From dc80ce45f95e243afc6c3d9016f051cfab690846 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Mon, 5 Apr 2021 14:41:05 +0200
Subject: T3456: add missing priority when deleting interface policy

set interfaces ethernet eth1 policy route 'LAN-POLICY-BASED-ROUTING'
set policy route LAN-POLICY-BASED-ROUTING rule 10 destination
set policy route LAN-POLICY-BASED-ROUTING rule 10 disable
set policy route LAN-POLICY-BASED-ROUTING rule 10 set table '10'
set policy route LAN-POLICY-BASED-ROUTING rule 10 source address '192.168.0.119/32'
set policy route LAN-POLICY-BASED-ROUTING rule 20 destination
set policy route LAN-POLICY-BASED-ROUTING rule 20 set table '100'
set policy route LAN-POLICY-BASED-ROUTING rule 20 source address '192.168.0.240'

This was not able to be deleted in only one commit, two commits were required.

vyos@vyos# delete policy
vyos@vyos# delete interfaces ethernet eth1 policy
vyos@vyos# commit
[ policy route LAN-POLICY-BASED-ROUTING ]
Firewall configuration error: Cannot delete rule set "LAN-POLICY-BASED-ROUTING" (still in use)

delete [ policy route LAN-POLICY-BASED-ROUTING ] failed
[[]] failed
Commit failed
copy failed [/opt/vyatta/config/tmp/tmp_7724/work/.unionfs-fuse][/opt/vyatta/config/tmp/new_config_7724/.unionfs-fuse]
Failed to generate committed config
[edit]
vyos@vyos#
---
 gen-interface-policy-templates.pl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gen-interface-policy-templates.pl b/gen-interface-policy-templates.pl
index 991c320..b48b24e 100755
--- a/gen-interface-policy-templates.pl
+++ b/gen-interface-policy-templates.pl
@@ -140,6 +140,7 @@ sub gen_template {
 
     print $tp <<EOF;
 type: txt
+priority: 615
 help: $table_help_hash{$table} ruleset for interface
 allowed: local -a params
 	eval "params=(\$(cli-shell-api listNodes policy $table))"
-- 
cgit v1.2.3


From 8e1ab2a747a26a3a574c411b95ffb2a3ca7e3854 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Mon, 5 Apr 2021 14:42:18 +0200
Subject: T3456: add missing priority when removing per interface firewall
 rules

This is the second commit for fixing this issue, the first was for the
policy based routing and fixed in commit dc80ce45f95 ("T3456: add missing
priority when deleting interface policy").

set firewall name FOO rule 10 action 'accept'
set interfaces ethernet eth0 firewall local name 'FOO'
commit

This was not able to be removed again in one commit, two commits are required.

vyos@r4-roll# delete firewall
[edit]
vyos@r4-roll# delete interfaces ethernet eth0 firewall
[edit]
vyos@r4-roll# commit
[ firewall name FOO ]
Firewall configuration error: Cannot delete rule set "FOO" (still in use)

delete [ firewall name FOO ] failed
delete [ firewall ] failed
Commit failed
[edit]
vyos@r4-roll#
---
 gen-interface-templates.pl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gen-interface-templates.pl b/gen-interface-templates.pl
index 9e8db61..9979de3 100755
--- a/gen-interface-templates.pl
+++ b/gen-interface-templates.pl
@@ -136,6 +136,7 @@ sub gen_firewall_template {
         print $tp "priority: $interface_prio{ $if_tree }\n";
     }
     print $tp "help: Firewall options\n";
+    print $tp "priority: 615\n";
     die "ERROR: No firewall hash for ${if_tree}" unless $firewall_hash{"${if_tree}"};
     print $tp 'end: ${vyatta_sbindir}/vyatta-firewall-trap.pl --level="interfaces ';
     print $tp $firewall_hash{"${if_tree}"} . ' firewall"' . "\n";
-- 
cgit v1.2.3