Maniphest T3989

Firewall - Can't delete rule in firewall entry and leave just default-action when firewall entry is in used
Open, LowPublicBUG
Actions

Assigned To

None

Authored By

	n.fort
	Nov 13 2021, 11:27 AM

Tags

Referenced Files

None

Subscribers

Description

Steps to reproduce error, present on vyos-1.3.0-epa3 version:

1- Set firewall and attach it to a interface:

set firewall name ASD default-action accept
set firewall name ASD rule 10 action drop
set firewall name ASD rule 10 protocol icmp
set firewall name ASD rule 10 destination address 198.51.100.1
set interfaces ethernet eth0 firewall in name ASD
commit

2- After commit, verify configuration:

vyos@vyos# run show config comm | grep fire
set firewall name ASD default-action 'accept'
set firewall name ASD rule 10 action 'drop'
set firewall name ASD rule 10 destination address '198.51.100.1'
set firewall name ASD rule 10 protocol 'icmp'
set interfaces ethernet eth0 firewall in name 'ASD'

3- Delete rule 10, and get the error:

vyos@vyos# del firewall name ASD rule 10
[edit]
vyos@vyos# commit
[ firewall name ASD ]
Firewall configuration error: Cannot delete rule set "ASD" (still in use)



[[firewall name ASD]] failed

Expected result: commit successful, and firewall entry only with default-action defined:

Details

Difficulty level: Unknown (require assessment)
Version: 1.3.0-epa3
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Bug (incorrect behavior)

Related Objects

Mentioned Here: T1292: Issues while deleting all rules from a firewall

Event Timeline

n.fort created this task.Nov 13 2021, 11:27 AM

pasik added a subscriber: pasik.Nov 13 2021, 2:32 PM

Duplicate T1292

jmbwell added a subscriber: jmbwell.Jan 11 2022, 3:22 AM

Duplicate T1292 was assigned to 1.4 version, and I close it because it was solved.
This bug remains open for 1.3 Equuleus

SrividyaA claimed this task.May 16 2022, 1:39 PM

syncer edited projects, added VyOS 1.3 Equuleus (1.3.2); removed VyOS 1.3 Equuleus.Aug 14 2022, 1:05 PM

dmbaturin edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.2).Aug 14 2022, 6:35 PM

dmbaturin added a project: Known issue.Aug 14 2022, 6:39 PM

SrividyaA removed SrividyaA as the assignee of this task.Feb 28 2023, 11:58 AM

SrividyaA added a subscriber: SrividyaA.

syncer edited projects, added VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).Jul 12 2023, 9:47 PM

syncer edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).Aug 25 2023, 9:29 PM

syncer edited projects, added VyOS 1.3 Equuleus (1.3.6); removed VyOS 1.3 Equuleus (1.3.5).Dec 17 2023, 11:37 PM

Viacheslav triaged this task as Low priority.Jan 20 2024, 2:38 AM

syncer edited projects, added VyOS 1.3 Equuleus (1.3.7); removed VyOS 1.3 Equuleus (1.3.6).Feb 10 2024, 9:17 AM