Add VLAN type option to bridge firewalls
Closed, ResolvedPublicFEATURE REQUEST
Actions

Assigned To

Authored By

	n.fort
	Sep 3 2024, 3:38 PM

Description

So far, we can match arp and 802.1a types:

vyos@bri# set firewall bridge forward filter rule 10 ethernet-type 
Possible completions:
   802.1q               Customer VLAN tag type
   802.1ad              Service VLAN tag type
   arp                  Adress Resolution Protocol
   ipv4                 Internet Protocol version 4
   ipv6                 Internet Protocol version 6
                        

      
[edit]
vyos@bri# set firewall bridge forward filter rule 10 ethernet-type

And on vlan data/header:

vyos@bri# set firewall bridge forward filter rule 10 vlan
Possible completions:
   id                   Vlan id
   priority             Vlan priority(pcp)

      
[edit]
vyos@bri#

If we want to catch arp requests on bridge using vlans, we need to add type under vlan.
References: https://www.netfilter.org/projects/nftables/manpage.html#lbCF