Age | Commit message (Collapse) | Author |
|
appropiate commands to populate such groups using source and destination address of the packet.
(cherry picked from commit 6ce5fedb602c5ea0df52049a5e9c4fb4f5a86122)
|
|
|
|
T4780: Firewall: add firewall groups in firewall. Extend matching cri…
|
|
so this new group can be used in inbound and outbound matcher
|
|
`fqdn` node
|
|
vyos@vyos# show firewall
+name foo {
+ rule 1 {
+ action accept
+ packet-length 100
+ packet-length 105
+ packet-length 200-300
+ packet-length 220-250
+ }
+}
will report a nftables error upon load: Error: conflicting intervals specified
With nftables 1.0.3 there is an "auto-merge" option which corrects this:
https://lwn.net/Articles/896732/
|
|
* Refactor nftables clean-up code
* Adds policy route test for using firewall groups
|
|
|
|
|