Page MenuHomeVyOS Platform

Modernising port/protocol definitions
Closed, ResolvedPublicFEATURE REQUEST

Description

Currently, VyOS uses Perl's getservbyname to determine protocol for a parcticular service when creating firewall rules, but this does not seem to work with modern protocols.

For example, HTTP/3 uses UDP and to maintain backward compatibility with HTTP/1.1 and HTTP/2, access to webserver in our network should be allowed via both TCP and UDP.

However, if we create a firewall rule as shown below, the error is returned:

vyos@vyos# set firewall name Test rule 100 protocol tcp_udp
[edit]
vyos@vyos# set firewall name Test rule 100 action accept
[edit]
vyos@vyos# set firewall name Test rule 100 destination port https
[edit]
vyos@vyos# commit
[ firewall name Test ]
Firewall configuration error: "https" is not a valid port name for protocol "udp"

[[firewall name Test]] failed

It would be nice if port/protocol definitions would be moved to something that could be updated more regularly.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Related Objects

Event Timeline

sarthurdev claimed this task.
sarthurdev added a subscriber: sarthurdev.

The new firewall niw has no such restrictions on port definitions, going to close this as resolved.