Page MenuHomeVyOS Platform

Show firewall output with visual shift default rule
Closed, ResolvedPublicBUG

Description

Cosmetic bug
Since we have default rule 1000000, the visual view of column action should be shifted to the right by a few characters
Or use default instead of 1000000

set firewall ipv6-name 6INSIDE-OUT default-action 'accept'
set firewall ipv6-name 6INSIDE-OUT rule 9025 action 'reject'
set firewall ipv6-name 6INSIDE-OUT rule 9025 description 'Block outgoing SMTP'
set firewall ipv6-name 6INSIDE-OUT rule 9025 destination port '25'
set firewall ipv6-name 6INSIDE-OUT rule 9025 log 'enable'
set firewall ipv6-name 6INSIDE-OUT rule 9025 protocol 'tcp_udp'
set firewall name foo rule 10 action 'drop'
set firewall name foo rule 10 destination address '192.0.2.5'
set firewall name foo rule 20 action 'drop'
set firewall name foo rule 20 destination port '345'
set firewall name foo rule 20 protocol 'tcp'
set interfaces ethernet eth1 firewall out ipv6-name '6INSIDE-OUT'
set interfaces ethernet eth1 firewall in name 'foo'

Show:

vyos@testrouter:~$ show firewall

-----------------------------
Rulesets Information
-----------------------------
--------------------------------------------------------------------------------
IPv4 Firewall "foo":

 Active on (eth4,IN)

rule  action   proto     packets  bytes                                   
----  ------   -----     -------  -----                                   
10    drop     all       0        0                                       
  condition - saddr 0.0.0.0/0 daddr 192.0.2.5                                   

20    drop     tcp       0        0                                       
  condition - saddr 0.0.0.0/0 daddr 0.0.0.0/0 foo-20 */                         

1000000 drop     all       0        0                                       
  condition - saddr 0.0.0.0/0 daddr 0.0.0.0/0                                   

--------------------------------------------------------------------------------
IPv6 Firewall "6INSIDE-OUT":

 Active on (eth1,OUT)

rule  action   proto     packets  bytes                                   
----  ------   -----     -------  -----                                   
9025  reject   tcp_udp   0        0                                       
  condition - saddr ::/0 daddr ::/0 6INSIDE-OUT-9025 */ reject-with icmp6-port-u
              nreachableLOG enabled                                             

1000000 accept   all       0        0                                       
  condition - saddr ::/0 daddr ::/0

Details

Difficulty level
Easy (less than an hour)
Version
1.3
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Cosmetic issue (typos etc.)

Related Objects

Mentioned In
1.3.2
1.3.2