Virtual interface & Firewall? It is "white"

fresh installation on X3000. Happy new year!

Does anyone know, why the virtual device (5G_MODEM_4) is white, not "assigned" to a firewall zone?
I remember and docs show that it is supposed to be red just like the real interface.

interfaces_white1601×673 77.6 KB

root@OpenWrt:~# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'
	option ipv6 '0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option delegate '0'
	option ipv6 '0'
	list dns '5.9.164.112'
	list dns '2001:4f8:0:2::14'
	list dns '9.9.9.9'
	list dns '84.200.69.80'

config interface '5G_MODEM'
	option proto 'qmi'
	option device '/dev/cdc-wdm0'
	option apn 'internet.telekom'
	option pincode '0616'
	option auth 'pap'
	option username 'telekom'
	option password 'pm'
	option pdptype 'ipv4'
	option sourcefilter '0'
	option delegate '0'
	option peerdns '0'

config interface 'rob'
	option proto 'static'
	option device 'br-rob'
	option ipaddr '192.168.5.1'
	option netmask '255.255.255.0'

config device
	option type 'bridge'
	option name 'br-rob'
	list ports 'eth0'

root@OpenWrt:~# cat /etc/config/firewall 


config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option log '1'
	list network '5G_MODEM'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'rob'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'rob'

config forwarding
	option src 'rob'
	option dest 'wan'

config rule
	option name 'ROB DNS'
	option src 'rob'
	option dest_port '53'
	option target 'ACCEPT'

config rule
	option name 'ROP DHCP'
	list proto 'udp'
	option src 'rob'
	option dest_port '67-68'
	option target 'ACCEPT'

I see other posts but why is this changing from release to release or are there other dependencies?

A bigger question is...

Why do you have an intface named 5G_MODEM_4, but your network and firewall configs say 5G_MODEM.

There's no '_4' in your configs. Try adding it to your firewall zone.

This is basic LTE / 4G / 5G WAN config.

If this is possible, it would be a bug.

Funnywise, the

ifstatus 5G_MODEM

shows that it is NOT covered by the FW zone
but

ifstatus 5G_MODEM_4 

is.

	"data": {
		"zone": "wan",
		"dhcpserver": "10.177.77.777",
		"hostname": "fritz.box",
		"leasetime": 7200,
		"zone": "wan"
	}

This is quite the opposite of what the Luci UI shows.