Page MenuHomeVyOS Platform
Create Task
Maniphest T235

Ability to configure manual IP Rules
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

It would be nice for vyos to provide the option to manage rules in the kernel ip rule table.

set protocols rule[6] # from <PREFIX|ADDRESS>
set protocols rule[6] # to <PREFIX|ADDRESS>
set protocols rule[6] # tos <TOS>
set protocols rule[6] # fwmark <FWMARK[/MASK]>
set protocols rule[6] # iif <INTERFACE>
set protocols rule[6] # oif <INTERFACE>

set protocols rule[6] # table <TABLE>
set protocols rule[6] # goto <#>
set protocols rule[6] # suppress_prefixlength <NUMBER>

The # could be used to set the rule preference, and this could be restricted somewhat to ensure that the automatically added/removed rules as part of the policy routes to occupy the rest of the rulespace.

The main use case (for me) of this would be to allow PBR routing for locally generated packets. (Some of my vyos installs learn a default gateway via OSPF over an IPSEC tunnel, but they need to ensure that the traffic for the tunnel route via the local gateway)

It's obviously possible to create these rules within /config/scripts/vyatta-postconfig-bootup.script but it would be nicer to have them in the main config.

Details

Difficulty level
Normal (likely a few hours)
Version
-
Is it a breaking change?
Perfectly compatible

Related Objects

Mentioned Here
T439: local PBR support

Event Timeline

Dataforce created this task.Dec 27 2016, 3:45 AM
syncer triaged this task as Wishlist priority.Aug 1 2017, 4:34 AM
syncer changed the edit policy from "Task Author" to "Custom Policy".
syncer added a project: VyOS 1.2 Crux.
syncer changed Difficulty level from Easy (less than an hour) to Normal (likely a few hours).
syncer set Version to -.
syncer added subscribers: Community, Active contributors, Maintainers.

This require further discussion and clarification,
suspect that there are lot of caveats there

pasik added a subscriber: pasik.Oct 27 2017, 9:51 PM
syncer removed syncer as the assignee of this task.Nov 3 2017, 12:25 PM
syncer added a subscriber: syncer.
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc4); removed VyOS 1.2 Crux.Oct 13 2018, 10:09 AM
syncer edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.2 Crux (VyOS 1.2.0-rc4).Oct 13 2018, 6:38 PM
syncer changed the subtype of this task from "Task" to "Feature Request".Oct 20 2018, 7:02 AM
fetzerms added a subscriber: fetzerms.Mar 5 2020, 6:57 AM
fetzerms added a comment.Mar 5 2020, 6:59 AM

Having this feature would eliminate any use of vyatta-postconfig-bootup.script for me, which would lead to a "clean" vyos installation again.

Viacheslav added a subscriber: Viacheslav.Nov 22 2020, 1:26 PM

@Dataforce @fetzerms
ip rule "from" already in CLI T439

set policy local-route rule x set table x
set policy local-route rule x source x.x.x.x

What of them do you want to see in PBR?

dmbaturin edited projects, added VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus.Dec 10 2020, 11:54 AM
dmbaturin set Is it a breaking change? to Perfectly compatible.
Viacheslav closed this task as Resolved.Jul 12 2022, 2:47 PM
Viacheslav claimed this task.
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.