I was looking on this issue. Please find below a description of what I think is the root cause for this issue:

I have created a new pull request in order to solve an issue I noticed during tests for IPv6 firewall groups.
How to replicate the issue:

• configure an address-group/network group for ipv6
• configure an address-group/network group for ipv4
• configure an ipv4 firewall rule
• commit and save the cofig
• reload the vyos

After reload the IPv6 address-groups/network-groups are deleted.

I discovered an issue with port-group that have root cause the change implemented for ipv6 address and network groups.

I've changed the code in order to have IPv6 address and network groups under global group configuration tree
Please take a look on the pull request I've created https://github.com/vyos/vyatta-cfg-firewall/pull/8 and please merge it to the current branch

I've created a change that add support for ipv6 address and network groups to vyos. Please review it https://github.com/vyos/vyatta-cfg-firewall/pull/7 an provide your feedback.
@dmbaturin merged this to current branch 1.2.0-rc1

if we setup the volume as working dir inside the container the mknod function during the make iso process will fail if the docker host is MacOs or Windows.
The error is "mknod: Function not implemented " and is related to how docker engine is implemented to run on Mac and Windows systems

Perfect. I will update the Readme and push again the change.

I've created this pull request for Dockerfile to vyos-build repository
https://github.com/vyos/vyos-build/pull/15/commits/428c73d96ff745ba61ba834d9d2a42d5dc8ed5cd

thank you for this.
I would suggest to install more dependencies using this docker file. The complete list of what I think we should use is:

squashfs-tools  # Required for squashfs file system
git                      # Required, for cloning the source
autoconf                 # Required, for generating build scripts
dpkg-dev                 # Required, used in build scripts
live-helper              # Required, for ISO build
syslinux                 # Required, for ISO build
genisoimage              # Required, for ISO build
make                     # Required, for ISO build
lsb-release              # Required, used by configure script
ssh                      # Optional, for cloning over SSH
sudo                     # Optional, ISO build requires root privileges
fakechroot               # Required, for ISO build
devscripts               # Optional, for building submodules (kernel etc)
kernel-package           # Optional, for building the kernel
libtool                  # Optional, for building certain packages (eg vyatta-op-vpn)
libglib2.0-dev           # Optional, for building vyatta-cfg 
libboost-filesystem-dev  # Optional, for building vyatta-cfg
libapt-pkg-dev           # Optional, for building vyatta-cfg
flex                     # Optional, for building vyatta-cfg
bison                    # Optional, for building vyatta-cfg
libperl-dev              # Optional, for building vyatta-cfg
libnfnetlink-dev         # Optional, for building vyatta-cfg-vpn
vim                      # Optional, vim, vi, nano or other text editor

I've created pull request https://github.com/vyos/vyos-build/pull/15 to solve this issue

The use case this patch solve is the following:
-we have a firewall with multiple rules set
-the firewall is mapped to an interface
-we want to remove one/or multiple rules from the rule chain (this is not possible using current VyOs version as long as the filter is mapped to an interface)

I created this patch for this issue https://github.com/vyos/vyatta-cfg-firewall/pull/6