This is not a real bug as it can be "workarounded" by using different names for IPv4 and IPv6 network groups, e.g. by appending -4 and -6 to the rule name, this should be updated in the docs!
Adding rules
Set commands
set firewall group network-group NET-FOO network 192.168.1.0/24 set firewall group ipv6-network-group NET-FOO network 2001:db8::/64 commit set firewall name VLAN15-IN rule 1000 action accept set firewall name VLAN15-IN rule 1000 source group network-group NET-FOO commit
Show
vyos@vyos# show firewall group { ipv6-network-group NET-FOO { network 2001:db8::/64 } network-group NET-FOO { network 192.168.1.0/24 } } +name VLAN15-IN { + rule 1000 { + action accept + source { + group { + network-group NET-FOO + } + } + } +}
vyos@vyos# commit [ firewall group network-group NET-FOO ] ipset v6.23: Syntax error: cannot parse 192.168.1.0: resolving to IPv6 address failed Error: call to ipset failed [256] [ firewall name VLAN15-IN rule 1000 source group network-group NET-FOO ] Group [NET-FOO] has not been defined [[firewall name VLAN15-IN]] failed Commit failed
Discarding changes
vyos@vyos# discard Changes have been discarded vyos@vyos# show firewall group { ipv6-network-group NET-FOO { network 2001:db8::/64 } network-group NET-FOO { network 192.168.1.0/24 } }
Deleting group
vyos@vyos# delete firewall group [edit] vyos@vyos# commit [ firewall group ipv6-network-group NET-FOO ] Error: group [NET-FOO] doesn't exists [ firewall group network-group NET-FOO ] Error: group [NET-FOO] doesn't exists vyos@vyos# show firewall [edit]