Page MenuHomeVyOS Platform
Create Task
Maniphest T5553

Firewall - Add action continue
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

Add ability to set action continue in firewall ruleset. So far is not supporter:

vyos@host-left# set firewall ipv4 forward filter rule 10 action 
Possible completions:
   accept               Accept matching entries
   jump                 Jump to another chain
   reject               Reject matching entries
   return               Return from the current chain and continue at the next rule of the last chain
   drop                 Drop matching entries
   queue                Enqueue packet to userspace
                        
      
[edit]
vyos@host-left# set firewall ipv4 forward filter rule 10 action

Details

Difficulty level
Unknown (require assessment)
Version
1.4-rolling-202309040919
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)

Event Timeline

n.fort changed the task status from Open to Confirmed.Sep 6 2023, 5:39 PM
n.fort claimed this task.
n.fort created this task.
n.fort changed Version from - to 1.4-rolling-202309040919.
Apachez added a subscriber: Apachez.Sep 6 2023, 5:55 PM

In case there are other just like me who didnt know about "action continue":

https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes

The verdict statement alters control flow in the ruleset and issues policy decisions for packets. The valid verdict statements are:

- accept: Accept the packet and stop the remain rules evaluation.

- drop: Drop the packet and stop the remain rules evaluation.

- queue: Queue the packet to userspace and stop the remain rules evaluation.

- continue: Continue the ruleset evaluation with the next rule.

- return: Return from the current chain and continue at the next rule of the last chain. In a base chain it is equivalent to accept

- jump <chain>: Continue at the first rule of <chain>. It will continue at the next rule after a return statement is issued

- goto <chain>: Similar to jump, but after the new chain the evaluation will continue at the last chain instead of the one containing the goto statement
n.fort added a comment.Sep 8 2023, 10:01 AM

Feature included in: https://github.com/vyos/vyos-1x/pull/2222

n.fort changed the task status from Confirmed to In progress.Sep 8 2023, 10:01 AM
I-n-d-y added a subscriber: I-n-d-y.Sep 13 2023, 5:58 AM
n.fort closed this task as Resolved.Oct 3 2023, 6:59 PM