Page MenuHomeVyOS Platform
Create Task
Maniphest T1406

MAC addresses cause invalid arguments in firewall
Closed, InvalidPublicBUG
Actions

Description

+rule 3 {
+    action drop
+    source {
+        mac-address !XX:XX:XX:XX:XX:c4
+    }
+}
[edit firewall name local-outside-v4]
gunnar@r# commit
[ firewall name local-outside-v4 ]
iptables: Invalid argument. Run `dmesg' for more information.
iptables error: No such file or directory - -m comment --comment "local-outside-v4-3"  -m mac !  --mac-source XX:XX:XX:XX:XX:c4   -j DROP  at /opt/vyatta/sbin/vyatta-firewall.pl line 708.

[[firewall name local-outside-v4]] failed

Details

Version
1.2.0-rolling+201905031607

Event Timeline

Gunni created this task.May 24 2019, 4:17 AM
Gunni updated the task description. (Show Details)
pasik subscribed.May 24 2019, 6:19 AM
hard subscribed.Sep 21 2019, 8:49 PM
[edit firewall name local-outside-v4]                                                                                
hard@vyos# show                                                                                                      
+rule 3 {                                                                                                            
+    action drop                                                                                                     
+    source {                                                                                                        
+        mac-address !11:22:33:44:55:66                                                                              
+    }                                                                                                               
+}                                                                                                                                                                                                 
[edit firewall name local-outside-v4]                                                                                
hard@vyos# commit
hard@vyos# sudo iptables-save | grep local-outside
-A local-outside-v4 -m comment --comment local-outside-v4-3 -m mac ! --mac-source 11:22:33:44:55:66 -j DROP
-A local-outside-v4 -m comment --comment "local-outside-v4-10000 default-action drop" -j DROP

VyOS 1.2-rolling-201909210810

can't reproduce problem.

Viacheslav subscribed.Apr 6 2020, 11:46 AM

I think we can close this task

sever@vyos-1.3# set firewall name MAC rule 3 source mac-address !aa:aa:aa:aa:aa:aa
[edit]
sever@vyos-1.3# commit
[edit]
sever@vyos-1.3#

Iptables

-A MAC -m mac ! --mac-source AA:AA:AA:AA:AA:AA -m comment --comment MAC-3 -j DROP
-A MAC -m comment --comment "MAC-10000 default-action drop" -j DROP
dmbaturin closed this task as Invalid.Jun 18 2020, 10:41 PM
dmbaturin subscribed.

If more evidence that is valid appears, please reopen.