Page MenuHomeVyOS Platform
Create Task
Maniphest T1417

IPv6 zone based firewall rules can't be modified
Not ApplicablePublicBUG
Actions

Description

When using IPv6 zone base firewalling it is not possible to alter a firewall rule, still in use error is reported:

Reproduce:

vyos@vyos# show firewall ipv6-name
 ipv6-name WAN-LOCAL-v6 {
     default-action accept
+    enable-default-log
 }

vyos@vyos# show zone-policy zone LOCAL from WAN
 firewall {
     ipv6-name WAN-LOCAL-v6
     name WAN-LOCAL
 }
vyos@vyos# commit
[ firewall ipv6-name WAN-LOCAL-v6 ]
Firewall configuration error: Cannot delete rule set "WAN-LOCAL-v6" (still in use)
[[firewall ipv6-name WAN-LOCAL-v6]] failed
Commit failed

Details

Version
1.2.1
Is it a breaking change?
Unspecified (possibly destroys the router)

Related Objects

Event Timeline

c-po created this task.May 29 2019, 3:14 PM
pasik subscribed.May 31 2019, 3:43 PM
syncer changed the task status from Open to Needs testing.Aug 31 2019, 12:18 AM
syncer assigned this task to Unknown Object (User).
syncer triaged this task as Normal priority.
syncer edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.
Unknown Object (User) added a comment.Sep 10 2019, 9:05 AM

This behavior not only for ipv6 and appears after task T484

dmbaturin added a project: test.Jul 29 2021, 12:29 PM
dmbaturin set Is it a breaking change? to Unspecified (possibly destroys the router).
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Nov 6 2021, 11:25 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.0).Aug 29 2022, 7:05 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).Jul 12 2023, 9:44 PM
syncer reassigned this task from Unknown Object (User) to Viacheslav.Jul 16 2023, 9:29 PM
syncer added a subscriber: Unknown Object (User).
syncer edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).Aug 25 2023, 9:31 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.6); removed VyOS 1.3 Equuleus (1.3.5).Dec 17 2023, 11:38 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.7); removed VyOS 1.3 Equuleus (1.3.6).Feb 10 2024, 9:18 AM
dmbaturin closed this task as Not Applicable.Feb 10 2024, 8:46 PM
dmbaturin removed projects: VyOS 1.3 Equuleus (1.3.7), test.
dmbaturin subscribed.

The code in question was rewritten, but if any new bugs show up, feel free to report.