IPv6-only firewall zone in 22.03.0-rc1 troublesome

I've been working on a firewall zone for an IPv6-only interface, and with 22.03.0-rc1, if I set the zone to be restricted to IPv6, then the nftables status page is showing no chains for that zone, and the firewall rules are not working as expected.

config zone
	option name 'open'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'only6'
	option input 'REJECT'
	option family 'ipv6'

But if I set the zone to have no IPv4/v6 restriction, the status page does show chains for that zone, and the rules are working as desired.

config zone
	option name 'open'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'only6'
	option input 'REJECT'

Is this the expected behavior? Should an IPv6-only zone have rules that show in the nftables status page, and that work as written?

It's bugged. Fix pending at https://git.openwrt.org/05995f13

1 Like