling-frequency"),
+ c(
+ b(str("interval"),
+ c(
+ arg
+ )
+ ),
+ b(str("ratio"),
+ c(
+ arg
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ ),
+ b(a(str("policy"), arg),
+ c(
+ b(str("policy"),
+ sla_policy_type
+ )
+ )
+ )
+ )
+ ),
+ b(str("gprs"),
+ c(
+ b(str("gtp"),
+ c(
+ b(a(str("profile"), arg),
+ c(
+ a(str("min-message-length"), arg),
+ a(str("max-message-length"), arg),
+ a(str("timeout"), arg),
+ a(str("rate-limit"), arg),
+ b(str("log"),
+ c(
+ b(str("forwarded"),
+ (str("basic") | str("detail"))
+ ),
+ b(str("state-invalid"),
+ (str("basic") | str("detail"))
+ ),
+ b(str("prohibited"),
+ (str("basic") | str("detail"))
+ ),
+ a(str("gtp-u"), enum(str("all") | str("dropped"))),
+ b(str("rate-limited"),
+ c(
+ c(
+ str("basic"),
+ str("detail")
+ ),
+ a(str("frequency-number"), arg)
+ )
+ )
+ )
+ ),
+ b(str("remove-ie"),
+ c(
+ a(str("version"), enum(str("v1")),
+ c(
+ a(str("release"), enum(str("R6") | str("R7") | str("R8") | str("R9"))),
+ b(str("number"),
+ c(
+ arg
+ )
+ )
+ )
+ )
+ )
+ ),
+ b(str("path-rate-limit"),
+ c(
+ a(str("message-type"), enum(str("create-req") | str("delete-req") | str("echo-req") | str("other")),
+ c(
+ b(str("drop-threshold"),
+ c(
+ a(str("forward"), arg),
+ a(str("reverse"), arg)
+ )
+ ),
+ b(str("alarm-threshold"),
+ c(
+ a(str("forward"), arg),
+ a(str("reverse"), arg)
+ )
+ )
+ )
+ )
+ )
+ ),
+ b(str("drop"),
+ c(
+ b(str("aa-create-pdp"),
+ c(
+ c(
+ str("0")
+ )
+ )
+ ),
+ b(str("aa-delete-pdp"),
+ c(
+ c(
+ str("0")
+ )
+ )
+ ),
+ b(str("bearer-resource"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("change-notification"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("config-transfer"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("context"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("create-bearer"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("create-data-forwarding"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("create-pdp"),
+ c(
+ c(
+ str("0"),
+ str("1"),
+ str("all")
+ )
+ )
+ ),
+ b(str("create-session"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("create-tnl-forwarding"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("cs-paging"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("data-record"),
+ c(
+ c(
+ str("0"),
+ str("1"),
+ str("all")
+ )
+ )
+ ),
+ b(str("delete-bearer"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("delete-command"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("delete-data-forwarding"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("delete-pdn"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("delete-pdp"),
+ c(
+ c(
+ str("0"),
+ str("1"),
+ str("all")
+ )
+ )
+ ),
+ b(str("delete-session"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("detach"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("downlink-notification"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("echo"),
+ c(
+ c(
+ str("0"),
+ str("1"),
+ str("2"),
+ str("all")
+ )
+ )
+ ),
+ b(str("error-indication"),
+ c(
+ c(
+ str("0"),
+ str("1"),
+ str("all")
+ )
+ )
+ ),
+ b(str("failure-report"),
+ c(
+ c(
+ str("0"),
+ str("1"),
+ str("all")
+ )
+ )
+ ),
+ b(str("fwd-access"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("fwd-relocation"),
+ c(
+ c(
+ str("1"),
+ str("2"),
+ str("all")
+ )
+ )
+ ),
+ b(str("fwd-srns-context"),
+ c(
+ c(
+ str("1")
+ )
+ )
+ ),
+ b(str("g-pdu"),
+ c(
+ c(
+ str("0"),
+ str("1"),
+ str("all")
+ )
+ )
+ ),
+ b(str("identification"),
+ c(
+ c(
+ str("0"),
+ str("1"),
+ str("2"),
+ str("all")
+ )
+ )
+ ),
+ b(str("mbms-session-start"),
+ c(
+ c(
+ str("1"),
+ str("2"),
+ str("all")
+ )
+ )
+ ),
+ b(str("mbms-session-stop"),
+ c(
+ c(
+ str("1"),
+ str("2"),
+ str("all")
+ )
+ )
+ ),
+ b(str("mbms-session-update"),
+ c(
+ c(
+ str("1"),
+ str("2"),
+ str("all")
+ )
+ )
+ ),
+ b(str("modify-bearer"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("modify-command"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("node-alive"),
+ c(
+ c(
+ str("0"),
+ str("1"),
+ str("all")
+ )
+ )
+ ),
+ b(str("note-ms-present"),
+ c(
+ c(
+ str("0"),
+ str("1"),
+ str("all")
+ )
+ )
+ ),
+ b(str("pdu-notification"),
+ c(
+ c(
+ str("0"),
+ str("1"),
+ str("all")
+ )
+ )
+ ),
+ b(str("ran-info"),
+ c(
+ c(
+ str("1"),
+ str("2"),
+ str("all")
+ )
+ )
+ ),
+ b(str("redirection"),
+ c(
+ c(
+ str("0"),
+ str("1"),
+ str("all")
+ )
+ )
+ ),
+ b(str("release-access"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("relocation-cancel"),
+ c(
+ c(
+ str("1"),
+ str("2"),
+ str("all")
+ )
+ )
+ ),
+ b(str("resume"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("send-route"),
+ c(
+ c(
+ str("0"),
+ str("1"),
+ str("all")
+ )
+ )
+ ),
+ b(str("sgsn-context"),
+ c(
+ c(
+ str("0"),
+ str("1"),
+ str("all")
+ )
+ )
+ ),
+ b(str("stop-paging"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("supported-extension"),
+ c(
+ c(
+ str("1")
+ )
+ )
+ ),
+ b(str("suspend"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("trace-session"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("update-bearer"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("update-pdn"),
+ c(
+ c(
+ str("2")
+ )
+ )
+ ),
+ b(str("update-pdp"),
+ c(
+ c(
+ str("0"),
+ str("1"),
+ str("all")
+ )
+ )
+ ),
+ b(str("ver-not-supported"),
+ c(
+ c(
+ str("0"),
+ str("1"),
+ str("2"),
+ str("all")
+ )
+ )
+ )
+ )
+ ),
+ b(a(str("apn"), arg),
+ c(
+ b(a(str("imsi-prefix"), arg),
+ c(
+ b(str("action"),
+ c(
+ c(
+ str("pass"),
+ str("drop"),
+ b(str("selection"),
+ c(
+ str("ms"),
+ str("net"),
+ str("vrf")
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ ),
+ b(str("restart-path"),
+ (str("echo") | str("create") | str("all"))
+ ),
+ str("seq-number-validated"),
+ str("gtp-in-gtp-denied"),
+ str("u-tunnel-validated"),
+ str("end-user-address-validated"),
+ a(str("req-timeout"), arg),
+ str("handover-on-roaming-intf"),
+ b(str("handover-group"),
+ c(
+ arg
+ )
+ )
+ )
+ ),
+ b(str("traceoptions"),
+ c(
+ str("no-remote-trace"),
+ b(str("file"),
+ sca(
+ a(str("size"), arg),
+ a(str("files"), arg),
+ str("world-readable"),
+ str("no-world-readable"),
+ b(str("match"),
+ regular_expression
+ )
+ )
+ ).as(:oneline),
+ a(str("flag"), enum(str("configuration") | str("flow") | str("parser") | str("chassis-cluster") | str("gsn") | str("jmpi") | str("tnl") | str("req") | str("path") | str("all"))).as(:oneline),
+ b(str("trace-level"),
+ c(
+ c(
+ str("error"),
+ str("warning"),
+ str("notice"),
+ str("info"),
+ str("verbose")
+ )
+ )
+ )
+ )
+ ),
+ b(a(str("handover-group"), arg),
+ c(
+ b(a(str("address-book"), arg),
+ c(
+ b(str("address-set"),
+ c(
+ arg
+ )
+ )
+ )
+ )
+ )
+ ),
+ b(str("handover-default"),
+ c(
+ str("deny")
+ )
+ )
+ )
+ ),
+ b(str("sctp"),
+ c(
+ b(a(str("profile"), arg),
+ c(
+ str("nat-only"),
+ a(str("association-timeout"), arg),
+ a(str("handshake-timeout"), arg),
+ b(str("drop"),
+ c(
+ a(str("m3ua-service"), enum(str("sccp") | str("tup") | str("isup"))).as(:oneline),
+ a(str("payload-protocol"), enum(str("reserved") | str("iua") | str("m2ua") | str("m3ua") | str("sua") | str("m2pa") | str("v5ua") | str("h248") | str("bicc") | str("tali") | str("dua") | str("asap") | str("enrp") | str("h323") | str("qipc") | str("simco") | str("ddp-segment") | str("ddp-stream") | str("s1ap") | str("x2ap") | str("diameter-sctp") | str("diameter-dtls") | str("all") | arg)).as(:oneline)
+ )
+ ),
+ b(str("permit"),
+ c(
+ a(str("payload-protocol"), enum(str("reserved") | str("iua") | str("m2ua") | str("m3ua") | str("sua") | str("m2pa") | str("v5ua") | str("h248") | str("bicc") | str("tali") | str("dua") | str("asap") | str("enrp") | str("h323") | str("qipc") | str("simco") | str("ddp-segment") | str("ddp-stream") | str("s1ap") | str("x2ap") | str("diameter-sctp") | str("diameter-dtls") | str("all") | arg)).as(:oneline)
+ )
+ ),
+ b(str("limit"),
+ c(
+ a(str("payload-protocol"), enum(str("reserved") | str("iua") | str("m2ua") | str("m3ua") | str("sua") | str("m2pa") | str("v5ua") | str("h248") | str("bicc") | str("tali") | str("dua") | str("asap") | str("enrp") | str("h323") | str("qipc") | str("simco") | str("ddp-segment") | str("ddp-stream") | str("s1ap") | str("x2ap") | str("diameter-sctp") | str("diameter-dtls") | str("others") | arg),
+ c(
+ a(str("rate"), arg)
+ )
+ ).as(:oneline),
+ b(a(str("address"), arg),
+ c(
+ a(str("payload-protocol"), enum(str("reserved") | str("iua") | str("m2ua") | str("m3ua") | str("sua") | str("m2pa") | str("v5ua") | str("h248") | str("bicc") | str("tali") | str("dua") | str("asap") | str("enrp") | str("h323") | str("qipc") | str("simco") | str("ddp-segment") | str("ddp-stream") | str("s1ap") | str("x2ap") | str("diameter-sctp") | str("diameter-dtls") | str("others") | arg),
