enable-default-log on zone-policy
Closed, ResolvedPublicFEATURE REQUEST
Actions

Assigned To

Authored By

	pragmattic
	Jul 5 2022, 12:32 PM

Description

Reason: When dealing with many zones on one firewall (e.g. I have 10), having a rule-set for each zone-to-zone pair is a lot of code. Would like to implement a command to have default logging enabled on the whole zone, not just the rule set. See nft example below:

Command to add:

set zone-policy zone Infrastructure enable-default-log

>>   chain VZONE_Infrastructure {
>> iifname { “eth2.400” } counter packets 0 bytes 0 drop
>> iifname { “eth2.400” } counter packets 0 bytes 0 return
>> iifname { “eth1”, “eth2.200” } counter packets 0 bytes 0 jump NAME_Core_to_Infrastructure
>> iifname { “eth1”, “eth2.200” } counter packets 0 bytes 0 return
>> counter packets 0 bytes 0 drop <-------------- “add default log here
>> }

Details

Difficulty level: Unknown (require assessment)
Version: -
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Perfectly compatible
Issue type: Improvement (missing useful functionality)

Event Timeline

pragmattic created this task.Jul 5 2022, 12:32 PM

sarthurdev changed the task status from Open to In progress.Jul 5 2022, 5:26 PM

sarthurdev claimed this task.

sarthurdev moved this task from Need Triage to In Progress on the VyOS 1.4 Sagitta board.

PR: https://github.com/vyos/vyos-1x/pull/1394

pasik subscribed.Jul 6 2022, 8:28 AM

sarthurdev closed this task as Resolved.Aug 26 2023, 9:39 PM

sarthurdev moved this task from In Progress to Finished on the VyOS 1.4 Sagitta board.

enable-default-log on zone-policyClosed, ResolvedPublicFEATURE REQUESTActions

Description

Details

Event Timeline

enable-default-log on zone-policy
Closed, ResolvedPublicFEATURE REQUEST
Actions