Page MenuHomePhabricator

Include rulseset in firewall
Open, WishlistPublicFEATURE REQUEST

Description

It would be nice to be able to include another rule set in the firewall.

For example, I have a lot of zones that have the basic allow established/related, drop invalid, allow a few icmp types, and allow dns, plus 1 or 2 other rules. It would remove a ton of duplication in the config if it was possible to have an include directive.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close

Event Timeline

mb300sd created this task.Aug 2 2018, 4:33 AM
syncer triaged this task as Wishlist priority.Sep 1 2018, 3:00 PM
pasik added a subscriber: pasik.Oct 1 2018, 9:51 AM
dmbaturin added a subscriber: dmbaturin.

This would be best done along with firewall scripts rewrite.

I'm very interested in this as well. Especially when you do lots of filtering based on ipsets that contain adresses from multiple zones, inclusion can save you a lot of redundancy.