Page MenuHomeVyOS Platform
Create Task
Maniphest T5957

Firewall fails to delete inbound-interface name
Closed, ResolvedPublicBUG
Actions

Description

Firewall fails to delete inbound-interface name

set firewall ipv4 forward filter rule 10 action 'accept'
set firewall ipv4 forward filter rule 10 inbound-interface name 'eth0.10'
commit
delete firewall ipv4 forward filter rule 10 inbound-interface name 
commit

Commit:

vyos@r4# commit
[ firewall ]
VyOS had an issue completing a command.

Report time:      2024-01-18 10:52:12
Image version:    VyOS 1.5-rolling-202401140026
Release train:    current

Built by:         autobuild@vyos.net
Built on:         Sun 14 Jan 2024 02:21 UTC
Build UUID:       4ae598f3-2ee3-4098-a224-95375fd3a10f
Build commit ID:  365f10340ec2f1

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (Q35 + ICH9, 2009)
Hardware S/N:     
Hardware UUID:    166cfd25-7d3a-4eca-9ef6-0b655c9acf0f

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/firewall.py", line 501, in <module>
    generate(c)
  File "/usr/libexec/vyos/conf_mode/firewall.py", line 450, in generate
    render(nftables_conf, 'firewall/nftables.j2', firewall)
  File "/usr/lib/python3/dist-packages/vyos/template.py", line 142, in render
    rendered = render_to_string(template, content, formater, location)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/template.py", line 111, in render_to_string
    rendered = template.render(content)
               ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 1301, in render
    self.environment.handle_exception()
  File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 936, in handle_exception
    raise rewrite_traceback_stack(source=source)
  File "/usr/share/vyos/templates/firewall/nftables.j2", line 54, in top-level template code
    {{ rule_conf | nft_rule('FWD', prior, rule_id) }}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/template.py", line 574, in nft_rule
    return parse_rule(rule_conf, fw_hook, fw_name, rule_id, ip_name)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/firewall.py", line 284, in parse_rule
    iiface = rule_conf['inbound_interface']['group']
             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^
KeyError: 'group'



[[firewall]] failed
Commit failed
[edit]
vyos@r4#

Details

Version
VyOS 1.5-rolling-202401140026, 1.4-0-rc1
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

Viacheslav created this task.Jan 18 2024, 8:54 AM
Viacheslav triaged this task as High priority.
Viacheslav added a project: VyOS 1.4 Sagitta.
Viacheslav changed the task status from Open to Needs reporter action.Jan 18 2024, 9:29 AM
pasik subscribed.Jan 18 2024, 1:16 PM
Viacheslav changed the task status from Needs reporter action to Confirmed.Jan 18 2024, 2:12 PM
syncer assigned this task to n.fort.Jan 20 2024, 7:35 PM
n.fort added a comment.Jan 22 2024, 11:39 AM

PR: https://github.com/vyos/vyos-1x/pull/2873

n.fort changed the task status from Confirmed to In progress.Jan 22 2024, 11:39 AM
Restricted Repository Identity mentioned this in rVYOSONEX9f3912182897: Merge pull request #2873 from nicolas-fort/T5957.Jan 22 2024, 12:17 PM
n.fort mentioned this in rVYOSONEX0a436e1fce66: T5957: fix removal of interface in firewall rules..Jan 22 2024, 12:17 PM
Restricted Repository Identity mentioned this in rVYOSONEX9ba9b53cbc61: T5957: fix removal of interface in firewall rules..Jan 22 2024, 12:19 PM
n.fort changed the task status from In progress to Needs testing.Jan 22 2024, 2:19 PM
Restricted Repository Identity mentioned this in rVYOSONEXb61a06aa5465: Merge pull request #2875 from vyos/mergify/bp/sagitta/pr-2873.Jan 22 2024, 2:43 PM
n.fort closed this task as Resolved.Jan 26 2024, 7:18 PM