Page MenuHomeVyOS Platform

Firewall address-group - Improve error messages
Closed, ResolvedPublicBUG

Description

When setting wrong address group, message is not clear is it was in 1.3 version.

Unclear messages on VyOS 1.4-rolling-202201060842

vyos@vyos# set firewall group address-group FOO address 203.0.113.10-203.0.113.5 
  
  
  
  
  Invalid value
  Value validation failed
  Set failed

Clear messages on 1.3.0

vyos@vyos# set firewall group address-group FOO address 203.0.113.10-203.0.113.5 
  Error: [203.0.113.10-203.0.113.5] is not a valid IPv4 address range
  
  Value validation failed
  Set failed

Same things when seting invalid netmaks on network groups, and invalid addreses, for example with these commands:

set firewall group network-group FOO network 203.0.113.128/35
set firewall group address-group FOO address 203.0.113.288

Details

Difficulty level
Unknown (require assessment)
Version
vyos-1.4-rolling-202201060842
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Improvement (missing useful functionality)

Event Timeline

n.fort updated the task description. (Show Details)
sdev changed the task status from Open to In progress.Mon, Jan 10, 9:09 PM
sdev claimed this task.

IPv4 address range error messages are included in PR: https://github.com/vyos/vyos-1x/pull/1152

sdev changed the task status from In progress to Needs testing.Tue, Jan 11, 2:45 PM

PR: https://github.com/vyos/vyos-1x/pull/1158

Should resolve the rest of the error messages.

hi

I've checked with this new build , it works with validator ranges/port :

firewall# set firewall group address-group FOO address 203.0.113.10-20

  Error: 203.0.113.10-203.0.113.5 is not a valid IPv4 address range




  Invalid value
  Value validation failed
  Set failed

`

but it doesn't show the error correctly :

@test-firewall# set firewall group network-group FOO network 203.0.113.128/38




  Invalid value
  Value validation failed
  Set failed

I don't think it's a problem with prefix-validator because it works properly

vyos@test-firewall:~$ sudo sh checknet.sh 203.0.113.128/38
Error: 203.0.113.128/38 is not a valid IP prefix
vyos@test-firewall:~$

it may a issues with python variable.

Seems to be working on my latest build?

vyos@vyos# set firewall group network-group FOO network 203.0.113.128/38

  Error: 203.0.113.128/38 is not a valid IPv4 prefix



  Invalid value
  Value validation failed
  Set failed

[edit]
vyos@vyos# run show ver

Version:          VyOS 1.4-rolling-202201112007
Release train:    sagitta

Built by:         root@6e5907a9b43c
Built on:         Tue 11 Jan 2022 20:07 UTC
Build UUID:       6ea62c50-17b2-4993-80de-ef19828efe5b
Build commit ID:  f0cdd802c2a6a9-dirty

Architecture:     x86_64
Boot via:         livecd
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID:    1592336b-70a5-46d5-b78d-50fcda467720

Copyright:        VyOS maintainers and contributors

yes , i'm using this version :

vyos@test-firewall:~$ show version

Version:          VyOS 1.4-rolling-202201110811
Release train:    sagitta

Built by:         autobuild@vyos.net
Built on:         Tue 11 Jan 2022 08:11 UTC
Build UUID:       2e678787-bf60-4ed5-b53b-300252863cc4
Build commit ID:  f0cdd802c2a6a9

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID:    0ed1854a-565e-4368-8c9e-843e33c8c181

Copyright:        VyOS maintainers and contributors

it should be for that .

yes, you are right:

vyos@test-firewall:~$ show version

Version:          VyOS 1.4-rolling-202201120317
Release train:    sagitta

Built by:         autobuild@vyos.net
Built on:         Wed 12 Jan 2022 03:17 UTC
Build UUID:       193a2653-68b2-46f5-9348-e26260e73ad9
Build commit ID:  f0cdd802c2a6a9

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID:    0ed1854a-565e-4368-8c9e-843e33c8c181

Copyright:        VyOS maintainers and contributors

vyos@test-firewall# set firewall group network-group FOO network 203.0.113.128/3

  Error: 203.0.113.128/35 is not a valid IPv4 prefix

thanks

Tested on VyOS 1.4-rolling-202201180317 and working as expected.