Page MenuHomeVyOS Platform
Create Task
Maniphest T1087

Firewall commands are missing in wireguard interface CLI
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

https://forum.vyos.io/t/set-wireguard-interface-firewall-missing/3033

set interface wireguard firewall in/out/local functionality is missing

Details

Difficulty level
Normal (likely a few hours)
Version
-
Why the issue appeared?
Will be filled on close

Event Timeline

trystan created this task.Dec 6 2018, 10:07 PM
hagbard claimed this task.Dec 6 2018, 10:08 PM
hagbard triaged this task as Normal priority.Dec 10 2018, 10:38 PM
hagbard changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).
hagbard changed the task status from Open to In progress.Dec 10 2018, 11:18 PM
hagbard added a comment.Dec 10 2018, 11:45 PM

I've tested that I can utilize the existing firewall functions/scripts which work, so I need to write a wrapper for it, but that will solve the issue. Shouldn't take too long.

hagbard added a comment.Dec 11 2018, 10:16 PM

@trystan next rolling image will have the functionality, if you'd like to manual install it, you can do so by installing http://dev.packages.vyos.net/repositories/current/vyos/pool/main/v/vyos-1x/vyos-1x_1.2.0-8_all.deb.
Thanks for your request and please let me know your results.

hagbard changed the task status from In progress to Needs testing.Dec 11 2018, 10:16 PM
trystan added a comment.Dec 12 2018, 3:42 AM

I've installed on two hosts (virtual/cloud instance, and 1 physical) in,local,out rules all work as expected with default drop and firewall state-policy establish/related accepted.

Looks good! Thank you

hagbard closed this task as Resolved.Dec 12 2018, 6:21 PM

Thanks for testing and confirming. @trystan

dmbaturin added a subscriber: dmbaturin.Dec 16 2018, 2:52 PM

@hagbarg Sorry I haven't spotted this earlier and had to revert your commit! Please check out my commits: this is how it's been done historically. You would have to also add PBR templates so I see no reason for duplicating that, especially in light of planned firewall overhaul that will rid us from interface templates.

dmbaturin renamed this task from Firewall on Wireguard Interface to Firewall commands are missing in wireguard interface CLI.Dec 16 2018, 2:52 PM
dmbaturin edited projects, added VyOS 1.2 Crux ( VyOS 1.2.0-rc11); removed VyOS 1.2 Crux.
trystan added a comment.Dec 18 2018, 1:51 PM

Everything is still working/functioning in the latest RC (1.2.0-rc11)

pasik added a subscriber: pasik.Dec 19 2018, 7:35 AM
syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux ( VyOS 1.2.0-rc11) board.Dec 21 2018, 10:08 AM
syncer added a project: VyOS-1.2.0-GA.Jan 25 2019, 2:40 PM