Show log firewall not printing logs for default-actions for custom ruleset
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	n.fort
	Aug 5 2024, 5:42 PM

Description

While defining a particular ipv4 or ipv6 ruleset, and enabling log for default-rule, op-mode command show log firewall ipvX name <name> doesn't print logs for default rule.

Step to reproduce:

# Create custom chain:
set firewall ipv4 name FOO default-action accept
set firewall ipv4 name FOO default-log
set firewall ipv4 input filter rule 1 action 'jump'
set firewall ipv4 input filter rule 1 jump-target 'FOO'

Check chain, op-mode command and logs with journalctl:

vyos@140:~$ sudo nft list chain ip vyos_filter NAME_FOO
table ip vyos_filter {
        chain NAME_FOO {
                counter packets 77 bytes 15395 log prefix "[ipv4-FOO-default-A]" accept comment "FOO default-action accept"
        }
}
vyos@140:~$ show log firewall ipv4 name FOO 
vyos@140:~$ sudo journalctl -b | grep -c "ipv4-FOO-default"
77
vyos@140:~$

Details

Difficulty level: Unknown (require assessment)
Version: 1.5-rolling-202408050022
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Bug (incorrect behavior)

Event Timeline

n.fort created this task.Aug 5 2024, 5:42 PM

pasik subscribed.Aug 5 2024, 5:42 PM

n.fort changed the task status from Open to Confirmed.Aug 5 2024, 5:42 PM

n.fort claimed this task.

n.fort added a project: Restricted Project.

Viacheslav triaged this task as Normal priority.Aug 6 2024, 10:01 AM

n.fort closed this task as Resolved.Fri, Aug 23, 12:15 PM

Show log firewall not printing logs for default-actions for custom rulesetClosed, ResolvedPublicBUGActions

Description

Details

Event Timeline

Show log firewall not printing logs for default-actions for custom ruleset
Closed, ResolvedPublicBUG
Actions