+ c(
+ a(str("rate"), arg)
+ )
+ ).as(:oneline)
+ )
+ ),
+ b(str("rate"),
+ c(
+ a(str("sccp"), arg),
+ a(str("ssp"), arg),
+ a(str("sst"), arg),
+ b(a(str("address"), arg),
+ c(
+ a(str("sccp"), arg),
+ a(str("ssp"), arg),
+ a(str("sst"), arg)
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ ),
+ b(str("multichunk-inspection"),
+ c(
+ c(
+ str("disable")
+ )
+ )
+ ),
+ b(str("nullpdu"),
+ c(
+ b(str("protocol"),
+ c(
+ c(
+ str("ID-0x0000"),
+ str("ID-0xFFFF")
+ )
+ )
+ )
+ )
+ ),
+ a(str("log"), enum(str("configuration") | str("rate-limit") | str("association") | str("data-message-drop") | str("control-message-drop") | str("control-message-all"))).as(:oneline),
+ b(str("traceoptions"),
+ c(
+ str("no-remote-trace"),
+ b(str("file"),
+ sca(
+ a(str("size"), arg),
+ a(str("files"), arg),
+ str("world-readable"),
+ str("no-world-readable"),
+ b(str("match"),
+ regular_expression
+ )
+ )
+ ).as(:oneline),
+ a(str("flag"), enum(str("configuration") | str("detail") | str("flow") | str("parser") | str("chassis-cluster") | str("all"))).as(:oneline)
+ )
+ )
+ )
+ )
+ )
+ ),
+ b(str("ngfw"),
+ c(
+ b(str("default-profile"),
+ c(
+ b(str("ssl-proxy"),
+ c(
+ a(str("profile-name"), arg)
+ )
+ ),
+ b(str("application-traffic-control"),
+ jsf_application_traffic_control_rule_set_type
+ )
+ )
+ )
+ )
+ ),
b(str("macsec"),
security_macsec
)
)
),
+ # End of vSRX 18.3R1.9
+
b(str("interfaces"),
c(
b(a(str("pic-set"), arg),
c(
a(str("interface"), arg),
@@ -94560,7 +96247,3404 @@
pm_rspan_vlan
)
)
)
end
+
+ # Ported from vSRX 18.3R1.9
+ rule(:alg_object) do
+ c(
+ b(str("traceoptions"),
+ c(
+ str("no-remote-trace"),
+ b(str("file"),
+ sca(
+ a(str("size"), arg),
+ a(str("files"), arg),
+ str("world-readable"),
+ str("no-world-readable"),
+ b(str("match"),
+ regular_expression
+ )
+ )
+ ).as(:oneline),
+ b(str("level"),
+ (str("brief") | str("detail") | str("extensive") | str("verbose"))
+ )
+ )
+ ),
+ b(str("alg-manager"),
+ c(
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("all")),
+ c(
+ c(
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("alg-support-lib"),
+ c(
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("all")),
+ c(
+ c(
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("dns"),
+ c(
+ str("disable"),
+ a(str("maximum-message-length"), arg),
+ str("oversize-message-drop"),
+ b(str("doctoring"),
+ c(
+ c(
+ str("none"),
+ str("sanity-check")
+ )
+ )
+ ),
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("all")),
+ c(
+ c(
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ),
+ b(str("ftp"),
+ c(
+ str("disable"),
+ str("ftps-extension"),
+ str("line-break-extension"),
+ str("allow-mismatch-ip-address"),
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("all")),
+ c(
+ c(
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("h323"),
+ c(
+ str("disable"),
+ a(str("endpoint-registration-timeout"), arg),
+ str("media-source-port-any"),
+ b(str("application-screen"),
+ c(
+ b(str("unknown-message"),
+ c(
+ str("permit-nat-applied"),
+ str("permit-routed")
+ )
+ ),
+ b(str("message-flood"),
+ c(
+ b(str("gatekeeper"),
+ c(
+ a(str("threshold"), arg)
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ),
+ b(str("dscp-rewrite"),
+ c(
+ a(str("code-point"), arg)
+ )
+ ),
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("q931") | str("h245") | str("ras") | str("h225-asn1") | str("h245-asn1") | str("ras-asn1") | str("chassis-cluster") | str("all")),
+ c(
+ c(
+ str("terse"),
+ str("detail"),
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ),
+ b(str("mgcp"),
+ c(
+ str("disable"),
+ a(str("inactive-media-timeout"), arg),
+ a(str("transaction-timeout"), arg),
+ a(str("maximum-call-duration"), arg),
+ b(str("application-screen"),
+ c(
+ b(str("unknown-message"),
+ c(
+ str("permit-nat-applied"),
+ str("permit-routed")
+ )
+ ),
+ b(str("message-flood"),
+ c(
+ a(str("threshold"), arg)
+ )
+ ).as(:oneline),
+ b(str("connection-flood"),
+ c(
+ a(str("threshold"), arg)
+ )
+ ).as(:oneline)
+ )
+ ),
+ b(str("dscp-rewrite"),
+ c(
+ a(str("code-point"), arg)
+ )
+ ),
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("call") | str("decode") | str("error") | str("chassis-cluster") | str("nat") | str("packet") | str("rm") | str("all")),
+ c(
+ c(
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ),
+ b(str("msrpc"),
+ c(
+ str("disable"),
+ a(str("group-max-usage"), arg),
+ a(str("map-entry-timeout"), arg),
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("all")),
+ c(
+ c(
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("sunrpc"),
+ c(
+ str("disable"),
+ a(str("group-max-usage"), arg),
+ a(str("map-entry-timeout"), arg),
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("all")),
+ c(
+ c(
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("rsh"),
+ c(
+ str("disable"),
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("all")),
+ c(
+ c(
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ),
+ b(str("rtsp"),
+ c(
+ str("disable"),
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("all")),
+ c(
+ c(
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("sccp"),
+ c(
+ str("disable"),
+ a(str("inactive-media-timeout"), arg),
+ b(str("application-screen"),
+ c(
+ b(str("unknown-message"),
+ c(
+ str("permit-nat-applied"),
+ str("permit-routed")
+ )
+ ),
+ b(str("call-flood"),
+ c(
+ a(str("threshold"), arg)
+ )
+ ).as(:oneline)
+ )
+ ),
+ b(str("dscp-rewrite"),
+ c(
+ a(str("code-point"), arg)
+ )
+ ),
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("call") | str("cli") | str("decode") | str("error") | str("chassis-cluster") | str("init") | str("nat") | str("rm") | str("all")),
+ c(
+ c(
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ),
+ b(str("sip"),
+ c(
+ str("disable"),
+ a(str("inactive-media-timeout"), arg),
+ a(str("maximum-call-duration"), arg),
+ a(str("t1-interval"), arg),
+ a(str("t4-interval"), arg),
+ a(str("c-timeout"), arg),
+ str("disable-call-id-hiding"),
+ str("retain-hold-resource"),
+ b(str("hide-via-headers"),
+ c(
+ str("disable")
+ )
+ ),
+ str("distribution-ip"),
+ b(str("application-screen"),
+ c(
+ b(str("unknown-message"),
+ c(
+ str("permit-nat-applied"),
+ str("permit-routed")
+ )
+ ),
+ b(str("protect"),
+ c(
+ b(str("deny"),
+ c(
+ c(
+ a(str("destination-ip"), arg),
+ str("all")
+ ),
+ a(str("timeout"), arg)
+ )
+ )
+ )
+ )
+ )
+ ),
+ b(str("dscp-rewrite"),
+ c(
+ a(str("code-point"), arg)
+ )
+ ),
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("call") | str("chassis-cluster") | str("nat") | str("parser") | str("rm") | str("all")),
+ c(
+ c(
+ str("terse"),
+ str("detail"),
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ),
+ b(str("sql"),
+ c(
+ str("disable"),
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("all")),
+ c(
+ c(
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("talk"),
+ c(
+ str("disable"),
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("all")),
+ c(
+ c(
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("tftp"),
+ c(
+ str("disable"),
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("all")),
+ c(
+ c(
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("pptp"),
+ c(
+ str("disable"),
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("all")),
+ c(
+ c(
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("ike-esp-nat"),
+ c(
+ str("enable"),
+ a(str("esp-gate-timeout"), arg),
+ a(str("esp-session-timeout"), arg),
+ a(str("state-timeout"), arg),
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("all")),
+ c(
+ c(
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ),
+ b(str("twamp"),
+ c(
+ b(str("traceoptions"),
+ c(
+ a(str("flag"), enum(str("all")),
+ c(
+ c(
+ str("extensive")
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ )
+ )
+ end
+
+ rule(:anti_spam_feature) do
+ c(
+ b(str("sbl"),
+ sbl_type
+ )
+ )
+ end
+
+ rule(:anti_virus_feature) do
+ c(
+ b(str("sophos-engine"),
+ c(
+ b(a(str("profile"), arg),
+ c(
+ b(str("fallback-options"),
+ sophos_fallback_settings
+ ),
+ b(str("scan-options"),
+ sophos_scan_options
+ ),
+ b(str("trickling"),
+ anti_virus_trickling
+ ),
+ b(str("notification-options"),
+ anti_virus_notification_options
+ ),
+ b(str("mime-whitelist"),
+ c(
+ a(str("list"), arg),
+ a(str("exception"), arg)
+ )
+ ),
+ a(str("url-whitelist"), arg)
+ )
+ )
+ )
+ )
+ )
+ end
+
+ rule(:anti_virus_notification_options) do
+ c(
+ b(str("virus-detection"),
+ c(
+ b(str("type"),
+ (str("protocol-only") | str("message"))
+ ),
+ str("notify-mail-sender"),
