Page MenuHomeVyOS Platform
Feed Search

Search
Use Results
Hide Query

Jan 21 2022

sarthurdev added a comment to T4200: Assigning ipv6-name to interface is not generating nftables rules.

I can't reproduce this issue on latest rolling

Jan 21 2022, 12:03 PM · VyOS 1.4 Sagitta

Jan 20 2022

sarthurdev committed rVYOSONEXd1d0150b6a40: firewall: T2199: Add log prefix to match legacy perl behaviour.
Jan 20 2022, 7:22 PM

Jan 19 2022

sarthurdev committed rVYOSONEX0a5a78621b2b: firewall: T3560: Add support for MAC address groups.
Jan 19 2022, 5:56 PM
sarthurdev committed rVYOSONEX081fc4466f20: firewall: policy: T1292: Clean up any rules required to delete a chain.
Jan 19 2022, 5:06 PM
sarthurdev committed rVYOSONEXf96a4fcd5d0c: firewall: T2199: Raise ConfigError if deleted node is used in zone-policy.
Jan 19 2022, 5:06 PM

Jan 18 2022

sarthurdev committed rVYOSONEXa7e14cba820f: firewall: T4188: Create default conntrack `FW_CONNTRACK` chain.
Jan 18 2022, 6:59 PM
sarthurdev changed the status of T4188: Firewall does not correctly handle conntracking from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1178

Jan 18 2022, 6:02 PM · VyOS 1.4 Sagitta
johannrichard awarded T3560: Ability to create groups of MAC addresses a Like token.
Jan 18 2022, 5:46 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T3560: Ability to create groups of MAC addresses, a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to Needs testing.
Jan 18 2022, 5:35 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev changed the status of T3560: Ability to create groups of MAC addresses from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1177

Jan 18 2022, 5:35 PM · VyOS 1.4 Sagitta
sarthurdev renamed T4188: Firewall does not correctly handle conntracking from Firewall does not match ICMPv6 packets to Firewall does not correctly handle conntracking.
Jan 18 2022, 5:30 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4188: Firewall does not correctly handle conntracking from Open to In progress.

Okay, thanks for the update. I have found a conntrack issue in the code. Will have a fix in shortly.

Jan 18 2022, 5:29 PM · VyOS 1.4 Sagitta
sarthurdev closed T4159: Empty firewall group (address, network & port) generates invalid nftables config, commit fails, a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Jan 18 2022, 1:50 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev closed T4159: Empty firewall group (address, network & port) generates invalid nftables config, commit fails as Resolved.
Jan 18 2022, 1:50 PM · VyOS 1.4 Sagitta
sarthurdev closed T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases , a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Jan 18 2022, 1:50 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev closed T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases as Resolved.
Jan 18 2022, 1:50 PM · VyOS 1.4 Sagitta
sarthurdev closed T3286: Switch the firewall from iptables to nftables, a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Jan 18 2022, 1:47 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev closed T3286: Switch the firewall from iptables to nftables as Resolved.
Jan 18 2022, 1:47 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T1292: Issues while deleting all rules from a firewall, a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to Needs testing.
Jan 18 2022, 1:45 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev changed the status of T1292: Issues while deleting all rules from a firewall from Open to Needs testing.

Fixed in 1.4 PR: https://github.com/vyos/vyos-1x/pull/1176

Jan 18 2022, 1:45 PM · VyOS 1.4 Sagitta

Jan 17 2022

sarthurdev closed T4188: Firewall does not correctly handle conntracking as Invalid.

You need to remove the state new match on the rule and it'll work.

Jan 17 2022, 7:54 PM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEXab4dd3b7a65d: zone-policy: T3873: Fix intra-zone-filtering return to zone default-action.
Jan 17 2022, 5:08 PM
sarthurdev committed rVYOSONEX64668771d5f1: firewall: policy: T4178: Migrate and refactor tcp flags.
Jan 17 2022, 5:08 PM
sarthurdev committed rVYOSONEX53c2b62dda5b: firewall: T2199: Fix `port-range` validator to accept service names.
Jan 17 2022, 5:08 PM
sarthurdev added a comment to T4178: policy based routing tcp flags issue.

Included those flags in PR: https://github.com/vyos/vyos-1x/pull/1174

Jan 17 2022, 11:29 AM · VyOS 1.4 Sagitta
sarthurdev added a comment to T3873: Zone based Firewall - Filter traffic in same zone.

