Page MenuHomePhabricator

IPv6 zone based firewall rules can't be modified
Needs testing, NormalPublicBUG

Description

When using IPv6 zone base firewalling it is not possible to alter a firewall rule, still in use error is reported:

Reproduce:

vyos@vyos# show firewall ipv6-name
 ipv6-name WAN-LOCAL-v6 {
     default-action accept
+    enable-default-log
 }

vyos@vyos# show zone-policy zone LOCAL from WAN
 firewall {
     ipv6-name WAN-LOCAL-v6
     name WAN-LOCAL
 }
vyos@vyos# commit
[ firewall ipv6-name WAN-LOCAL-v6 ]
Firewall configuration error: Cannot delete rule set "WAN-LOCAL-v6" (still in use)
[[firewall ipv6-name WAN-LOCAL-v6]] failed
Commit failed

Details

Difficulty level
Normal (likely a few hours)
Version
1.2.1
Why the issue appeared?
Will be filled on close

Event Timeline

c-po created this task.May 29 2019, 3:14 PM
pasik added a subscriber: pasik.May 31 2019, 3:43 PM
syncer changed the task status from Open to Needs testing.Aug 31 2019, 12:18 AM
syncer assigned this task to Dmitry.
syncer triaged this task as Normal priority.
syncer edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.

This behavior not only for ipv6 and appears after task T484