Page MenuHomeVyOS Platform
Feed All Stories

All Stories
Use Results
Edit Query

Jan 21 2022

n.fort closed T4133: Firewall network group error with zone-based firewall rules as Resolved.
Jan 21 2022, 6:35 PM · VyOS 1.4 Sagitta, VyConf
n.fort added a comment to T4133: Firewall network group error with zone-based firewall rules.

Seems solved, Not reproducible on VyOS 1.4-rolling-202201180317

Jan 21 2022, 6:35 PM · VyOS 1.4 Sagitta, VyConf
n.fort changed the status of T4199: Commit failed when setting icmpv6 type any from In progress to Confirmed.
Jan 21 2022, 6:20 PM · VyOS 1.4 Sagitta
n.fort added a comment to T4199: Commit failed when setting icmpv6 type any.

Did did work as expeced

vyos@vyos# run show config comm | grep fire
set firewall ipv6-name FOO rule 10 action 'accept'
set firewall ipv6-name FOO rule 10 icmpv6 type 'echo-request'
set firewall ipv6-name FOO rule 10 protocol 'ipv6-icmp'
Jan 21 2022, 6:03 PM · VyOS 1.4 Sagitta
n.fort added a comment to T4199: Commit failed when setting icmpv6 type any.

Also, while matching parameters valid in nftables, such as echo-reply, commit fails too:

Jan 21 2022, 4:29 PM · VyOS 1.4 Sagitta
Viacheslav closed T4137: Firewall group configuration allows to set incorrect port range and invalid port as Resolved.
Jan 21 2022, 4:22 PM · VyOS 1.4 Sagitta
n.fort created T4201: Firewall - ICMPv6 matches not working as expected on 1.3.0.
Jan 21 2022, 4:20 PM · VyOS 1.3 Equuleus (1.3.0)
hensur committed rVYOSONEX2e4bceee568d: policy: T4151: Bugfix policy ipv6-local-route.
Jan 21 2022, 1:51 PM
GitHub <noreply@github.com> committed rVYOSONEXf791d3ef4c33: Merge pull request #1183 from hensur/current-ipv6-local-route (authored by c-po).
Jan 21 2022, 1:51 PM
hensur added a comment to T4151: IPV6 local PBR Support.

Should be fixed with https://github.com/vyos/vyos-1x/pull/1183

Jan 21 2022, 12:29 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
n.fort added a comment to T4199: Commit failed when setting icmpv6 type any.

Bug related: https://phabricator.vyos.net/T4186

Jan 21 2022, 12:27 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4199: Commit failed when setting icmpv6 type any from Open to In progress.
Jan 21 2022, 12:22 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T4200: Assigning ipv6-name to interface is not generating nftables rules.

I can't reproduce this issue on latest rolling

Jan 21 2022, 12:03 PM · VyOS 1.4 Sagitta
hensur added a comment to T4151: IPV6 local PBR Support.

I'm looking into it. From the logs it seems like for src in (pbr[rule_rm][rule]['source'] or ['']) doesn't work if 'source' doesn't exist.

Jan 21 2022, 9:44 AM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
goodNETnick <pknet@ya.ru> committed rVYOSONEX28a92e75cf93: DHCP: T4196: fix client-prefix-length parameter.
Jan 21 2022, 7:59 AM
GitHub <noreply@github.com> committed rVYOSONEXec5eb00bd83a: Merge pull request #1180 from goodNETnick/dhcp-client-prefix (authored by c-po).
Jan 21 2022, 7:59 AM
Viacheslav added a comment to T4151: IPV6 local PBR Support.

@hensur Smoketest failed.

Jan 21 2022, 7:12 AM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
Unknown Object (User) added a comment to T4154: Error add second gre tunnel with the same source interface.

(VyOS 1.4-rolling-202201200814) - The same.

Jan 21 2022, 2:39 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Unknown Object (User) added a comment to T4137: Firewall group configuration allows to set incorrect port range and invalid port.

