Page MenuHomeVyOS Platform
Feed All Stories

All Stories
Use Results
Edit Query

Jan 11 2022

sarthurdev committed rVYOSONEX30edcba594eb: policy: T2199: Update op-mode syntax to `route6`.
Jan 11 2022, 7:46 PM
GitHub <noreply@github.com> committed rVYOSONEX968afb9e67a2: Merge pull request #1160 from bjw-s/T4174 (authored by c-po).
Jan 11 2022, 7:46 PM
Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs <me@bjw-s.dev> committed rVYOSONEX4793e2fc0baf: firewall: validators: T4174: Correct upper port range boundary.
Jan 11 2022, 7:46 PM
GitHub <noreply@github.com> committed rVYOSONEXb55ac8e2c06c: Merge pull request #1159 from sarthurdev/firewall (authored by c-po).
Jan 11 2022, 7:46 PM
bjw-s updated the task description for T4174: Validation fails when entering port range with upper port 65535.
Jan 11 2022, 7:46 PM · VyOS 1.4 Sagitta
bjw-s created T4174: Validation fails when entering port range with upper port 65535.
Jan 11 2022, 7:35 PM · VyOS 1.4 Sagitta
fernando closed T4149: [Firewall-IPV6] Error delete Fw rules on VIF/INT as Resolved.
Jan 11 2022, 6:34 PM · VyOS 1.4 Sagitta
fernando added a comment to T4149: [Firewall-IPV6] Error delete Fw rules on VIF/INT.

I've been testing and it works :

Jan 11 2022, 6:33 PM · VyOS 1.4 Sagitta
Nicolas Fort <nicolasfort1988@gmail.com> committed rVYOSONEX1b8f421727ee: ike-group: T4162: Correct helper description for ikev2-reauth.
Jan 11 2022, 5:56 PM
GitHub <noreply@github.com> committed rVYOSONEX24954d470102: Merge pull request #1157 from nicolas-fort/T4162 (authored by c-po).
Jan 11 2022, 5:56 PM
sarthurdev committed rVYOSONEXf97144259335: validators: T4144: Add error messages to the majority of IP validators.
Jan 11 2022, 5:55 PM
sarthurdev committed rVYOSONEXf16525175deb: firewall: policy: T4159: T4164: Fix empty firewall groups, create separate file….
Jan 11 2022, 5:55 PM
sarthurdev committed rVYOSONEX6e23345a693c: firewall: T2199: Add ipv6-range support to IPv6 address group.
Jan 11 2022, 5:55 PM
sarthurdev committed rVYOSONEX5334ca6fc758: firewall: op-mode: T4131: Display `show firewall group` reference and member….
Jan 11 2022, 5:55 PM
sarthurdev committed rVYOSONEX1292a69a5fe9: firewall: policy: T2199: Reload policy route script if `firewall group` node is….
Jan 11 2022, 5:55 PM
sarthurdev committed rVYOSONEXe389729f4de8: firewall: T4159: Add warning when an empty group is applied to a rule.
Jan 11 2022, 5:55 PM
sarthurdev committed rVYOSONEX6cf5767524b8: policy: T2199: Refactor policy route script for better error handling.
Jan 11 2022, 5:55 PM
GitHub <noreply@github.com> committed rVYOSONEX2b51513cf251: Merge pull request #1158 from sarthurdev/firewall (authored by c-po).
Jan 11 2022, 5:55 PM
sarthurdev changed the status of T4164: PBR: network groups (as well as address and port groups) don't resolve in `nftables_policy.conf` from Open to Needs testing.

Thanks, I really like the include idea and have implemented it in the attached PR. Also added a check in firewall.py to reload policy-route script to keep any group changes updated.

Jan 11 2022, 2:51 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4159: Empty firewall group (address, network & port) generates invalid nftables config, commit fails, a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to Needs testing.
Jan 11 2022, 2:48 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev changed the status of T4159: Empty firewall group (address, network & port) generates invalid nftables config, commit fails from Open to Needs testing.

PR removes the empty line when there are no group members, also adds a warning message when empty groups are used in rules.

Jan 11 2022, 2:48 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4131: Show firewall group incorrect format members from Open to Needs testing.

@Viacheslav Not using exact ipset format, however addresses are sorted and output one per line.

Jan 11 2022, 2:46 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4144: Firewall address-group - Improve error messages from In progress to Needs testing.

Should resolve the rest of the error messages.