+ str("no-notify-mail-sender"),
+ a(str("custom-message"), arg),
+ a(str("custom-message-subject"), arg)
+ )
+ ),
+ b(str("fallback-block"),
+ c(
+ b(str("type"),
+ (str("protocol-only") | str("message"))
+ ),
+ str("notify-mail-sender"),
+ str("no-notify-mail-sender"),
+ a(str("custom-message"), arg),
+ a(str("custom-message-subject"), arg)
+ )
+ ),
+ b(str("fallback-non-block"),
+ c(
+ str("notify-mail-recipient"),
+ str("no-notify-mail-recipient"),
+ a(str("custom-message"), arg),
+ a(str("custom-message-subject"), arg)
+ )
+ )
+ )
+ end
+
+ rule(:anti_virus_trickling) do
+ c(
+ a(str("timeout"), arg)
+ ).as(:oneline)
+ end
+
+ rule(:apbr_rule_type) do
+ b(arg.as(:arg),
+ c(
+ b(str("match"),
+ c(
+ b(str("dynamic-application"),
+ (str("junos:UNKNOWN") | arg)
+ ),
+ b(str("dynamic-application-group"),
+ (str("junos:unassigned") | arg)
+ ),
+ b(str("category"),
+ (arg | arg)
+ )
+ )
+ ),
+ b(str("then"),
+ c(
+ b(str("routing-instance"),
+ c(
+ arg
+ )
+ ).as(:oneline),
+ b(str("sla-rule"),
+ c(
+ arg
+ )
+ )
+ )
+ )
+ )
+ )
+ end
+
+ rule(:appfw_rule_type) do
+ b(arg.as(:arg),
+ c(
+ b(str("match"),
+ c(
+ b(str("dynamic-application"),
+ (str("junos:UNKNOWN") | arg)
+ ),
+ b(str("dynamic-application-group"),
+ (str("junos:unassigned") | arg)
+ ),
+ b(str("ssl-encryption"),
+ (str("any") | str("yes") | str("no"))
+ )
+ )
+ ),
+ b(str("then"),
+ c(
+ c(
+ str("permit"),
+ b(str("deny"),
+ c(
+ str("block-message")
+ )
+ ),
+ b(str("reject"),
+ c(
+ str("block-message")
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ end
+
+ rule(:appqoe_probe_params) do
+ c(
+ b(str("data-fill"),
+ c(
+ arg
+ )
+ ),
+ b(str("data-size"),
+ c(
+ arg
+ )
+ ),
+ b(str("probe-interval"),
+ c(
+ arg
+ )
+ ),
+ b(str("probe-count"),
+ c(
+ arg
+ )
+ ),
+ b(str("burst-size"),
+ c(
+ arg
+ )
+ ),
+ b(str("sla-export-interval"),
+ c(
+ arg
+ )
+ ),
+ b(str("dscp-code-points"),
+ c(
+ arg
+ )
+ )
+ )
+ end
+
+ rule(:appqoe_probe_path) do
+ c(
+ b(str("local"),
+ appqoe_node
+ ),
+ b(str("remote"),
+ appqoe_node
+ )
+ )
+ end
+
+ rule(:appqoe_node) do
+ c(
+ b(str("ip-address"),
+ c(
+ ipv4addr
+ )
+ )
+ )
+ end
+
+ rule(:appqoe_sla_metric_profile) do
+ c(
+ b(str("delay-round-trip"),
+ c(
+ arg
+ )
+ ),
+ b(str("jitter"),
+ c(
+ arg
+ )
+ ),
+ b(str("jitter-type"),
+ c(
+ c(
+ str("two-way-jitter"),
+ str("egress-jitter"),
+ str("ingress-jitter")
+ )
+ )
+ ),
+ b(str("packet-loss"),
+ c(
+ arg
+ )
+ ),
+ b(str("match"),
+ c(
+ c(
+ str("any-one"),
+ str("all")
+ )
+ )
+ )
+ )
+ end
+
+ rule(:authentication_source_type) do
+ b((str("local-authentication-table") | str("unified-access-control") | str("firewall-authentication") | str("active-directory-authentication-table") | str("aruba-clearpass")).as(:arg),
+ c(
+ c(
+ a(str("priority"), arg)
+ )
+ )
+ )
+ end
+
+ rule(:category_list_type) do
+ b(arg.as(:arg),
+ c(
+ a(str("value"), arg)
+ )
+ )
+ end
+
+ rule(:command_list_type) do
+ b(arg.as(:arg),
+ c(
+ a(str("value"), arg)
+ )
+ )
+ end
+
+ rule(:content_filtering_feature) do
+ c(
+ b(a(str("profile"), arg),
+ c(
+ a(str("permit-command"), arg),
+ a(str("block-command"), arg),
+ a(str("block-extension"), arg),
+ b(str("block-mime"),
+ c(
+ a(str("list"), arg),
+ a(str("exception"), arg)
+ )
+ ),
+ b(str("block-content-type"),
+ c(
+ str("activex"),
+ str("java-applet"),
+ str("exe"),
+ str("zip"),
+ str("http-cookie")
+ )
+ ),
+ b(str("notification-options"),
+ c(
+ b(str("type"),
+ (str("protocol-only") | str("message"))
+ ),
+ str("notify-mail-sender"),
+ str("no-notify-mail-sender"),
+ a(str("custom-message"), arg)
+ )
+ )
+ )
+ )
+ )
+ end
+
+ rule(:custom_message_type) do
+ b(arg.as(:arg),
+ c(
+ b(str("type"),
+ (str("redirect-url") | str("user-message"))
+ ),
+ a(str("content"), arg)
+ )
+ )
+ end
+
+ rule(:default_anti_spam_feature) do
+ c(
+ b(str("type"),
+ (str("sbl") | str("anti-spam-none"))
+ ),
+ a(str("address-whitelist"), arg),
+ a(str("address-blacklist"), arg),
+ b(str("traceoptions"),
+ anti_spam_traceoptions
+ ),
+ b(str("sbl"),
+ default_sbl_type
+ )
+ )
+ end
+
+ rule(:anti_spam_traceoptions) do
+ c(
+ a(str("flag"), enum(str("manager") | str("sbl") | str("all"))).as(:oneline)
+ )
+ end
+
+ rule(:default_anti_virus_feature) do
+ c(
+ b(str("mime-whitelist"),
+ c(
+ a(str("list"), arg),
+ a(str("exception"), arg)
+ )
+ ),
+ a(str("url-whitelist"), arg),
+ b(str("type"),
+ (str("sophos-engine") | str("anti-virus-none"))
+ ),
+ b(str("traceoptions"),
+ anti_virus_traceoptions
+ ),
+ b(str("sophos-engine"),
+ c(
+ b(str("server"),
+ c(
+ ipaddr,
+ a(str("routing-instance"), arg)
+ )
+ ),
+ a(str("sxl-timeout"), arg),
+ a(str("sxl-retry"), arg),
+ b(str("pattern-update"),
+ anti_virus_pattern_update
+ ),
+ b(str("fallback-options"),
+ sophos_fallback_settings
+ ),
+ b(str("scan-options"),
+ default_sophos_scan_options
+ ),
+ b(str("trickling"),
+ anti_virus_trickling
+ ),
+ b(str("notification-options"),
+ anti_virus_notification_options
+ )
+ )
+ )
+ )
+ end
+
+ rule(:anti_virus_pattern_update) do
+ c(
+ b(str("email-notify"),
+ c(
+ a(str("admin-email"), arg),
+ a(str("custom-message"), arg),
+ a(str("custom-message-subject"), arg)
+ )
+ ),
+ a(str("url"), arg),
+ a(str("proxy-profile"), arg),
+ a(str("routing-instance"), arg),
+ a(str("interval"), arg),
+ str("no-autoupdate")
+ )
+ end
+
+ rule(:anti_virus_traceoptions) do
+ c(
+ a(str("flag"), enum(str("basic") | str("detail") | str("engine") | str("pattern") | str("updater") | str("manager") | str("worker") | str("sendmail") | str("ipc") | str("event") | str("statistics") | str("all"))).as(:oneline)
+ )
+ end
+
+ rule(:default_content_filtering_feature) do
+ c(
+ b(str("type"),
+ (str("local") | str("content-filtering-none"))
+ ),
+ b(str("traceoptions"),
+ content_filtering_traceoptions
+ ),
+ a(str("permit-command"), arg),
+ a(str("block-command"), arg),
+ a(str("block-extension"), arg),
+ b(str("block-mime"),
+ c(
+ a(str("list"), arg),
+ a(str("exception"), arg)
+ )
+ ),
+ b(str("block-content-type"),
+ c(
+ str("activex"),
+ str("java-applet"),
+ str("exe"),
+ str("zip"),
+ str("http-cookie")
+ )
+ ),
+ b(str("notification-options"),
+ c(
+ b(str("type"),
+ (str("protocol-only") | str("message"))
+ ),
+ str("notify-mail-sender"),
+ str("no-notify-mail-sender"),
+ a(str("custom-message"), arg)
+ )
+ )
+ )
+ end
+
+ rule(:content_filtering_traceoptions) do
+ c(
+ a(str("flag"), enum(str("basic") | str("detail") | str("all"))).as(:oneline)
+ )
+ end
+
+ rule(:default_sbl_type) do
+ c(
+ str("sbl-default-server"),
+ str("no-sbl-default-server"),
+ b(str("spam-action"),
+ (str("block") | str("tag-header") | str("tag-subject"))
+ ),
+ a(str("custom-tag-string"), arg)
+ )
+ end
+
+ rule(:default_sophos_scan_options) do
+ c(
+ str("uri-check"),
+ str("no-uri-check"),
+ a(str("content-size-limit"), arg),
+ a(str("timeout"), arg)
+ )
+ end
+
+ rule(:default_webfilter_feature) do
+ c(
+ a(str("url-whitelist"), arg),
+ a(str("url-blacklist"), arg),
+ str("http-reassemble"),
+ str("http-persist"),
+ b(str("type"),
+ (str("websense-redirect") | str("juniper-local") | str("juniper-enhanced") | str("web-filtering-none"))
+ ),
+ b(str("traceoptions"),
+ web_filtering_traceoptions
+ ),
+ b(str("websense-redirect"),
+ default_websense_type
+ ),
+ b(str("juniper-local"),
+ default_juniper_local_type
+ ),
+ b(str("juniper-enhanced"),
+ default_juniper_enhanced_type
+ )
+ )
+ end
+
+ rule(:default_juniper_enhanced_type) do
+ c(
+ b(str("cache"),
+ c(
+ a(str("timeout"), arg),
+ a(str("size"), arg)
+ )
+ ),
+ b(str("server"),
+ juniper_enhanced_server
+ ),
+ b(str("reputation"),
+ c(
+ a(str("reputation-very-safe"), arg),
+ a(str("reputation-moderately-safe"), arg),
+ a(str("reputation-fairly-safe"), arg),
+ a(str("reputation-suspicious"), arg)
+ )
+ ),
+ a(str("base-filter"), arg),
+ b(str("category"),
+ juniper_enhanced_category_type
+ ),
+ b(str("site-reputation-action"),
+ juniper_enhanced_site_reputation_setting
+ ),
+ b(str("default"),
+ (str("permit") | str("block") | str("log-and-permit") | str("quarantine"))
+ ),
+ a(str("custom-block-message"), arg),
+ a(str("quarantine-custom-message"), arg),
+ b(str("fallback-settings"),
+ web_filtering_fallback_setting
+ ),
+ a(str("timeout"), arg),
+ str("no-safe-search"),
+ b(str("block-message"),
+ web_filtering_block_message
+ ),
+ b(str("quarantine-message"),
+ web_filtering_quarantine_message
+ )
+ )
+ end
+
+ rule(:default_juniper_local_type) do
+ c(
+ b(str("default"),
+ (str("permit") | str("block") | str("log-and-permit"))
+ ),
+ b(str("category"),
+ custom_category_type
+ ),
+ a(str("custom-block-message"), arg),
