I was building some traffic-policy shaper rules and realized that I can’t match based on multiple destination ports using the comma separated syntax. It doesn’t seem like I’m able to use a port-group to match off either.
For example trying to commit the following obviously gives me an error, since it’s obviously expecting a single number
set traffic-policy shaper OUTBOUND class 114 match default ip destination port ‘27000-28000,2600’
Argument “27000-28000,2600” isn’t numeric in numeric le (<=) at /opt/vyatta/share/perl5/Vyatta/Qos/Match.pm line 28.
You can’t use the group port-group syntax you can normally use with a firewall rule.
set traffic-policy shaper OUTBOUND class 114 match default ip destination group port-group name
Configuration path: traffic-policy shaper OUTBOUND class 114 match default ip destination [group] is not valid
It doesn’t seem you are able to put the name directly in either since the name i’m using is supposed to be a group name, not something like “http” which again makes sense.
set traffic-policy shaper OUTBOUND class 114 match default ip destination port ‘name’
name unknown tcp port name
The only thing I can think of from here is to create port groups and mark the traffic using the port groups and a PBR rule, to then match the traffic in the shaper. But I felt that was a bit overkill to do what I wanted to do.
Of course I could create a shaper rule for each port but some groups have up to 15 different ranges and ports in them which I feel would be a bit odd to break out.
Am I missing something?
Thanks for taking the time to read.