Weird firewall issue - Firewall configuration error: Cannot delete rule set "WAN-LOCAL" (still in use) (1.2.5)

General questions
1

Under interface eth0 I have

ethernet eth0 {
address xxx
description WAN
duplex full
firewall {
in {
ipv6-name IPv6-DENY-ALL
name WAN-INBOUND
}
local {
name WAN-LOCAL

all-ping enable
broadcast-ping disable
config-trap disable
ipv6-name IPv6-DENY-ALL {
default-action drop
enable-default-log
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN-INBOUND {
default-action drop
enable-default-log
}
name WAN-LOCAL {
default-action drop
enable-default-log

  • rule 1 {
  •    action drop
  • }
    }
    receive-redirects disable
    send-redirects disable
    source-validation disable
    state-policy {
    established {
    action accept
    }
    invalid {
    action drop
    }
    related {
    action accept

Trying to delete rule 1, got very weird output, bug ?

xxxx# delete firewall name WAN-LOCAL rule 1

Nothing to delete (the specified node does not exist)

xxxx# commit
[ firewall name WAN-LOCAL ]
Firewall configuration error: Cannot delete rule set “WAN-LOCAL” (still in use)

[[firewall name WAN-LOCAL]] failed
Commit failed
[edit]

2

Looks like its well known bug, but when it will be solved ?

https://phabricator.vyos.net/T1417
https://phabricator.vyos.net/T484

3

Of course once I will remove firewall from interface, then I can remove rule, but removing firewall statement is bit risky, dont understand this.

4

no response ? lol
I think this forum is dead :slight_smile:

5

@rufzor This requires rewriting the entire firewall to a new xml/python format.