Reason: When dealing with many zones on one firewall (e.g. I have 10), having a rule-set for each zone-to-zone pair is a lot of code. Would like to implement a command to have default logging enabled on the whole zone, not just the rule set. See nft example below:
Command to add:
set zone-policy zone Infrastructure enable-default-log
>> chain VZONE_Infrastructure { >> iifname { “eth2.400” } counter packets 0 bytes 0 drop >> iifname { “eth2.400” } counter packets 0 bytes 0 return >> iifname { “eth1”, “eth2.200” } counter packets 0 bytes 0 jump NAME_Core_to_Infrastructure >> iifname { “eth1”, “eth2.200” } counter packets 0 bytes 0 return >> counter packets 0 bytes 0 drop <-------------- “add default log here >> }