Page MenuHomeVyOS Platform
Create Task
Maniphest T5133

Add comments for items in address-group and network-group in firewall
Closed, WontfixPublicFEATURE REQUEST
Actions

Description

It's very important to have an opportunity to make comments for each item in address and network list in firewall section.
For example JunOS has this opportunity and it's very handy when working with large lists

vyos@vyos-gw# edit firewall group address-group test123
[edit firewall group address-group test123]
vyos@vyos-gw# set address 1.1.1.1
[edit firewall group address-group test123]
vyos@vyos-gw# comment address 1.1.1.1 "first address"

  Cannot comment on config values
  Comment failed

[edit firewall group address-group test123]
vyos@vyos-gw#

Details

Version
-
Is it a breaking change?
Perfectly compatible

Event Timeline

vfomkin created this task.Mar 31 2023, 5:28 PM
pasik subscribed.Mar 31 2023, 5:52 PM
Viacheslav triaged this task as Normal priority.Jan 20 2024, 12:21 PM
Viacheslav subscribed.

Proposed CLI
We need only change leafNode address to the tagNode

set firewall group address-group test123 address 192.0.2.1 description "blackhole"
Viacheslav added a comment.Feb 6 2024, 1:02 PM

PR https://github.com/vyos/vyos-1x/pull/2945

set firewall group address-group ONE address 192.0.2.1 description 'First'
set firewall group address-group ONE address 192.0.2.2 description 'Second'
Viacheslav changed the task status from Open to In progress.Feb 6 2024, 1:03 PM
Viacheslav added a project: VyOS 1.5 Circinus.
Viacheslav claimed this task.Feb 6 2024, 2:08 PM
c-po subscribed.Feb 7 2024, 5:48 AM
cpo@LR1.wue3# set firewall group address-group test123 description foo
cpo@LR1.wue3# set firewall group address-group test123 address 1.2.3.4
cpo@LR1.wue3# comment firewall group address-group test123 address baz
[edit]
cpo@LR1.wue3# show firewall
+group {
+    address-group test123 {
+        /* baz */
+        address 1.2.3.4
+        description foo
+    }
+}

Moving the address leafNode to a tagNode will clutter the configuration.

c-po closed this task as Wontfix.Feb 7 2024, 5:48 AM