Page MenuHomePhabricator

Ability to configure manual IP Rules
Open, WishlistPublicFEATURE REQUEST

Description

It would be nice for vyos to provide the option to manage rules in the kernel ip rule table.

set protocols rule[6] # from <PREFIX|ADDRESS>
set protocols rule[6] # to <PREFIX|ADDRESS>
set protocols rule[6] # tos <TOS>
set protocols rule[6] # fwmark <FWMARK[/MASK]>
set protocols rule[6] # iif <INTERFACE>
set protocols rule[6] # oif <INTERFACE>
set protocols rule[6] # table <TABLE>
set protocols rule[6] # goto <#>
set protocols rule[6] # suppress_prefixlength <NUMBER>

The # could be used to set the rule preference, and this could be restricted somewhat to ensure that the automatically added/removed rules as part of the policy routes to occupy the rest of the rulespace.

The main use case (for me) of this would be to allow PBR routing for locally generated packets. (Some of my vyos installs learn a default gateway via OSPF over an IPSEC tunnel, but they need to ensure that the traffic for the tunnel route via the local gateway)

It's obviously possible to create these rules within /config/scripts/vyatta-postconfig-bootup.script but it would be nicer to have them in the main config.

Details

Difficulty level
Normal (likely a few hours)
Version
-

Event Timeline

syncer triaged this task as Wishlist priority.Aug 1 2017, 4:34 AM
syncer changed the edit policy from "Task Author" to "Custom Policy".
syncer added a project: VyOS 1.2 Crux.
syncer changed Difficulty level from Easy (less than an hour) to Normal (likely a few hours).
syncer set Version to -.

This require further discussion and clarification,
suspect that there are lot of caveats there

pasik added a subscriber: pasik.Oct 27 2017, 9:51 PM
syncer removed syncer as the assignee of this task.Nov 3 2017, 12:25 PM
syncer added a subscriber: syncer.
syncer changed the subtype of this task from "Task" to "Feature Request".Oct 20 2018, 7:02 AM