Page MenuHomeVyOS Platform

pppoe-server NAS-Filter-Rule attribute
Open, Requires assessmentPublicFEATURE REQUEST


It will be helpful to use RADIUS attribute NAS-Filter-Rule to provide a possibility to define firewall rules for the client ppp interface.
I think we can use pppd_compat module to utilize this feature.

The main goal to get defined via CLI firewall rules and apply these rules when the session started (or by CoA request) and delete it when stopped.
This attribute and other attributes received via RADIUS we can get from a specially created files radattr-prefix=/var/run/radattr.pppoeX


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Event Timeline

Implementation steps:

  1. Add $INCLUDE dictionary.rfc4849 to /usr/share/accel-ppp/radius/dictionary file
  2. Add required modules for use ip-pre-up/ip-up/ip-down scripts

And pppd_compat params

  1. Create ip-pre-up/ip-down script which will get configured firewall names and rules from CLI or supported script

Note: When ip-pre-up return 1 then the session will not start like described in

erkin set Issue type to Feature (new functionality).Aug 30 2021, 5:33 AM
erkin removed a subscriber: Active contributors.