Page MenuHomeVyOS Platform
Create Task
Maniphest T1417

IPv6 zone based firewall rules can't be modified
Resolved (N/A)PublicBUG
Actions

Description

When using IPv6 zone base firewalling it is not possible to alter a firewall rule, still in use error is reported:

Reproduce:

vyos@vyos# show firewall ipv6-name
 ipv6-name WAN-LOCAL-v6 {
     default-action accept
+    enable-default-log
 }

vyos@vyos# show zone-policy zone LOCAL from WAN
 firewall {
     ipv6-name WAN-LOCAL-v6
     name WAN-LOCAL
 }
vyos@vyos# commit
[ firewall ipv6-name WAN-LOCAL-v6 ]
Firewall configuration error: Cannot delete rule set "WAN-LOCAL-v6" (still in use)
[[firewall ipv6-name WAN-LOCAL-v6]] failed
Commit failed

Details

Difficulty level
Normal (likely a few hours)
Version
1.2.1
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Related Objects

Event Timeline

c-po created this task.May 29 2019, 3:14 PM
pasik added a subscriber: pasik.May 31 2019, 3:43 PM
syncer changed the task status from Open to Needs testing.Aug 31 2019, 12:18 AM
syncer assigned this task to Unknown Object (User).
syncer triaged this task as Normal priority.
syncer edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.
Unknown Object (User) added a comment.Sep 10 2019, 9:05 AM

This behavior not only for ipv6 and appears after task T484

dmbaturin added a project: test.Jul 29 2021, 12:29 PM
dmbaturin set Is it a breaking change? to Unspecified (possibly destroys the router).
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Nov 6 2021, 11:25 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.0).Aug 29 2022, 7:05 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).Jul 12 2023, 9:44 PM
syncer reassigned this task from Unknown Object (User) to Viacheslav.Jul 16 2023, 9:29 PM
syncer added a subscriber: Unknown Object (User).
syncer edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).Aug 25 2023, 9:31 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.6); removed VyOS 1.3 Equuleus (1.3.5).Dec 17 2023, 11:38 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.7); removed VyOS 1.3 Equuleus (1.3.6).Feb 10 2024, 9:18 AM
dmbaturin closed this task as Resolved N/A.Feb 10 2024, 8:46 PM
dmbaturin removed projects: VyOS 1.3 Equuleus (1.3.7), test.
dmbaturin added a subscriber: dmbaturin.

The code in question was rewritten, but if any new bugs show up, feel free to report.