Packet-Tracer Output
Open, NormalPublicFEATURE REQUEST
Actions

Assigned To

Authored By

	L0crian
	Fri, Apr 12, 2:51 PM

Description

This request would add functionality similar to other firewall products for a projected flow. I'm open to any and all suggestions on additional output that could expand on the usefulness of this.

Proposed Syntax:

show firewall packet-info

Required fields:

source-ip
destination-ip
source-port
destination-port
protocol

Optional fields:

vrf
inbound-interface
outbound-interface
from-zone
to-zone

Sample output:

vyos@vyos# run show firewall packet-info source-ip 1.1.1.1 destination-ip 1.1.1.2 source-port 1 destination-port 1000 protocol tcp
------------------------------------------------
--------------- Phase 1: Routing ---------------
------------------------------------------------

Source:
 Route             | 0.0.0.0/0
 Protocol          | static
 VRF               | default
 Next Hop(s)       | 10.0.101.1
 Exit Interface(s) | eth0.101

Destination:
 Route             | 0.0.0.0/0
 Protocol          | static
 VRF               | default
 Next Hop(s)       | 10.0.101.1
 Exit Interface(s) | eth0.101

------------------------------------------------
----------------- Phase 2: NAT -----------------
------------------------------------------------

Source NAT matched on rule 100
------------------------------------------------
Configured:
set nat source rule 100 destination address '1.1.1.2'
set nat source rule 100 destination port '1000'
set nat source rule 100 outbound-interface name 'eth2'
set nat source rule 100 protocol 'tcp'
set nat source rule 100 source address '1.1.1.1'
set nat source rule 100 source port '1'
set nat source rule 100 translation address 'masquerade'

--------------------------------
Active Rule:
oifname "eth2" ip saddr 1.1.1.1 tcp sport 1 tcp dport 1000 ip daddr 1.1.1.2 counter packets 0 bytes 0 masquerade

------------------------------------------------
--------------- Phase 3: Firewall --------------
------------------------------------------------

Matching Rule Found:
Rule Information

---------------------------------
ipv4 Firewall "forward filter"

 Rule        | 1234
 Description |
 Action      | accept
 Protocol    | tcp
 Packets     | 0
 Bytes       | 0
 Conditions  | ip daddr 1.1.1.2 tcp dport @P_P1000 ip saddr 1.1.1.1 tcp sport 1
             | iifname "eth1" oifname "eth2"  accept

------------------------------------------------
----------------- Phase 4: PBR -----------------
------------------------------------------------

Policy Route matched on rule 10 of policy route TEST2
------------------------------------------------
Configured:
set policy route TEST2 interface 'eth0.101'
set policy route TEST2 rule 10 destination address '1.1.1.2'
set policy route TEST2 rule 10 destination port '1000'
set policy route TEST2 rule 10 protocol 'tcp'
set policy route TEST2 rule 10 source address '1.1.1.1'
set policy route TEST2 rule 10 source port '1'

--------------------------------
Active Rule:
ip daddr 1.1.1.2 ip saddr 1.1.1.1 tcp sport 1 tcp dport 1000 counter packets 0 bytes 0 return

Details

Difficulty level: Lunatic (nearly impossible)
Version: -
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Perfectly compatible
Issue type: Feature (new functionality)

Event Timeline

L0crian claimed this task.Fri, Apr 12, 2:51 PM

L0crian created this task.

syncer triaged this task as Normal priority.Fri, Apr 12, 2:58 PM

dmbaturin removed a project: VyOS 1.4 Sagitta.Fri, Apr 12, 3:15 PM

dmbaturin changed Difficulty level from Unknown (require assessment) to Lunatic (nearly impossible).

fernando added a subscriber: fernando.Fri, Apr 12, 5:32 PM

Link to forum thread: https://forum.vyos.io/t/output-similar-to-packet-tracer/

fromport added a subscriber: fromport.Sun, Apr 14, 8:07 AM

Packet-Tracer OutputOpen, NormalPublicFEATURE REQUESTActions

Description

Details

Event Timeline

Packet-Tracer Output
Open, NormalPublicFEATURE REQUEST
Actions