I am on latest nightly and nothing is there in config mode for “show firewall”, firewall is simply unavailable.
No firewall logs at all appear in normal mode when using show log all or show log firewall, as if the firewall simply disappeared!
mario@vyos007# show f
Configuration path: [f] is not valid
[edit]
mario@vyos007# show
Possible completions:
> high-availability
High availability settings
> interfaces Network interfaces
> load-balancing
Configure load-balancing
> nat Network Address Translation (NAT) parameters
> policy Routing policy
> protocols Routing protocols
> service System services
> system System parameters
[edit]
mario@vyos007# show
And normal mode, show log all, no firewall rules appear at all, all my rules log apart from established and related
EDIT: further to that show firewall name bleh also shows nothing
mario@vyos007:~$ show firewall name lan-wan
Ruleset Information
Not sure whats going on now but reboot results in no firewall getting loaded, need to determine what sort of damage control mode to enter, this was my perimiter. Hopefully I am still behind the NAT to protect me from internet baddies
I must have buggered up my grep earlier but I got a few of these with other protocols than the set ones in my earlier phone screen capture. Hmm! interesting!
EDIT: I missed the part about port or port-group, so this list below is not that big, and your entry may indeed be the only one
mario@vyos007:~$ show configuration commands | grep protocol | grep -v tcp | grep -v udp
set firewall name cam-firewall rule 10 protocol 'vrrp'
set firewall name dmz-download rule 100 protocol 'icmp'
set firewall name dmz-firewall rule 10 protocol 'vrrp'
set firewall name dmz-mgmt rule 100 protocol 'icmp'
set firewall name dmz-wan rule 100 protocol 'icmp'
set firewall name download-dmz rule 100 protocol 'icmp'
set firewall name download-firewall rule 10 protocol 'vrrp'
set firewall name download-wan rule 100 protocol 'icmp'
set firewall name download-wan rule 202 protocol 'icmp'
set firewall name firewall-cam rule 10 protocol 'vrrp'
set firewall name firewall-cam rule 100 protocol 'icmp'
set firewall name firewall-dmz rule 10 protocol 'vrrp'
set firewall name firewall-dmz rule 100 protocol 'icmp'
set firewall name firewall-download rule 10 protocol 'vrrp'
set firewall name firewall-download rule 100 protocol 'icmp'
set firewall name firewall-guest rule 10 protocol 'vrrp'
set firewall name firewall-guest rule 100 protocol 'icmp'
set firewall name firewall-iot rule 10 protocol 'vrrp'
set firewall name firewall-iot rule 100 protocol 'icmp'
set firewall name firewall-lan rule 10 protocol 'vrrp'
set firewall name firewall-lan rule 100 protocol 'icmp'
set firewall name firewall-mgmt rule 10 protocol 'vrrp'
set firewall name firewall-mgmt rule 100 protocol 'icmp'
set firewall name firewall-mgmt rule 651 protocol 'igmp'
set firewall name firewall-public rule 10 protocol 'vrrp'
set firewall name firewall-public rule 100 protocol 'icmp'
set firewall name firewall-wan rule 100 protocol 'icmp'
set firewall name guest-firewall rule 10 protocol 'vrrp'
set firewall name guest-wan rule 100 protocol 'icmp'
set firewall name iot-dmz rule 100 protocol 'icmp'
set firewall name iot-firewall rule 10 protocol 'vrrp'
set firewall name iot-firewall rule 100 protocol 'icmp'
set firewall name iot-wan rule 100 protocol 'icmp'
set firewall name lan-dmz rule 100 protocol 'icmp'
set firewall name lan-download rule 100 protocol 'icmp'
set firewall name lan-firewall rule 10 protocol 'vrrp'
set firewall name lan-firewall rule 100 protocol 'icmp'
set firewall name lan-firewall rule 101 protocol 'icmp'
set firewall name lan-iot rule 100 protocol 'icmp'
set firewall name lan-mgmt rule 100 protocol 'icmp'
set firewall name lan-public rule 100 protocol 'icmp'
set firewall name lan-wan rule 100 protocol 'icmp'
set firewall name mgmt-dmz rule 100 protocol 'icmp'
set firewall name mgmt-firewall rule 10 protocol 'vrrp'
set firewall name mgmt-firewall rule 100 protocol 'icmp'
set firewall name mgmt-lan rule 100 protocol 'icmp'
set firewall name mgmt-public rule 100 protocol 'icmp'
set firewall name mgmt-wan rule 100 protocol 'icmp'
set firewall name public-dmz rule 100 protocol 'icmp'
set firewall name public-download rule 100 protocol 'icmp'
set firewall name public-firewall rule 10 protocol 'vrrp'
set firewall name public-mgmt rule 100 protocol 'icmp'
set firewall name public-wan rule 100 protocol 'icmp'
That would be very interesting indeed, I am around 360 seconds currently
WEIRD, was able to load an old config from 2020.01.18 that I used to revert back with, remove rule 202 and commit without issue this time on latest nightly. Evaluating…
BTW it appears it took only 66 seconds on the reboot with latest nightly, and the firewall does appear to be loaded up now! Ill leave it overnight while I go sleep and continue in the morning.
Yeah! Thanks much again, will deal with that tomorrow.
I am hoping there was some changes to firewall logging that I need to read up on, dont have the rule identifier and the handy rule thats allowing/blocking, eg: download-wan-2-D in the log anymore, small sample