If source validation on interfaces is 'loose' or 'disable' but in the firewall global option is 'strict' it works as 'strict' on these interfaces.
Network:
Trying ping R2 int Gi0/0 from VyOS with source of eth0.
If source validation is not configured then ping passes.
If
set firewall global-options source-validation 'loose' set interfaces ethernet eth0 ip source-validation 'strict' set interfaces ethernet eth1 ip source-validation 'strict'
it works as expected. Traffic does not pass.
If
set firewall global-options source-validation 'strict' set interfaces ethernet eth0 ip source-validation 'loose' set interfaces ethernet eth1 ip source-validation 'loose'
It does not work. Traffic does not pass.
The same issue with IPv6.