I ve testet it on (Version:VyOS 1.4-rolling-202201200814). It seems well.

Jan 21 2022, 2:21 AM · VyOS 1.4 Sagitta
Unknown Object (User) added a comment to T4115: reboot in <x> not working as expected.

I ve tested this scenario on VyOS 1.4-rolling-202201200814, as said Srividya you can choose minutes betwen 1-99.
If this is critical, you can expand the range by opening a "feature request".

Jan 21 2022, 12:52 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta

Jan 20 2022

c-po closed T4171: Interface config migration error on 1.2.8 -> 1.4 upgrade, a subtask of T3871: Resolve unexpected interface name reordering, as Resolved.
Jan 20 2022, 7:45 PM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA)
c-po closed T4171: Interface config migration error on 1.2.8 -> 1.4 upgrade as Resolved.
Jan 20 2022, 7:45 PM · VyOS 1.4 Sagitta
c-po added a subtask for T3871: Resolve unexpected interface name reordering: T4171: Interface config migration error on 1.2.8 -> 1.4 upgrade.
Jan 20 2022, 7:45 PM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA)
c-po added a parent task for T4171: Interface config migration error on 1.2.8 -> 1.4 upgrade: T3871: Resolve unexpected interface name reordering.
Jan 20 2022, 7:45 PM · VyOS 1.4 Sagitta
c-po added a comment to T4171: Interface config migration error on 1.2.8 -> 1.4 upgrade.

Seems to have fixed it

Jan 20 2022, 7:44 PM · VyOS 1.4 Sagitta
jestabro committed rVYOSONEXa41826759ae7: interface-names: T3871: use tempfile during virtual migration.
Jan 20 2022, 7:44 PM
GitHub <noreply@github.com> committed rVYOSONEX93cdb6f1ca00: Merge pull request #1182 from jestabro/migrate-while-udev (authored by c-po).
Jan 20 2022, 7:44 PM
sarthurdev committed rVYOSONEXd1d0150b6a40: firewall: T2199: Add log prefix to match legacy perl behaviour.
Jan 20 2022, 7:22 PM
GitHub <noreply@github.com> committed rVYOSONEXfcb1b6c69ffc: Merge pull request #1181 from sarthurdev/firewall (authored by c-po).
Jan 20 2022, 7:22 PM
SrividyaA claimed T4115: reboot in <x> not working as expected.
Jan 20 2022, 5:43 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
artooro added a project to T4200: Assigning ipv6-name to interface is not generating nftables rules: VyOS 1.4 Sagitta.
Jan 20 2022, 5:25 PM · VyOS 1.4 Sagitta
artooro updated artooro.
Jan 20 2022, 5:21 PM
artooro created T4200: Assigning ipv6-name to interface is not generating nftables rules.
Jan 20 2022, 5:19 PM · VyOS 1.4 Sagitta
artooro created T4199: Commit failed when setting icmpv6 type any.
Jan 20 2022, 4:55 PM · VyOS 1.4 Sagitta
Viacheslav renamed T4197: Vyos arm64-latest build issue with telegraf pkg from Vyos arm64-latest build issue to Vyos arm64-latest build issue with telegraf pkg.
Jan 20 2022, 4:01 PM · VyOS 1.4 Sagitta
Viacheslav updated the task description for T4197: Vyos arm64-latest build issue with telegraf pkg.
Jan 20 2022, 4:01 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4198: Error shown on commit.

@adestis Could you share commands, on how to reproduce this bug? Thanks.

