Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: protocol definition for junos_firewall_filter ethernet-switching family #577

Closed
NikitaPuglachenko opened this issue Nov 10, 2023 · 1 comment
Closed

Bug: protocol definition for junos_firewall_filter ethernet-switching family #577

NikitaPuglachenko opened this issue Nov 10, 2023 · 1 comment
Assignees
@jeremmfr
Labels
bug Something isn't working
Milestone
v2.3.2

Comments

@NikitaPuglachenko
Copy link

NikitaPuglachenko commented Nov 10, 2023
edited
Loading

Terraform and Provider Versions

Terraform v1.5.4
on darwin_amd64
+ provider registry.terraform.io/hashicorp/external v2.3.1
+ provider registry.terraform.io/jeremmfr/junos v2.3.1

Terraform Configuration Files

resource "junos_firewall_filter" "ethernet-switching-demo" {
  name   = "ethernet-switching-demo"
  family = "ethernet-switching"
  term {
    name = "allow-udp"
    from {
      destination_prefix_list = ["DEMO-NETWORK"]
      protocol                = ["udp"]
      source_prefix_list      = ["DEMO-NETWORK"]
    }
    then {
      action = "accept"
    }
  }
}

Expected Behavior

The junos_firewall_filter is applied

Actual Behavior

Error:

│ Error: Conflict Configuration Error
| ...
│ protocol in from block cannot be configured with family "ethernet-switching"

Steps to Reproduce

  1. terraform plan --target junos_firewall_filter.ethernet-switching-demo

Additional Context

Junos supports protocol definition for ethernet-switching family

References

https://www.juniper.net/documentation/us/en/software/junos/routing-policy/topics/example/firewall-filter-ex-series-configuring.html

i guess it's enough to add "ethernet-switching", there
@NikitaPuglachenko NikitaPuglachenko added the bug Something isn't working label Nov 10, 2023
@NikitaPuglachenko NikitaPuglachenko changed the title Bug: Bug: protocol definition for junos_firewall_filter ethernet-switching family Nov 10, 2023
@jeremmfr
Copy link
Owner

Hi 👋

Thank you for raising this issue.

I hadn't authorized protocol with ethernet-switching because the Junos cli hide the option :

# set firewall family ethernet-switching filter 1 term 1 from ?
Possible completions:
...
+ learn-vlan-id        Match Learnt VLAN ID
+ learn-vlan-id-except  Do not match Learnt VLAN ID
+ port                 Match TCP/UDP source or destination port
+ port-except          Do not match TCP/UDP source or destination port
> source-mac-address   Match MAC source address
+ source-port          Match TCP/UDP source port
+ source-port-except   Do not match TCP/UDP source port
...

but indeed, I do think it's a mistake.
It's strange that protocol is hidden but not port. What's more, Juniper docs use protocol in their examples -> juniper.net

I'll take care of fixing it.

@jeremmfr jeremmfr self-assigned this Nov 16, 2023
@jeremmfr jeremmfr added this to the v2.3.2 milestone Nov 16, 2023
@jeremmfr jeremmfr mentioned this issue Nov 16, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jeremmfr jeremmfr

Labels
bug Something isn't working
Projects
None yet
Milestone
v2.3.2
Development

No branches or pull requests
2 participants
@jeremmfr @NikitaPuglachenko