On VyOS 1.3.0, this rules doesn't generate correct firewall rules:
# Firewall rules [email protected]# run show config comm | grep fire set firewall ipv6-name FOO-v6 rule 10 action 'drop' set firewall ipv6-name FOO-v6 rule 10 icmpv6 type 'echo-request' set firewall ipv6-name FOO-v6 rule 10 protocol 'icmp' set firewall ipv6-name FOO-v6 rule 20 action 'accept' set firewall ipv6-name FOO-v6 rule 20 icmpv6 type 'parameter-problem' set firewall ipv6-name FOO-v6 rule 20 protocol 'icmp' [edit] # nft tables [email protected]# sudo nft list chain ip6 filter FOO-v6 table ip6 filter { chain FOO-v6 { meta l4proto icmp counter packets 0 bytes 0 drop comment "FOO-v6-10" meta l4proto icmp counter packets 0 bytes 0 return comment "FOO-v6-20" counter packets 0 bytes 0 drop comment "FOO-v6-10000 default-action drop" } } [edit]
As you can see, both rules are equals (except action that is different), and no "type" are inserted in rules.