- Difficulty level
- Easy (less than an hour)
Firewall groups used ipset, it would be cool to use these groups in the nat rules too and soone (wlb test rules target address etc).
It is necessary to make global address groups based on ipset.
How about making firewall groups IPvAgnostic and have VyOS figure out which the correct IPvN is (depending on where you use it) in a somewhat systematic way. In FW it would be both in parallel, etc. The user would still be able to setup groups per IPvN as-is currently.