In new firewall implementation, most of errors don't expose what is wrong.
Here are some examples, comparing behavior of new implementation and 1.3 version:
##### Error while deleting firewall that is in use: # 1.3 version vyos@vyos# set firewall name FOO default-action accept [edit] vyos@vyos# set firewall name FOO description "FOO Ruleset" [edit] vyos@vyos# set int eth eth0 firewall in name FOO [edit] vyos@vyos# commit [edit] vyos@vyos# del fire [edit] vyos@vyos# commit [ firewall name FOO ] Firewall configuration error: Cannot delete rule set "FOO" (still in use) delete [ firewall name FOO ] failed delete [ firewall ] failed Commit failed # 1.4 Version -> vyos@vyos# set firewall name FOO default-action accept [edit] vyos@vyos# set firewall name FOO description "FOO Ruleset" [edit] vyos@vyos# set int eth eth0 firewall in name FOO [edit] vyos@vyos# commit [edit] vyos@vyos# del fire [edit] vyos@vyos# commit [ firewall ] Failed to apply firewall delete [ firewall ] failed Commit failed ##### Error when setting invalid IPv4 range # 1.3 version vyos@vyos# set firewall group address-group FOO address 203.0.113.10-203.0.113.5 Error: [203.0.113.10-203.0.113.5] is not a valid IPv4 address range Value validation failed Set failed # 1.4 version vyos@vyos# set firewall group address-group FOO address 203.0.113.10-203.0.113.5 Invalid value Value validation failed Set failed ##### Error when setting invalid IPv4 address # 1.3 version vyos@vyos# set firewall group address-group FOO address 203.0.113.288 Error: [203.0.113.288] isn't valid IPv4 address Value validation failed Set failed # 1.4 version yos@vyos# set firewall group address-group FOO address 203.0.113.288 Invalid value Value validation failed Set failed ##### Error when setting invalid port # 1.3 version vyos@vyos# set firewall group port-group FOO port 70123 Error: [70123] is not a valid port Value validation failed Set failed # 1.4 version -> no error while setting the command, and commit succed vyos@vyos# set firewall group port-group FOO port 70123 [edit] vyos@vyos# commit ##### Error when setting invalid port range # 1.3 version vyos@vyos# set firewall group port-group FOO port 55-20 Error: [55-20] is not a valid port range Value validation failed Set failed # 1.4 version -> no error while setting the command, and commit fails vyos@vyos# set firewall group port-group FOO port 55.20 [edit] vyos@vyos# commit [ firewall ] Failed to apply firewall [[firewall]] failed Commit failed
There are more examples, but think with those it's clear what is missing.