Can't delete firewall rule, is this a bug or designed behavior?

nktech1135 · April 1, 2021, 11:22am

Hi.
I created the following while troubleshooting connectivity between 2 zones. The issue turned out to be something completely unrelated, but now i want to delete the rule.

vyos@vyos.thekingstech.com# show firewall name dmz-lan
 default-action drop
-rule 1000 {
-    action accept
-    state {
-        established enable
-        related enable
-    }
-}

I want to delete rule 1000 but leave the name with it’s default action where it is.

vyos@vyos.thekingstech.com# delete firewall name dmz-lan rule 1000
[edit]
vyos@vyos.thekingstech.com# commit
[ firewall name dmz-lan ]
Firewall configuration error: Cannot delete rule set "dmz-lan" (still in use)



[[firewall name dmz-lan]] failed
Commit failed

Is this working as designed? and if so, how do i delete rule 1000?
I’m running the following version.

vyos@vyos.thekingstech.com# run show version

Version:          VyOS 1.3.0-rc1
Release Train:    equuleus

Built by:         Sentrium S.L.
Built on:         Wed 24 Feb 2021 05:44 UTC
Build UUID:       61e4c2f0-2ca1-45f4-9377-0181dfcaa03c
Build Commit ID:  f4be339392a75b

Architecture:     x86_64
Boot via:         installed image
System type:      bare metal

Hardware vendor:  Protectli
Hardware model:   FW4A
Hardware S/N:     Default string
Hardware UUID:    03000200-0400-0500-0006-000700080009

Copyright:        VyOS maintainers and contributors

Dmitry · April 1, 2021, 1:09pm

Hello @nktech1135 ,

I think this is a firewall design. You need to have at least one rule except default-action