Included in PR: https://github.com/vyos/vyos-1x/pull/1174

Jan 17 2022, 11:08 AM · VyOS 1.4 Sagitta

Jan 16 2022

sarthurdev changed the status of T3873: Zone based Firewall - Filter traffic in same zone from Open to In progress.

Thanks, will include a fix in a PR shortly

Jan 16 2022, 9:43 PM · VyOS 1.4 Sagitta

Jan 14 2022

sarthurdev committed rVYOSONEXdf5a862beb84: firewall: T4178: Use lowercase for TCP flags and add an validator.
Jan 14 2022, 7:31 PM

Jan 13 2022

sarthurdev changed the status of T4178: policy based routing tcp flags issue from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1167

Jan 13 2022, 8:29 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4178: policy based routing tcp flags issue from Open to In progress.

Thanks for the report, working on the fix now.

Jan 13 2022, 11:55 AM · VyOS 1.4 Sagitta

Jan 12 2022

sarthurdev committed rVYOSONEXa132ba993e78: firewall: T4160: Fix support for inverse matches.
Jan 12 2022, 5:49 PM
sarthurdev changed the status of T2199: Rewrite firewall in new XML/Python style from Open to Needs testing.
Jan 12 2022, 5:11 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev changed the status of T4160: Firewall - Error in rules that matches everything except something from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1161

Jan 12 2022, 12:32 PM · VyOS 1.4 Sagitta
sarthurdev moved T4131: Show firewall group incorrect format members from Open to In Progress on the VyOS 1.4 Sagitta board.
Jan 12 2022, 10:14 AM · VyOS 1.4 Sagitta
sarthurdev moved T4137: Firewall group configuration allows to set incorrect port range and invalid port from Open to In Progress on the VyOS 1.4 Sagitta board.
Jan 12 2022, 10:14 AM · VyOS 1.4 Sagitta
sarthurdev moved T4144: Firewall address-group - Improve error messages from Open to In Progress on the VyOS 1.4 Sagitta board.
Jan 12 2022, 10:13 AM · VyOS 1.4 Sagitta
sarthurdev moved T4148: Firewall - Error messages not that clear as it were in old firewall from Open to In Progress on the VyOS 1.4 Sagitta board.
Jan 12 2022, 10:13 AM · VyOS 1.4 Sagitta
sarthurdev moved T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases from Open to In Progress on the VyOS 1.4 Sagitta board.
Jan 12 2022, 10:13 AM · VyOS 1.4 Sagitta
sarthurdev moved T4159: Empty firewall group (address, network & port) generates invalid nftables config, commit fails from Open to In Progress on the VyOS 1.4 Sagitta board.
Jan 12 2022, 10:13 AM · VyOS 1.4 Sagitta
sarthurdev moved T4160: Firewall - Error in rules that matches everything except something from Open to In Progress on the VyOS 1.4 Sagitta board.
Jan 12 2022, 10:13 AM · VyOS 1.4 Sagitta
sarthurdev moved T4164: PBR: network groups (as well as address and port groups) don't resolve in `nftables_policy.conf` from Open to In Progress on the VyOS 1.4 Sagitta board.
Jan 12 2022, 10:13 AM · VyOS 1.4 Sagitta

Jan 11 2022

sarthurdev changed the status of T4160: Firewall - Error in rules that matches everything except something from Open to In progress.
Jan 11 2022, 11:25 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T4173: Wan Load Balancing - Error on firewall NAT rules.

Forgot that my PR for WLB was still a draft. That the jump does seem to be created properly with this PR in place.

Jan 11 2022, 11:07 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T4144: Firewall address-group - Improve error messages.

That build at 08:11 UTC was a couple of hours before the commit was merged: https://github.com/vyos/vyos-1x/commit/f97144259335102c3d96b232cbb0af4970120d62

Jan 11 2022, 10:02 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T4144: Firewall address-group - Improve error messages.

Seems to be working on my latest build?

