Page MenuHomeVyOS Platform
Create Task
Maniphest T5636

Add GeoIP matching support for policy route
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

now firewall support geoip ,that is cool ,but it is only for firewall , also need for policy route/local-route destination .
like this :
set policy route shunt rule 1 destination geoip country-code cn
set policy local-route rule 1 destination geoip country-code us

seems geoip will convert to lots of cidr address , that may make the config file too big to read/check. could add a feature like include config.d/ in linux ?

thanks!

Details

Version
-
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedFEATURE REQUESTsarthurdevT4299 Firewall - GeoIP filtering
 ResolvedFEATURE REQUESTsskajeT5636 Add GeoIP matching support for policy route

Event Timeline

freebsdjlu created this task.Oct 6 2023, 1:24 AM
pasik subscribed.Oct 6 2023, 6:23 AM
Viacheslav triaged this task as Wishlist priority.Jan 20 2024, 1:32 PM
dmbaturin edited projects, added VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.Apr 12 2024, 2:37 PM
e.pc.yuan subscribed.May 7 2024, 10:29 PM

with the fix n.fort put in this feature is greatly sort after, definitely a thump up from me.

Viacheslav subscribed.May 8 2024, 6:15 AM

Mostly impossible for policy local-route
I'm not expecting that it will be implemented at all.

e.pc.yuan added a comment.May 8 2024, 9:42 PM

set policy local-route doesn't make sense to me to have a geoip network group, however geoip in set policy route allows for greater flexibility while performing routing to ensure traffic traverse through specific destination for compliance and regulatory purposes.

dmbaturin added a project: Restricted Project.Sep 16 2024, 4:16 PM
syncer edited projects, added VyOS Rolling; removed Restricted Project, VyOS 1.5 Circinus.Oct 30 2024, 11:21 PM
vyosbot added a project: Restricted Project.Oct 31 2024, 6:08 AM
syncer added a subscriber: Global Notifications.Nov 1 2024, 9:19 PM
dmbaturin moved this task from Need Triage to Backlog - Feature Requests on the VyOS Rolling board.Nov 15 2024, 3:36 PM
c-po added a parent task: T4299: Firewall - GeoIP filtering.Dec 28 2024, 10:55 AM
sskaje subscribed.Mar 28 2025, 7:51 AM

PR: https://github.com/vyos/vyos-1x/pull/4419

sarthurdev changed the task status from Open to In progress.Apr 1 2025, 6:06 PM
sarthurdev assigned this task to sskaje.
c-po changed the task status from In progress to Needs testing.Apr 22 2025, 3:21 PM
c-po edited projects, added VyOS 1.5 Circinus; removed Restricted Project.
sskaje mentioned this in rVYOSONEX795154d9009b: geoip: T5636: Add geoip for policy route/route6.Apr 22 2025, 3:22 PM
sskaje mentioned this in rVYOSONEX8f20f0ef7863: geoip: T5636: add smoketest for pbr geoip.
Restricted Repository Identity mentioned this in rVYOSONEX801bdc92ca8e: Merge pull request #4419 from sskaje/T5636.Apr 22 2025, 3:22 PM
c-po moved this task from Backlog - Feature Requests to Completed on the VyOS Rolling board.Apr 22 2025, 3:22 PM
dongjunbo subscribed.Jun 7 2025, 2:24 AM

HI ,
I tested it . it works well. Could you please merge it into stable version vyos 1.4 ? Many thanks!

dmbaturin renamed this task from Need geoip option for policy route to Add GeoIP matching support for policy route.Jul 9 2025, 1:09 PM
dmbaturin closed this task as Resolved.
dmbaturin edited projects, added VyOS 1.5 Circinus (1.5-stream-2025-Q2); removed VyOS 1.5 Circinus.
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
dmbaturin changed Issue type from Unspecified (please specify) to Feature (new functionality).