Page MenuHomeVyOS Platform

Allow VyOS Firewall to Match Outbound IPSec Traffic
Open, Requires assessmentPublicFEATURE REQUEST



Specifically, from here down

I would like to be able to block outbound unencrypted GRE and allow it through IPSec as shown in the linked comment.


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Event Timeline

Do you have a proposed cli format?

@n.fort Maybe set firewall name <name> rule <rule> ipsec match-gre? This feels a bit hacky though... Almost like match should be its own block and contain ipsec, none, or gre