Jan 11 2022, 8:21 PM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEX30edcba594eb: policy: T2199: Update op-mode syntax to `route6`.
Jan 11 2022, 7:46 PM
sarthurdev committed rVYOSONEXf97144259335: validators: T4144: Add error messages to the majority of IP validators.
Jan 11 2022, 5:55 PM
sarthurdev committed rVYOSONEXf16525175deb: firewall: policy: T4159: T4164: Fix empty firewall groups, create separate file….
Jan 11 2022, 5:55 PM
sarthurdev committed rVYOSONEX6e23345a693c: firewall: T2199: Add ipv6-range support to IPv6 address group.
Jan 11 2022, 5:55 PM
sarthurdev committed rVYOSONEX5334ca6fc758: firewall: op-mode: T4131: Display `show firewall group` reference and member….
Jan 11 2022, 5:55 PM
sarthurdev committed rVYOSONEX1292a69a5fe9: firewall: policy: T2199: Reload policy route script if `firewall group` node is….
Jan 11 2022, 5:55 PM
sarthurdev committed rVYOSONEXe389729f4de8: firewall: T4159: Add warning when an empty group is applied to a rule.
Jan 11 2022, 5:55 PM
sarthurdev committed rVYOSONEX6cf5767524b8: policy: T2199: Refactor policy route script for better error handling.
Jan 11 2022, 5:55 PM
sarthurdev changed the status of T4164: PBR: network groups (as well as address and port groups) don't resolve in `nftables_policy.conf` from Open to Needs testing.

Thanks, I really like the include idea and have implemented it in the attached PR. Also added a check in firewall.py to reload policy-route script to keep any group changes updated.

Jan 11 2022, 2:51 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4159: Empty firewall group (address, network & port) generates invalid nftables config, commit fails, a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to Needs testing.
Jan 11 2022, 2:48 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev changed the status of T4159: Empty firewall group (address, network & port) generates invalid nftables config, commit fails from Open to Needs testing.

PR removes the empty line when there are no group members, also adds a warning message when empty groups are used in rules.

Jan 11 2022, 2:48 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4131: Show firewall group incorrect format members from Open to Needs testing.

@Viacheslav Not using exact ipset format, however addresses are sorted and output one per line.

Jan 11 2022, 2:46 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4144: Firewall address-group - Improve error messages from In progress to Needs testing.

Should resolve the rest of the error messages.

Jan 11 2022, 2:45 PM · VyOS 1.4 Sagitta

Jan 10 2022

sarthurdev committed rVYOSONEXa5ad98b2307a: firewall: validators: T2199: Improve port validation.
Jan 10 2022, 9:32 PM
sarthurdev committed rVYOSONEXda370b63b266: validators: T4148: Add text output when validators fail.
Jan 10 2022, 9:32 PM
sarthurdev committed rVYOSONEX0a0e7d789e7e: validators: Stricter checking on port-range validator.
Jan 10 2022, 9:32 PM
sarthurdev changed the status of T4144: Firewall address-group - Improve error messages from Open to In progress.

IPv4 address range error messages are included in PR: https://github.com/vyos/vyos-1x/pull/1152

Jan 10 2022, 9:09 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4148: Firewall - Error messages not that clear as it were in old firewall from Open to Needs testing.

Error for rule being in use when deleting base node was fixed in https://github.com/vyos/vyos-1x/pull/1151

Jan 10 2022, 9:04 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4137: Firewall group configuration allows to set incorrect port range and invalid port from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1152

Jan 10 2022, 9:02 PM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEXdeb9bfa02863: policy: T4155: Fix using incorrect table variable.
Jan 10 2022, 6:42 PM
sarthurdev committed rVYOSONEX67ab81546856: firewall: 4149: Fix verify steps being bypassed when base node is removed.
Jan 10 2022, 6:42 PM
sarthurdev changed the status of T4149: [Firewall-IPV6] Error delete Fw rules on VIF/INT from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1151

Jan 10 2022, 6:40 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases , a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to Needs testing.
Jan 10 2022, 6:40 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev changed the status of T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases from Open to Needs testing.

Thanks for catching that!

Jan 10 2022, 6:40 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4149: [Firewall-IPV6] Error delete Fw rules on VIF/INT from Open to In progress.
Jan 10 2022, 5:53 PM · VyOS 1.4 Sagitta

Jan 6 2022

sarthurdev moved T4133: Firewall network group error with zone-based firewall rules from Open to In Progress on the VyOS 1.4 Sagitta board.
Jan 6 2022, 5:27 PM · VyOS 1.4 Sagitta, VyConf
sarthurdev moved T4145: Conntrack table not showing after firewall rewriting from Open to In Progress on the VyOS 1.4 Sagitta board.
Jan 6 2022, 5:26 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T4145: Conntrack table not showing after firewall rewriting.

Updates the vyatta-conntrack package to work without legacy firewall and fixes the op-mode commands. Should also fix some conntrack functionality (untested).