+ a(str("quarantine-custom-message"), arg),
+ b(str("block-message"),
+ web_filtering_block_message
+ ),
+ b(str("quarantine-message"),
+ web_filtering_quarantine_message
+ ),
+ b(str("fallback-settings"),
+ web_filtering_fallback_setting
+ ),
+ a(str("timeout"), arg)
+ )
+ end
+
+ rule(:custom_category_type) do
+ b(arg.as(:arg),
+ c(
+ b(str("action"),
+ (str("permit") | str("log-and-permit") | str("block") | str("quarantine"))
+ ),
+ a(str("custom-message"), arg)
+ )
+ )
+ end
+
+ rule(:default_websense_type) do
+ c(
+ b(str("server"),
+ server
+ ),
+ b(str("category"),
+ custom_category_type
+ ),
+ a(str("custom-block-message"), arg),
+ a(str("quarantine-custom-message"), arg),
+ b(str("block-message"),
+ web_filtering_block_message
+ ),
+ b(str("quarantine-message"),
+ web_filtering_quarantine_message
+ ),
+ b(str("fallback-settings"),
+ web_filtering_fallback_setting
+ ),
+ a(str("timeout"), arg),
+ a(str("sockets"), arg),
+ a(str("account"), arg)
+ )
+ end
+
+ rule(:e2e_action_profile) do
+ b(arg.as(:arg),
+ c(
+ str("preserve-trace-order"),
+ str("record-pic-history"),
+ b(str("event"),
+ e2e_event
+ ),
+ b(str("module"),
+ e2e_module
+ )
+ )
+ )
+ end
+
+ rule(:e2e_event) do
+ b((str("np-ingress") | str("np-egress") | str("mac-ingress") | str("mac-egress") | str("lbt") | str("pot") | str("jexec") | str("lt-enter") | str("lt-leave")).as(:arg),
+ c(
+ str("trace"),
+ str("count"),
+ str("packet-summary"),
+ str("packet-dump")
+ )
+ )
+ end
+
+ rule(:e2e_module) do
+ b((str("flow")).as(:arg),
+ c(
+ a(str("flag"), enum(str("all"))).as(:oneline)
+ )
+ )
+ end
+
+ rule(:end_to_end_debug_filter) do
+ b(arg.as(:arg),
+ c(
+ b(str("action-profile"),
+ (str("default") | arg)
+ ),
+ b(str("protocol"),
+ (str("icmp6") | str("icmpv6") | str("igmp") | str("ipip") | str("tcp") | str("egp") | str("udp") | str("rsvp") | str("gre") | str("esp") | str("ah") | str("icmp") | str("ospf") | str("pim") | str("sctp") | arg)
+ ),
+ b(str("source-prefix"),
+ ipprefix
+ ),
+ b(str("destination-prefix"),
+ ipprefix
+ ),
+ b(str("source-port"),
+ (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg)
+ ),
+ b(str("destination-port"),
+ (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg)
+ ),
+ b(str("interface"),
+ interface_name
+ )
+ )
+ )
+ end
+
+ rule(:extension_list_type) do
+ b(arg.as(:arg),
+ c(
+ a(str("value"), arg)
+ )
+ )
+ end
+
+ rule(:flow_filter_type) do
+ b(arg.as(:arg),
+ c(
+ b(str("protocol"),
+ (str("icmp6") | str("icmpv6") | str("igmp") | str("ipip") | str("tcp") | str("egp") | str("udp") | str("rsvp") | str("gre") | str("esp") | str("ah") | str("icmp") | str("ospf") | str("pim") | str("sctp") | arg)
+ ),
+ b(str("source-prefix"),
+ ipprefix
+ ),
+ b(str("destination-prefix"),
+ ipprefix
+ ),
+ a(str("conn-tag"), arg),
+ a(str("logical-system"), arg),
+ b(str("source-port"),
+ (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg)
+ ),
+ b(str("destination-port"),
+ (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg)
+ ),
+ b(str("interface"),
+ interface_name
+ )
+ )
+ )
+ end
+
+ rule(:host_object) do
+ c(
+ ipaddr,
+ a(str("port"), arg),
+ a(str("routing-instance"), arg)
+ )
+ end
+
+ rule(:ids_option_type) do
+ b(arg.as(:arg),
+ c(
+ a(str("description"), quote | arg),
+ str("alarm-without-drop"),
+ b(str("match-direction"),
+ (str("input") | str("output") | str("input-output"))
+ ),
+ b(str("icmp"),
+ c(
+ b(str("ip-sweep"),
+ c(
+ a(str("threshold"), arg)
+ )
+ ).as(:oneline),
+ str("fragment"),
+ str("large"),
+ b(str("flood"),
+ c(
+ a(str("threshold"), arg)
+ )
+ ).as(:oneline),
+ str("ping-death"),
+ str("icmpv6-malformed")
+ )
+ ),
+ b(str("ip"),
+ c(
+ str("bad-option"),
+ str("record-route-option"),
+ str("timestamp-option"),
+ str("security-option"),
+ str("stream-option"),
+ str("spoofing"),
+ str("source-route-option"),
+ str("loose-source-route-option"),
+ str("strict-source-route-option"),
+ str("unknown-protocol"),
+ str("block-frag"),
+ str("tear-drop"),
+ b(str("ipv6-extension-header"),
+ c(
+ b(str("hop-by-hop-header"),
+ c(
+ str("jumbo-payload-option"),
+ str("router-alert-option"),
+ str("quick-start-option"),
+ str("CALIPSO-option"),
+ str("SMF-DPD-option"),
+ str("RPL-option"),
+ b(a(str("user-defined-option-type"), arg),
+ c(
+ b(str("to"),
+ c(
+ arg
+ )
+ )
+ )
+ ).as(:oneline)
+ )
+ ),
+ str("routing-header"),
+ str("fragment-header"),
+ str("ESP-header"),
+ str("AH-header"),
+ str("no-next-header"),
+ b(str("destination-header"),
+ c(
+ str("tunnel-encapsulation-limit-option"),
+ str("home-address-option"),
+ str("ILNP-nonce-option"),
+ str("line-identification-option"),
+ b(a(str("user-defined-option-type"), arg),
+ c(
+ b(str("to"),
+ c(
+ arg
+ )
+ )
+ )
+ ).as(:oneline)
+ )
+ ),
+ str("shim6-header"),
+ str("mobility-header"),
+ str("HIP-header"),
+ b(a(str("user-defined-header-type"), arg),
+ c(
+ b(str("to"),
+ c(
+ arg
+ )
+ )
+ )
+ ).as(:oneline)
+ )
+ ),
+ a(str("ipv6-extension-header-limit"), arg),
+ str("ipv6-malformed-header"),
+ b(str("tunnel"),
+ c(
+ str("bad-inner-header"),
+ b(str("gre"),
+ c(
+ str("gre-6in4"),
+ str("gre-4in6"),
+ str("gre-6in6"),
+ str("gre-4in4")
+ )
+ ),
+ b(str("ip-in-udp"),
+ c(
+ str("teredo")
+ )
+ ),
+ b(str("ipip"),
+ c(
+ str("ipip-6to4relay"),
+ str("ipip-6in4"),
+ str("ipip-4in6"),
+ str("ipip-4in4"),
+ str("ipip-6in6"),
+ str("ipip-6over4"),
+ str("isatap"),
+ str("dslite")
+ )
+ )
+ )
+ )
+ )
+ ),
+ b(str("tcp"),
+ c(
+ str("syn-fin"),
+ str("fin-no-ack"),
+ str("tcp-no-flag"),
+ str("syn-frag"),
+ b(str("port-scan"),
+ c(
+ a(str("threshold"), arg)
+ )
+ ).as(:oneline),
+ b(str("syn-ack-ack-proxy"),
+ c(
+ a(str("threshold"), arg)
+ )
+ ).as(:oneline),
+ b(str("syn-flood"),
+ c(
+ a(str("alarm-threshold"), arg),
+ a(str("attack-threshold"), arg),
+ a(str("source-threshold"), arg),
+ a(str("destination-threshold"), arg),
+ a(str("queue-size"), arg),
+ a(str("timeout"), arg),
+ b(a(str("white-list"), arg),
+ c(
+ b(str("source-address"),
+ ipprefix
+ ),
+ b(str("destination-address"),
+ ipprefix
+ )
+ )
+ )
+ )
+ ),
+ str("land"),
+ str("winnuke"),
+ b(str("tcp-sweep"),
+ c(
+ a(str("threshold"), arg)
+ )
+ ).as(:oneline)
+ )
+ ),
+ b(str("udp"),
+ c(
+ b(str("flood"),
+ c(
+ a(str("threshold"), arg),
+ a(str("white-list"), arg)
+ )
+ ),
+ b(str("udp-sweep"),
+ c(
+ a(str("threshold"), arg)
+ )
+ ).as(:oneline),
+ b(str("port-scan"),
+ c(
+ a(str("threshold"), arg)
+ )
+ ).as(:oneline)
+ )
+ ),
+ b(str("limit-session"),
+ c(
+ a(str("source-ip-based"), arg),
+ a(str("destination-ip-based"), arg),
+ b(str("by-source"),
+ c(
+ a(str("maximum-sessions"), arg),
+ a(str("packet-rate"), arg),
+ a(str("session-rate"), arg),
+ b(str("by-protocol"),
+ by_protocol_object_type
+ )
+ )
+ ),
+ b(str("by-destination"),
+ c(
+ a(str("maximum-sessions"), arg),
+ a(str("packet-rate"), arg),
+ a(str("session-rate"), arg),
+ b(str("by-protocol"),
+ by_protocol_object_type
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ end
+
+ rule(:by_protocol_object_type) do
+ c(
+ b(str("tcp"),
+ c(
+ a(str("maximum-sessions"), arg),
+ a(str("packet-rate"), arg),
+ a(str("session-rate"), arg)
+ )
+ ),
+ b(str("udp"),
+ c(
+ a(str("maximum-sessions"), arg),
+ a(str("packet-rate"), arg),
+ a(str("session-rate"), arg)
+ )
+ ),
+ b(str("icmp"),
+ c(
+ a(str("maximum-sessions"), arg),
+ a(str("packet-rate"), arg),
+ a(str("session-rate"), arg)
+ )
+ )
+ )
+ end
+
+ rule(:ids_wlist_type) do
+ b(arg.as(:arg),
+ c(
+ b(str("address"),
+ ipprefix
+ )
+ )
+ )
+ end
+
+ rule(:jsf_application_traffic_control_rule_set_type) do
+ c(
+ a(str("rule-set"), arg)
+ )
+ end
+
+ rule(:juniper_enhanced_category_type) do
+ b(arg.as(:arg),
+ c(
+ b(str("action"),
+ (str("permit") | str("log-and-permit") | str("block") | str("quarantine"))
+ ),
+ a(str("custom-message"), arg)
+ )
+ )
+ end
+
+ rule(:juniper_enhanced_server) do
+ c(
+ a(str("host"), arg),
+ a(str("port"), arg),
+ a(str("proxy-profile"), arg),
+ a(str("routing-instance"), arg)
+ )
+ end
+
+ rule(:juniper_enhanced_site_reputation_setting) do
+ c(
+ b(str("very-safe"),
+ (str("permit") | str("log-and-permit") | str("block") | str("quarantine"))
+ ),
+ b(str("moderately-safe"),
+ (str("permit") | str("log-and-permit") | str("block") | str("quarantine"))
+ ),
+ b(str("fairly-safe"),
+ (str("permit") | str("log-and-permit") | str("block") | str("quarantine"))
+ ),
+ b(str("suspicious"),
+ (str("permit") | str("log-and-permit") | str("block") | str("quarantine"))
+ ),
+ b(str("harmful"),
+ (str("permit") | str("log-and-permit") | str("block") | str("quarantine"))
+ )
+ )
+ end
+
+ rule(:logical_system_type) do
+ b(arg.as(:arg),
+ c(
