Page MenuHomeVyOS Platform
Create Task
Maniphest T7112

Setting the default action of a firewall zone to drop causes a commit error
Closed, ResolvedPublicBUG
Actions

Description

Firewall default action drop fails

vyos@r14# set firewall zone wan default-action drop 
[edit]
vyos@r14# commit
[ firewall ]
Traceback (most recent call last):
  File "/usr/libexec/vyos/services/vyos-configd", line 136, in run_script
    c = script.get_config(config)
        ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos//conf_mode/firewall.py", line 144, in get_config
    if 'vrf' in local_zone_conf['member']:
                ~~~~~~~~~~~~~~~^^^^^^^^^^
KeyError: 'member'

[[firewall]] failed
Commit failed
[edit]
vyos@r14#

Details

Version
VyOS 1.5-rolling-202501310006
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)
Forum thread
https://forum.vyos.io/t/cannot-assign-firewall-zone/

Related Objects

Event Timeline

Viacheslav created this task.Jan 31 2025, 10:42 AM
Viacheslav triaged this task as Normal priority.
pasik subscribed.Jan 31 2025, 2:30 PM
o.kuchmystyi subscribed.Nov 6 2025, 10:11 AM

PR: https://github.com/vyos/vyos-1x/pull/4834

sarthurdev changed the task status from Open to Needs testing.Nov 6 2025, 10:19 AM
sarthurdev assigned this task to o.kuchmystyi.
sarthurdev moved this task from Need Triage to Backport Candidates on the VyOS Rolling board.
sarthurdev added a project: VyOS 1.5 Circinus (1.5-stream-2025-Q4).Nov 6 2025, 10:25 AM
o.kuchmystyi mentioned this in rVYOSONEX909780c13714: firewall: T7112: Default action drop fails.Nov 6 2025, 11:37 AM
Restricted Repository Identity mentioned this in rVYOSONEX6140414b4556: Merge pull request #4834 from alexandr-san4ez/T7112-current.Nov 6 2025, 11:37 AM
dmbaturin closed this task as Resolved.Wed, Nov 12, 5:11 PM
dmbaturin edited projects, added VyOS 1.5 Circinus (2025.11); removed VyOS 1.5 Circinus (1.5-stream-2025-Q4), VyOS Rolling.
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
a.kudientsov mentioned this in T7776: Commit fails when removing a firewall local zone.Tue, Nov 18, 7:04 AM
dmbaturin renamed this task from Firewall default action drop fails to Setting the default action of a firewall zone to drop causes a commit error.Thu, Dec 4, 8:16 PM