Looking at output of "nft -s list ruleset" after the firewall refactoring released in VyOS 1.4-rolling-202308140557 I noticed the following:
table ip raw { ct helper rpc_tcp { type "rpc" protocol tcp l3proto ip } ct helper rpc_udp { type "rpc" protocol udp l3proto ip } ct helper tns_tcp { type "tns" protocol tcp l3proto ip } ...
Since I dont have any helpers enabled I dont expect the above rules to exist.
Following is currently configured in section firewall:
set firewall global-options all-ping 'enable' set firewall global-options broadcast-ping 'disable' set firewall global-options ip-src-route 'disable' set firewall global-options ipv6-receive-redirects 'disable' set firewall global-options ipv6-src-route 'disable' set firewall global-options log-martians 'enable' set firewall global-options receive-redirects 'disable' set firewall global-options send-redirects 'enable' set firewall global-options source-validation 'strict' set firewall global-options syn-cookies 'enable' set firewall global-options twa-hazards-protection 'disable' set firewall ipv4 forward filter default-action 'accept' set firewall ipv4 forward filter rule 1 action 'drop' set firewall ipv4 forward filter rule 1 state invalid 'enable' set firewall ipv4 forward filter rule 2 action 'accept' set firewall ipv4 forward filter rule 2 state established 'enable' set firewall ipv4 forward filter rule 3 action 'accept' set firewall ipv4 forward filter rule 3 state related 'enable' set firewall ipv4 input filter default-action 'accept' set firewall ipv4 input filter rule 1 action 'drop' set firewall ipv4 input filter rule 1 state invalid 'enable' set firewall ipv4 input filter rule 2 action 'accept' set firewall ipv4 input filter rule 2 state established 'enable' set firewall ipv4 input filter rule 3 action 'accept' set firewall ipv4 input filter rule 3 state related 'enable' set firewall ipv4 output filter default-action 'accept' set firewall ipv4 output filter rule 1 action 'drop' set firewall ipv4 output filter rule 1 state invalid 'enable' set firewall ipv4 output filter rule 2 action 'accept' set firewall ipv4 output filter rule 2 state established 'enable' set firewall ipv4 output filter rule 3 action 'accept' set firewall ipv4 output filter rule 3 state related 'enable' set firewall ipv6 forward filter default-action 'accept' set firewall ipv6 forward filter rule 1 action 'drop' set firewall ipv6 forward filter rule 1 state invalid 'enable' set firewall ipv6 forward filter rule 2 action 'accept' set firewall ipv6 forward filter rule 2 state established 'enable' set firewall ipv6 forward filter rule 3 action 'accept' set firewall ipv6 forward filter rule 3 state related 'enable' set firewall ipv6 input filter default-action 'accept' set firewall ipv6 input filter rule 1 action 'drop' set firewall ipv6 input filter rule 1 state invalid 'enable' set firewall ipv6 input filter rule 2 action 'accept' set firewall ipv6 input filter rule 2 state established 'enable' set firewall ipv6 input filter rule 3 action 'accept' set firewall ipv6 input filter rule 3 state related 'enable' set firewall ipv6 output filter default-action 'accept' set firewall ipv6 output filter rule 1 action 'drop' set firewall ipv6 output filter rule 1 state invalid 'enable' set firewall ipv6 output filter rule 2 action 'accept' set firewall ipv6 output filter rule 2 state established 'enable' set firewall ipv6 output filter rule 3 action 'accept' set firewall ipv6 output filter rule 3 state related 'enable'