+ a(str("max-sessions"), arg)
+ )
+ )
+ end
+
+ rule(:mime_list_type) do
+ b(arg.as(:arg),
+ c(
+ a(str("value"), arg)
+ )
+ )
+ end
+
+ rule(:mirror_filter_type) do
+ b(arg.as(:arg),
+ c(
+ b(str("protocol"),
+ (str("icmp6") | str("icmpv6") | str("igmp") | str("ipip") | str("tcp") | str("egp") | str("udp") | str("rsvp") | str("gre") | str("esp") | str("ah") | str("icmp") | str("ospf") | str("pim") | str("sctp") | arg)
+ ),
+ b(str("source-prefix"),
+ ipprefix
+ ),
+ b(str("destination-prefix"),
+ ipprefix
+ ),
+ b(str("source-port"),
+ (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg)
+ ),
+ b(str("destination-port"),
+ (str("ftp-data") | str("ftp") | str("ssh") | str("telnet") | str("smtp") | str("tacacs") | str("tacacs-ds") | str("domain") | str("dhcp") | str("bootps") | str("bootpc") | str("tftp") | str("finger") | str("https") | str("kerberos-sec") | str("pop3") | str("sunrpc") | str("ident") | str("nntp") | str("ntp") | str("netbios-ns") | str("netbios-dgm") | str("netbios-ssn") | str("imap") | str("snmptrap") | str("snmp") | str("xdmcp") | str("bgp") | str("ldap") | str("mobileip-agent") | str("mobilip-mn") | str("msdp") | str("http") | str("snpp") | str("biff") | str("exec") | str("login") | str("who") | str("cmd") | str("syslog") | str("printer") | str("talk") | str("ntalk") | str("rip") | str("timed") | str("klogin") | str("kshell") | str("ldp") | str("krb-prop") | str("krbupdate") | str("kpasswd") | str("socks") | str("afs") | str("pptp") | str("radius") | str("radacct") | str("zephyr-srv") | str("zephyr-clt") | str("zephyr-hm") | str("nfsd") | str("eklogin") | str("ekshell") | str("rkinit") | str("cvspserver") | arg)
+ ),
+ b(str("interface-in"),
+ interface_name
+ ),
+ b(str("interface-out"),
+ interface_name
+ ),
+ b(str("output"),
+ c(
+ b(str("interface"),
+ interface_name
+ ),
+ a(str("destination-mac"), arg)
+ )
+ )
+ )
+ )
+ end
+
+ rule(:named_address_book_type) do
+ b((str("global") | arg).as(:arg),
+ c(
+ a(str("description"), quote | arg),
+ b(str("address"),
+ address_type
+ ),
+ b(str("address-set"),
+ address_set_type
+ ),
+ b(str("attach"),
+ c(
+ a(str("zone"), arg)
+ )
+ )
+ )
+ )
+ end
+
+ rule(:address_set_type) do
+ b(arg.as(:arg),
+ c(
+ a(str("description"), quote | arg),
+ a(str("address"), arg),
+ a(str("address-set"), arg)
+ )
+ )
+ end
+
+ rule(:address_type) do
+ b(arg.as(:arg),
+ c(
+ a(str("description"), quote | arg),
+ c(
+ ipprefix,
+ b(str("dns-name"),
+ dns_name_type
+ ),
+ b(str("wildcard-address"),
+ wildcard_address_type
+ ),
+ b(str("range-address"),
+ range_address_type
+ )
+ )
+ )
+ )
+ end
+
+ rule(:dns_name_type) do
+ b(arg.as(:arg),
+ c(
+ str("ipv4-only"),
+ str("ipv6-only")
+ )
+ )
+ end
+
+ rule(:nat_object) do
+ c(
+ b(str("source"),
+ ssg_source_nat_object
+ ),
+ b(str("destination"),
+ ssg_destination_nat_object
+ ),
+ b(str("static"),
+ ssg_static_nat_object
+ ),
+ b(str("proxy-arp"),
+ ssg_proxy_arp_object
+ ),
+ b(str("proxy-ndp"),
+ ssg_proxy_ndp_object
+ ),
+ b(str("natv6v4"),
+ c(
+ str("no-v6-frag-header")
+ )
+ ),
+ str("allow-overlapping-pools"),
+ b(str("traceoptions"),
+ c(
+ str("no-remote-trace"),
+ b(str("file"),
+ sca(
+ a(str("size"), arg),
+ a(str("files"), arg),
+ str("world-readable"),
+ str("no-world-readable"),
+ b(str("match"),
+ regular_expression
+ )
+ )
+ ).as(:oneline),
+ a(str("flag"), enum(str("configuration") | str("flow") | str("routing-socket") | str("routing-protocol") | str("all") | str("source-nat-re") | str("source-nat-rt") | str("source-nat-pfe") | str("destination-nat-re") | str("destination-nat-rt") | str("destination-nat-pfe") | str("static-nat-re") | str("static-nat-rt") | str("static-nat-pfe") | str("nat-svc-set-re")),
+ c(
+ str("syslog")
+ )
+ ).as(:oneline)
+ )
+ ),
+ b(str("pool"),
+ nat_pool_object
+ ),
+ str("ipv6-multicast-interfaces"),
+ str("allow-overlapping-nat-pools"),
+ b(str("rule"),
+ nat_rule_object
+ ),
+ b(str("port-forwarding"),
+ pf_mapping
+ ),
+ str("rule-set")
+ )
+ end
+
+ rule(:policy_object_type) do
+ c(
+ b(str("traceoptions"),
+ c(
+ str("no-remote-trace"),
+ b(str("file"),
+ sca(
+ a(str("size"), arg),
+ a(str("files"), arg),
+ str("world-readable"),
+ str("no-world-readable"),
+ b(str("match"),
+ regular_expression
+ )
+ )
+ ).as(:oneline),
+ a(str("flag"), enum(str("configuration") | str("routing-socket") | str("compilation") | str("ipc") | str("rules") | str("lookup") | str("all"))).as(:oneline)
+ )
+ ),
+ b(str("policy"),
+ s(
+ arg,
+ a(str("to-zone-name"), arg),
+ c(
+ b(str("policy"),
+ policy_type
+ )
+ )
+ )
+ ),
+ b(str("global"),
+ c(
+ b(str("policy"),
+ policy_type
+ )
+ )
+ ),
+ b(str("default-policy"),
+ c(
+ c(
+ str("permit-all"),
+ str("deny-all")
+ )
+ )
+ ),
+ b(str("policy-rematch"),
+ c(
+ str("extensive")
+ )
+ ).as(:oneline),
+ b(str("policy-stats"),
+ c(
+ b(str("system-wide"),
+ (str("enable") | str("disable"))
+ )
+ )
+ ),
+ b(str("pre-id-default-policy"),
+ c(
+ b(str("then"),
+ c(
+ b(str("log"),
+ log_type
+ ),
+ b(str("session-timeout"),
+ session_timeout_type
+ )
+ )
+ )
+ )
+ ),
+ b(a(str("stateful-firewall-rule"), arg),
+ c(
+ b(str("match-direction"),
+ (str("input") | str("output") | str("input-output"))
+ ),
+ b(str("policy"),
+ policy_type
+ )
+ )
+ ),
+ b(a(str("stateful-firewall-rule-set"), arg),
+ c(
+ a(str("stateful-firewall-rule"), arg)
+ )
+ )
+ )
+ end
+
+ rule(:log_type) do
+ c(
+ str("session-init"),
+ str("session-close")
+ )
+ end
+
+ rule(:policy_type) do
+ b(arg.as(:arg),
+ c(
+ a(str("description"), quote | arg),
+ b(str("match"),
+ c(
+ c(
+ b(str("source-address"),
+ (str("any") | str("any-ipv4") | str("any-ipv6") | arg)
+ )
+ ),
+ c(
+ b(str("destination-address"),
+ (str("any") | str("any-ipv4") | str("any-ipv6") | arg)
+ )
+ ),
+ str("source-address-excluded"),
+ str("destination-address-excluded"),
+ c(
+ b(str("application"),
+ (str("junos-defaults") | arg)
+ )
+ ),
+ c(
+ b(str("source-identity"),
+ (str("any") | str("authenticated-user") | str("unauthenticated-user") | str("unknown-user") | arg)
+ )
+ ),
+ c(
+ b(str("source-end-user-profile"),
+ match_source_end_user_profile_value
+ )
+ ),
+ c(
+ b(str("dynamic-application"),
+ (str("junos:UNKNOWN") | str("junos:unassigned") | str("any") | str("none") | arg)
+ )
+ ),
+ c(
+ b(str("from-zone"),
+ (str("any") | arg)
+ )
+ ),
+ c(
+ b(str("to-zone"),
+ (str("any") | arg)
+ )
+ )
+ )
+ ),
+ b(str("then"),
+ c(
+ c(
+ str("deny"),
+ b(str("reject"),
+ c(
+ a(str("profile"), arg),
+ b(str("ssl-proxy"),
+ c(
+ a(str("profile-name"), arg)
+ )
+ )
+ )
+ ),
+ b(str("permit"),
+ c(
+ b(str("tunnel"),
+ tunnel_type
+ ),
+ b(str("firewall-authentication"),
+ firewall_authentication_type
+ ),
+ b(str("destination-address"),
+ destination_nat_enable_type
+ ),
+ b(str("application-services"),
+ application_services_type
+ ),
+ b(str("tcp-options"),
+ c(
+ str("syn-check-required"),
+ str("sequence-check-required"),
+ a(str("initial-tcp-mss"), arg),
+ a(str("reverse-tcp-mss"), arg),
+ str("window-scale")
+ )
+ ),
+ str("services-offload")
+ )
+ )
+ ),
+ b(str("log"),
+ log_type
+ ),
+ b(str("count"),
+ count_type
+ )
+ )
+ ),
+ a(str("scheduler-name"), arg)
+ )
+ )
+ end
+
+ rule(:application_services_type) do
+ c(
+ a(str("gprs-gtp-profile"), arg),
+ a(str("gprs-sctp-profile"), arg),
+ str("idp"),
+ a(str("idp-policy"), arg),
+ b(str("ssl-proxy"),
+ c(
+ a(str("profile-name"), arg)
+ )
+ ),
+ b(str("uac-policy"),
+ c(
+ a(str("captive-portal"), arg)
+ )
+ ),
+ a(str("utm-policy"), arg),
+ a(str("icap-redirect"), arg),
+ b(str("application-firewall"),
+ jsf_service_rule_set_type
+ ),
+ b(str("application-traffic-control"),
+ jsf_application_traffic_control_rule_set_type
+ ),
+ c(
+ str("redirect-wx"),
+ str("reverse-redirect-wx")
+ ),
+ a(str("security-intelligence-policy"), arg),
+ a(str("advanced-anti-malware-policy"), arg)
+ )
+ end
+
+ rule(:count_type) do
+
+ end
+
+ rule(:destination_nat_enable_type) do
+ c(
+ c(
+ str("drop-translated"),
+ str("drop-untranslated")
+ )
+ )
+ end
+
+ rule(:firewall_authentication_type) do
+ c(
+ c(
+ b(str("pass-through"),
+ c(
+ a(str("access-profile"), arg),
+ a(str("client-match"), arg),
+ str("web-redirect"),
+ str("web-redirect-to-https"),
+ a(str("ssl-termination-profile"), arg),
+ str("auth-only-browser"),
+ a(str("auth-user-agent"), arg)
+ )
+ ),
+ b(str("web-authentication"),
+ c(
+ a(str("client-match"), arg)
+ )
+ ),
+ b(str("user-firewall"),
+ c(
+ a(str("access-profile"), arg),
+ str("web-redirect"),
+ str("web-redirect-to-https"),
+ a(str("ssl-termination-profile"), arg),
+ str("auth-only-browser"),
+ a(str("auth-user-agent"), arg),
+ a(str("domain"), arg)
+ )
+ )
+ ),
