Firewall configuration issue after upgrade

After upgrading from version 1.4-rolling-202110310317 to latest 1.4-rolling-202202020317 all firewall rules cannot be loaded during system boot.
[[firewall]] failed

Output from:


Shows the complete firewall configuration tree.
Commiting the loaded configuration only succeeded after deleting firewall rules from interfaces and firewall name and firewall ipv6-name. Firewall groups didn’t need to be deleted.

Interface types used ethernet and wireguard.

After getting the commit error, can you send the result of: sudo nft -c -f /run/nftables.conf

If possible, it would be useful to see the firewall section of your config too.

I’ve lowered the issue down to this rule eth0-IN rule 9:
Output from sudo nft -c -f /run/nftables.conf is:

Config from this rule is:

Thanks for that, I’ll get it fixed asap.

Will track it on ⚓ T4178 policy based routing tcp flags issue

Edit: PR is in, will trigger a new rolling ISO when it’s merged. Thanks for the report!

Can you try again with the latest rolling image?

Commit works and sudo nft -c -f /run/nftables.conf is not showing any issue but all packages are dropped by kernel now.
After reverting to previous version of 12.2021 same configuration works.

Hm okay, I’ll try and take a look this week.