The firewall in 1.4 sets the default action **accept** instead of **drop**
1.4 we have default action `accept`
```
set firewall name FOO rule 10 action 'accept'
set firewall name FOO rule 10 source address '192.0.2.2'
set interfaces ethernet eth1 vif 5 firewall local name 'FOO'
```
Nftables:
```
vyos@r14# sudo nft list table ip filter
table ip filter {
chain VYOS_FW_LOCAL {
type filter hook input priority filter; policy accept;
iifname "eth1.5" counter packets 0 bytes 0 jump NAME_FOO
jump VYOS_POST_FW
}
...
chain NAME_FOO {
ip saddr 192.0.2.2 counter packets 0 bytes 0 return comment "FOO-10"
counter packets 0 bytes 0 return comment "FOO default-action accept"
}
}
```
The same rules for 1.3 show correct default action `drop`
```
[edit]
vyos@r1# sudo nft list table ip filter
table ip filter {
chain INPUT {
type filter hook input priority filter; policy accept;
counter packets 13644 bytes 1993144 jump VYATTA_PRE_FW_IN_HOOK
counter packets 269 bytes 33536 jump VYATTA_FW_LOCAL_HOOK
counter packets 13644 bytes 1993144 jump VYATTA_POST_FW_IN_HOOK
}
...
chain VYATTA_FW_LOCAL_HOOK {
iifname "eth1.5" counter packets 0 bytes 0 jump FOO
}
chain FOO {
ip saddr 192.0.2.2 counter packets 0 bytes 0 return comment "FOO-10"
counter packets 0 bytes 0 drop comment "FOO-1000000 default-action drop"
}
}
```
Old codebase https://github.com/vyos/vyatta-cfg-firewall/blob/d323004c8ab9d0bb917203ed5b705cef38c60c26/templates/firewall/name/node.tag/default-action/node.def#L5
There is missed `defaultValue` https://github.com/vyos/vyos-1x/blob/fdeba8da3e99256fe449e331d0b833a941315226/interface-definitions/include/firewall/name-default-action.xml.i
The real default values in template https://github.com/vyos/vyos-1x/blob/fdeba8da3e99256fe449e331d0b833a941315226/data/templates/firewall/nftables.tmpl#L84
and https://github.com/vyos/vyos-1x/blob/fdeba8da3e99256fe449e331d0b833a941315226/data/templates/firewall/nftables.tmpl#L142