+ str("push-to-identity-management")
+ )
+ end
+
+ rule(:jsf_service_rule_set_type) do
+ c(
+ a(str("rule-set"), arg)
+ )
+ end
+
+ rule(:match_source_end_user_profile_value) do
+ c(
+ arg
+ )
+ end
+
+ rule(:profile_setting) do
+ b(arg.as(:arg),
+ c(
+ b(str("anti-virus"),
+ c(
+ a(str("http-profile"), arg),
+ b(str("ftp"),
+ c(
+ a(str("upload-profile"), arg),
+ a(str("download-profile"), arg)
+ )
+ ),
+ a(str("smtp-profile"), arg),
+ a(str("pop3-profile"), arg),
+ a(str("imap-profile"), arg)
+ )
+ ),
+ b(str("content-filtering"),
+ c(
+ a(str("http-profile"), arg),
+ b(str("ftp"),
+ c(
+ a(str("upload-profile"), arg),
+ a(str("download-profile"), arg)
+ )
+ ),
+ a(str("smtp-profile"), arg),
+ a(str("pop3-profile"), arg),
+ a(str("imap-profile"), arg)
+ )
+ ),
+ b(str("web-filtering"),
+ c(
+ a(str("http-profile"), arg)
+ )
+ ),
+ b(str("anti-spam"),
+ c(
+ a(str("smtp-profile"), arg)
+ )
+ ),
+ b(str("traffic-options"),
+ c(
+ b(str("sessions-per-client"),
+ c(
+ a(str("limit"), arg),
+ b(str("over-limit"),
+ (str("log-and-permit") | str("block"))
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ end
+
+ rule(:ragw_traceoptions) do
+ c(
+ str("no-remote-trace"),
+ b(str("file"),
+ sca(
+ a(str("size"), arg),
+ a(str("files"), arg),
+ str("world-readable"),
+ str("no-world-readable"),
+ b(str("match"),
+ regular_expression
+ )
+ )
+ ).as(:oneline),
+ b(str("level"),
+ (str("brief") | str("detail") | str("extensive") | str("verbose"))
+ ),
+ a(str("flag"), enum(str("configuration") | str("tunnel") | str("session") | str("all"))).as(:oneline)
+ )
+ end
+
+ rule(:range_address_type) do
+ b(arg.as(:arg),
+ c(
+ b(str("to"),
+ c(
+ ipv4addr
+ )
+ )
+ )
+ )
+ end
+
+ rule(:sbl_type) do
+ c(
+ b(a(str("profile"), arg),
+ c(
+ str("sbl-default-server"),
+ str("no-sbl-default-server"),
+ b(str("spam-action"),
+ (str("block") | str("tag-header") | str("tag-subject"))
+ ),
+ a(str("custom-tag-string"), arg),
+ a(str("address-whitelist"), arg),
+ a(str("address-blacklist"), arg)
+ )
+ )
+ )
+ end
+
+ rule(:secure_wire_type) do
+ b(arg.as(:arg),
+ c(
+ b(str("interface"),
+ interface_unit
+ )
+ )
+ )
+ end
+
+ rule(:security_ipsec_policies) do
+ c(
+ b(str("from-zone"),
+ security_ipsec_policy
+ )
+ )
+ end
+
+ rule(:security_ipsec_policy) do
+ s(
+ arg,
+ a(str("to-zone"), arg),
+ c(
+ a(str("ipsec-group-vpn"), arg)
+ )
+ )
+ end
+
+ rule(:security_ipsec_vpn) do
+ c(
+ b(str("internal"),
+ c(
+ b(str("security-association"),
+ ipsec_internal_sa
+ )
+ )
+ ),
+ b(str("traceoptions"),
+ ipsec_traceoptions
+ ),
+ b(str("vpn-monitor-options"),
+ ipsec_vpn_monitor
+ ),
+ b(str("proposal"),
+ ipsec_proposal
+ ),
+ b(str("policy"),
+ ipsec_policy
+ ),
+ b(str("vpn"),
+ ipsec_vpn_template
+ ),
+ b(str("security-association"),
+ ipsec_sa
+ )
+ )
+ end
+
+ rule(:ipsec_traceoptions) do
+ c(
+ a(str("flag"), enum(str("packet-processing") | str("packet-drops") | str("security-associations") | str("next-hop-tunnel-binding") | str("all"))).as(:oneline)
+ )
+ end
+
+ rule(:ipsec_vpn_monitor) do
+ c(
+ a(str("interval"), arg),
+ a(str("threshold"), arg)
+ )
+ end
+
+ rule(:ipsec_vpn_template) do
+ b(arg.as(:arg),
+ c(
+ b(str("bind-interface"),
+ interface_name
+ ),
+ b(str("df-bit"),
+ (str("clear") | str("set") | str("copy"))
+ ),
+ b(str("multi-sa"),
+ c(
+ c(
+ a(str("forwarding-class"), arg)
+ )
+ )
+ ),
+ str("copy-outer-dscp"),
+ b(str("vpn-monitor"),
+ ipsec_template_monitor
+ ),
+ c(
+ b(str("manual"),
+ c(
+ b(str("gateway"),
+ hostname
+ ),
+ b(str("external-interface"),
+ interface_unit
+ ),
+ b(str("protocol"),
+ (str("ah") | str("esp"))
+ ),
+ a(str("spi"), arg),
+ b(str("authentication"),
+ c(
+ b(str("algorithm"),
+ (str("hmac-md5-96") | str("hmac-sha1-96") | str("hmac-sha-256-128") | str("hmac-sha-256-96"))
+ ),
+ b(str("key"),
+ c(
+ c(
+ a(str("ascii-text"), arg),
+ a(str("hexadecimal"), arg)
+ )
+ )
+ ).as(:oneline)
+ )
+ ),
+ b(str("encryption"),
+ c(
+ b(str("algorithm"),
+ (str("des-cbc") | str("3des-cbc") | str("aes-128-cbc") | str("aes-192-cbc") | str("aes-256-cbc") | str("aes-128-gcm") | str("aes-256-gcm"))
+ ),
+ b(str("key"),
+ c(
+ c(
+ a(str("ascii-text"), arg),
+ a(str("hexadecimal"), arg)
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ ),
+ b(str("ike"),
+ c(
+ a(str("gateway"), arg),
+ a(str("idle-time"), arg),
+ str("no-anti-replay"),
+ b(str("proxy-identity"),
+ ipsec_template_proxy_id
+ ),
+ a(str("ipsec-policy"), arg),
+ a(str("install-interval"), arg)
+ )
+ )
+ ),
+ b(a(str("traffic-selector"), arg),
+ c(
+ b(str("local-ip"),
+ ipprefix_mandatory
+ ),
+ b(str("remote-ip"),
+ ipprefix_mandatory
+ )
+ )
+ ),
+ b(str("establish-tunnels"),
+ (str("immediately") | str("on-traffic"))
+ ),
+ str("passive-mode-tunneling"),
+ a(str("match-direction"), arg),
+ a(str("tunnel-mtu"), arg),
+ b(str("udp-encapsulate"),
+ c(
+ a(str("dest-port"), arg)
+ )
+ ).as(:oneline)
+ )
+ )
+ end
+
+ rule(:ipsec_template_monitor) do
+ c(
+ str("optimized"),
+ b(str("source-interface"),
+ interface_unit
+ ),
+ b(str("destination-ip"),
+ ipaddr
+ ),
+ b(str("verify-path"),
+ c(
+ b(str("destination-ip"),
+ ipaddr
+ ),
+ a(str("packet-size"), arg)
+ )
+ )
+ )
+ end
+
+ rule(:ipsec_template_proxy_id) do
+ c(
+ b(str("local"),
+ ipprefix_mandatory
+ ),
+ b(str("remote"),
+ ipprefix_mandatory
+ ),
+ a(str("service"), arg)
+ )
+ end
+
+ rule(:security_zone_type) do
+ b(arg.as(:arg),
+ c(
+ a(str("description"), quote | arg),
+ str("tcp-rst"),
+ b(str("address-book"),
+ address_book_type
+ ),
+ a(str("screen"), arg),
+ b(str("host-inbound-traffic"),
+ zone_host_inbound_traffic_t
+ ),
+ b(str("interfaces"),
+ zone_interface_list_type
+ ),
+ str("application-tracking"),
+ str("source-identity-log"),
+ b(str("advance-policy-based-routing-profile"),
+ c(
+ arg
+ )
+ ),
+ str("enable-reverse-reroute")
+ )
+ )
+ end
+
+ rule(:address_book_type) do
+ c(
+ b(str("address"),
+ address_type
+ ),
+ b(str("address-set"),
+ address_set_type
+ )
+ )
+ end
+
+ rule(:server) do
+ c(
+ a(str("host"), arg),
+ a(str("port"), arg),
+ a(str("routing-instance"), arg)
+ )
+ end
+
+ rule(:session_timeout_type) do
+ c(
+ a(str("tcp"), arg),
+ a(str("udp"), arg),
+ a(str("ospf"), arg),
+ a(str("icmp"), arg),
+ a(str("icmp6"), arg),
+ a(str("others"), arg)
+ )
+ end
+
+ rule(:sla_policy_type) do
+ b(arg.as(:arg),
+ c(
+ a(str("description"), quote | arg),
+ b(str("match"),
+ c(
+ c(
+ b(str("source-address"),
+ (str("any") | str("any-ipv4") | str("any-ipv6") | arg)
+ )
+ ),
+ c(
+ b(str("destination-address"),
+ (str("any") | str("any-ipv4") | str("any-ipv6") | arg)
+ )
+ ),
+ str("source-address-excluded"),
+ str("destination-address-excluded"),
+ c(
+ a(str("application"), arg)
+ )
+ )
+ ),
+ b(str("then"),
+ c(
+ c(
+ b(str("application-services"),
+ sla_application_services_type
+ )
+ )
+ )
+ )
+ )
+ )
+ end
+
+ rule(:sla_application_services_type) do
+ c(
+ a(str("advance-policy-based-routing-profile"), arg)
+ )
+ end
+
+ rule(:softwires_object) do
+ c(
+ b(str("softwire-name"),
+ softwire_option_type
+ ),
+ b(str("traceoptions"),
+ c(
+ str("no-remote-trace"),
+ b(str("file"),
+ sca(
+ a(str("size"), arg),
+ a(str("files"), arg),
+ str("world-readable"),
+ str("no-world-readable"),
+ b(str("match"),
+ regular_expression
+ )
+ )
+ ).as(:oneline),
+ a(str("flag"), enum(str("configuration") | str("flow") | str("all"))).as(:oneline)
+ )
+ ),
+ b(str("rule-set"),
+ sw_rule_set_object
+ )
+ )
+ end
+
+ rule(:softwire_option_type) do
+ b(arg.as(:arg),
+ c(
+ b(str("softwire-concentrator"),
+ ipaddr
+ ),
+ b(str("softwire-type"),
+ (str("IPv4-in-IPv6") | str("v6rd"))
+ ),
+ b(str("ipv4-prefix"),
+ ipv4prefix
+ ),
+ b(str("v6rd-prefix"),
+ ipv6prefix
+ ),
+ a(str("mtu-v4"), arg)
+ )
+ )
+ end
+
+ rule(:sophos_fallback_settings) do
+ c(
+ b(str("default"),
+ (str("permit") | str("log-and-permit") | str("block"))
+ ),
+ b(str("content-size"),
+ (str("permit") | str("log-and-permit") | str("block"))
+ ),
+ b(str("engine-not-ready"),
+ (str("permit") | str("log-and-permit") | str("block"))
+ ),
+ b(str("timeout"),
+ (str("permit") | str("log-and-permit") | str("block"))
+ ),
+ b(str("out-of-resources"),
+ (str("permit") | str("log-and-permit") | str("block"))
+ ),
+ b(str("too-many-requests"),
+ (str("permit") | str("log-and-permit") | str("block"))
+ )
+ )
+ end
+
+ rule(:sophos_scan_options) do
+ c(
+ str("uri-check"),
+ str("no-uri-check"),
+ a(str("content-size-limit"), arg),
+ a(str("timeout"), arg)
+ )
+ end
+
+ rule(:ssg_destination_nat_object) do
+ c(
+ b(a(str("pool"), arg),
+ c(
+ a(str("description"), quote | arg),
+ b(str("routing-instance"),
+ c(
+ c(
+ str("default"),
