Maniphest T6760

Firewall - Add set options of "set policy route" to normal firewall rules
Closed, ResolvedPublicFEATURE REQUEST
Actions

Assigned To

Authored By

	n.fort
	Oct 3 2024, 2:49 PM

Tags

Referenced Files

None

Subscribers

Description

So far we in policy route we have:

vyos@ROCK# set policy route FOO rule 10 set 
Possible completions:
   connection-mark      Set connection mark
   dscp                 Set DSCP (Packet Differentiated Services Codepoint) bits
   mark                 Set packet mark
   table                Set the routing table for matched packets
   tcp-mss              Set TCP Maximum Segment Size
   vrf                  VRF to forward packet with

      
[edit]
vyos@ROCK# set policy route FOO rule 10 set

Apart from set tale, all of these options create rules in nftables.

Since it's a firewall capability, we need to extend packet modification capabilities to regular firewall rules.

Details

Version: 1.5-rolling-202410010007
Is it a breaking change?: Perfectly compatible
Issue type: Feature (new functionality)

Related Objects

Mentioned In: rVYOSONEXe846d2c1500d: T6760: firewall: add packet modifications existing in policy route to regular…
rVYOSONEX2a46c1cfb229: Merge pull request #4123 from nicolas-fort/fwall_set_commands

Event Timeline

n.fort created this task.Oct 3 2024, 2:49 PM

n.fort changed the task status from Open to In progress.

n.fort claimed this task.

n.fort triaged this task as Normal priority.

n.fort changed Version from - to 1.5-rolling-202410010007.

PR: https://github.com/vyos/vyos-1x/pull/4123

pasik subscribed.Oct 3 2024, 3:48 PM

Restricted Repository Identity mentioned this in rVYOSONEX2a46c1cfb229: Merge pull request #4123 from nicolas-fort/fwall_set_commands.Oct 4 2024, 11:21 AM

n.fort mentioned this in rVYOSONEXe846d2c1500d: T6760: firewall: add packet modifications existing in policy route to regular….Oct 4 2024, 11:21 AM

n.fort changed the task status from In progress to Needs testing.Oct 4 2024, 8:06 PM

n.fort closed this task as Resolved.Oct 8 2024, 5:42 PM

dmbaturin edited projects, added VyOS 1.5 Circinus (1.5-stream-2025-Q2), VyOS Rolling; removed VyOS 1.5 Circinus.Jul 9 2025, 10:53 AM