What is the VyOS equivalent to cisco’s “ip local policy route-map” directive which applies routing policy to packets originated by the router vs. packets arriving at an interface of the router?
VyOS Uses Zones, and there’s one special Zone called [quote]VyOS Local Zone[/quote] that includes all traffic generated by the router. You can then define Firewall rules that apply to the Local Zone, getting the same effect as the “ip local policy”.
Hope this helps…
Sorry for the confusion as I should have been more specific. What is the equivalent to cisco’s “ip local policy route-map”? I want to apply a policy route (not firewall ruleset) to packets originated by a specific interface address on the router. I’ll correct the original post.
Specifically I want to select a specific route table based on which router address is sourcing the traffic. I am currently able to select a specific route table from traffic originating from hosts on the subnet of that interface. However, I can’t seem to apply the same route policy to the router’s own address of that subnet.
I don’t think there is a native vyos command to control that. I use a script in /etc/dhcp3/dhclient-exit-hooks.d to update things when the vyos interface gets a new dhcp address:
[ -z "$interface" ] && exit [ -z "$new_routers" ] && exit [ -z "$new_ip_address" ] && exit [ "$interface" != "$ifc" ] && exit mark=0x80000000 # mark is 0x7fffffff + $table man1eth1="iptables -t mangle -F OUTPUT" man2eth1="iptables -t mangle -A OUTPUT -s $new_ip_address/32 -j MARK --set-m ark $mark"
and then bash code to essentially
echo "$cmd" | ssh -t -t vyos@localhost
with ssh keys setup to allow root to ssh to vyos@localhost.