sandwichdoge (Thuan Ho)
User

Projects

User does not belong to any projects.

User Details

User Since: Wed, Jun 22, 7:12 AM (4 d, 16 h)

Recent Activity
View All

Fri, Jun 24

sandwichdoge added a comment to T3933: The firewall does not filter incoming traffic on the interface with vrf..

@Viacheslav As for your other concern, you can filter the actual inbound interface (eth4 in this my case) in mangle-PREROUTING. Maybe you could try packet marking in mangle-PREROUTING, then filter them later in VYOS_FW_FORWARD/VYOS_FW_LOCAL in the filter table?
Something like this:

Fri, Jun 24, 4:06 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta

Thu, Jun 23

sandwichdoge added a comment to T3933: The firewall does not filter incoming traffic on the interface with vrf..

@Viacheslav I tested your fix in my environment. The inbound filtering worked as expected after the fix. However it did not work correctly for the case we where we want inbound and outbound firewalls on a single vrf member interface (or any case that has more than 2 directions on the same interface).

Thu, Jun 23, 2:57 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta