This is not a real bug as it can be "workarounded" by using different names for IPv4 and IPv6 network groups, e.g. by appending -4 and -6 to the rule name, this should be updated in the docs!
Adding rules
Set commands
set firewall group network-group NET-FOO network 192.168.1.0/24 set firewall group ipv6-network-group NET-FOO network 2001:db8::/64 commit set firewall name VLAN15-IN rule 1000 action accept set firewall name VLAN15-IN rule 1000 source group network-group NET-FOO commit
Show
vyos@vyos# show firewall
group {
ipv6-network-group NET-FOO {
network 2001:db8::/64
}
network-group NET-FOO {
network 192.168.1.0/24
}
}
+name VLAN15-IN {
+ rule 1000 {
+ action accept
+ source {
+ group {
+ network-group NET-FOO
+ }
+ }
+ }
+}vyos@vyos# commit [ firewall group network-group NET-FOO ] ipset v6.23: Syntax error: cannot parse 192.168.1.0: resolving to IPv6 address failed Error: call to ipset failed [256] [ firewall name VLAN15-IN rule 1000 source group network-group NET-FOO ] Group [NET-FOO] has not been defined [[firewall name VLAN15-IN]] failed Commit failed
Discarding changes
vyos@vyos# discard
Changes have been discarded
vyos@vyos# show firewall
group {
ipv6-network-group NET-FOO {
network 2001:db8::/64
}
network-group NET-FOO {
network 192.168.1.0/24
}
}Deleting group
vyos@vyos# delete firewall group [edit] vyos@vyos# commit [ firewall group ipv6-network-group NET-FOO ] Error: group [NET-FOO] doesn't exists [ firewall group network-group NET-FOO ] Error: group [NET-FOO] doesn't exists vyos@vyos# show firewall [edit]