Firewall config-trap seems to be a legacy feature inherit from vyatta.
I see no clear reason on why that option shall remain under firewall configuration.
Description
Description
Details
Details
- Difficulty level
- Unknown (require assessment)
- Version
- vyos-1.4-rolling-202308060317
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Unspecified (possibly destroys the router)
- Issue type
- Feature/functionality removal
Event Timeline
Comment Actions
Its good for traceability to get a snmp trap sent when the firewall config has been altered/changed/(re-)applied.
Ability to send snmp traps exists through "set service snmp".
So I would vote to keep "set firewall config-trap enable".
If one doesnt like it then the feature can be disabled through "set firewall config-trap disable".
Comment Actions
Using VyOS 1.4-rolling-202308250021 the option "config-trap" is no longer to be found and the remains of config-trap causing commit to crash with a traceback have also been fixed:
vyos@vyos:~$ config [edit] vyos@vyos# set firewall global-options Possible completions: all-ping Policy for handling of all IPv4 ICMP echo requests (default: enable) broadcast-ping Policy for handling broadcast IPv4 ICMP echo and timestamp requests (default: disable) ip-src-route Policy for handling IPv4 packets with source route option (default: disable) ipv6-receive-redirects Policy for handling received ICMPv6 redirect messages (default: disable) ipv6-src-route Policy for handling IPv6 packets with routing extension header (default: disable) log-martians Policy for logging IPv4 packets with invalid addresses (default: enable) receive-redirects Policy for handling received IPv4 ICMP redirect messages (default: disable) resolver-cache Retains last successful value if domain resolution fails resolver-interval Domain resolver update interval (default: 300) send-redirects Policy for sending IPv4 ICMP redirect messages (default: enable) source-validation Policy for source validation by reversed path, as specified in RFC3704 (default: disable) syn-cookies Policy for using TCP SYN cookies with IPv4 (default: enable) twa-hazards-protection RFC1337 TCP TIME-WAIT assasination hazards protection (default: disable)