Page MenuHomeVyOS Platform
Create Task
Maniphest T4512

enable-default-log on zone-policy
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

Reason: When dealing with many zones on one firewall (e.g. I have 10), having a rule-set for each zone-to-zone pair is a lot of code. Would like to implement a command to have default logging enabled on the whole zone, not just the rule set. See nft example below:

Command to add:

set zone-policy zone Infrastructure enable-default-log
>>   chain VZONE_Infrastructure {
>> iifname { “eth2.400” } counter packets 0 bytes 0 drop
>> iifname { “eth2.400” } counter packets 0 bytes 0 return
>> iifname { “eth1”, “eth2.200” } counter packets 0 bytes 0 jump NAME_Core_to_Infrastructure
>> iifname { “eth1”, “eth2.200” } counter packets 0 bytes 0 return
>> counter packets 0 bytes 0 drop <-------------- “add default log here
>> }

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)

Event Timeline

pragmattic created this task.Jul 5 2022, 12:32 PM
sarthurdev changed the task status from Open to In progress.Jul 5 2022, 5:26 PM
sarthurdev claimed this task.
sarthurdev moved this task from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
sarthurdev changed the task status from In progress to Needs testing.Jul 5 2022, 6:08 PM

PR: https://github.com/vyos/vyos-1x/pull/1394

pasik added a subscriber: pasik.Jul 6 2022, 8:28 AM
sarthurdev closed this task as Resolved.Aug 26 2023, 9:39 PM
sarthurdev moved this task from In Progress to Finished on the VyOS 1.4 Sagitta board.