Currently, the rules get inserted into nftables with the same string as the log prefix, which doesn't provide any additional useful information. It would be better if the comment matched the rule description. The existing comment format could exist as a default if a description is not configured.
Example:
set firewall ipv4 forward filter rule 10 action 'accept' set firewall ipv4 forward filter rule 10 description 'Allow all traffic from LAN' set firewall ipv4 forward filter rule 10 inbound-interface name 'eth2' set firewall ipv4 forward filter rule 10 log set firewall ipv4 forward filter rule 20 action 'drop' set firewall ipv4 forward filter rule 20 log
chain VYOS_FORWARD_filter {
type filter hook forward priority filter; policy accept;
iifname "eth2" log prefix "[ipv4-FWD-filter-10-A]" counter packets 0 bytes 0 accept comment "Allow all traffic from LAN"
log prefix "[ipv4-FWD-filter-20-D]" counter packets 0 bytes 0 drop comment "ipv4-FWD-filter-20"
counter packets 0 bytes 0 accept comment "FWD-filter default-action accept"
}