More validators are needed in order to avoid wrong configuration.
Example:
vyos@vyos# run show config comm | grep firewall set firewall group interface-group TEST interface 'eth1' set firewall ipv4 forward filter rule 10 action 'accept' set firewall ipv4 forward filter rule 10 inbound-interface interface-group 'TEST' set firewall ipv4 forward filter rule 10 inbound-interface interface-name 'eth8' [edit] vyos@vyos# sudo nft -s list chain ip vyos_filter VYOS_FORWARD_filter table ip vyos_filter { chain VYOS_FORWARD_filter { type filter hook forward priority filter; policy accept; iifname "eth8" counter accept comment "FWD-filter-10" } } [edit] vyos@vyos#