Page MenuHomeVyOS Platform
Create Task
Maniphest T6643

IP Address range in firewall rules throws error
Closed, ResolvedPublicBUG
Actions

Description

IP address range in ipv4 firewall rules throws error on commit.

To reproduce create a firewall rule with IP address range as source or destination address:

set firewall ipv4 name test rule 100 action accept
set firewall ipv4 name test rule 100 destination address 10.0.0.1-10.0.0.3
commit

Fail to apply firewall Error found on: firewall ipv4 name test rule 100
Error message: conflicting protocols specified: ip vs. ip6

[[firewall]] failed
Commit failed

Details

Difficulty level
Unknown (require assessment)
Version
1.5-rolling-202408080021
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

hsahmed created this task.Aug 8 2024, 9:15 PM
hsahmed updated the task description. (Show Details)
hsahmed updated the task description. (Show Details)
pasik subscribed.Aug 9 2024, 6:50 AM
Viacheslav triaged this task as Normal priority.Aug 9 2024, 9:14 AM
Viacheslav changed the task status from Open to Confirmed.Aug 9 2024, 9:18 AM
Viacheslav subscribed.
table ip vyos_filter {

   ...

    chain NAME_test {
        ip6 daddr 10.0.0.1-10.0.0.3 counter accept comment "ipv4-NAM-test-100"
        counter drop comment "test default-action drop"
    }
n.fort claimed this task.Aug 9 2024, 11:18 AM
n.fort changed the task status from Confirmed to In progress.Aug 9 2024, 3:48 PM

https://github.com/vyos/vyos-1x/pull/3964

n.fort changed the task status from In progress to Needs testing.Aug 12 2024, 11:27 AM
Viacheslav edited projects, added Restricted Project, VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.1); removed vyatta-cfg-firewall.Aug 12 2024, 11:49 AM
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.
n.fort closed this task as Resolved.Aug 15 2024, 10:42 AM