Enable-Default-Log in 1.2.4 not working

Hi everyone,

As soon as I activated the “enable default-log” option in 1.2.3, all packets that are processed by the firewall default action (drop) are displayed in the log, as the name suggests.

In 1.2.4 these entries are no longer displayed.
Neither in “monitor firewall name anyexternal-local” nor in "sudo journalctl -f | grep "

However, I was able to validate that the packets (in this case, SSH) arrive at the firewall and are dropped by the default action as usually specified. The log entry is missing.

Here is my config for that firewall-rule:

vyos@blabla# show firewall name anyexternal-local | strip-private
 default-action drop
 enable-default-log
 rule 1 {
     action accept
     state {
         established enable
         related enable
     }
 }
 rule 2 {
     action drop
     log enable
     state {
         invalid enable
     }
 }
 rule 10 {
     action accept
     description "Enable ICMP on WAN-Zone"
     icmp {
         type 8
     }
     log enable
     protocol icmp
 }
 rule 55 {
     action accept
     description "Allow UDP 500 and 4500 for IPSec and NAT-T"
     destination {
         port 500,4500
     }
     log enable
     protocol udp
 }
 rule 99 {
     action accept
     log enable
     source {
         address xxx.xxx.1.0/24
     }
 }

tcpdump:

vyos@blabla# run monitor traffic interface eth0 | grep -i 193.43.46.119
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:41:33.842483 IP 193.43.46.119.63763 > blabla.ssh: Flags [SEW], seq 2475691149, win 8192, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0
17:41:36.843381 IP 193.43.46.119.63763 > blabla.ssh: Flags [SEW], seq 2475691149, win 8192, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0

Zone Config:

vyos@blabla# show zone zone local
 default-action drop
 from external {
     firewall {
         name anyexternal-local
     }
 }
local-zone

vyos@blabla# show zone zone external
 default-action drop
 from local {
     firewall {
         name local-anyexternal
     }
 }
 interface eth0

I have just analyzed the behavior again, neither in “1.2.4 LTS” nor in “vyos-1.3-rolling-202003041933” log entries for the firewall are shown in ‘sudo journalctl -f’.

it looks like no firewall logs are visible at all

After a downgrade to 1.2.3 LTS, the logs are displayed.