Currently we have these options in set firewall global-options:
vyos@vyos# set firewall global-options Possible completions: all-ping Policy for handling of all IPv4 ICMP echo requests (default: enable) broadcast-ping Policy for handling broadcast IPv4 ICMP echo and timestamp requests (default: disable) ip-src-route Policy for handling IPv4 packets with source route option (default: disable) ipv6-receive-redirects Policy for handling received ICMPv6 redirect messages (default: disable) ipv6-src-route Policy for handling IPv6 packets with routing extension header (default: disable) log-martians Policy for logging IPv4 packets with invalid addresses (default: enable) receive-redirects Policy for handling received IPv4 ICMP redirect messages (default: disable) resolver-cache Retains last successful value if domain resolution fails resolver-interval Domain resolver update interval (default: 300) send-redirects Policy for sending IPv4 ICMP redirect messages (default: enable) source-validation Policy for source validation by reversed path, as specified in RFC3704 (default: disable) syn-cookies Policy for using TCP SYN cookies with IPv4 (default: enable) twa-hazards-protection RFC1337 TCP TIME-WAIT assasination hazards protection (default: disable)
But the option for disable-directed-broadcast is located in the set system ip context:
vyos@vyos# set system ip Possible completions: > arp Parameters for ARP cache disable-directed-broadcast Disable IPv4 directed broadcast forwarding on all interfaces disable-forwarding Disable IPv4 forwarding on all interfaces > multipath IPv4 multipath settings +> protocol Filter routing info exchanged between routing protocol and zebra > tcp IPv4 TCP parameters
Suggestion to move disable-directed-broadcast so it becomes member of set firewall global-options.