My bad. There’s was a error on latest implementation of raw tables in firewall: original task is ⚓ T3900 Add support for raw tables to firewall
Once fix was introduced last week for ipv4, but did not apply identical patch for ipv6: T3900: firewall: fix for initial implementation - remove jump to stat… · vyos/vyos-1x@7829229 · GitHub
I will submit one shortly.
Meanwhile, you can:
- Delete invalid options for state policies. This rule is dropping what you need.
- Edit file /usr/share/vyos/templates/firewall/nftables.j2 and replace line 242 with:
{% if global_options.state_policy is vyos_defined and prior == 'filter' %}