Page MenuHomeVyOS Platform

Error when commiting firewall groups
Closed, InvalidPublicBUG

Description

Steps to reproduce:
I loaded the VyOS 1.2.3-h2 OVA image in vmware, installed and applied my default configuration.

I had some errors where the firewall wasn't functioning. Rules with network group CUST-LAN wasn't working.
After confirming my rules where actually correct and was shown in show configuration commands I decided to re-apply that particular firewall config.
As seen in tab-completion, 172.20.17.0/24 existed in config, but was given error when trying to commit. However, the configuration was applied anyways.

[email protected]# set firewall group network-group CUST-LAN network 172.20.18.0/24
[edit]
[email protected]# commit
[edit]
[email protected]# delete firewall group network-group CUST-LAN network 17
172.20.17.0/24  172.20.18.0/24  
[edit]
[email protected]# delete firewall group network-group CUST-LAN network 172.20.17.0/24 
[edit]
[email protected]# commit
	[ firewall group network-group CUST-LAN ]
Error: member [172.20.17.0/24] doesn't exists in [CUST-LAN-21897]

Yet another error was given when I tried to apply a network to a network-group. The configuration was actually applied and working, even though the error below...

[email protected]# set firewall group network-group WEB-HOSTS network 172.20.18.21/32
[edit]
[email protected]# commit
[ firewall group network-group WEB-HOSTS ]
Error: undefined group type

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.2.3-h2 (ova template)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

When googling on the error given, T109 shows up where I had posted about this in 2018. I'm not sure it's related to this. Im not sure any configuration has been lost on reboot.

I have tried the above scenario in the VyOS 1.3-rolling-202007200117 which is the latest version and the issue did not reproduce. So I would request you to try in the latest version and share your feedback.

@olofl I can't confirm this bug int the 1.2.5 LTS version.

set firewall group network-group CUST-LAN network 172.20.18.0/24
set firewall group network-group CUST-LAN network 172.20.17.0/24

[email protected]# commit
[edit]
[email protected]# 
[edit]
[email protected]# delete firewall group network-group CUST-LAN network 172.20.17.0/24 
[edit]
[email protected]# commit
[edit]
[email protected]# 

[email protected]# set firewall group network-group WEB-HOSTS network 172.20.18.21/32
[edit]
[email protected]# commit
[edit]
[email protected]#

Try to upgrade your image to the latest LTS release.

The issue did not reproduce neither in 1.2.5 nor in 1.3 version.
Try in the new release and re-open the ticket if any new information appeared.