Page MenuHomeVyOS Platform

Applying firewall rules with a non-existent interface group
Closed, ResolvedPublicBUG

Description

There is no VyOS exception when applying firewall rules with a non-existent interface group
Configuration

set firewall ipv6 input filter rule 1209 action 'accept'
set firewall ipv6 input filter rule 1209 description 'to-eth9-PING6'
set firewall ipv6 input filter rule 1209 inbound-interface group 'WG-INT'
set firewall ipv6 input filter rule 1209 protocol 'ipv6-icmp'
set firewall ipv6 input filter rule 1209 source group network-group 'wglan_v6'
commit

vyos@vyos# commit

Failed to apply firewall: /run/nftables.conf:60:61-69: Error: No such
file or directory; did you mean set ‘I_WG-INT’ in table bridge
‘vyos_filter’?         meta l4proto  vrrp ip6 saddr  @N6_wglan_v6
iifname  @I_WG-INT counter accept comment "ipv6-INP-filter-1000"
^^^^^^^^^ /run/nftables.conf:61:66-74: Error: No such file or directory;
did you mean set ‘I_WG-INT’ in table bridge ‘vyos_filter’?         meta
l4proto  ipv6-icmp ip6 saddr  @N6_wglan_v6 iifname  @I_WG-INT counter
accept comment "ipv6-INP-filter-1209"
^^^^^^^^^

[[firewall]] failed
Commit failed
[edit]

Details

Version
VyOS 1.5-rolling-202402280022, VyOS 1.4.0-epa1
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

Viacheslav triaged this task as Normal priority.Mar 2 2024, 11:18 AM
n.fort changed the task status from Open to In progress.Mar 5 2024, 1:32 PM
n.fort claimed this task.
n.fort changed the task status from In progress to Needs testing.Mar 6 2024, 1:24 PM