Firewall default-action log
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	n.fort
	Oct 6 2023, 12:06 PM

Description

After firewall refactor, we have no capabilities for logs when default-action is applied in base chains.

In the past, we used to add a rule at the end of the ruleset for such purpose, and enable log if required. In new implementation, for base chains we use 'policy [accept|drop]', so no extra rule at the end, and no log capabilities.

We need to be able to log when default-action matches in base chains.

Details

Difficulty level: Unknown (require assessment)
Version: 1.5-rolling-202310060022
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Perfectly compatible
Issue type: Improvement (missing useful functionality)

Event Timeline

n.fort changed the task status from Open to Confirmed.Oct 6 2023, 12:06 PM

n.fort claimed this task.

n.fort created this task.

pasik added a subscriber: pasik.Oct 6 2023, 1:26 PM

PR: https://github.com/vyos/vyos-1x/pull/2344

n.fort changed the task status from Confirmed to In progress.Oct 6 2023, 2:42 PM

I-n-d-y added a subscriber: I-n-d-y.Oct 15 2023, 10:03 AM

For RQ for Sagitta: https://github.com/vyos/vyos-1x/pull/2399

Re-Opening. this need to be extended to bridge firewall

n.fort added a project: VyOS 1.4 Sagitta.Nov 16 2023, 6:01 PM

PR for bridge: https://github.com/vyos/vyos-1x/pull/2528

n.fort changed the task status from Confirmed to Needs testing.Nov 22 2023, 7:07 PM

n.fort closed this task as Resolved.Dec 21 2023, 11:33 AM

Firewall default-action logClosed, ResolvedPublicBUGActions

Description

Details

Event Timeline

Firewall default-action log
Closed, ResolvedPublicBUG
Actions