Page MenuHomeVyOS Platform
Create Task
Maniphest T5496

`show firewall` error
Closed, ResolvedPublic
Actions

Description

vyos@vyos:~$ show firewall group
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/firewall.py", line 344, in <module>
    show_firewall_group(args.name)
  File "/usr/libexec/vyos/op_mode/firewall.py", line 250, in show_firewall_grop
    references = find_references(group_type, group_name)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/firewall.py", line 228, in find_references
    if name_type not in firewall[item]:
                        ~~~~~~~~^^^^^^
KeyError: 'ipv4'
vyos@vyos:~$ show version
Version:          VyOS 1.4-rolling-202308180646
Release train:    current

Built by:         [email protected]
Built on:         Fri 18 Aug 2023 06:46 UTC
Build UUID:       6c4971c5-6b6b-4b83-a810-e118ee462896
Build commit ID:  1c11058f429865

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID:    969b4aee-b3e1-4a55-9a88-d455cc8aa81e

Copyright:        VyOS maintainers and contributors
vyos@vyos:~$ show firewall summary
Ruleset Summary
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/firewall.py", line 348, in <module>
    show_summary()
  File "/usr/libexec/vyos/op_mode/firewall.py", line 301, in show_summary
    show_firewall_group()
  File "/usr/libexec/vyos/op_mode/firewall.py", line 250, in show_firewall_grop
    references = find_references(group_type, group_name)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/firewall.py", line 228, in find_references
    if name_type not in firewall[item]:
                        ~~~~~~~~^^^^^^
KeyError: 'ipv4'

Details

Difficulty level
Unknown (require assessment)
Version
1.4
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

dongjunbo created this task.Aug 18 2023, 11:22 PM
dongjunbo created this object in space S1 VyOS Public.
dongjunbo updated the task description. (Show Details)
dongjunbo updated the task description. (Show Details)Aug 18 2023, 11:37 PM
Apachez added a subscriber: Apachez.Aug 19 2023, 12:19 AM

Works for me without errors but I currently only have an empty ruleset:

set firewall global-options all-ping 'enable'
set firewall global-options broadcast-ping 'disable'
set firewall global-options ip-src-route 'disable'
set firewall global-options ipv6-receive-redirects 'disable'
set firewall global-options ipv6-src-route 'disable'
set firewall global-options log-martians 'enable'
set firewall global-options receive-redirects 'disable'
set firewall global-options send-redirects 'disable'
set firewall global-options source-validation 'strict'
set firewall global-options syn-cookies 'enable'
set firewall global-options twa-hazards-protection 'disable'
set firewall ipv4 forward filter default-action 'accept'
set firewall ipv4 forward filter rule 1 action 'drop'
set firewall ipv4 forward filter rule 1 state invalid 'enable'
set firewall ipv4 forward filter rule 2 action 'accept'
set firewall ipv4 forward filter rule 2 state established 'enable'
set firewall ipv4 forward filter rule 3 action 'accept'
set firewall ipv4 forward filter rule 3 state related 'enable'
set firewall ipv4 input filter default-action 'accept'
set firewall ipv4 input filter rule 1 action 'drop'
set firewall ipv4 input filter rule 1 state invalid 'enable'
set firewall ipv4 input filter rule 2 action 'accept'
set firewall ipv4 input filter rule 2 state established 'enable'
set firewall ipv4 input filter rule 3 action 'accept'
set firewall ipv4 input filter rule 3 state related 'enable'
set firewall ipv4 output filter default-action 'accept'
set firewall ipv4 output filter rule 1 action 'drop'
set firewall ipv4 output filter rule 1 state invalid 'enable'
set firewall ipv4 output filter rule 2 action 'accept'
set firewall ipv4 output filter rule 2 state established 'enable'
set firewall ipv4 output filter rule 3 action 'accept'
set firewall ipv4 output filter rule 3 state related 'enable'
set firewall ipv6 forward filter default-action 'accept'
set firewall ipv6 forward filter rule 1 action 'drop'
set firewall ipv6 forward filter rule 1 state invalid 'enable'
set firewall ipv6 forward filter rule 2 action 'accept'
set firewall ipv6 forward filter rule 2 state established 'enable'
set firewall ipv6 forward filter rule 3 action 'accept'
set firewall ipv6 forward filter rule 3 state related 'enable'
set firewall ipv6 input filter default-action 'accept'
set firewall ipv6 input filter rule 1 action 'drop'
set firewall ipv6 input filter rule 1 state invalid 'enable'
set firewall ipv6 input filter rule 2 action 'accept'
set firewall ipv6 input filter rule 2 state established 'enable'
set firewall ipv6 input filter rule 3 action 'accept'
set firewall ipv6 input filter rule 3 state related 'enable'
set firewall ipv6 output filter default-action 'accept'
set firewall ipv6 output filter rule 1 action 'drop'
set firewall ipv6 output filter rule 1 state invalid 'enable'
set firewall ipv6 output filter rule 2 action 'accept'
set firewall ipv6 output filter rule 2 state established 'enable'
set firewall ipv6 output filter rule 3 action 'accept'
set firewall ipv6 output filter rule 3 state related 'enable'

Using VyOS 1.4-rolling-202308170317.

Possible for you to share your firewall-section that is output of this?

show config commands | strip-private | grep -i "set firewall"
pasik added a subscriber: pasik.Aug 20 2023, 6:20 PM
n.fort added a subscriber: n.fort.Aug 30 2023, 1:52 PM

PR: https://github.com/vyos/vyos-1x/pull/2186

Corrections and improvements were applied. Please check on next rolling release

n.fort changed the task status from Open to Needs testing.Aug 30 2023, 1:54 PM
n.fort added a comment.Aug 30 2023, 10:27 PM

Adding geo-ip and fqnd too:
https://github.com/vyos/vyos-1x/pull/2188

dmbaturin closed this task as Resolved.Feb 15 2024, 1:04 PM
dmbaturin claimed this task.
dmbaturin added a project: Restricted Project.