Firewall State Policy entries fail to load.
Closed, DuplicatePublicBUG
Actions

Assigned To

None

Authored By

	JamesGreenlee
	Jan 4 2022, 12:36 AM

Description

After upgrading a VyOS router from 1.4 nightly from Dec 28th to Jan 02 22, the Firewall config fails to load.

Specifically, the firewall state policy fails to load:

admin@vyos-rtr1# set state-policy related action accept
[edit firewall]
admin@vyos-rtr1# commit
[ firewall ]
VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):

Contact us using the online help desk if you have a subscription: https://support.vyos.io/
Make sure you are running the latest version of VyOS available at: https://vyos.net/get/
Consult the community forum to see how to handle this issue: https://forum.vyos.io
Join us on Slack where our users exchange help and advice: https://vyos.slack.com

When reporting problems, please include as much information as possible:

do not obfuscate any data (feel free to contact us privately if your business policy requires it)
and include all the information presented below

Report time: 2022-01-03 16:19:27
Image version: VyOS 1.4-rolling-202201020317
Release train: sagitta

Built by: [email protected]
Built on: Sun 02 Jan 2022 03:17 UTC
Build UUID: 4ede964a-6099-4799-b36e-a22a6b9a1914
Build commit ID: e933c7e50fd4f0

Architecture: x86_64
Boot via: installed image
System type: Xen HVM guest

Hardware vendor: Xen
Hardware model: HVM domU
Hardware S/N: 993209b0-27ff-3cd1-e350-d12a287416b7
Hardware UUID: 993209b0-27ff-3cd1-e350-d12a287416b7

Traceback (most recent call last):

File "/usr/libexec/vyos/conf_mode/firewall.py", line 315, in <module>
  apply(c)
File "/usr/libexec/vyos/conf_mode/firewall.py", line 301, in apply
  cmd(f'nft insert rule ip filter {chain} jump VYOS_STATE_POLICY')
File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd
  raise OSError(code, feedback)

PermissionError: [Errno 1] failed to run command: nft insert rule ip filter INPUT jump VYOS_STATE_POLICY
returned:
exit code: 1

noteworthy:
cmd 'nft insert rule ip filter INPUT jump VYOS_STATE_POLICY'
returned (out):

returned (err):
Error: No such file or directory; did you mean chain ‘OUTPUT’ in table ip ‘raw’?
insert rule ip filter INPUT jump VYOS_STATE_POLICY