To reproduce use:
set firewall group address-group nameservers address '10.20.0.15' set firewall name 37-out default-action 'accept' set firewall name 37-out rule 10 action 'accept' set firewall name 37-out rule 10 destination group address-group 'nameservers' set firewall name 37-out rule 10 destination port '53' set firewall name 37-out rule 10 protocol 'udp' set firewall name 37-out rule 10 state new 'enable' set firewall name 37-out rule 100 action 'drop' set firewall name 37-out rule 100 destination address '10.20.0.0/16' set firewall name 37-out rule 100 state new 'enable'
[email protected]# commit [ firewall ] Failed to apply firewall [[firewall]] failed Commit failed
[email protected]# sudo nft -f /run/nftables.conf /run/nftables.conf:7:11-12: Error: syntax error, unexpected number, expecting string chain 37-out { ^^ /run/nftables.conf:8:12-16: Error: syntax error, unexpected state, expecting timeout or expectation or helper ct state {new} meta l4proto udp udp dport {53} ip daddr $A_nameservers counter return comment "37-out-10" ^^^^^ /run/nftables.conf:9:12-16: Error: syntax error, unexpected state, expecting timeout or expectation or helper ct state {new} ip daddr 10.20.0.0/16 counter drop comment "37-out-100" ^^^^^ /run/nftables.conf:10:17-22: Error: syntax error, unexpected return, expecting string counter return comment "37-out default-action accept" ^^^^^^ /run/nftables.conf:12:1-1: Error: syntax error, unexpected '}' } ^ [edit]
Maybe simply prefix the NFS tables with VyOS_ ??