More validators are needed in order to avoid wrong configuration.
Example:
vyos@vyos# run show config comm | grep firewall
set firewall group interface-group TEST interface 'eth1'
set firewall ipv4 forward filter rule 10 action 'accept'
set firewall ipv4 forward filter rule 10 inbound-interface interface-group 'TEST'
set firewall ipv4 forward filter rule 10 inbound-interface interface-name 'eth8'
[edit]
vyos@vyos# sudo nft -s list chain ip vyos_filter VYOS_FORWARD_filter
table ip vyos_filter {
chain VYOS_FORWARD_filter {
type filter hook forward priority filter; policy accept;
iifname "eth8" counter accept comment "FWD-filter-10"
}
}
[edit]
vyos@vyos#