Version: VyOS 1.5-rolling-202311081451
Steps to reproduce:
set firewall ipv4 name SOMEZONE-FORWARD-IPV4 default-action 'drop' set firewall ipv4 name SOMEZONE-FORWARD-IPV4 rule 10 action 'drop' set firewall ipv4 name SOMEZONE-FORWARD-IPV4 rule 10 destination geoip country-code 'us' set firewall ipv4 name SOMEZONE-FORWARD-IPV4 rule 10 destination geoip country-code 'ca' set firewall ipv4 name SOMEZONE-FORWARD-IPV4 rule 10 destination geoip inverse-match set firewall ipv4 name SOMEZONE-FORWARD-IPV4 rule 10 log 'enable' set firewall ipv4 name SOMEZONE-FORWARD-IPV4 rule 20 action 'accept' set firewall ipv4 name SOMEZONE-FORWARD-IPV4 rule 20 source address 192.168.0.5 $ show config commands | grep SOMEZONE set firewall ipv4 name SOMEZONE-FORWARD-IPV4 default-action 'drop' set firewall ipv4 name SOMEZONE-FORWARD-IPV4 rule 10 action 'drop' set firewall ipv4 name SOMEZONE-FORWARD-IPV4 rule 10 destination geoip country-code 'us' set firewall ipv4 name SOMEZONE-FORWARD-IPV4 rule 10 destination geoip country-code 'ca' set firewall ipv4 name SOMEZONE-FORWARD-IPV4 rule 10 destination geoip inverse-match set firewall ipv4 name SOMEZONE-FORWARD-IPV4 rule 10 log 'enable' set firewall ipv4 name SOMEZONE-FORWARD-IPV4 rule 20 action 'accept' set firewall ipv4 name SOMEZONE-FORWARD-IPV4 rule 20 source address '192.168.0.5' $ generate firewall rule-resequence | grep SOMEZONE set firewall ipv4 name SOMEZONE-FORWARD-IPV4 default-action 'drop' set firewall ipv4 name SOMEZONE-FORWARD-IPV4 rule 100 action 'drop' set firewall ipv4 name SOMEZONE-FORWARD-IPV4 rule 100 destination geoip inverse-match set firewall ipv4 name SOMEZONE-FORWARD-IPV4 rule 100 log 'enable' set firewall ipv4 name SOMEZONE-FORWARD-IPV4 rule 110 action 'accept' set firewall ipv4 name SOMEZONE-FORWARD-IPV4 rule 110 source address '192.168.0.5'