Maniphest T4512

enable-default-log on zone-policy
Closed, ResolvedPublicFEATURE REQUEST
Actions

Assigned To

Authored By

	pragmattic
	Jul 5 2022, 12:32 PM

Tags

Referenced Files

None

Subscribers

Global Notifications

Description

Reason: When dealing with many zones on one firewall (e.g. I have 10), having a rule-set for each zone-to-zone pair is a lot of code. Would like to implement a command to have default logging enabled on the whole zone, not just the rule set. See nft example below:

Command to add:

set zone-policy zone Infrastructure enable-default-log

>>   chain VZONE_Infrastructure {
>> iifname { “eth2.400” } counter packets 0 bytes 0 drop
>> iifname { “eth2.400” } counter packets 0 bytes 0 return
>> iifname { “eth1”, “eth2.200” } counter packets 0 bytes 0 jump NAME_Core_to_Infrastructure
>> iifname { “eth1”, “eth2.200” } counter packets 0 bytes 0 return
>> counter packets 0 bytes 0 drop <-------------- “add default log here
>> }

Details

Version: -
Is it a breaking change?: Perfectly compatible

Related Objects

Mentioned In: rVYOSONEXf29dbc415a8b: zone-policy: T4512: Add support for `enable-default-log`
rVYOSONEX2010c7de9e1f: Merge pull request #1394 from sarthurdev/zone_default_log

Event Timeline

pragmattic created this task.Jul 5 2022, 12:32 PM

sarthurdev changed the task status from Open to In progress.Jul 5 2022, 5:26 PM

sarthurdev claimed this task.

sarthurdev moved this task from Open to In Progress on the VyOS 1.4 Sagitta board.

PR: https://github.com/vyos/vyos-1x/pull/1394

Restricted Repository Identity mentioned this in rVYOSONEX2010c7de9e1f: Merge pull request #1394 from sarthurdev/zone_default_log.Jul 5 2022, 8:10 PM

sarthurdev mentioned this in rVYOSONEXf29dbc415a8b: zone-policy: T4512: Add support for `enable-default-log`.Jul 5 2022, 8:10 PM

pasik subscribed.Jul 6 2022, 8:28 AM

sarthurdev closed this task as Resolved.Aug 26 2023, 9:39 PM

sarthurdev moved this task from In Progress to Finished on the VyOS 1.4 Sagitta board.