Maniphest T6760

Firewall - Add set options of "set policy route" to normal firewall rules
Closed, ResolvedPublicFEATURE REQUEST
Actions

Assigned To

Authored By

	n.fort
	Thu, Oct 3, 2:49 PM

Tags

Referenced Files

None

Subscribers

Description

So far we in policy route we have:

vyos@ROCK# set policy route FOO rule 10 set 
Possible completions:
   connection-mark      Set connection mark
   dscp                 Set DSCP (Packet Differentiated Services Codepoint) bits
   mark                 Set packet mark
   table                Set the routing table for matched packets
   tcp-mss              Set TCP Maximum Segment Size
   vrf                  VRF to forward packet with

      
[edit]
vyos@ROCK# set policy route FOO rule 10 set

Apart from set tale, all of these options create rules in nftables.

Since it's a firewall capability, we need to extend packet modification capabilities to regular firewall rules.

Details

Difficulty level: Unknown (require assessment)
Version: 1.5-rolling-202410010007
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Perfectly compatible
Issue type: Feature (new functionality)

Related Objects

Mentioned In: rVYOSONEXe846d2c1500d: T6760: firewall: add packet modifications existing in policy route to regular…
rVYOSONEX2a46c1cfb229: Merge pull request #4123 from nicolas-fort/fwall_set_commands

Event Timeline

n.fort created this task.Thu, Oct 3, 2:49 PM

n.fort changed the task status from Open to In progress.

n.fort claimed this task.

n.fort triaged this task as Normal priority.

n.fort changed Version from - to 1.5-rolling-202410010007.

PR: https://github.com/vyos/vyos-1x/pull/4123

pasik subscribed.Thu, Oct 3, 3:48 PM

Restricted Repository Identity mentioned this in rVYOSONEX2a46c1cfb229: Merge pull request #4123 from nicolas-fort/fwall_set_commands.Fri, Oct 4, 11:21 AM

n.fort mentioned this in rVYOSONEXe846d2c1500d: T6760: firewall: add packet modifications existing in policy route to regular….Fri, Oct 4, 11:21 AM

n.fort changed the task status from In progress to Needs testing.Fri, Oct 4, 8:06 PM

n.fort closed this task as Resolved.Tue, Oct 8, 5:42 PM