Define port-group as a oneliner instead of multiline
Open, NormalPublicFEATURE REQUEST
Actions

Assigned To

None

Authored By

	Apachez
	Nov 15 2023, 4:11 AM

Description

When creating a port-group in VyOS today it would be handy if such can be defined as a oneliner instead of multiline.

Example.

Today it must be defined as (if you want to add port 800 + 900-950 to a single port-group):

set firewall group port-group TEST port '800'
set firewall group port-group TEST port '900-950'

But it would be handy if this instead could be defined as:

set firewall group port-group TEST port '800, 900-950'

Because in the backend todays syntax results in this nftables config (which is a oneliner):

set P_TEST {
        type inet_service
        flags interval
        auto-merge
        elements = { 800, 900-950 }
}

The input validation (except for allowing for digits, whitespace, "," and "-") could perhaps also be a length check to match whatever length that nftables allows for as "elements".

Rumours has it that such input validation for oneliner might already exist somewhere else in the VyOS config.

Ref:

https://old.reddit.com/r/vyos/comments/17ucrav/way_to_quickly_add_multiple_ports_in_a_portgroup/

Details

Difficulty level: Unknown (require assessment)
Version: -
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Improvement (missing useful functionality)

Event Timeline

Apachez created this task.Nov 15 2023, 4:11 AM

This can be done in other areas such as firewall rules already:

set firewall ipv4 input filter rule 1000 destination port '10-20,5,5522'

Viacheslav triaged this task as Normal priority.Jan 20 2024, 1:52 PM

Define port-group as a oneliner instead of multilineOpen, NormalPublicFEATURE REQUESTActions

Description

Details

Event Timeline

Define port-group as a oneliner instead of multiline
Open, NormalPublicFEATURE REQUEST
Actions