5 files changed, 31 insertions, 6 deletions

diff --git a/data/templates/firewall/nftables-policy.j2 b/data/templates/firewall/nftables-policy.j2
index 6cb3b2f95..7a89d29e4 100644
--- a/data/templates/firewall/nftables-policy.j2
+++ b/data/templates/firewall/nftables-policy.j2
@@ -11,7 +11,7 @@ table ip vyos_mangle {
         type filter hook prerouting priority -150; policy accept;
 {% if route is vyos_defined %}
 {%     for route_text, conf in route.items() if conf.interface is vyos_defined %}
-        iifname { {{ ",".join(conf.interface) }} } counter jump VYOS_PBR_{{ route_text }}
+        iifname { {{ conf.interface | join(",") }} } counter jump VYOS_PBR_{{ route_text }}
 {%     endfor %}
 {% endif %}
     }
diff --git a/interface-definitions/include/constraint/interface-name-with-wildcard.xml.in b/interface-definitions/include/constraint/interface-name-with-wildcard.xml.in
new file mode 100644
index 000000000..09867b380
--- /dev/null
+++ b/interface-definitions/include/constraint/interface-name-with-wildcard.xml.in
@@ -0,0 +1,4 @@
+<!-- include start from constraint/interface-name-with-wildcard.xml.in -->
+<regex>(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|lo</regex>
+<validator name="file-path --lookup-path /sys/class/net --directory"/>
+<!-- include end -->
diff --git a/interface-definitions/include/generic-interface-multi-wildcard.xml.i b/interface-definitions/include/generic-interface-multi-wildcard.xml.i
new file mode 100644
index 000000000..354841a85
--- /dev/null
+++ b/interface-definitions/include/generic-interface-multi-wildcard.xml.i
@@ -0,0 +1,19 @@
+
+<!-- include start from generic-interface-multi-wildcard.xml.i -->
+<leafNode name="interface">
+  <properties>
+    <help>Interface name to apply policy route configuration</help>
+    <completionHelp>
+      <script>${vyos_completion_dir}/list_interfaces</script>
+    </completionHelp>
+    <valueHelp>
+      <format>txt</format>
+      <description>Interface name</description>
+    </valueHelp>
+    <constraint>
+      #include <include/constraint/interface-name-with-wildcard.xml.in>
+    </constraint>
+    <multi/>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/policy-route.xml.in b/interface-definitions/policy-route.xml.in
index bbd6dbf56..d4ec75786 100644
--- a/interface-definitions/policy-route.xml.in
+++ b/interface-definitions/policy-route.xml.in
@@ -12,8 +12,8 @@
         </properties>
         <children>
           #include <include/generic-description.xml.i>
-          #include <include/generic-interface-multi.xml.i>
           #include <include/firewall/enable-default-log.xml.i>
+          #include <include/generic-interface-multi-wildcard.xml.i>
           <tagNode name="rule">
             <properties>
               <help>Policy rule number</help>
@@ -67,8 +67,8 @@
         </properties>
         <children>
           #include <include/generic-description.xml.i>
-          #include <include/generic-interface-multi.xml.i>
           #include <include/firewall/enable-default-log.xml.i>
+          #include <include/generic-interface-multi-wildcard.xml.i>
           <tagNode name="rule">
             <properties>
               <help>Policy rule number</help>
diff --git a/smoketest/scripts/cli/test_policy_route.py b/smoketest/scripts/cli/test_policy_route.py
index 4be36b134..a3df6bf4d 100755
--- a/smoketest/scripts/cli/test_policy_route.py
+++ b/smoketest/scripts/cli/test_policy_route.py
@@ -26,6 +26,7 @@ conn_mark_set = '111'
 table_mark_offset = 0x7fffffff
 table_id = '101'
 interface = 'eth0'
+interface_wc = 'ppp*'
 interface_ip = '172.16.10.1/24'
 
 class TestPolicyRoute(VyOSUnitTestSHIM.TestCase):
@@ -236,7 +237,8 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase):
         self.cli_set(['policy', 'route6', 'smoketest6', 'rule', '5', 'set', 'table', table_id])
 
         self.cli_set(['policy', 'route', 'smoketest', 'interface', interface])
-        self.cli_set(['policy', 'route6', 'smoketest6', 'interface', interface])
+        self.cli_set(['policy', 'route', 'smoketest', 'interface', interface_wc])
+        self.cli_set(['policy', 'route6', 'smoketest6', 'interface', interface_wc])
 
         self.cli_commit()
 
@@ -244,7 +246,7 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase):
 
         # IPv4
         nftables_search = [
-            [f'iifname "{interface}"', 'jump VYOS_PBR_smoketest'],
+            ['iifname { "' + interface + '", "' + interface_wc + '" }', 'jump VYOS_PBR_smoketest'],
             ['meta l4proto udp', 'drop'],
             ['tcp flags syn / syn,ack', 'meta mark set ' + mark_hex],
             ['ct state new', 'tcp dport 22', 'ip saddr 198.51.100.0/24', 'ip ttl > 2', 'meta mark set ' + mark_hex],
@@ -256,7 +258,7 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase):
 
         # IPv6
         nftables6_search = [
-            [f'iifname "{interface}"', 'jump VYOS_PBR6_smoketest'],
+            [f'iifname "{interface_wc}"', 'jump VYOS_PBR6_smoketest'],
             ['meta l4proto udp', 'drop'],
             ['tcp flags syn / syn,ack', 'meta mark set ' + mark_hex],
             ['ct state new', 'tcp dport 22', 'ip6 saddr 2001:db8::/64', 'ip6 hoplimit > 2', 'meta mark set ' + mark_hex],