Page MenuHomeVyOS Platform
Create Task
Maniphest T5637

Firewall default-action log
Closed, ResolvedPublicBUG
Actions

Description

After firewall refactor, we have no capabilities for logs when default-action is applied in base chains.

In the past, we used to add a rule at the end of the ruleset for such purpose, and enable log if required. In new implementation, for base chains we use 'policy [accept|drop]', so no extra rule at the end, and no log capabilities.

We need to be able to log when default-action matches in base chains.

Details

Version
1.5-rolling-202310060022
Is it a breaking change?
Perfectly compatible

Related Objects

Event Timeline

n.fort created this task.Oct 6 2023, 12:06 PM
n.fort changed the task status from Open to Confirmed.
n.fort claimed this task.
pasik subscribed.Oct 6 2023, 1:26 PM
n.fort added a comment.Oct 6 2023, 2:42 PM

PR: https://github.com/vyos/vyos-1x/pull/2344

n.fort changed the task status from Confirmed to In progress.Oct 6 2023, 2:42 PM
I-n-d-y subscribed.Oct 15 2023, 10:03 AM
Restricted Repository Identity mentioned this in rVYOSONEX887855b14e06: Merge pull request #2344 from nicolas-fort/T5637.Oct 19 2023, 5:10 PM
n.fort mentioned this in rVYOSONEX6582bbc0f431: T5637: add new rule at the end of base chains for default-actions. This enables….Oct 19 2023, 5:10 PM
Restricted Repository Identity mentioned this in rVYOSONEX9a11f38f9c8d: T5637: add new rule at the end of base chains for default-actions. This enables….Oct 19 2023, 5:11 PM
n.fort closed this task as Resolved.Oct 23 2023, 4:58 PM

For RQ for Sagitta: https://github.com/vyos/vyos-1x/pull/2399

Restricted Repository Identity mentioned this in rVYOSONEXcb912e98de3b: Merge pull request #2399 from nicolas-fort/T5637-sagitta.Oct 24 2023, 6:53 PM
n.fort mentioned this in rVYOSONEXa9e93ef54bd3: T5637: Firewall: add new rule at the end of base chains for default-actions..Oct 24 2023, 6:53 PM
n.fort reopened this task as Confirmed.Nov 16 2023, 6:01 PM

Re-Opening. this need to be extended to bridge firewall

n.fort added a project: VyOS 1.4 Sagitta.Nov 16 2023, 6:01 PM
n.fort added a comment.Nov 22 2023, 12:08 PM

PR for bridge: https://github.com/vyos/vyos-1x/pull/2528

Restricted Repository Identity mentioned this in rVYOSONEX8f853daa22fe: Merge pull request #2528 from nicolas-fort/T5637-Extend-bridge.Nov 22 2023, 12:24 PM
n.fort mentioned this in rVYOSONEXc45b695ca068: T5637: firewall: extend rule for default-action to firewall bridge, in order to….Nov 22 2023, 12:24 PM
n.fort changed the task status from Confirmed to Needs testing.Nov 22 2023, 7:07 PM
n.fort closed this task as Resolved.Dec 21 2023, 11:33 AM