+ arg
+ )
+ )
+ ),
+ b(str("address"),
+ c(
+ ipprefix,
+ c(
+ b(str("to"),
+ c(
+ ipprefix
+ )
+ ),
+ a(str("port"), arg)
+ )
+ )
+ ).as(:oneline)
+ )
+ ),
+ b(a(str("port-forwarding"), arg),
+ c(
+ a(str("description"), quote | arg),
+ b(str("destined-port"),
+ s(
+ arg,
+ a(str("translated-port"), arg)
+ )
+ ).as(:oneline)
+ )
+ ),
+ b(a(str("rule-set"), arg),
+ c(
+ a(str("description"), quote | arg),
+ b(str("from"),
+ c(
+ c(
+ b(str("routing-instance"),
+ (str("default") | arg)
+ ),
+ a(str("zone"), arg),
+ b(str("interface"),
+ interface_name
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("rule"),
+ dest_nat_rule_object
+ ),
+ b(str("match-direction"),
+ (str("input") | str("output"))
+ )
+ )
+ )
+ )
+ end
+
+ rule(:dest_nat_rule_object) do
+ b(arg.as(:arg),
+ c(
+ a(str("description"), quote | arg),
+ b(str("dest-nat-rule-match"),
+ c(
+ b(str("source-address"),
+ ipprefix
+ ),
+ a(str("source-address-name"), arg),
+ c(
+ b(str("destination-address"),
+ c(
+ ipprefix
+ )
+ ).as(:oneline),
+ b(str("destination-address-name"),
+ c(
+ arg
+ )
+ ).as(:oneline)
+ ),
+ b(a(str("destination-port"), arg),
+ c(
+ b(str("to"),
+ c(
+ arg
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("protocol"),
+ (str("icmp6") | str("icmpv6") | str("igmp") | str("ipip") | str("tcp") | str("egp") | str("udp") | str("rsvp") | str("gre") | str("esp") | str("ah") | str("icmp") | str("ospf") | str("pim") | str("sctp") | arg)
+ ),
+ a(str("application"), arg)
+ )
+ ),
+ b(str("then"),
+ c(
+ b(str("destination-nat"),
+ c(
+ c(
+ str("off"),
+ b(str("pool"),
+ c(
+ arg
+ )
+ ),
+ b(str("destination-prefix"),
+ ipprefix_only
+ )
+ ),
+ b(str("port-forwarding-mappings"),
+ c(
+ arg
+ )
+ ),
+ b(str("rule-session-count-alarm"),
+ nat_rule_session_count_alarm_object
+ ).as(:oneline)
+ )
+ )
+ )
+ )
+ )
+ )
+ end
+
+ rule(:nat_rule_session_count_alarm_object) do
+ c(
+ a(str("raise-threshold"), arg),
+ a(str("clear-threshold"), arg)
+ ).as(:oneline)
+ end
+
+ rule(:ssg_proxy_arp_object) do
+ c(
+ b(str("interface"),
+ ssg_interface_object
+ )
+ )
+ end
+
+ rule(:ssg_interface_object) do
+ b(arg.as(:arg),
+ c(
+ b(a(str("address"), arg),
+ c(
+ b(str("to"),
+ c(
+ ipv4prefix
+ )
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ end
+
+ rule(:ssg_proxy_ndp_object) do
+ c(
+ b(str("interface"),
+ ssg_proxy_ndp_interface_object
+ )
+ )
+ end
+
+ rule(:ssg_proxy_ndp_interface_object) do
+ b(arg.as(:arg),
+ c(
+ b(a(str("address"), arg),
+ c(
+ b(str("to"),
+ c(
+ ipv6addr
+ )
+ )
+ )
+ ).as(:oneline)
+ )
+ )
+ end
+
+ rule(:ssg_source_nat_object) do
+ c(
+ b(a(str("pool"), arg),
+ c(
+ a(str("description"), quote | arg),
+ b(str("routing-instance"),
+ c(
+ arg
+ )
+ ),
+ b(a(str("address"), arg),
+ c(
+ b(str("to"),
+ c(
+ ipprefix
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("host-address-base"),
+ c(
+ ipprefix
+ )
+ ).as(:oneline),
+ b(str("port"),
+ c(
+ c(
+ str("no-translation"),
+ b(str("range"),
+ ca(
+ b(str("to"),
+ c(
+ arg
+ )
+ ),
+ b(str("twin-port"),
+ ca(
+ b(str("to"),
+ c(
+ arg
+ )
+ )
+ )
+ )
+ )
+ )
+ ),
+ a(str("port-overloading-factor"), arg),
+ b(str("block-allocation"),
+ block_allocation_object
+ ),
+ b(str("deterministic"),
+ deterministic_object
+ ),
+ str("preserve-parity"),
+ str("preserve-range"),
+ b(str("automatic"),
+ c(
+ c(
+ str("random-allocation"),
+ str("round-robin")
+ )
+ )
+ )
+ )
+ ),
+ b(str("overflow-pool"),
+ c(
+ ca(
+ str("interface")
+ )
+ )
+ ).as(:oneline),
+ str("address-shared"),
+ b(str("address-pooling"),
+ c(
+ c(
+ str("paired"),
+ str("no-paired")
+ )
+ )
+ ).as(:oneline),
+ b(str("address-persistent"),
+ c(
+ b(str("subscriber"),
+ c(
+ a(str("ipv6-prefix-length"), arg)
+ )
+ ).as(:oneline)
+ )
+ ).as(:oneline),
+ b(str("pool-utilization-alarm"),
+ source_nat_pool_utilization_alarm_object
+ ).as(:oneline),
+ a(str("ei-mapping-timeout"), arg),
+ a(str("mapping-timeout"), arg),
+ a(str("limit-ports-per-host"), arg)
+ )
+ ),
+ str("address-persistent"),
+ str("session-persistence-scan"),
+ a(str("session-drop-hold-down"), arg),
+ b(str("pool-utilization-alarm"),
+ source_nat_pool_utilization_alarm_object
+ ).as(:oneline),
+ b(str("port-randomization"),
+ c(
+ (str("disable"))
+ )
+ ).as(:oneline),
+ str("port-round-robin").as(:oneline),
+ str("port-scaling-enlargement"),
+ str("pool-distribution"),
+ b(str("pool-default-port-range"),
+ ca(
+ b(str("to"),
+ c(
+ arg
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("pool-default-twin-port-range"),
+ ca(
+ b(str("to"),
+ c(
+ arg
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("interface"),
+ c(
+ c(
+ b(str("port-overloading"),
+ c(
+ str("off")
+ )
+ ).as(:oneline),
+ a(str("port-overloading-factor"), arg)
+ )
+ )
+ ),
+ b(a(str("rule-set"), arg),
+ c(
+ a(str("description"), quote | arg),
+ b(str("from"),
+ c(
+ c(
+ b(str("routing-instance"),
+ (str("default") | arg)
+ ),
+ a(str("zone"), arg),
+ b(str("interface"),
+ interface_name
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("to"),
+ c(
+ c(
+ b(str("routing-instance"),
+ (str("default") | arg)
+ ),
+ a(str("zone"), arg),
+ b(str("interface"),
+ interface_name
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("rule"),
+ src_nat_rule_object
+ ),
+ b(str("match-direction"),
+ (str("input") | str("output"))
+ )
+ )
+ )
+ )
+ end
+
+ rule(:block_allocation_object) do
+ c(
+ a(str("block-size"), arg),
+ a(str("maximum-blocks-per-host"), arg),
+ a(str("active-block-timeout"), arg),
+ a(str("interim-logging-interval"), arg),
+ a(str("last-block-recycle-timeout"), arg),
+ b(str("log"),
+ c(
+ (str("disable"))
+ )
+ ).as(:oneline)
+ )
+ end
+
+ rule(:deterministic_object) do
+ c(
+ a(str("block-size"), arg),
+ a(str("det-nat-configuration-log-interval"), arg),
+ b(str("host"),
+ c(
+ b(str("address"),
+ ipprefix
+ ),
+ a(str("address-name"), arg)
+ )
+ ).as(:oneline),
+ str("include-boundary-addresses")
+ )
+ end
+
+ rule(:source_nat_pool_utilization_alarm_object) do
+ c(
+ a(str("raise-threshold"), arg),
+ a(str("clear-threshold"), arg)
+ ).as(:oneline)
+ end
+
+ rule(:src_nat_rule_object) do
+ b(arg.as(:arg),
+ c(
+ a(str("description"), quote | arg),
+ b(str("src-nat-rule-match"),
+ c(
+ b(str("source-address"),
+ ipprefix
+ ),
+ a(str("source-address-name"), arg),
+ b(a(str("source-port"), arg),
+ c(
+ b(str("to"),
+ c(
+ arg
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("destination-address"),
+ ipprefix
+ ),
+ a(str("destination-address-name"), arg),
+ b(a(str("destination-port"), arg),
+ c(
+ b(str("to"),
+ c(
+ arg
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("protocol"),
+ (str("icmp6") | str("icmpv6") | str("igmp") | str("ipip") | str("tcp") | str("egp") | str("udp") | str("rsvp") | str("gre") | str("esp") | str("ah") | str("icmp") | str("ospf") | str("pim") | str("sctp") | arg)
+ ),
+ a(str("application"), arg)
+ )
+ ),
+ b(str("then"),
+ c(
+ b(str("source-nat"),
+ c(
+ c(
+ str("off"),
+ b(str("pool"),
+ ca(
+ b(str("persistent-nat"),
+ persistent_nat_object
+ )
+ )
+ ),
+ b(str("interface"),
+ c(
+ b(str("persistent-nat"),
+ persistent_nat_object
+ )
+ )
+ )
+ ),
+ b(str("clat-prefix"),
+ ipprefix_only
+ ),
+ b(str("rule-session-count-alarm"),
+ nat_rule_session_count_alarm_object
+ ).as(:oneline),
+ b(str("mapping-type"),
+ c(
+ str("endpoint-independent")
+ )
+ ).as(:oneline),
+ b(str("secure-nat-mapping"),
+ c(
+ a(str("eif-flow-limit"), arg),
+ b(str("mapping-refresh"),
+ c(
+ c(
+ str("inbound"),
+ str("outbound"),
+ str("inbound-outbound")
+ )
+ )
+ ).as(:oneline)
+ )
+ ).as(:oneline),
+ b(str("filtering-type"),
+ c(
+ b(str("endpoint-independent"),
+ c(
+ b(a(str("prefix-list"), arg),
+ c(
+ str("except")
+ )
+ ).as(:oneline)
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ )
+ end
+
+ rule(:persistent_nat_object) do
+ c(
+ b(str("permit"),
+ c(
+ c(
+ str("any-remote-host"),
+ str("target-host"),
+ str("target-host-port")
+ )
+ )
+ ).as(:oneline),
+ str("address-mapping"),
+ a(str("inactivity-timeout"), arg),
+ a(str("max-session-number"), arg)
+ )
+ end
+
+ rule(:ssg_static_nat_object) do
+ c(
+ b(a(str("rule-set"), arg),
+ c(
+ a(str("description"), quote | arg),
+ b(str("from"),
+ c(
+ c(
+ b(str("routing-instance"),
+ (str("default") | arg)
+ ),
+ a(str("zone"), arg),
+ b(str("interface"),
+ interface_name
+ )
+ )
+ )
+ ).as(:oneline),
+ b(str("rule"),
+ static_nat_rule_object
+ )
+ )
+ )
+ )
+ end
+
+ rule(:static_nat_rule_object) do
+ b(arg.as(:arg),
+ c(
+ a(str("description"), quote | arg),
+ b(str("static-nat-rule-match"),
+ c(
+ b(str("source-address"),
+ ipprefix
+ ),
+ a(str("source-address-name"), arg),
