According to the documentation, due to the ordering of the interface loading and firewall configuration:

Due to a race condition that can lead to a failure during boot process, all interfaces are initialized before firewall is configured. This leads to a situation where the system is open to all traffic, and can be considered as a security risk.

This seems not ideal to me as it takes sometimes as long as 3 minutes for my config to load, leaving my device exposed to the internet in that time. I am currently fixing this with a manual solution but would like to propose that the solution be incorporated properly in some capacity.

I am solving by first running this in /config/scripts/vyos-preconfig-bootup.script

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -I INPUT -i lo -j ACCEPT

And then running this in /config/scripts/vyos-postconfig-bootup.script:

sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT

Ideally, this could be implemented on boot via a check to see if there is any firewall configuration at all, and then to configure a default block on all interfaces (except loopback) until the firewall configuration is loaded. Otherwise if there is no firewall configuration then it wouldn't need to do anything at all.

This does not affect interface ordering and allows the firewall to be loaded last if desired.

I apologize if this is a duplicate report, but I could not find one.