Put dynamically created interfaces in a zone/assign ruleset to them

I’m on 1.3.0-rc5.

I want to create a PPPoE BRAS. I’m using a zone-based firewall and dynamically created vlans (via the vlan-range option).

I can’t find any way to assign dynamically created vlans and ppp interfaces to a zone (to allow them communication with the “wan” zone).

Even if I consider interface-based firewall, I still need a way to assign rulesets to newly created dynamic vlan/ppp interfaces.

Is there a way using the CLI (not resorting to dirty hacks with custom iptables rules)? Thanks.

Try “interface ppp+“

No success:

vlan@str-bras3# set zone-policy zone test interface ppp+
vlan@str-bras3# commit
[ zone-policy zone test interface ppp+ ]
interface ppp+ does not exist on system


It commits anyway, even if ppp is not present in the system yet.
Don’t think that it is an issue. Check please work on the firewall in the your scheme/configuration.

Whilst slightly deviating from your zone based firewalling request… You can potentially use radius and use per interface acl’s…I’d like to know how to do this too!

Traditionally acl’s are assigned with radius attribute Filter-Id or similar. This isnt the case in vyos as for some reason accel-ppp has decided Filter-Id attribute is a speed shaping attribute rather than an acl application.

Anyone point us in the right direction?