Currently, VyOS uses Perl's getservbyname to determine protocol for a parcticular service when creating firewall rules, but this does not seem to work with modern protocols.
For example, HTTP/3 uses UDP and to maintain backward compatibility with HTTP/1.1 and HTTP/2, access to webserver in our network should be allowed via both TCP and UDP.
However, if we create a firewall rule as shown below, the error is returned:
[email protected]# set firewall name Test rule 100 protocol tcp_udp  [email protected]# set firewall name Test rule 100 action accept  [email protected]# set firewall name Test rule 100 destination port https  [email protected]# commit [ firewall name Test ] Firewall configuration error: "https" is not a valid port name for protocol "udp" [[firewall name Test]] failed
It would be nice if port/protocol definitions would be moved to something that could be updated more regularly.