Is it possible to lift the 17-chars policy name restriction?

[cyqsimon]

What would you like to be added

Please consider increasing the 17 characters max name length restriction on policy names.

If there is a technical reason this is not trivial, I'd like to hear about it too.

Why is this needed

In any non-trivial setup, often I find 17 characters woefully insufficient to accurately name a policy.

For example, I've got multiple OpenVPN server instances running on a machine, each one controlling a different subnet that serves a group of clients with similar connectivity requirements. So I may want a rule like this: internal-ovpn-to-vms, which is 20 characters long, and ovpn is already the shortened form of openvpn.

I can only imagine what it's like for someone with a few dozen or a few hundred custom policies.

[erig0]

The iptables backend has a limitation on chain length name. The limit in nftables is much higher, e.g. 255.

This is fixable on the firewalld side. We could generate unique chain names for iptables that don't necessarily include the policy name. This will obfuscate the ruleset a bit. It's worth it IMO. I had code for this awhile back, but never merged it.