Page MenuHomeVyOS Platform
Create Task
Maniphest T5416

Ignoring "ipsec match-none" for firewall
Closed, ResolvedPublicBUG
Actions

Description

Config:

firewall {
    interface eth0{
        local {
            ipv6-name DROP-GRE-NOIPSEC
        }
    }
    ipv6-name DROP-GRE-NOIPSEC {
        default-action accept
        rule 100 {
            action drop
            ipsec {
                match-none
            }
            protocol gre
        }
    }
}

Check:

# nft list chain ip6 vyos_filter NAME6_DROP-GRE-NOIPSEC
table ip6 vyos_filter {
	chain NAME6_DROP-GRE-NOIPSEC {
		meta l4proto gre counter packets 340 bytes 46240 drop comment "DROP-GRE-NOIPSEC-100"
		counter packets 434 bytes 65608 return comment "DROP-GRE-NOIPSEC default-action accept"
	}
}

The expression "meta secpath missing" is missing.

Details

Difficulty level
Unknown (require assessment)
Version
1.4-rolling-202307280757
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change
Issue type
Bug (incorrect behavior)