Maniphest T6094

Destination Nat not Making Firewall Rules
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	ImDono
	Mar 4 2024, 2:07 PM

Tags

Referenced Files

None

Subscribers

Description

In the latest rolling release, I found that the desination NAT firewall rules were not working. Documentation says to create the following firewall rule:

foreach ($list as $item) {

set firewall ipv4 forward filter rule 10 action accept
set firewall ipv4 forward filter rule 10 connection-status nat destination
set firewall ipv4 forward filter rule 10 state new enable

  work_miracles($item);
}

However it didn't seem to work. I manually created the firewall rules and all of my DNAT started working. I had this configuration in a previous rolling release so this is a loss of functionality.

Details

Version: 1.5-rolling-202403020021, 1.4.0-epa1
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Bug (incorrect behavior)

Related Objects

Mentioned Here: T6061: connection-status nat destination firewall filter not working in 1.4.0-epa1

Event Timeline

ImDono created this task.Mar 4 2024, 2:07 PM

Viacheslav triaged this task as High priority.Mar 4 2024, 2:12 PM

Duplicated: https://vyos.dev/T6061

pasik subscribed.Mar 4 2024, 6:02 PM

PR: https://github.com/vyos/vyos-1x/pull/3087

n.fort changed the task status from Open to In progress.Mar 5 2024, 11:04 AM

n.fort claimed this task.

n.fort added a project: VyOS 1.4 Sagitta (1.4.0).

n.fort changed Version from 1.5-rolling-202403020021 to 1.5-rolling-202403020021, 1.4.0-epa1.

n.fort changed Issue type from Feature/functionality removal to Bug (incorrect behavior).

n.fort changed the task status from In progress to Needs testing.Mar 6 2024, 1:27 PM

n.fort closed this task as Resolved.Mar 8 2024, 11:31 AM

Viacheslav moved this task from Open to Finished on the VyOS 1.5 Circinus board.Mar 9 2024, 9:38 AM