Config:
firewall { interface eth0{ local { ipv6-name DROP-GRE-NOIPSEC } } ipv6-name DROP-GRE-NOIPSEC { default-action accept rule 100 { action drop ipsec { match-none } protocol gre } } }
Check:
# nft list chain ip6 vyos_filter NAME6_DROP-GRE-NOIPSEC table ip6 vyos_filter { chain NAME6_DROP-GRE-NOIPSEC { meta l4proto gre counter packets 340 bytes 46240 drop comment "DROP-GRE-NOIPSEC-100" counter packets 434 bytes 65608 return comment "DROP-GRE-NOIPSEC default-action accept" } }
The expression "meta secpath missing" is missing.