Page MenuHomeVyOS Platform

Show firewall group incorrect format members
Needs testing, Requires assessmentPublicBUG

Description

Incorrect output for the members
Configuration:

set firewall group address-group FOO address '203.0.113.1'
set firewall group address-group FOO address '203.0.113.3'
set firewall group address-group FOO address '203.0.113.4'
set firewall group address-group FOO address '203.0.113.5'
set firewall group address-group FOO address '203.0.113.6'
set firewall group address-group FOO address '203.0.113.7'
set firewall group address-group FOO address '203.0.113.8'
set firewall group address-group FOO address '203.0.113.9'
set firewall group address-group FOO address '203.0.113.10'
set firewall group address-group FOO address '203.0.113.11'
set firewall group address-group FOO address '203.0.113.12'
set firewall group address-group FOO address '203.0.113.13'
set firewall group address-group FOO address '203.0.113.14'
set firewall group address-group FOO address '203.0.113.15'
set firewall group address-group FOO address '203.0.113.16'
set firewall group address-group FOO address '203.0.113.17'
set firewall group address-group FOO address '203.0.113.18'
set firewall group address-group FOO address '203.0.113.19'
set firewall group address-group FOO address '203.0.113.20'
set firewall group address-group FOO address '203.0.113.99'
set firewall group address-group FOO address '203.0.113.125'
set firewall group address-group FOO address '203.0.113.255'
set firewall group address-group FOO address '203.0.113.254'
set firewall group address-group FOO address '203.0.113.0'
set firewall group address-group FOO2 address '203.0.113.3'

Show:

vyos@r11-roll:~$ show firewall group 
Firewall Groups

Name    Type           References    Members
------  -------------  ------------  ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
FOO     address_group                203.0.113.1, 203.0.113.3, 203.0.113.4, 203.0.113.5, 203.0.113.6, 203.0.113.7, 203.0.113.8, 203.0.113.9, 203.0.113.10, 203.0.113.11, 203.0.113.12, 203.0.113.13, 203.0.113.14, 203.0.113.15, 203.0.113.16, 203.0.113.17, 203.0.113.18, 203.0.113.19, 203.0.113.20, 203.0.113.99, 203.0.113.125, 203.0.113.255, 203.0.113.254, 203.0.113.0
FOO2    address_group                203.0.113.3
vyos@r11-roll:~$

Expected addresses under members

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.4-rolling-202201020317
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Cosmetic issue (typos etc.)

Event Timeline

Can you please add output from VyOS 1.3 as reference?

In 1.3 it looks like just ipset -L:

vyos@r4:~$ show firewall group 
Name       : FOO2
Type       : address
References : none
Members    :
             203.0.113.3

Name       : FOO
Type       : address
References : none
Members    :
             203.0.113.0
             203.0.113.1
             203.0.113.3
             203.0.113.4
             203.0.113.5
             203.0.113.6
             203.0.113.7
             203.0.113.8
             203.0.113.9
             203.0.113.10
             203.0.113.11
             203.0.113.12
             203.0.113.13
             203.0.113.14
             203.0.113.15
             203.0.113.16
             203.0.113.17
             203.0.113.18
             203.0.113.19
             203.0.113.20
             203.0.113.99
             203.0.113.125
             203.0.113.254
             203.0.113.255
sdev changed the task status from Open to Needs testing.Tue, Jan 11, 2:46 PM
sdev claimed this task.
sdev added a subscriber: sdev.

PR: https://github.com/vyos/vyos-1x/pull/1158

@Viacheslav Not using exact ipset format, however addresses are sorted and output one per line.