Jan 11 2022, 2:45 PM · VyOS 1.4 Sagitta
n.fort created T4173: Wan Load Balancing - Error on firewall NAT rules.
Jan 11 2022, 2:17 PM · VyOS 1.4 Sagitta
jestabro closed T4166: Debug output missing when frr.py called under vyos-configd as Resolved.
Jan 11 2022, 1:00 PM · VyOS 1.4 Sagitta
fernando added a comment to T4163: [BMP-BGP] Routing monitoring feature.

well , I think it should be something like this :

Jan 11 2022, 12:48 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort added a comment to T4162: VPN ipsec ike-group - Incorrect value help for ikev2-reauth.

PR: https://github.com/vyos/vyos-1x/pull/1157

Jan 11 2022, 12:33 PM · VyOS 1.4 Sagitta
hensur added a comment to T4172: Patch ndppd to not read route table if there are no auto prefixes.

PR: https://github.com/vyos/vyos-build/pull/212

Jan 11 2022, 12:23 PM · VyOS 1.4 Sagitta
hensur created T4172: Patch ndppd to not read route table if there are no auto prefixes.
Jan 11 2022, 12:20 PM · VyOS 1.4 Sagitta
Viacheslav added a project to T4151: IPV6 local PBR Support: VyOS 1.3 Equuleus ( 1.3.1).
Jan 11 2022, 11:48 AM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
c-po changed the status of T4171: Interface config migration error on 1.2.8 -> 1.4 upgrade from Open to In progress.
Jan 11 2022, 11:03 AM · VyOS 1.4 Sagitta
c-po committed rVYOSONEX29efbf51efea: migrator: interfaces: T4171: bugfix ConfigTreeError.
Jan 11 2022, 11:02 AM
c-po claimed T4171: Interface config migration error on 1.2.8 -> 1.4 upgrade.
Jan 11 2022, 10:45 AM · VyOS 1.4 Sagitta
c-po created T4171: Interface config migration error on 1.2.8 -> 1.4 upgrade.
Jan 11 2022, 10:44 AM · VyOS 1.4 Sagitta
erkin closed T3950: CLI backtrace on update if DNS not defined , a subtask of T3356: Script for remote file transfers, as Resolved.
Jan 11 2022, 9:59 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
erkin closed T3950: CLI backtrace on update if DNS not defined as Resolved.

Chained exceptions are covered too (and backported to Equuleus).

Jan 11 2022, 9:59 AM · VyOS 1.4 Sagitta
c-po committed rVYOSONEXd5775339f9d1: remote: T3950: Gracefully handle chained exceptions (authored by erkin).
Jan 11 2022, 9:35 AM
c-po committed rVYOSONEXb5b9685c37aa: remote: T3950: Gracefully handle chained exceptions (authored by erkin).
Jan 11 2022, 9:35 AM
c-po closed T4170: Rename "policy ipv6-route" -> "policy route6" as Resolved.
Jan 11 2022, 9:29 AM · VyOS 1.4 Sagitta
c-po committed rVYOSONEX54675c2cc9aa: policy: T4170: rename "policy ipv6-route" -> "policy route6".
Jan 11 2022, 9:28 AM
c-po committed rVYOSONEXe89f48269e96: policy: T2199: add missing rule constraints.
Jan 11 2022, 9:28 AM
c-po claimed T4170: Rename "policy ipv6-route" -> "policy route6".
Jan 11 2022, 9:16 AM · VyOS 1.4 Sagitta
c-po created T4170: Rename "policy ipv6-route" -> "policy route6".
Jan 11 2022, 9:15 AM · VyOS 1.4 Sagitta
c-po renamed T4169: INVALID from BGP: Add support for "nexthop-self force" to INVALID.
Jan 11 2022, 8:59 AM · VyOS 1.3 Equuleus ( 1.3.1)
c-po added a comment to T4169: INVALID.

Invalid - already available - I looked into an 1.2.8 image.

