Page MenuHomeVyOS Platform

Improve negated firewall groups in cli
Open, LowPublicFEATURE REQUEST

Description

In latest, negated firewall groups can be used, but cli is not clear:

vyos@vyos# set firewall name FOO rule 10 source group address-group 
Possible completions:
   <text>       Group of addresses
   NO_VPN_v4_BYPASS
                
   VPN_v4_BYPASS
               
vyos@vyos# set policy route VPN_v4_BYPASS rule 10 destination group address-group
Possible completions:
   <text>       Group of addresses
   NO_VPN_v4_BYPASS
                
   VPN_v4_BYPASS
                

## Negated working
vyos@vyos# run show config comm | grep policy
set policy route VPN_v4_BYPASS rule 110 set table '100'
set policy route VPN_v4_BYPASS rule 110 source group address-group '!NO_VPN_v4_BYPASS'

A more clear cli would be better, so user know that negated firewall groups can be used

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Cosmetic issue (typos etc.)