Motivation:

Zone-Based Firewalls (ZBF) are a well-known and relied-upon pattern when dealing with more complex network setups. The lack of such feature quickly makes firewall configurations a nightmare.

The Bug:

The Sagitta 1.4 documentation details how to set up ZBF: https://docs.vyos.io/en/latest/configexamples/zone-policy.html

set firewall zone dmz default-action drop
set firewall zone dmz interface eth0.30
set firewall zone dmz from lan firewall ipv6-name lan-dmz-6

Observed behavior

However, in VyOS 1.4-rolling-202308240020 (nightly), there is no such a configuration option:

vyos@vyos# set firewall 
Possible completions:
 > global-options       Global Options
 > group                Firewall group
 > ipv4                 IPv4 firewall
 > ipv6                 IPv6 firewall

      
[edit]
vyos@vyos# set firewall ipv4 
Possible completions:
 > forward              IPv4 forward firewall
 > input                IPv4 input firewall
+> name                 IPv4 custom firewall
 > output               IPv4 output firewall

Either the documentation is wrong or the function is indeed gone missing (Dropped?? Why?).

Expected behavior:

• Either: Explain ZBF for VyOS 1.4 in the documentation as it would work now
• Or: Re-integrate ZBF into VyOS 1.4