Page MenuHomeVyOS Platform
Create Task
Maniphest T762

Include rulseset in firewall
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

It would be nice to be able to include another rule set in the firewall.

For example, I have a lot of zones that have the basic allow established/related, drop invalid, allow a few icmp types, and allow dns, plus 1 or 2 other rules. It would remove a ton of duplication in the config if it was possible to have an include directive.

Details

Difficulty level
Hard (possibly days)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

mb300sd created this task.Aug 2 2018, 4:33 AM
syncer triaged this task as Wishlist priority.Sep 1 2018, 3:00 PM
pasik added a subscriber: pasik.Oct 1 2018, 9:51 AM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc4); removed VyOS 1.2 Crux.Oct 13 2018, 10:09 AM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc5); removed VyOS 1.2 Crux (VyOS 1.2.0-rc4).Oct 24 2018, 4:39 PM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc6); removed VyOS 1.2 Crux (VyOS 1.2.0-rc5).Oct 29 2018, 6:16 PM
dmbaturin edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.2 Crux (VyOS 1.2.0-rc6).Nov 3 2018, 11:10 PM
dmbaturin added a subscriber: dmbaturin.

This would be best done along with firewall scripts rewrite.

efficiosoft added a subscriber: efficiosoft.Sep 14 2019, 11:19 AM
efficiosoft added a comment.Sep 14 2019, 11:22 AM

I'm very interested in this as well. Especially when you do lots of filtering based on ipsets that contain adresses from multiple zones, inclusion can save you a lot of redundancy.

zsdc changed Difficulty level from Unknown (require assessment) to Hard (possibly days).Mar 11 2021, 5:22 PM
zsdc set Is it a breaking change? to Unspecified (possibly destroys the router).
zsdc added a subscriber: zsdc.

Most likely this should be done (after firewall rewrite) as jump statements.

dmbaturin edited projects, added VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus.Jul 29 2021, 1:08 PM
eronlloyd added a subscriber: eronlloyd.Aug 1 2021, 9:07 PM
penetal added a subscriber: penetal.Sep 5 2021, 5:56 PM
tioan added a subscriber: tioan.Oct 30 2022, 11:16 PM
GernhardReinlunzen added a subscriber: GernhardReinlunzen.Jun 9 2023, 5:28 PM
n.fort closed this task as Resolved.Jul 10 2023, 7:21 PM
n.fort claimed this task.
n.fort added a subscriber: n.fort.

Jump action is available in 1.4
Then, I'm setting this task as resolved