Page MenuHomeVyOS Platform
Create Task
Maniphest T2598

Error when commiting firewall groups
Closed, InvalidPublicBUG
Actions

Description

Steps to reproduce:
I loaded the VyOS 1.2.3-h2 OVA image in vmware, installed and applied my default configuration.

I had some errors where the firewall wasn't functioning. Rules with network group CUST-LAN wasn't working.
After confirming my rules where actually correct and was shown in show configuration commands I decided to re-apply that particular firewall config.
As seen in tab-completion, 172.20.17.0/24 existed in config, but was given error when trying to commit. However, the configuration was applied anyways.

olof@vyosrouter# set firewall group network-group CUST-LAN network 172.20.18.0/24
[edit]
olof@vyosrouter# commit
[edit]
olof@vyosrouter# delete firewall group network-group CUST-LAN network 17
172.20.17.0/24  172.20.18.0/24  
[edit]
olof@vyosrouter# delete firewall group network-group CUST-LAN network 172.20.17.0/24 
[edit]
olof@vyosrouter# commit
	[ firewall group network-group CUST-LAN ]
Error: member [172.20.17.0/24] doesn't exists in [CUST-LAN-21897]

Yet another error was given when I tried to apply a network to a network-group. The configuration was actually applied and working, even though the error below...

olof@vyosrouter# set firewall group network-group WEB-HOSTS network 172.20.18.21/32
[edit]
olof@vyosrouter# commit
[ firewall group network-group WEB-HOSTS ]
Error: undefined group type

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.2.3-h2 (ova template)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Related Objects

Event Timeline

olofl created this task.Jun 15 2020, 9:20 AM
olofl added a comment.Jun 15 2020, 9:22 AM

When googling on the error given, T109 shows up where I had posted about this in 2018. I'm not sure it's related to this. Im not sure any configuration has been lost on reboot.

olofl mentioned this in T109: VyOS Can Lose Parts Of Its Config On Reboot - In Certain Situations.Jun 15 2020, 9:53 AM
pasik added a subscriber: pasik.Jun 16 2020, 4:35 PM
zsdc assigned this task to SrividyaA.Jul 14 2020, 6:22 PM
SrividyaA added a comment.Jul 21 2020, 2:23 PM

I have tried the above scenario in the VyOS 1.3-rolling-202007200117 which is the latest version and the issue did not reproduce. So I would request you to try in the latest version and share your feedback.

Viacheslav added a subscriber: Viacheslav.Jul 29 2020, 5:16 PM

@olofl I can't confirm this bug int the 1.2.5 LTS version.

set firewall group network-group CUST-LAN network 172.20.18.0/24
set firewall group network-group CUST-LAN network 172.20.17.0/24

vyos@vyos# commit
[edit]
vyos@vyos# 
[edit]
vyos@vyos# delete firewall group network-group CUST-LAN network 172.20.17.0/24 
[edit]
vyos@vyos# commit
[edit]
vyos@vyos# 

vyos@vyos# set firewall group network-group WEB-HOSTS network 172.20.18.21/32
[edit]
vyos@vyos# commit
[edit]
vyos@vyos#

Try to upgrade your image to the latest LTS release.

SrividyaA closed this task as Invalid.Jul 29 2020, 5:36 PM

The issue did not reproduce neither in 1.2.5 nor in 1.3 version.
Try in the new release and re-open the ticket if any new information appeared.