Jan 6 2022, 3:23 PM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEX79f6f7061c0c: firewall: zone-policy: T4133: Prevent firewall from trying to clean-up zone….
Jan 6 2022, 8:28 AM

Jan 5 2022

sarthurdev changed the status of T4133: Firewall network group error with zone-based firewall rules from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1139

Jan 5 2022, 5:10 PM · VyOS 1.4 Sagitta, VyConf
sarthurdev changed the status of T4133: Firewall network group error with zone-based firewall rules from Open to In progress.
Jan 5 2022, 2:07 PM · VyOS 1.4 Sagitta, VyConf
sarthurdev changed the status of T3635: Add ability to use mDNS repeater with VRRP from In progress to Needs testing.
Jan 5 2022, 1:55 PM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEX8cbfda931dba: keepalived: T4109: Update configd-include.json to reflect filename change.
Jan 5 2022, 1:01 PM
sarthurdev committed rVYOSONEX96f577ef8272: zone-policy: T4135: Raise error when using an invalid "from" zone..
Jan 5 2022, 7:23 AM
sarthurdev changed the status of T4135: Declare zone policy firewall without local zone errors from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1136

Jan 5 2022, 12:40 AM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4135: Declare zone policy firewall without local zone errors from Open to In progress.
Jan 5 2022, 12:33 AM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEXe536b6a037e6: smoketest: shim: Optimise speed of `lsof` command.
Jan 5 2022, 12:23 AM
sarthurdev committed rVYOSONEX459c7079bebe: firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and zone….
Jan 5 2022, 12:23 AM

Jan 4 2022

sarthurdev committed rVYOSONEX84a83ecc4c78: firewall: T4130: Fix firewall state-policy errors.
Jan 4 2022, 4:11 AM
sarthurdev committed rVYOSONEX9213d9cc7bcd: firewall: T4130: Add state-policy test to firewall smoketest.
Jan 4 2022, 4:11 AM
sarthurdev added a comment to T4136: Firewall State Policy entries fail to load..

Duplicate of T4130

Jan 4 2022, 12:45 AM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4130: Firewall state policy errors chain from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1130

Jan 4 2022, 12:14 AM · VyOS 1.4 Sagitta

Jan 3 2022

sarthurdev changed the status of T4130: Firewall state policy errors chain from Open to In progress.
Jan 3 2022, 9:58 PM · VyOS 1.4 Sagitta

Dec 31 2021

sarthurdev committed rVYOSONEX85710cee8fe9: firewall: T2199: Migrate firewall op-mode to XML/Python.
Dec 31 2021, 6:35 PM
sarthurdev committed rVYOSONEXfdeba8da3e99: firewall: T2199: Migrate firewall to XML/Python.
Dec 31 2021, 6:35 PM
sarthurdev committed rVYOSONEX3ebb08893b4b: zone-policy: T2199: Migrate zone-policy op-mode to XML/Python.
Dec 31 2021, 6:35 PM
sarthurdev committed rVYOSONEXc7cf7b941445: zone-policy: T2199: Migrate zone-policy to XML/Python.
Dec 31 2021, 6:35 PM
sarthurdev committed rVYOSONEXdcd202aeeb89: policy: T2199: Migrate policy route op-mode to XML/Python.
Dec 31 2021, 6:35 PM
sarthurdev committed rVYOSONEXf86041de88c3: policy: T2199: Migrate policy route to XML/Python.
Dec 31 2021, 6:35 PM
sarthurdev committed rVYOSONEX28b285b4791a: zone_policy: T3873: Implement intra-zone-filtering.
Dec 31 2021, 6:35 PM

Nov 11 2021

sarthurdev committed rVYOSONEX23691df934ff: pki: T3970: Allow op-mode PKI commands in a config session to install directly.
Nov 11 2021, 6:56 PM

Nov 4 2021

sarthurdev changed the status of T3970: Add support for op-mode PKI direct install into an active config session, a subtask of T3642: PKI configuration, from Open to In progress.
Nov 4 2021, 7:27 PM · VyOS 1.4 Sagitta (1.4.0-epa1)
sarthurdev changed the status of T3970: Add support for op-mode PKI direct install into an active config session from Open to In progress.

PR: https://github.com/vyos/vyos-1x/pull/1066

Nov 4 2021, 7:27 PM · VyOS 1.4 Sagitta
sarthurdev created T3970: Add support for op-mode PKI direct install into an active config session.
Nov 4 2021, 7:21 PM · VyOS 1.4 Sagitta

Nov 3 2021

sarthurdev committed rVYOSONEXa63aa6129324: sstp: T3931: Fixes PKI integration with SSTP.
Nov 3 2021, 5:32 PM
First
Prev
Next