Page MenuHomeVyOS Platform
Create Task
Maniphest T4135

Declare zone policy firewall without local zone errors
Closed, ResolvedPublicBUG
Actions

Description

Add zone policy firewall without local zone
1.3 correct check:

set zone-policy zone WAN interface eth0
set zone-policy zone WAN default-action reject
set zone-policy zone WAN from LOCAL firewall name LOCAL-to-WAN
set firewall name LOCAL-to-WAN default-action 'accept'

vyos@r4# commit
[ zone-policy ]
LOCAL is a from zone under zone WAN
It is either not defined or deleted from config

[[zone-policy]] failed
[[zone-policy zone WAN from LOCAL]] failed
Commit failed
[edit]
vyos@r4#

1.4:

set zone-policy zone WAN interface eth0

set zone-policy zone WAN default-action reject
set zone-policy zone WAN from LOCAL firewall name LOCAL-to-WAN
set firewall name LOCAL-to-WAN default-action 'accept'

vyos@r11-roll# commit
[ zone-policy ]
VyOS had an issue completing a command.


Report time:      2022-01-03 21:58:38
Image version:    VyOS 1.4-rolling-202201020317
Release train:    sagitta

Built by:         autobuild@vyos.net
Built on:         Sun 02 Jan 2022 03:17 UTC
Build UUID:       4ede964a-6099-4799-b36e-a22a6b9a1914
Build commit ID:  e933c7e50fd4f0

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (Q35 + ICH9, 2009)
Hardware S/N:     
Hardware UUID:    8e21d64e-e498-475c-9866-290cd53a3b86

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/zone_policy.py", line 192, in <module>
    generate(c)
  File "/usr/libexec/vyos/conf_mode/zone_policy.py", line 178, in generate
    render(nftables_conf, 'zone_policy/nftables.tmpl', data)
  File "/usr/lib/python3/dist-packages/vyos/template.py", line 118, in render
    rendered = render_to_string(template, content, formater, location)
  File "/usr/lib/python3/dist-packages/vyos/template.py", line 87, in render_to_string
    rendered = template.render(content)
  File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 1090, in render
    self.environment.handle_exception()
  File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 832, in handle_exception
    reraise(*rewrite_traceback_stack(source=source))
  File "/usr/lib/python3/dist-packages/jinja2/_compat.py", line 28, in reraise
    raise value.with_traceback(tb)
  File "/usr/share/vyos/templates/zone_policy/nftables.tmpl", line 33, in top-level template code
    {%         if zone[from_zone].local_zone is not defined %}
  File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 471, in getattr
    return getattr(obj, attribute)
jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'LOCAL'



[[zone-policy]] failed
Commit failed
[edit]
vyos@r11-roll#

Details

Version
VyOS 1.4-rolling-202201020317
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects