Does mangle table exist on vyos?


#1

Hi, I’m new in this community but I really like vyos router since the first time I used this software. I use vyos1.1.7 and I cant find the mangle table on its CLI commands. What I have seen in vyos, as a firewall is that it use the filter table and nat table, but not the raw and the mangle.

Is it possible to make a mangle rule on vyos from the CLI?

PS: Sorry for my english, regards from Cuba


#2

Hi!
Of course, VyOS have mangle table. For example, it used for policy routing.
Firewall in VyOS is more security-oriented tool, that why you can’t find there mangle table. :slight_smile:
raw table used too, for NAT helpers, for example.

If you want to understand VyOS firewall and policy more deeper, you can setup some sample rules and see it with iptables command. If you are familiar with iptables, this can help to understand internal VyOS logic.


#3

And what if I want to change the TTL field? The only way I found to create this kind of mangle rule is by creating a root user and loggin into vyos router and then create the rule from the iptables.

The problem is my friend, that I dont want to pay for a routeros when I know that vyos can do the same.

I want to use the raw table for some rules that protect my network against spoofing and grounding atacks, because I want to drope that kind of packets as soon as possible, even before the connection tracks.

So, do I have to make this kind of rules with iptables commands, or its possible to do it with the CLI?

My infraestructure on proxmox is:
router-vyos - - -> fw1-vyos - - > fw2-vyos
I have DMZ and others zones, thats why the security in depth


#4

Unfortunately, there is no such options in CLI. If you definitely know what you want to do, then I recommend to use script for adding custom iptables rules.