Firewall - bug in zone config
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	n.fort
	Jan 11 2024, 7:40 PM

Description

vyos@intra# run show config comm | grep firewall
set firewall ipv4 name FOO rule 101 action 'accept'
set firewall ipv4 name FOO rule 202 action 'drop'
set firewall ipv4 name FOO rule 303 action 'reject'
set firewall ipv4 name LAN_to_LOCAL rule 10 action 'accept'
set firewall ipv4 name LAN_to_WAN rule 10 action 'accept'
set firewall ipv4 name LOCAL_to_WAN rule 10 action 'accept'
set firewall ipv4 name LOCAL_to_WAN rule 101 action 'accept'
set firewall ipv4 name LOCAL_to_WAN rule 101 protocol 'tcp'
set firewall ipv4 name LOCAL_to_WAN rule 589 action 'drop'
set firewall ipv4 name LOCAL_to_WAN rule 589 destination address '5.4.3.2'
set firewall ipv4 name WAN_to_LAN rule 10 action 'accept'
set firewall ipv4 name WAN_to_LOCAL rule 19 action 'accept'
set firewall ipv6 name WAN_to_LOCAL_v6 rule 10 action 'accept'
set firewall zone LAN from WAN firewall name 'WAN_to_LAN'
set firewall zone LAN interface 'eth1'
set firewall zone LAN interface 'eth2'
set firewall zone LOCAL from LAN firewall name 'LAN_to_LOCAL'
set firewall zone LOCAL from WAN firewall ipv6-name 'WAN_to_LOCAL_v6'
set firewall zone LOCAL from WAN firewall name 'WAN_to_LOCAL'
set firewall zone LOCAL local-zone
set firewall zone WAN from LAN firewall name 'LAN_to_WAN'
set firewall zone WAN from LOCAL firewall name 'LOCAL_to_WAN'
set firewall zone WAN interface 'eth3'
set firewall zone WAN interface 'eth0'
[edit]
vyos@intra# set firewall zone LAN intra-zone-filtering firewall name FOO 
[edit]
vyos@intra# commit

Failed to apply firewall: /run/nftables.conf:160:44-51: Error: Could not
process rule: No such file or directory         iifname { eth1,eth2 }
counter jump NAME_FOO
^^^^^^^^

[[firewall]] failed
Commit failed
[edit]
vyos@intra#

Issue not present in 1.4.0-rc1