Page MenuHomeVyOS Platform

Modernising port/protocol definitions
Closed, ResolvedPublicFEATURE REQUEST

Description

Currently, VyOS uses Perl's getservbyname to determine protocol for a parcticular service when creating firewall rules, but this does not seem to work with modern protocols.

For example, HTTP/3 uses UDP and to maintain backward compatibility with HTTP/1.1 and HTTP/2, access to webserver in our network should be allowed via both TCP and UDP.

However, if we create a firewall rule as shown below, the error is returned:

vyos@vyos# set firewall name Test rule 100 protocol tcp_udp
[edit]
vyos@vyos# set firewall name Test rule 100 action accept
[edit]
vyos@vyos# set firewall name Test rule 100 destination port https
[edit]
vyos@vyos# commit
[ firewall name Test ]
Firewall configuration error: "https" is not a valid port name for protocol "udp"

[[firewall name Test]] failed

It would be nice if port/protocol definitions would be moved to something that could be updated more regularly.

Details

Version
-
Is it a breaking change?
Unspecified (possibly destroys the router)

Related Objects

Event Timeline

sarthurdev claimed this task.
sarthurdev subscribed.

The new firewall niw has no such restrictions on port definitions, going to close this as resolved.