+ b(a(str("source-port"), arg),
+ c(
+ b(str("to"),
+ c(
+ arg
+ )
+ )
+ )
+ ).as(:oneline),
+ c(
+ b(str("destination-address"),
+ c(
+ ipprefix
+ )
+ ).as(:oneline),
+ b(str("destination-address-name"),
+ c(
+ arg
+ )
+ ).as(:oneline)
+ ),
+ b(str("destination-port"),
+ ca(
+ b(str("to"),
+ c(
+ arg
+ )
+ )
+ )
+ ).as(:oneline)
+ )
+ ),
+ b(str("then"),
+ c(
+ b(str("static-nat"),
+ c(
+ c(
+ b(str("inet"),
+ c(
+ b(str("routing-instance"),
+ (str("default") | arg)
+ )
+ )
+ ),
+ b(str("prefix"),
+ c(
+ ipprefix,
+ b(str("mapped-port"),
+ static_nat_rule_mapped_port_object
+ ).as(:oneline),
+ b(str("routing-instance"),
+ (str("default") | arg)
+ )
+ )
+ ),
+ b(str("prefix-name"),
+ ca(
+ b(str("mapped-port"),
+ static_nat_rule_mapped_port_object
+ ).as(:oneline),
+ b(str("routing-instance"),
+ (str("default") | arg)
+ )
+ )
+ ),
+ b(str("nptv6-prefix"),
+ c(
+ ipprefix,
+ b(str("routing-instance"),
+ (str("default") | arg)
+ )
+ )
+ ),
+ b(str("nptv6-prefix-name"),
+ ca(
+ b(str("routing-instance"),
+ (str("default") | arg)
+ )
+ )
+ )
+ ),
+ b(str("rule-session-count-alarm"),
+ nat_rule_session_count_alarm_object
+ ).as(:oneline)
+ )
+ )
+ )
+ )
+ )
+ )
+ end
+
+ rule(:static_nat_rule_mapped_port_object) do
+ ca(
+ b(str("to"),
+ c(
+ arg
+ )
+ )
+ ).as(:oneline)
+ end
+
+ rule(:sw_rule_set_object) do
+ b(arg.as(:arg),
+ c(
+ b(a(str("rule"), arg),
+ c(
+ b(str("then"),
+ c(
+ c(
+ a(str("v6rd"), arg)
+ )
+ )
+ )
+ )
+ ),
+ b(str("match-direction"),
+ (str("input") | str("output"))
+ )
+ )
+ )
+ end
+
+ rule(:tunnel_type) do
+ c(
+ c(
+ a(str("ipsec-vpn"), arg),
+ a(str("ipsec-group-vpn"), arg)
+ ),
+ a(str("pair-policy"), arg)
+ )
+ end
+
+ rule(:url_list_type) do
+ b(arg.as(:arg),
+ c(
+ a(str("value"), arg)
+ )
+ )
+ end
+
+ rule(:utm_apppxy_traceoptions) do
+ c(
+ a(str("flag"), enum(str("abort") | str("application-objects") | str("utm-realtime") | str("anti-virus") | str("basic") | str("buffer") | str("detail") | str("ftp-data") | str("ftp-control") | str("http") | str("imap") | str("memory") | str("parser") | str("pfe") | str("pop3") | str("queue") | str("smtp") | str("tcp") | str("timer") | str("connection-rating") | str("mime") | str("regex-engine") | str("sophos-anti-virus") | str("all"))).as(:oneline)
+ )
+ end
+
+ rule(:utm_ipc_traceoptions) do
+ c(
+ a(str("flag"), enum(str("basic") | str("detail") | str("connection-manager") | str("connection-status") | str("pfe") | str("utm-realtime") | str("all"))).as(:oneline)
+ )
+ end
+
+ rule(:utm_traceoptions) do
+ c(
+ a(str("flag"), enum(str("cli") | str("daemon") | str("ipc") | str("pfe") | str("all"))).as(:oneline)
+ )
+ end
+
+ rule(:web_filtering_block_message) do
+ c(
+ b(str("type"),
+ (str("custom-redirect-url"))
+ ),
+ a(str("url"), arg)
+ )
+ end
+
+ rule(:web_filtering_fallback_setting) do
+ c(
+ b(str("default"),
+ (str("log-and-permit") | str("block"))
+ ),
+ b(str("server-connectivity"),
+ (str("log-and-permit") | str("block"))
+ ),
+ b(str("timeout"),
+ (str("log-and-permit") | str("block"))
+ ),
+ b(str("too-many-requests"),
+ (str("log-and-permit") | str("block"))
+ )
+ )
+ end
+
+ rule(:web_filtering_quarantine_message) do
+ c(
+ b(str("type"),
+ (str("custom-redirect-url"))
+ ),
+ a(str("url"), arg)
+ )
+ end
+
+ rule(:web_filtering_traceoptions) do
+ c(
+ a(str("flag"), enum(str("basic") | str("session-manager") | str("heartbeat") | str("packet") | str("profile") | str("requests") | str("response") | str("socket") | str("timer") | str("ipc") | str("cache") | str("enhanced") | str("all"))).as(:oneline)
+ )
+ end
+
+ rule(:webfilter_feature) do
+ c(
+ b(str("surf-control-integrated"),
+ surf_control_integrated_type
+ ),
+ b(str("websense-redirect"),
+ websense_type
+ ),
+ b(str("juniper-local"),
+ juniper_local_type
+ ),
+ b(str("juniper-enhanced"),
+ juniper_enhanced_type
+ )
+ )
+ end
+
+ rule(:juniper_enhanced_type) do
+ c(
+ b(a(str("profile"), arg),
+ c(
+ a(str("base-filter"), arg),
+ b(str("category"),
+ juniper_enhanced_category_type
+ ),
+ b(str("site-reputation-action"),
+ juniper_enhanced_site_reputation_setting
+ ),
+ b(str("default"),
+ (str("permit") | str("block") | str("log-and-permit") | str("quarantine"))
+ ),
+ a(str("custom-block-message"), arg),
+ a(str("quarantine-custom-message"), arg),
+ b(str("fallback-settings"),
+ web_filtering_fallback_setting
+ ),
+ a(str("timeout"), arg),
+ str("no-safe-search"),
+ b(str("block-message"),
+ web_filtering_block_message
+ ),
+ b(str("quarantine-message"),
+ web_filtering_quarantine_message
+ )
+ )
+ )
+ )
+ end
+
+ rule(:juniper_local_type) do
+ c(
+ b(a(str("profile"), arg),
+ c(
+ b(str("default"),
+ (str("permit") | str("block") | str("log-and-permit"))
+ ),
+ b(str("category"),
+ custom_category_type
+ ),
+ a(str("custom-block-message"), arg),
+ a(str("quarantine-custom-message"), arg),
+ b(str("block-message"),
+ web_filtering_block_message
+ ),
+ b(str("quarantine-message"),
+ web_filtering_quarantine_message
+ ),
+ b(str("fallback-settings"),
+ web_filtering_fallback_setting
+ ),
+ a(str("timeout"), arg)
+ )
+ )
+ )
+ end
+
+ rule(:surf_control_integrated_type) do
+ c(
+ b(str("cache"),
+ c(
+ a(str("timeout"), arg),
+ a(str("size"), arg)
+ )
+ ),
+ b(str("server"),
+ server
+ ),
+ b(a(str("profile"), arg),
+ c(
+ b(str("category"),
+ surf_control_integrated_category_type
+ ),
+ b(str("default"),
+ (str("permit") | str("block") | str("log-and-permit"))
+ ),
+ a(str("custom-block-message"), arg),
+ b(str("fallback-settings"),
+ web_filtering_fallback_setting
+ ),
+ a(str("timeout"), arg)
+ )
+ )
+ )
+ end
+
+ rule(:surf_control_integrated_category_type) do
+ b(arg.as(:arg),
+ c(
+ b(str("action"),
+ (str("permit") | str("block") | str("log-and-permit"))
+ )
+ )
+ )
+ end
+
+ rule(:websense_type) do
+ c(
+ b(a(str("profile"), arg),
+ c(
+ b(str("server"),
+ server
+ ),
+ b(str("category"),
+ custom_category_type
+ ),
+ a(str("custom-block-message"), arg),
+ a(str("quarantine-custom-message"), arg),
+ b(str("block-message"),
+ web_filtering_block_message
+ ),
+ b(str("quarantine-message"),
+ web_filtering_quarantine_message
+ ),
+ b(str("fallback-settings"),
+ web_filtering_fallback_setting
+ ),
+ a(str("timeout"), arg),
+ a(str("sockets"), arg),
+ a(str("account"), arg)
+ )
+ )
+ )
+ end
+
+ rule(:wildcard_address_type) do
+ arg.as(:arg)
+ end
+
+ rule(:zone_interface_list_type) do
+ b(arg.as(:arg),
+ c(
+ b(str("host-inbound-traffic"),
+ interface_host_inbound_traffic_t
+ )
+ )
+ )
+ end
+
+ rule(:interface_host_inbound_traffic_t) do
+ c(
+ b(str("system-services"),
+ interface_system_services_object_type
+ ),
+ b(str("protocols"),
+ host_inbound_protocols_object_type
+ )
+ )
+ end
+
+ rule(:host_inbound_protocols_object_type) do
+ b(enum((str("all") | str("bfd") | str("bgp") | str("dvmrp") | str("igmp") | str("ldp") | str("msdp") | str("ndp") | str("nhrp") | str("ospf") | str("ospf3") | str("pgm") | str("pim") | str("rip") | str("ripng") | str("router-discovery") | str("rsvp") | str("sap") | str("vrrp"))).as(:arg),
+ c(
+ str("except")
+ )
+ )
+ end
+
+ rule(:interface_system_services_object_type) do
+ b(enum((str("all") | str("bootp") | str("dhcp") | str("dhcpv6") | str("dns") | str("finger") | str("ftp") | str("ident-reset") | str("https") | str("http") | str("ike") | str("netconf") | str("ping") | str("rlogin") | str("reverse-telnet") | str("reverse-ssh") | str("rpm") | str("rsh") | str("snmp") | str("snmp-trap") | str("ssh") | str("telnet") | str("traceroute") | str("xnm-ssl") | str("xnm-clear-text") | str("tftp") | str("lsping") | str("ntp") | str("sip") | str("r2cp") | str("webapi-clear-text") | str("webapi-ssl") | str("tcp-encap") | str("appqoe") | str("any-service"))).as(:arg),
+ c(
+ str("except")
+ )
+ )
+ end
+
+ rule(:zone_host_inbound_traffic_t) do
+ c(
+ b(str("system-services"),
+ zone_system_services_object_type
+ ),
+ b(str("protocols"),
+ host_inbound_protocols_object_type
+ )
+ )
+ end
+
+ rule(:zone_system_services_object_type) do
+ b(enum((str("all") | str("bootp") | str("dhcp") | str("dhcpv6") | str("dns") | str("finger") | str("ftp") | str("ident-reset") | str("https") | str("http") | str("ike") | str("netconf") | str("ping") | str("rlogin") | str("reverse-telnet") | str("reverse-ssh") | str("rpm") | str("rsh") | str("snmp") | str("snmp-trap") | str("ssh") | str("telnet") | str("traceroute") | str("xnm-ssl") | str("xnm-clear-text") | str("tftp") | str("lsping") | str("ntp") | str("sip") | str("r2cp") | str("webapi-clear-text") | str("webapi-ssl") | str("tcp-encap") | str("appqoe") | str("any-service"))).as(:arg),
+ c(
+ str("except")
+ )
+ )
+ end
+ # End of vSRX 18.3R1.9
end
end