Dedicated MGMT VRF/RoutingInstance/Fib

[hackerix]

Hi everyone,
i'm trying to implement a dedicated MGMT instance for my OPNsense instances.

From what i've understood, a dedicated fib for TRAFFIC or MGMT could be the correct path to follow in order to segregate MGMT traffic (in particular MGMT routing table) from PROD traffic.

My first attempts are focusing on changing a little bit the configuration libraries (in particular interfaraces.inc) in order to add "fib xx" to some of the ifconfig interface startup commands.

I tried to use a specific fib for MGMT traffic and then put everything else on the main one, but it seems a bit triky because all startup scripts needs to be patched with the setfib or fib command.

So i revesed my setup to use fib 1 for all interfaces exept MGMT one.
I also patched FRR startup script in order to use the correct FIB in order to have some dynamic routing on the traffic FIB. it seems working but FW/NAT rules neeeds some improvements too. NAT doesn't work at the moment and i'm still investigating on it.

So, the aim of this thread is to have some feedbacks on how i approached the problem (they are really appreciated). I looked around, but i wasn't able to found if someone has already worked on this scenario (or i probably missed it).

Thank you