Page MenuHomeVyOS Platform
Create Task
Maniphest T5535

disable-directed-broadcast should be moved to firewall global-options
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

Currently we have these options in set firewall global-options:

vyos@vyos# set firewall global-options 
Possible completions:
   all-ping             Policy for handling of all IPv4 ICMP echo requests (default:
                        enable)
   broadcast-ping       Policy for handling broadcast IPv4 ICMP echo and timestamp
                        requests (default: disable)
   ip-src-route         Policy for handling IPv4 packets with source route option
                        (default: disable)
   ipv6-receive-redirects
                        Policy for handling received ICMPv6 redirect messages (default:
                        disable)
   ipv6-src-route       Policy for handling IPv6 packets with routing extension header
                        (default: disable)
   log-martians         Policy for logging IPv4 packets with invalid addresses (default:
                        enable)
   receive-redirects    Policy for handling received IPv4 ICMP redirect messages
                        (default: disable)
   resolver-cache       Retains last successful value if domain resolution fails
   resolver-interval    Domain resolver update interval (default: 300)
   send-redirects       Policy for sending IPv4 ICMP redirect messages (default: enable)
   source-validation    Policy for source validation by reversed path, as specified in
                        RFC3704 (default: disable)
   syn-cookies          Policy for using TCP SYN cookies with IPv4 (default: enable)
   twa-hazards-protection
                        RFC1337 TCP TIME-WAIT assasination hazards protection (default:
                        disable)

But the option for disable-directed-broadcast is located in the set system ip context:

vyos@vyos# set system ip 
Possible completions:
 > arp                  Parameters for ARP cache
   disable-directed-broadcast
                        Disable IPv4 directed broadcast forwarding on all interfaces
   disable-forwarding   Disable IPv4 forwarding on all interfaces
 > multipath            IPv4 multipath settings
+> protocol             Filter routing info exchanged between routing protocol and zebra
 > tcp                  IPv4 TCP parameters

Suggestion to move disable-directed-broadcast so it becomes member of set firewall global-options.

Details

Difficulty level
Unknown (require assessment)
Version
1.4.0-epa2, 1.5-rolling-202404141045
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Improvement (missing useful functionality)

Event Timeline

Apachez created this task.Aug 31 2023, 5:23 PM
Viacheslav triaged this task as Normal priority.Jan 20 2024, 1:12 PM
dmbaturin edited projects, added VyOS 1.4 Sagitta (1.4.0-epa3); removed VyOS 1.4 Sagitta.Fri, Apr 12, 2:32 PM
n.fort changed the task status from Open to Confirmed.Mon, Apr 15, 10:12 AM
n.fort claimed this task.
n.fort raised the priority of this task from Normal to High.
n.fort added a project: VyOS 1.5 Circinus.
n.fort changed Version from - to 1.4.0-epa2, 1.5-rolling-202404141045.
pasik added a subscriber: pasik.Mon, Apr 15, 11:44 AM
n.fort added a comment.Mon, Apr 15, 2:25 PM

PR: https://github.com/vyos/vyos-1x/pull/3309

n.fort changed the task status from Confirmed to Needs testing.Wed, Apr 17, 8:57 AM
n.fort closed this task as Resolved.Sun, Apr 21, 6:54 PM
n.fort moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
n.fort moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.