Page MenuHomeVyOS Platform
Create Task
Maniphest T4144

Firewall address-group - Improve error messages
Closed, ResolvedPublicBUG
Actions

Description

When setting wrong address group, message is not clear is it was in 1.3 version.

Unclear messages on VyOS 1.4-rolling-202201060842

vyos@vyos# set firewall group address-group FOO address 203.0.113.10-203.0.113.5 
  
  
  
  
  Invalid value
  Value validation failed
  Set failed

Clear messages on 1.3.0

vyos@vyos# set firewall group address-group FOO address 203.0.113.10-203.0.113.5 
  Error: [203.0.113.10-203.0.113.5] is not a valid IPv4 address range
  
  Value validation failed
  Set failed

Same things when seting invalid netmaks on network groups, and invalid addreses, for example with these commands:

set firewall group network-group FOO network 203.0.113.128/35
set firewall group address-group FOO address 203.0.113.288

Details

Difficulty level
Unknown (require assessment)
Version
vyos-1.4-rolling-202201060842
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Improvement (missing useful functionality)

Event Timeline

n.fort created this task.Jan 6 2022, 11:49 AM
n.fort updated the task description. (Show Details)
pasik added a subscriber: pasik.Jan 6 2022, 1:10 PM
sarthurdev added a subscriber: sarthurdev.Jan 10 2022, 12:00 AM
sarthurdev changed the task status from Open to In progress.Jan 10 2022, 9:09 PM
sarthurdev claimed this task.

IPv4 address range error messages are included in PR: https://github.com/vyos/vyos-1x/pull/1152

sarthurdev changed the task status from In progress to Needs testing.Jan 11 2022, 2:45 PM

PR: https://github.com/vyos/vyos-1x/pull/1158

Should resolve the rest of the error messages.

fernando added a subscriber: fernando.Jan 11 2022, 8:06 PM

hi

I've checked with this new build , it works with validator ranges/port :

firewall# set firewall group address-group FOO address 203.0.113.10-20

  Error: 203.0.113.10-203.0.113.5 is not a valid IPv4 address range




  Invalid value
  Value validation failed
  Set failed

`

but it doesn't show the error correctly :

@test-firewall# set firewall group network-group FOO network 203.0.113.128/38




  Invalid value
  Value validation failed
  Set failed

I don't think it's a problem with prefix-validator because it works properly

vyos@test-firewall:~$ sudo sh checknet.sh 203.0.113.128/38
Error: 203.0.113.128/38 is not a valid IP prefix
vyos@test-firewall:~$

it may a issues with python variable.

sarthurdev added a comment.Jan 11 2022, 8:21 PM

Seems to be working on my latest build?

vyos@vyos# set firewall group network-group FOO network 203.0.113.128/38

  Error: 203.0.113.128/38 is not a valid IPv4 prefix



  Invalid value
  Value validation failed
  Set failed

[edit]
vyos@vyos# run show ver

Version:          VyOS 1.4-rolling-202201112007
Release train:    sagitta

Built by:         root@6e5907a9b43c
Built on:         Tue 11 Jan 2022 20:07 UTC
Build UUID:       6ea62c50-17b2-4993-80de-ef19828efe5b
Build commit ID:  f0cdd802c2a6a9-dirty

Architecture:     x86_64
Boot via:         livecd
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID:    1592336b-70a5-46d5-b78d-50fcda467720

Copyright:        VyOS maintainers and contributors
fernando added a comment.Jan 11 2022, 8:38 PM

yes , i'm using this version :

vyos@test-firewall:~$ show version

Version:          VyOS 1.4-rolling-202201110811
Release train:    sagitta

Built by:         [email protected]
Built on:         Tue 11 Jan 2022 08:11 UTC
Build UUID:       2e678787-bf60-4ed5-b53b-300252863cc4
Build commit ID:  f0cdd802c2a6a9

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID:    0ed1854a-565e-4368-8c9e-843e33c8c181

Copyright:        VyOS maintainers and contributors

it should be for that .

sarthurdev added a comment.Jan 11 2022, 10:02 PM

That build at 08:11 UTC was a couple of hours before the commit was merged: https://github.com/vyos/vyos-1x/commit/f97144259335102c3d96b232cbb0af4970120d62

sarthurdev moved this task from Need Triage to In Progress on the VyOS 1.4 Sagitta board.Jan 12 2022, 10:13 AM
fernando added a comment.Jan 12 2022, 1:38 PM

yes, you are right:

vyos@test-firewall:~$ show version

Version:          VyOS 1.4-rolling-202201120317
Release train:    sagitta

Built by:         [email protected]
Built on:         Wed 12 Jan 2022 03:17 UTC
Build UUID:       193a2653-68b2-46f5-9348-e26260e73ad9
Build commit ID:  f0cdd802c2a6a9

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID:    0ed1854a-565e-4368-8c9e-843e33c8c181

Copyright:        VyOS maintainers and contributors

vyos@test-firewall# set firewall group network-group FOO network 203.0.113.128/3

  Error: 203.0.113.128/35 is not a valid IPv4 prefix

thanks

n.fort added a comment.Jan 21 2022, 6:44 PM

Tested on VyOS 1.4-rolling-202201180317 and working as expected.

n.fort closed this task as Resolved.Jan 21 2022, 6:44 PM
c-po moved this task from In Progress to Finished on the VyOS 1.4 Sagitta board.Jun 10 2022, 6:31 PM