Page MenuHomeVyOS Platform

Modernising port/protocol definitions
Closed, ResolvedPublicFEATURE REQUEST


Currently, VyOS uses Perl's getservbyname to determine protocol for a parcticular service when creating firewall rules, but this does not seem to work with modern protocols.

For example, HTTP/3 uses UDP and to maintain backward compatibility with HTTP/1.1 and HTTP/2, access to webserver in our network should be allowed via both TCP and UDP.

However, if we create a firewall rule as shown below, the error is returned:

[email protected]# set firewall name Test rule 100 protocol tcp_udp
[email protected]# set firewall name Test rule 100 action accept
[email protected]# set firewall name Test rule 100 destination port https
[email protected]# commit
[ firewall name Test ]
Firewall configuration error: "https" is not a valid port name for protocol "udp"

[[firewall name Test]] failed

It would be nice if port/protocol definitions would be moved to something that could be updated more regularly.


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Related Objects

Needs testingsdev

Event Timeline

sdev claimed this task.
sdev added a subscriber: sdev.

The new firewall niw has no such restrictions on port definitions, going to close this as resolved.