It appears that when using bonded interfaces in a flowtable, the VyOS configuration fails to boot on 1.4 and 1.5. Here's the relevant config, I even created a VM *just* with this config and it still happens:
set firewall flowtable ETHERNET interface 'bond0' set firewall ipv4 forward filter default-action 'drop' set firewall ipv4 forward filter rule 2 action 'offload' set firewall ipv4 forward filter rule 2 inbound-interface name 'bond0' set firewall ipv4 forward filter rule 2 offload-target 'ETHERNET' set firewall ipv4 forward filter rule 2 outbound-interface name 'bond0' set firewall ipv4 forward filter rule 4 action 'accept' set firewall ipv4 forward filter rule 4 protocol 'icmp' set firewall ipv4 forward filter rule 6 action 'accept' set firewall ipv4 forward filter rule 6 state 'established' set firewall ipv4 forward filter rule 6 state 'related' set firewall ipv4 forward filter rule 8 action 'drop' set firewall ipv4 forward filter rule 8 state 'invalid' set interfaces bonding bond0 address '192.168.0.230/24' set interfaces bonding bond0 member interface 'eth0' set interfaces bonding bond0 member interface 'eth1' set interfaces bonding bond0 mode 'active-backup'
Here's the output after a reboot:
vyos@vyos:~$ configure
WARNING: There was a config error on boot: saving the configuration now could overwrite data.
You may want to check and reload the boot config
[edit]
vyos@vyos# comp saved
- firewall {
- flowtable ETHERNET {
- interface "bond0"
- }
- ipv4 {
- forward {
- filter {
- default-action "drop"
- rule 2 {
- action "offload"
- inbound-interface {
- name "bond0"
- }
- offload-target "ETHERNET"
- outbound-interface {
- name "bond0"
- }
- }
- rule 4 {
- action "accept"
- protocol "icmp"
- }
- rule 6 {
- action "accept"
- state "established"
- state "related"
- }
- rule 8 {
- action "drop"
- state "invalid"
- }
- }
- }
- }
- }
[edit]A commit fixes it, so this leads me to believe something is happening in the wrong order during the boot process.