After upgrading from version 1.4-rolling-202110310317 to latest 1.4-rolling-202202020317 all firewall rules cannot be loaded during system boot.
Error:
[[firewall]] failed
Output from:
configure
load
compare
Shows the complete firewall configuration tree.
Commiting the loaded configuration only succeeded after deleting firewall rules from interfaces and firewall name and firewall ipv6-name. Firewall groups didn’t need to be deleted.
Interface types used ethernet and wireguard.
After getting the commit error, can you send the result of: sudo nft -c -f /run/nftables.conf
If possible, it would be useful to see the firewall section of your config too.
I’ve lowered the issue down to this rule eth0-IN rule 9:
Output from sudo nft -c -f /run/nftables.conf is:
Config from this rule is:
Thanks for that, I’ll get it fixed asap.
Will track it on ⚓ T4178 policy based routing tcp flags issue
Edit: PR is in, will trigger a new rolling ISO when it’s merged. Thanks for the report!
Can you try again with the latest rolling image? https://s3.amazonaws.com/s3-us.vyos.io/rolling/current/vyos-1.4-rolling-202202030910-amd64.iso
Commit works and sudo nft -c -f /run/nftables.conf is not showing any issue but all packages are dropped by kernel now.
After reverting to previous version of 12.2021 same configuration works.
Hm okay, I’ll try and take a look this week.
