This issue is even worse in NAT66 where VyOS submits wrong syntax to nft:
set nat66 destination rule 100 destination port 443
set nat66 destination rule 100 inbound-interface eth1
set nat66 destination rule 100 protocol tcp
set nat66 destination rule 100 translation port 3000
commit
That causes a crash in the UI:
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/nat66.py", line 175, in <module>
apply(c)
File "/usr/libexec/vyos/conf_mode/nat66.py", line 157, in apply
cmd(f'{nftables_nat66_config}')
File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd
raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: /tmp/vyos-nat66-rules.nft
returned:
exit code: 1
noteworthy:
cmd '/tmp/vyos-nat66-rules.nft'
returned (out):
returned (err):
/tmp/vyos-nat66-rules.nft:15:69-69: Error: syntax error, unexpected colon, expecting end of file or newline or semicolon
add rule ip6 nat PREROUTING iifname "eth1" counter tcp dport { 443 }:3000 comment "DST-NAT66-100"
^
[[nat66]] failed
Commit failed