It is possible to create a firewall name with no rules other than the default-action:
[edit] [email protected]# set firewall name TEST default-action accept [edit] [email protected]# set interfaces ethernet eth0 firewall in name 'TEST' [edit] [email protected]# commit [edit] [email protected]#
It is possible to go from an empty firewall to one with rules:
[edit] [email protected]# set firewall name TEST rule 1 action accept [edit] [email protected]# commit [edit] [email protected]#
However the operation is not reversable:
[edit] [email protected]# delete firewall name TEST rule 1 [edit] [email protected]# commit [ firewall name TEST ] Firewall configuration error: Cannot delete rule set "TEST" (still in use) [[firewall name TEST]] failed Commit failed [edit] [email protected]#
The also seems to be a race condition/improper order of operations when simultaneously removing both the firewall and the places it is used:
[edit] [email protected]# delete interfaces ethernet eth0 firewall in name 'TEST' [edit] [email protected]# delete firewall name TEST [edit] [email protected]# commit [ firewall name TEST ] Firewall configuration error: Cannot delete rule set "TEST" (still in use) delete [ firewall name TEST ] failed Commit failed [edit] [email protected]#
This needs two commits to succeed:
[edit] [email protected]# delete interfaces ethernet eth0 firewall in name 'TEST' [edit] [email protected]# commit [edit] [email protected]# delete firewall name TEST [edit] [email protected]# commit [edit] [email protected]#