So far, firewall ruleset need to be applied to an interface.
With T4699 and T4700, and this new option, one general firewall ruleset may be configured to do all the filtering needed.
Something similar to:
set firewall global-filtering name ABCD set firewall name ABCD default-action drop set firewall name ABCD rule 10 in-interface eth0 set firewall name ABCD rule 10 source address 192.0.2.0/24 set firewall name ABCD rule 10 action accept . . .
Command set firewall global-filtering will add a jump action in chain ip vyos_filter VYOS_FW_FORWARD to specified destination, in the example, chain ABCD