After upgrading a VyOS router from 1.4 nightly from Dec 28th to Jan 02 22, the Firewall config fails to load.
Specifically, the firewall state policy fails to load:
admin@vyos-rtr1# set state-policy related action accept
[edit firewall]
admin@vyos-rtr1# commit
[ firewall ]
VyOS had an issue completing a command.
We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Contact us using the online help desk if you have a subscription: https://support.vyos.io/
- Make sure you are running the latest version of VyOS available at: https://vyos.net/get/
- Consult the community forum to see how to handle this issue: https://forum.vyos.io
- Join us on Slack where our users exchange help and advice: https://vyos.slack.com
When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your business policy requires it)
- and include all the information presented below
Report time: 2022-01-03 16:19:27
Image version: VyOS 1.4-rolling-202201020317
Release train: sagitta
Built by: [email protected]
Built on: Sun 02 Jan 2022 03:17 UTC
Build UUID: 4ede964a-6099-4799-b36e-a22a6b9a1914
Build commit ID: e933c7e50fd4f0
Architecture: x86_64
Boot via: installed image
System type: Xen HVM guest
Hardware vendor: Xen
Hardware model: HVM domU
Hardware S/N: 993209b0-27ff-3cd1-e350-d12a287416b7
Hardware UUID: 993209b0-27ff-3cd1-e350-d12a287416b7
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/firewall.py", line 315, in <module> apply(c) File "/usr/libexec/vyos/conf_mode/firewall.py", line 301, in apply cmd(f'nft insert rule ip filter {chain} jump VYOS_STATE_POLICY') File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: nft insert rule ip filter INPUT jump VYOS_STATE_POLICY
returned:
exit code: 1
noteworthy:
cmd 'nft insert rule ip filter INPUT jump VYOS_STATE_POLICY'
returned (out):
returned (err):
Error: No such file or directory; did you mean chain ‘OUTPUT’ in table ip ‘raw’?
insert rule ip filter INPUT jump VYOS_STATE_POLICY
^^^^^
firewall failed
Commit failed
[edit firewall]