Jan 11 2022, 8:59 AM · VyOS 1.3 Equuleus ( 1.3.1)
erkin reopened T3950: CLI backtrace on update if DNS not defined , a subtask of T3356: Script for remote file transfers, as In progress.
Jan 11 2022, 8:58 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
erkin reopened T3950: CLI backtrace on update if DNS not defined as "In progress".
Jan 11 2022, 8:58 AM · VyOS 1.4 Sagitta
c-po created T4169: INVALID.
Jan 11 2022, 8:58 AM · VyOS 1.3 Equuleus ( 1.3.1)
Unknown Object (User) assigned T4168: IPsec VPN is impossible to restart when DMVPN is configured to Viacheslav.
Jan 11 2022, 8:28 AM · VyOS 1.3 Equuleus ( 1.3.1)
Unknown Object (User) created T4168: IPsec VPN is impossible to restart when DMVPN is configured.
Jan 11 2022, 8:27 AM · VyOS 1.3 Equuleus ( 1.3.1)
Unknown Object (User) created T4167: DMVPN apply wrong param on the first configuration.
Jan 11 2022, 8:08 AM · VyOS 1.3 Equuleus (1.3.0)
jestabro committed rVYOSONEXcb797395a4df: frr: T4166: move log debug setting to init function for vyos-configd.
Jan 11 2022, 7:22 AM
GitHub <noreply@github.com> committed rVYOSONEXc0d65731d904: Merge pull request #1153 from jestabro/frr_debug (authored by c-po).
Jan 11 2022, 7:22 AM
GitHub <noreply@github.com> committed rVYOSONEX142c976ca4b3: containers: T2216: bugfix host networking on image upgrade (authored by Mathew Inkson <627767+imathew@users.noreply.github.com>).
Jan 11 2022, 7:21 AM
GitHub <noreply@github.com> committed rVYOSONEX1a33b2f6db47: Merge pull request #1154 from imathew/current (authored by c-po).
Jan 11 2022, 7:21 AM
imathew added a comment to T3662: Container configuration upgrade destroys system.

Hi, I've just submitted a pull request (https://github.com/vyos/vyos-1x/pull/1154) to hopefully complete this bugfix.

Jan 11 2022, 3:42 AM · VyOS 1.4 Sagitta

Jan 10 2022

jestabro triaged T4166: Debug output missing when frr.py called under vyos-configd as Normal priority.
Jan 10 2022, 10:50 PM · VyOS 1.4 Sagitta
c-po committed rVYOSONEXbb76e8d7f163: nat: T2199: dry-run newly generated config before install.
Jan 10 2022, 10:28 PM
c-po committed rVYOSONEX76d912d63ca4: conntrack: T3579: dry-run newly generated config before install.
Jan 10 2022, 10:18 PM
Viacheslav added a comment to T4163: [BMP-BGP] Routing monitoring feature.

@fernando Thanks, do you have any idea about syntax?

Jan 10 2022, 10:13 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
c-po committed rVYOSONEX9bc2f5db25c7: conntrack: T3579: prepare for "conntrack timeout custom rule" CLI commands.
Jan 10 2022, 10:06 PM
Viacheslav created T4165: Custom conntrack rules cannot be deleted.
Jan 10 2022, 10:00 PM · VyOS 1.3 Equuleus ( 1.3.1)
Viacheslav changed the status of T4152: NHRP shortcut-target holding-time does not work from In progress to Needs testing.
Jan 10 2022, 9:40 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
johannrichard updated the task description for T4164: PBR: network groups (as well as address and port groups) don't resolve in `nftables_policy.conf`.
Jan 10 2022, 9:34 PM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEXa5ad98b2307a: firewall: validators: T2199: Improve port validation.
Jan 10 2022, 9:32 PM
sarthurdev committed rVYOSONEXda370b63b266: validators: T4148: Add text output when validators fail.
Jan 10 2022, 9:32 PM
sarthurdev committed rVYOSONEX0a0e7d789e7e: validators: Stricter checking on port-range validator.
Jan 10 2022, 9:32 PM
GitHub <noreply@github.com> committed rVYOSONEX465939d9c9b4: Merge pull request #1152 from sarthurdev/firewall_validators (authored by c-po).
Jan 10 2022, 9:32 PM
c-po committed rVYOSONEXfd1b1ff19b0f: conntrack: T3579: make the timeout tree re-usable as XML include.
Jan 10 2022, 9:27 PM
johannrichard created T4164: PBR: network groups (as well as address and port groups) don't resolve in `nftables_policy.conf`.
Jan 10 2022, 9:22 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4144: Firewall address-group - Improve error messages from Open to In progress.

IPv4 address range error messages are included in PR: https://github.com/vyos/vyos-1x/pull/1152

Jan 10 2022, 9:09 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4148: Firewall - Error messages not that clear as it were in old firewall from Open to Needs testing.

Error for rule being in use when deleting base node was fixed in https://github.com/vyos/vyos-1x/pull/1151

Jan 10 2022, 9:04 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4137: Firewall group configuration allows to set incorrect port range and invalid port from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1152

Jan 10 2022, 9:02 PM · VyOS 1.4 Sagitta
fernando added a comment to T4163: [BMP-BGP] Routing monitoring feature.

this PR https://github.com/vyos/vyos-1x/pull/1088 only include how to enable daemon , but it doesn't add VyOS-cli commands in BGP (the daemon only allows you to enable it).

