Dear VyOS Maintainers,
The default-action for firewall ipv6 prerouting raw is accept, however run show firewall ipv6 prerouting raw says it is drop. The real behaviour is that the packets are accepted and forwarded, so when the default-action is not set the Action in the statistics is wrong and should be accept instead.
When setting the default-action to accept instead of not setting it (which defaults to accept) then the statistic show accept which would be correct.
with default-action not set (defaults to accept)
vyos@vyos# set firewall ipv6 prerouting raw
Possible completions:
default-action Default-action for rule-set (default: accept)
default-jump-target Set jump target. Action jump must be defined in default-action
to use this setting
description Description
+> rule IPv6 Firewall prerouting raw rule number
[edit]
vyos@vyos# show firewall ipv6 prerouting
raw {
rule 100 {
action accept
destination {
address 64:ff9b::/96
}
}
}
[edit]
vyos@vyos# run show firewall ipv6 prerouting raw
Ruleset Information
---------------------------------
ipv6 Firewall "prerouting raw"
Rule Action Protocol Packets Bytes Conditions
------- -------- ---------- --------- -------- ------------------------------
100 accept all 3848 1116783 ip6 daddr 64:ff9b::/96 accept
default drop all 26376 21895852With default-action set to accept
vyos@vyos# show firewall ipv6 prerouting raw
default-action accept
rule 100 {
action accept
destination {
address 64:ff9b::/96
}
}
[edit]
vyos@vyos# run show firewall ipv6 prerouting raw
Ruleset Information
---------------------------------
ipv6 Firewall "prerouting raw"
Rule Action Protocol Packets Bytes Conditions
------- -------- ---------- --------- ------- ------------------------------
100 accept all 4261 511969 ip6 daddr 64:ff9b::/96 accept
default accept all 3163 2758049Best Regards,
Fabian