Ponder Q107 History

Suggestion for adding functionality global group

Event Timeline

• Arezy asked this question.Jul 21 2017, 6:56 PM

• Arezy created this object in space Restricted Space.

• Arezy created this object with visibility "Administrators".

syncer shifted this object from the Restricted Space space to the S1 VyOS Public space.Jul 21 2017, 6:57 PM

syncer changed the visibility from "Administrators" to "Public (No Login Required)".

Herald added a subscriber: Sentrium. · View Herald TranscriptJul 21 2017, 6:57 PM

sorry, but I don't follow your idea
can you elaborate?

I mean groups that would act as global variables.

I can support this idea. It's quite usual on other routers or firewalls to have global objects, you define once and use it in firewall, nat, policy routing...

Guys, if you can provide extensive description with examples,
i can do poll on that

@syncer I think the problem is that many fields (eg. within the NAT, WLB, PBR facilities) don't allow to use groups you can use in the firewall stanzas. I think there's no need to poll on this, seems to me like a no-brainer, everyone wants this. Many modern products also add auto variables such as eth0_ipaddresses or eth0_networks. Juniper has an implementation that also allows for hierarchical grouping.

If you want to next-step it and go beyond most vendors: allow for eg. interfaces eth0 address group name. as long the requested type matches the list it should be possible.

Often times the lists are an abstraction that allows for an integrator to keep control over the overall vyos config, but the client would have control over (certain) lists for their day-to-day network operations.

Still i suggest to do poll on possible syntax and implementation
it could be that is not easy because of many existing problems

syncer added an answer.Nov 26 2017, 5:57 PM

syncer closed this question as resolved.