Page MenuHomeVyOS Platform
Create Task
Maniphest T5450

Firewall interface group - Allow inverted matcher
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

Allow inverted matcher for interface group in firewall ruleset.
For other groups, inverted-matcher is allowed.

This doesn't work:

set firewall name X rule X [inbound-interface | outbound-interface] interface-group !IFACE-GROUP

While this works:

set firewall name X rule X source group address-group !ADDRESS-GROUP

This works:

Details

Difficulty level
Unknown (require assessment)
Version
vyos-1.4-rolling-202308060317
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

n.fort changed the task status from Open to Confirmed.Aug 8 2023, 6:02 PM
n.fort claimed this task.
n.fort created this task.
n.fort changed Version from - to vyos-1.4-rolling-202308060317.
pasik added a subscriber: pasik.Aug 8 2023, 8:01 PM
n.fort changed the task status from Confirmed to In progress.Aug 9 2023, 9:18 PM

PR https://github.com/vyos/vyos-1x/pull/2142

n.fort changed the task status from In progress to Needs testing.Aug 23 2023, 4:30 PM
n.fort closed this task as Resolved.Sep 8 2023, 10:04 AM
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.Sep 8 2023, 11:45 AM