Firewall - Implement global option to use one single general chian
Closed, InvalidPublicFEATURE REQUEST
Actions

Assigned To

Authored By

	n.fort
	Sep 16 2022, 10:50 AM

Description

So far, firewall ruleset need to be applied to an interface.
With T4699 and T4700, and this new option, one general firewall ruleset may be configured to do all the filtering needed.

Something similar to:

set firewall global-filtering name ABCD
set firewall name ABCD default-action drop
set firewall name ABCD rule 10 in-interface eth0
set firewall name ABCD rule 10 source address 192.0.2.0/24
set firewall name ABCD rule 10 action accept
.
.
.

Command set firewall global-filtering will add a jump action in chain ip vyos_filter VYOS_FW_FORWARD to specified destination, in the example, chain ABCD

Details

Difficulty level: Unknown (require assessment)
Version: vyos-1.4-rolling-202209160217
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Perfectly compatible
Issue type: Feature (new functionality)

Event Timeline

n.fort changed the task status from Open to In progress.Sep 16 2022, 10:50 AM

n.fort claimed this task.

n.fort created this task.

n.fort changed Version from - to vyos-1.4-rolling-202209160217.

pasik added a subscriber: pasik.Sep 16 2022, 11:15 AM

Marking as invalid, since firewall cli should move to a more organized and flexible cli strycture.

Firewall - Implement global option to use one single general chianClosed, InvalidPublicFEATURE REQUESTActions

Description

Details

Event Timeline

Firewall - Implement global option to use one single general chian
Closed, InvalidPublicFEATURE REQUEST
Actions