Page MenuHomeVyOS Platform

firewall group network-group long names restriction incorrect behavior
Closed, ResolvedPublic

Description

Tested in VyOS 1.3.0-epa3

There is a limit of 31 characters for the group name.
There is an error when trying to create a long group name (this is good)
When trying to create a group of 32 characters, there is no errors:

vyos@vyos# set firewall group network-group MySecret-Inside-Private-Network
[edit]

But if you try a commit after that, you get this:

vyos@vyos# set firewall group network-group MySecret-Inside-Private-Network
[edit]
vyos@vyos# commit
[ firewall group network-group MySecret-Inside-Private-Network ]
ipset v6.38: Error in line 1: Syntax error: setname 'MySecret-Inside-Private-Network-2106' is longer than 31 characters
Error: problem copying group

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.3.0-epa3
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects

Mentioned In
1.3.3
1.3.1

Event Timeline

Unknown Object (User) created this task.Nov 17 2021, 12:45 PM
Unknown Object (User) created this object in space S1 VyOS Public.
Unknown Object (User) changed the task status from Open to Confirmed.Dec 9 2021, 2:17 PM

This situation is worst, since ipset exposed the error, but vyos cli accepts it, and remains in the running configuration:

vyos@vyos# set firewall group ipv6-network-group ms_kv8_dns06_externaldmz_v6 description 'Ansible Managed: nms_kv8_dns06_externaldmz_v6'
[edit]
vyos@vyos# set firewall group ipv6-network-group ms_kv8_dns06_externaldmz_v6 network 'XXX....::/64'
[edit]
vyos@vyos# commit
[ firewall group ipv6-network-group ms_kv8_dns06_externaldmz_v6 ]
ipset v6.38: Error in line 1: Syntax error: setname 'ms_kv8_dns06_externaldmz_v6-4417' is longer than 31 characters
Error: problem copying group

[edit]
vyos@vyos# compare
No changes between working and active configurations
[edit]
vyos@vyos# run show config comm | grep ipv6
set firewall group ipv6-network-group ms_kv8_dns06_externaldmz_v6 description 'Ansible Managed: nms_kv8_dns06_externaldmz_v6'
set firewall group ipv6-network-group ms_kv8_dns06_externaldmz_v6 network 'XXX....::/64'

vyos@vyos# sudo ipset -L
[edit]
vyos@vyos#
zsdc changed the task status from Confirmed to In progress.Mar 6 2022, 1:22 PM
zsdc claimed this task.
zsdc added a subscriber: zsdc.
zsdc triaged this task as Normal priority.Mar 7 2022, 9:43 AM
zsdc edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.3 Equuleus (1.3.0-epa3).
zsdc changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
zsdc edited projects, added VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus.
zsdc moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.