Page MenuHomeVyOS Platform
Create Task
Maniphest T5165

Policy local-route ability set protocol and port
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

Policy local-route based on protocol and port

sudo ip rule add from 192.0.2.5 ipproto tcp sport 80 lookup 301
sudo ip rule add from 192.0.2.10 ipproto tcp dport 8080 lookup 302

Check:

vyos@r14# sudo ip rule show
0:	from all lookup local
32763:	from 192.0.2.10 ipproto tcp dport 8080 lookup 302
32764:	from 192.0.2.5 ipproto tcp sport 80 lookup 301
32765:	from all fwmark 0xc9 lookup 201
32766:	from all lookup main
32767:	from all lookup default
[edit]
vyos@r14#

Proposed CLI

set policy local-route rule 301 protocol tcp source-port 80
set policy local-route rule 302 protocol tcp destination-port 8080

Or use the following:

set policy local-route rule 301 protocol tcp 
set policy local-route rule 301 source|destination port xxx

The second option required migration of the current source to the source address

vyos@r14# set policy local-route rule 100 source 
Possible completions:
   <x.x.x.x>            Address to match against
   <x.x.x.x/x>          Prefix to match against

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Related Objects
Search...

Event Timeline

Viacheslav created this task.Apr 18 2023, 10:42 AM
pasik added a subscriber: pasik.Apr 18 2023, 10:50 AM
Viacheslav added a comment.Sep 27 2023, 2:10 PM

Add option protocol, PR https://github.com/vyos/vyos-1x/pull/2313

set policy local-route rule 100 destination '192.0.2.12'
set policy local-route rule 100 protocol 'tcp'
set policy local-route rule 100 set table '100'
Viacheslav added a comment.Sep 29 2023, 4:05 PM

PR migration https://github.com/vyos/vyos-1x/pull/2325

Viacheslav claimed this task.Oct 6 2023, 4:31 AM
Viacheslav added a comment.Oct 6 2023, 9:27 AM

PR https://github.com/vyos/vyos-1x/pull/2342

set policy local-route rule 23 destination port '222'
set policy local-route rule 23 protocol 'tcp'
set policy local-route rule 23 set table '123'
set policy local-route rule 23 source port '8888'

Check:

vyos@r4# ip rule show prio 23
23:	from all ipproto tcp sport 8888 dport 222 lookup 123
[edit]
vyos@r4#
Viacheslav changed the task status from Open to Needs testing.Oct 11 2023, 6:37 AM
Viacheslav added a project: VyOS 1.5 Circinus.
Viacheslav closed subtask T5629: Policy local-route bug after migration to destination node address as Resolved.Oct 14 2023, 7:33 AM
Viacheslav closed this task as Resolved.Oct 16 2023, 8:41 AM
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.