narey83
September 20, 2022, 11:24pm
1
Hey all,
I’ve just registered to gain some help. I am reading the docs for VyOS 1.4 and trying to create some port-forwarding for inbound services from the WAN to DMZ. In the docs it specifies to issue for the following command to apply the firewall policy to interfaces:
set interfaces ethernet eth0 firewall in name ‘OUTSIDE-IN’
The issue I have is there is no firewall option after “set interfaces ethernet eth0”
Is there is documentation issue that’s not had the most recent changes to the syntax documented?
Everything else is working except the firewall.
tjh
September 21, 2022, 12:20am
2
That’s odd.EDIT: Ignore this reply and see @n.fort ’s below
I’ve got 1.4-rolling-202209090217 and I have the firewall command available:
PS: Welcome to the Vyos forums!
n.fort
September 21, 2022, 12:41am
3
Big changes in last week in firewall, and more coming soon, and still haven’t update the docs. Sorry for that!
vyos:current ← sarthurdev:firewall_interfaces
opened 07:15PM - 12 Sep 22 UTC
## Change Summary
* Migrate firewall interface definitions under the firewall… node
* Migrate zone-policy under the firewall node
* Simplify firewall cleanup code
* Move initial firewall tables out of conf script, into static data file
* Rename tables to vyos_ prefixes
## Types of changes
<!---
What types of changes does your code introduce? Put an 'x' in all the boxes that apply.
NOTE: Markdown requires no leading or trailing whitespace inside the [ ] for checking
the box, please use [x]
-->
- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [x] Code style update (formatting, renaming)
- [x] Refactoring (no functional changes)
- [ ] Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
- [ ] Other (please describe):
## Related Task(s)
* https://phabricator.vyos.net/T2199
* https://phabricator.vyos.net/T4605
## Component(s) name
firewall, zone-policy
## Proposed changes
* Config changes:
`set interfaces ethernet eth0 firewall ...` -> `set firewall interface eth0 ...`
`set zone-policy zone <name> ...` -> `set firewall zone <name> ...`
Consolidating all conf scripts using the filter tables into one allows us to remove the complex cleanup code and simply delete the entire filter table
* nftables table names changed from `ip[6] filter` to `ip[6] vyos_filter`
* Initial nftables tables/chains are moved to the static file `data/vyos-firewall-init.conf` to remove the extra unnecessary call to `firewall.py` on boot
**Requires merge at same time: https://github.com/vyos/vyatta-cfg/pull/52**
## How to test
<!---
Please describe in detail how you tested your changes. Include details of your testing
environment, and the tests you ran. When pasting configs, logs, shell output, backtraces,
and other large chunks of text, surround this text with triple backtics
```
like this
```
-->
* Changes have passed all unit tests and config tests, and resulting nftables output is functional and as expected.
* Migration script has been tested and works as expected, resulting configuration is valid.
## Checklist:
- [x] I have read the [**CONTRIBUTING**](https://github.com/vyos/vyos-1x/blob/current/CONTRIBUTING.md) document
- [x] I have linked this PR to one or more Phabricator Task(s)
- [x] I have run the components [**SMOKETESTS**](https://github.com/vyos/vyos-1x/tree/current/smoketest/scripts/cli) if applicable
- [x] My commit headlines contain a valid Task id
- [x] My change requires a change to the documentation
- [ ] I have updated the documentation accordingly
1 Like
system
September 23, 2022, 1:28pm
6
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.
