Add IPv6 firewall network groups
Open, WishlistPublic

Details

Difficulty level
Easy (less than an hour)
afics created this task.Mar 31 2016, 5:27 PM
syncer triaged this task as Wishlist priority.

Firewall groups used ipset, it would be cool to use these groups in the nat rules too and soone (wlb test rules target address etc).
It is necessary to make global address groups based on ipset.

How about making firewall groups IPvAgnostic and have VyOS figure out which the correct IPvN is (depending on where you use it) in a somewhat systematic way. In FW it would be both in parallel, etc. The user would still be able to setup groups per IPvN as-is currently.

case:
voip and mail server behind vyos
log parser on both servers create black list on shared resouce
vyos (in all branches of company) have firewall rule with this black list
profit

rps awarded a token.Sep 15 2016, 10:19 AM
rps added a subscriber: rps.
rps added a comment.Sep 15 2016, 10:24 AM

After VRRPv3 (with some intelligent way to handle radvd) this is the major blocker for using VyOS as a production IPv6 firewall in my environment.