Jan 10 2022, 8:43 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
c-po committed rVYOSONEX062762154ae1: conntrack: T3579: use "notrack" over "return" in nft statements.
Jan 10 2022, 8:42 PM
c-po added a comment to T3579: Rewrite vyatta-conntrack in new XML and Python flavour.

@Viacheslav / @vindenesen that is a bug I have also seen in the old iptables based implementation. Can you please file a bug report towards VyOS 1.2 and 1.3?

Jan 10 2022, 8:38 PM · VyOS 1.4 Sagitta
c-po committed rVYOSONEX05b5d09ca70c: conntrack: T3579: migrate "conntrack ignore" tree to vyos-1x and nftables.
Jan 10 2022, 8:32 PM
Viacheslav added a comment to T4163: [BMP-BGP] Routing monitoring feature.

There is PR which includes this feature https://github.com/vyos/vyos-1x/pull/1088

Jan 10 2022, 8:17 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
fernando created T4163: [BMP-BGP] Routing monitoring feature.
Jan 10 2022, 8:05 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
Viacheslav assigned T4162: VPN ipsec ike-group - Incorrect value help for ikev2-reauth to n.fort.
Jan 10 2022, 6:49 PM · VyOS 1.4 Sagitta
n.fort created T4162: VPN ipsec ike-group - Incorrect value help for ikev2-reauth.
Jan 10 2022, 6:48 PM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEXdeb9bfa02863: policy: T4155: Fix using incorrect table variable.
Jan 10 2022, 6:42 PM
sarthurdev committed rVYOSONEX67ab81546856: firewall: 4149: Fix verify steps being bypassed when base node is removed.
Jan 10 2022, 6:42 PM
GitHub <noreply@github.com> committed rVYOSONEX436805a69df3: Merge pull request #1151 from sarthurdev/firewall (authored by c-po).
Jan 10 2022, 6:42 PM
sarthurdev changed the status of T4149: [Firewall-IPV6] Error delete Fw rules on VIF/INT from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1151

Jan 10 2022, 6:40 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases , a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to Needs testing.
Jan 10 2022, 6:40 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev changed the status of T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases from Open to Needs testing.

Thanks for catching that!

Jan 10 2022, 6:40 PM · VyOS 1.4 Sagitta
GitHub <noreply@github.com> committed rVYOSONEX4ade92549616: Merge pull request #1150 from nicolas-fort/T4161 (authored by c-po).
Jan 10 2022, 6:38 PM
Nicolas Fort <nicolasfort1988@gmail.com> committed rVYOSONEX8dfde277c90c: policy: T4161: Set correct description for local-preference.
Jan 10 2022, 6:38 PM
n.fort added a comment to T4161: Policy route-map - Incorrect value help for local preference.

PR: https://github.com/vyos/vyos-1x/pull/1150

Jan 10 2022, 6:21 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4149: [Firewall-IPV6] Error delete Fw rules on VIF/INT from Open to In progress.
Jan 10 2022, 5:53 PM · VyOS 1.4 Sagitta
syncer added a member for Maintainers: sarthurdev.
Jan 10 2022, 5:52 PM
Viacheslav assigned T4161: Policy route-map - Incorrect value help for local preference to n.fort.
Jan 10 2022, 5:07 PM · VyOS 1.4 Sagitta
n.fort created T4161: Policy route-map - Incorrect value help for local preference.
Jan 10 2022, 5:06 PM · VyOS 1.4 Sagitta
n.fort created T4160: Firewall - Error in rules that matches everything except something.
Jan 10 2022, 4:51 PM · VyOS 1.4 Sagitta
n.fort closed T3115: Add support for firewall on L3 VIF bridge interface as Resolved.
Jan 10 2022, 3:36 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
n.fort added a comment to T3115: Add support for firewall on L3 VIF bridge interface.

Previous example was expanded, in order to test filtering between native bridge interface and vlans interface on bridge.
Filtering rules:

  • Filter traffic from vlan br0.55 to br0.66
  • Filter traffic from vlan1 to br0.55
  • Allow all
Jan 10 2022, 3:32 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
hensur added a comment to T3818: BGP export route-map only works after bgpd restart.

I'm experiencing this with a custom ISO built from the stable 1.3 sources. Haven't done further debugging yet, a bgpd restart helped every time.

Jan 10 2022, 3:09 PM · VyOS 1.4 Sagitta
Unknown Object (User) added a comment to T4100: Firewall increase maximum number of rules.

In 1.3 (VyOS 1.3-rolling-202201030317) the rules are handled correctly (except for the numbers in description).

Jan 10 2022, 12:35 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav moved T3299: Allow the web proxy service to listen on all IP addresses from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Jan 10 2022, 9:32 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
First
Prev
Next