PBR commit fails due to nftables rendering

mugunthan-krishnan · November 18, 2025, 3:17am

Hey everyone,

I am using vyos version - 1.5-stream-2025-Q2. I am performing policy based route creation for a
bridge interface.

set interfaces bridge br100398 vrf testvrf
set interfaces bridge br100398 address 172.16.195.1/24
set interfaces vxlan vxlan10100398 vni 10100398
set interfaces vxlan vxlan10100398 mtu 1600
set interfaces vxlan vxlan10100398 port 4789
set interfaces vxlan vxlan10100398 remote 10.201.21.11
set interfaces vxlan vxlan10100398 source-interface eth0
set interfaces vxlan vxlan10100398 source-address 10.201.21.4
set interfaces bridge br100398 member interface vxlan10100398
set policy route pbr_br100398 interface br100398
set policy route pbr_br100398 rule 1 action accept
set policy route pbr_br100398 rule 1 destination address 172.16.195.0/24
set policy route pbr_br100398 rule 999999 action drop

The router has several similar configurations which were being accepted. Recently, I have noticed the following error from the vyos.

[ policy route pbr_br100398 ]
Traceback (most recent call last):
 File "/usr/libexec/vyos/services/vyos-configd", line 143, in run_script
 script.generate(c)
 File "/usr/libexec/vyos//conf_mode/policy_route.py", line 191, in generate
 render(nftables_conf, 'firewall/nftables-policy.j2', policy)
 File "/usr/lib/python3/dist-packages/vyos/template.py", line 174, in render
 rendered = render_to_string(template, content, formater, location)
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 File "/usr/lib/python3/dist-packages/vyos/template.py", line 143, in render_to_string
 rendered = template.render(content)
 ^^^^^^^^^^^^^^^^^^^^^^^^
 File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 1301, in render
 self.environment.handle_exception()
 File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 936, in handle_exception
 raise rewrite_traceback_stack(source=source)
 File "/usr/share/vyos/templates/firewall/nftables-policy.j2", line 28, in top-level template code
 {{ rule_conf | nft_rule('route', route_text, rule_id, 'ip') }}
 ^^^^^^^^^^^^^^^^^^^^^^^^^
 File "/usr/lib/python3/dist-packages/vyos/template.py", line 620, in nft_rule
 return parse_rule(rule_conf, fw_hook, fw_name, rule_id, ip_name)
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 File "/usr/lib/python3/dist-packages/vyos/firewall.py", line 591, in parse_rule
 mark = 0x7FFFFFFF - int(table)
 ^^^^^^^^^^
TypeError: int() argument must be a string, a bytes-like object or a real number, not 'NoneType'

[[policy route pbr_br100398]]

I am unclear on the error - because it seems like the policy based route is expecting a table id to be mandatory to the configurations. However, these configurations have been successfully created in the past.

Please let me know your thoughts and let me know if any more information is required.

Thanks!

Viacheslav · November 18, 2025, 3:58am

Try the latest stream or the latest rolling.

mugunthan-krishnan · November 18, 2025, 4:43am

I am using the latest 2025-Q2 stream version. One more info to note is that before the failure occurred, I had roughly 700 lines of PBR configurations.

Is this a known issue and will the upcoming stream release fix this issue?
Thanks!

Viacheslav · November 18, 2025, 9:59am

It is not the latest stream version

system · December 18, 2025, 10:00am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.