Page MenuHomePhabricator

MAC addresses cause invalid arguments in firewall
Open, Requires assessmentPublicBUG

Description

+rule 3 {
+    action drop
+    source {
+        mac-address !XX:XX:XX:XX:XX:c4
+    }
+}
[edit firewall name local-outside-v4]
gunnar@r# commit
[ firewall name local-outside-v4 ]
iptables: Invalid argument. Run `dmesg' for more information.
iptables error: No such file or directory - -m comment --comment "local-outside-v4-3"  -m mac !  --mac-source XX:XX:XX:XX:XX:c4   -j DROP  at /opt/vyatta/sbin/vyatta-firewall.pl line 708.

[[firewall name local-outside-v4]] failed

Details

Difficulty level
Unknown (require assessment)
Version
1.2.0-rolling+201905031607
Why the issue appeared?
Will be filled on close

Event Timeline

Gunni updated the task description. (Show Details)
pasik added a subscriber: pasik.May 24 2019, 6:19 AM
hard added a subscriber: hard.Sat, Sep 21, 8:49 PM
[edit firewall name local-outside-v4]                                                                                
hard@vyos# show                                                                                                      
+rule 3 {                                                                                                            
+    action drop                                                                                                     
+    source {                                                                                                        
+        mac-address !11:22:33:44:55:66                                                                              
+    }                                                                                                               
+}                                                                                                                                                                                                 
[edit firewall name local-outside-v4]                                                                                
hard@vyos# commit
hard@vyos# sudo iptables-save | grep local-outside
-A local-outside-v4 -m comment --comment local-outside-v4-3 -m mac ! --mac-source 11:22:33:44:55:66 -j DROP
-A local-outside-v4 -m comment --comment "local-outside-v4-10000 default-action drop" -j DROP

VyOS 1.2-rolling-201909210810

can't reproduce problem.