Page MenuHomeVyOS Platform
Create Task
Maniphest T7282

op-mode: not all groups are displayed correctly with `show firewall groups`
In progress, NormalPublicBUG
Actions

Description

When showing firewall group <name>, any dynamic groups are also shown along with the requested group name. Dynamic-groups, mac-groups and domain-groups are also not shown in tab completion.

All output from show firewall group:

vyos@vyos:~$ show firewall group 
Firewall Groups

Name               Type                         References    Members            Timeout    Expires
-----------------  ---------------------------  ------------  -----------------  ---------  ---------
addr-group         address_group                N/D           1.1.1.1
dom-group          domain_group                 N/D           google.com
dyn-addr-group     address_group(dynamic)       N/D           N/D                N/D        N/D
dyn-v6-addr-group  ipv6_address_group(dynamic)  N/D           N/D                N/D        N/D
int-group          interface_group              N/D           eth0
v6-addr-group      ipv6_address_group           N/D           2001:db8::1
v6-net-group       ipv6_network_group           N/D           2001:db8::/32
mac-group          mac_group                    N/D           00:12:00:12:34:56
net-group          network_group                N/D           10.0.0.0/24
prt-group          port_group                   N/D           80

In the output of show firewall group <name>, any dynamic-groups are also shown in the output:

vyos@vyos:~$ show firewall group int-group 
Firewall Groups

Name               Type                         References    Members    Timeout    Expires
-----------------  ---------------------------  ------------  ---------  ---------  ---------
dyn-addr-group     address_group(dynamic)       N/D           N/D        N/D        N/D
dyn-v6-addr-group  ipv6_address_group(dynamic)  N/D           N/D        N/D        N/D
int-group          interface_group              N/D           eth0

Also in the current releases, this is the output from show firewall group <tab/?>. Dynamic-groups, mac-groups and domain-groups are not shown in the completion list.

vyos@vyos:~$ show firewall group <tab/?>
Possible completions:
  <Enter>               Execute the current command
  addr-group            Show firewall group
  detail                Show list view of firewall group
  int-group             Show firewall group
  net-group
  prt-group
  v6-addr-group
  v6-net-group

With a patch, the following will be seen in tab completion:

vyos@vyos:~$ show firewall group 
Possible completions:
  <Enter>               Execute the current command
  addr-group            Show firewall group
  detail                Show list view of firewall group
  dom-group             Show firewall group
  dyn-addr-group
  dyn-v6-addr-group
  int-group
  mac-group
  net-group
  prt-group
  v6-addr-group
  v6-net-group

And when filtering, to display a specific group the following will be displayed instead of including all dynamic-groups as well:

vyos@vyos:~$ show firewall group dyn-addr-group 
Firewall Groups

Name            Type                    References    Members    Timeout    Expires
--------------  ----------------------  ------------  ---------  ---------  ---------
dyn-addr-group  address_group(dynamic)  N/D           N/D        N/D        N/D
vyos@vyos:~$ show firewall group int-group
Firewall Groups

Name       Type             References    Members
---------  ---------------  ------------  ---------
int-group  interface_group  N/D           eth0

Details

Version
2025.03.23
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

markh0338 created this task.Tue, Mar 25, 1:14 AM
markh0338 added a comment.Tue, Mar 25, 1:22 AM

Related PR from GitHub: PR #4414

pasik subscribed.Tue, Mar 25, 7:04 AM
Viacheslav changed the task status from Open to In progress.Tue, Mar 25, 8:02 AM
Viacheslav assigned this task to markh0338.
Viacheslav triaged this task as Normal priority.