Page MenuHomeVyOS Platform

IPv6 zone based firewall rules can't be modified
Needs testing, NormalPublicBUG


When using IPv6 zone base firewalling it is not possible to alter a firewall rule, still in use error is reported:


[email protected]# show firewall ipv6-name
 ipv6-name WAN-LOCAL-v6 {
     default-action accept
+    enable-default-log

[email protected]# show zone-policy zone LOCAL from WAN
 firewall {
     ipv6-name WAN-LOCAL-v6
     name WAN-LOCAL
[email protected]# commit
[ firewall ipv6-name WAN-LOCAL-v6 ]
Firewall configuration error: Cannot delete rule set "WAN-LOCAL-v6" (still in use)
[[firewall ipv6-name WAN-LOCAL-v6]] failed
Commit failed


Difficulty level
Normal (likely a few hours)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

syncer changed the task status from Open to Needs testing.Aug 31 2019, 12:18 AM
syncer assigned this task to Dmitry.
syncer triaged this task as Normal priority.
syncer edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.

This behavior not only for ipv6 and appears after task T484

dmbaturin set Is it a breaking change? to Unspecified (possibly destroys the router).