Page MenuHomeVyOS Platform
Create Task
Maniphest T5478

Cannot configure resolver-cache options for firewall
Closed, ResolvedPublicBUG
Actions

Description

Added the new resolve-cache options to my config after upgrading to VyOS 1.4-rolling-202308140557:

 firewall {
     global-options {
         all-ping enable
         broadcast-ping disable
         ipv6-receive-redirects disable
         ipv6-src-route disable
         ip-src-route disable
         log-martians enable
         receive-redirects disable
+        resolver-cache
+        resolver-interval 60
         send-redirects enable
         source-validation strict
         syn-cookies enable
         twa-hazards-protection disable
     }

However attempting a "commit" ends up with an error:

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/firewall.py", line 420, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/firewall.py", line 411, in apply
    post_apply_trap(firewall)
  File "/usr/libexec/vyos/conf_mode/firewall.py", line 363, in post_apply_trap
    for host, target_conf in firewall['trap_targets'].items():
                             ~~~~~~~~^^^^^^^^^^^^^^^^
KeyError: 'trap_targets'



[[firewall]] failed
Commit failed
[edit]
vyos@vyos#

Details

Version
VyOS 1.4-rolling-202308140557
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

Apachez created this task.Aug 14 2023, 9:16 PM
pasik subscribed.Aug 15 2023, 5:41 AM
n.fort changed the task status from Open to Confirmed.Aug 15 2023, 10:18 AM
n.fort claimed this task.
n.fort changed the task status from Confirmed to In progress.Aug 15 2023, 12:01 PM

PR: https://github.com/vyos/vyos-1x/pull/2149

Apachez added a comment.Aug 17 2023, 7:08 PM

This error not only occurs for new settings in global-options but also for older:

vyos@vyos# set firewall global-options send-redirects disable
[edit]
vyos@vyos# commit
[ firewall ]
VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
...
Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/firewall.py", line 420, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/firewall.py", line 411, in apply
    post_apply_trap(firewall)
  File "/usr/libexec/vyos/conf_mode/firewall.py", line 363, in post_apply_trap
    for host, target_conf in firewall['trap_targets'].items():
                             ~~~~~~~~^^^^^^^^^^^^^^^^
KeyError: 'trap_targets'

[[firewall]] failed
Commit failed
[edit]
vyos@vyos#

Above using VyOS 1.4-rolling-202308170317.

Workaround (well sort of) is to do an "exit discard" and if that fails do a "reboot" and ignore that the config havent been saved.

Restricted Repository Identity mentioned this in rVYOSONEXa090dd712311: Merge pull request #2149 from nicolas-fort/T5478.Aug 22 2023, 2:19 PM
n.fort mentioned this in rVYOSONEX961d6b43d30f: T5478: remove config-trap configuration parser in firewall.Aug 22 2023, 2:19 PM
n.fort changed the task status from In progress to Needs testing.Aug 23 2023, 11:12 AM
Apachez added a comment.Aug 23 2023, 8:27 PM

Verified being fixed in VyOS 1.4-rolling-202308230020.

Verified by adding:

set firewall global-options resolver-cache
set firewall global-options resolver-interval '60'

and could commit and save without errors.

Also altering other variables in global-option like so (that is changing and then reverting the change):

set firewall global-options send-redirects enable
set firewall global-options send-redirects disable

worked without issues to commit afterwards and save the config.

Apachez closed this task as Resolved.Aug 23 2023, 8:27 PM