Weird firewall issue - Firewall configuration error: Cannot delete rule set "WAN-LOCAL" (still in use) (1.2.5)

Under interface eth0 I have

ethernet eth0 {
address xxx
description WAN
duplex full
firewall {
in {
ipv6-name IPv6-DENY-ALL
local {

all-ping enable
broadcast-ping disable
config-trap disable
ipv6-name IPv6-DENY-ALL {
default-action drop
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
default-action drop
name WAN-LOCAL {
default-action drop

  • rule 1 {
  •    action drop
  • }
    receive-redirects disable
    send-redirects disable
    source-validation disable
    state-policy {
    established {
    action accept
    invalid {
    action drop
    related {
    action accept

Trying to delete rule 1, got very weird output, bug ?

xxxx# delete firewall name WAN-LOCAL rule 1

Nothing to delete (the specified node does not exist)

xxxx# commit
[ firewall name WAN-LOCAL ]
Firewall configuration error: Cannot delete rule set “WAN-LOCAL” (still in use)

[[firewall name WAN-LOCAL]] failed
Commit failed

Looks like its well known bug, but when it will be solved ?

Of course once I will remove firewall from interface, then I can remove rule, but removing firewall statement is bit risky, dont understand this.

no response ? lol
I think this forum is dead :slight_smile:

@rufzor This requires rewriting the entire firewall to a new xml/python format.