Jan 20 2022, 3:50 PM · VyOS 1.3 Equuleus (1.3.0)
adestis created T4198: Error shown on commit.
Jan 20 2022, 3:40 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav changed the status of T4151: IPV6 local PBR Support from Open to Needs testing.
Jan 20 2022, 2:24 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
hensur committed rVYOSONEX0d4079ca3a3d: policy: T4151: Add policy ipv6-local-route.
Jan 20 2022, 2:16 PM
GitHub <noreply@github.com> committed rVYOSONEX876d108c5dba: Merge pull request #1144 from hensur/current-ipv6-local-route (authored by c-po).
Jan 20 2022, 2:16 PM
Viacheslav changed the subtype of T4196: DHCP server client-prefix-length parameter results in non-functional leases from "Task" to "Bug".
Jan 20 2022, 12:58 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)
Viacheslav changed the status of T4196: DHCP server client-prefix-length parameter results in non-functional leases from Open to In progress.
Jan 20 2022, 12:58 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)
Unknown Object (User) added a comment to T4196: DHCP server client-prefix-length parameter results in non-functional leases.

PR:
https://github.com/vyos/vyos-1x/pull/1180/files

Jan 20 2022, 12:07 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)
al-pankov created T4197: Vyos arm64-latest build issue with telegraf pkg.
Jan 20 2022, 6:47 AM · VyOS 1.4 Sagitta
Unknown Object (User) added a comment to T4196: DHCP server client-prefix-length parameter results in non-functional leases.

From ISC-DHCP manual pages:
https://kb.isc.org/docs/isc-dhcp-44-manual-pages-dhcp-options

Jan 20 2022, 4:38 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)
Unknown Object (User) updated the task description for T4196: DHCP server client-prefix-length parameter results in non-functional leases.
Jan 20 2022, 4:22 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)
Unknown Object (User) created T4196: DHCP server client-prefix-length parameter results in non-functional leases.
Jan 20 2022, 4:11 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)

Jan 19 2022

sarthurdev committed rVYOSONEX0a5a78621b2b: firewall: T3560: Add support for MAC address groups.
Jan 19 2022, 5:56 PM
GitHub <noreply@github.com> committed rVYOSONEX569dfa77f07c: Merge pull request #1177 from sarthurdev/mac_groups (authored by c-po).
Jan 19 2022, 5:56 PM
c-po triaged T4195: [OSPF-ECMP]enable set maximun-path as Low priority.
Jan 19 2022, 5:53 PM · VyOS 1.4 Sagitta
c-po closed T4195: [OSPF-ECMP]enable set maximun-path as Resolved.
Jan 19 2022, 5:53 PM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEX081fc4466f20: firewall: policy: T1292: Clean up any rules required to delete a chain.
Jan 19 2022, 5:06 PM
sarthurdev committed rVYOSONEXf96a4fcd5d0c: firewall: T2199: Raise ConfigError if deleted node is used in zone-policy.
Jan 19 2022, 5:06 PM
GitHub <noreply@github.com> committed rVYOSONEX10a740096edb: Merge pull request #1176 from sarthurdev/firewall (authored by c-po).
Jan 19 2022, 5:06 PM
fett0 <fernando.gmaidana@gmail.com> committed rVYOSONEXc31f085b5d87: OSPF : T4195: ability to set maximum paths for OSPF.
Jan 19 2022, 5:06 PM
GitHub <noreply@github.com> committed rVYOSONEX258dd07904be: Merge pull request #1179 from fett0/T4195 (authored by c-po).
Jan 19 2022, 5:06 PM
fernando added a comment to T4195: [OSPF-ECMP]enable set maximun-path.

PR : https://github.com/vyos/vyos-1x/pull/1179

Jan 19 2022, 4:11 PM · VyOS 1.4 Sagitta
fernando created T4195: [OSPF-ECMP]enable set maximun-path.
Jan 19 2022, 4:00 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4193: Add support for transparent firewall.

PR for required interface "nodes" https://github.com/vyos/vyatta-cfg-firewall/pull/30

Jan 19 2022, 12:31 PM · VyOS 1.4 Sagitta
Viacheslav changed the subtype of T4194: prefix-list no check for duplicate entries from "Task" to "Bug".

In fact you find a new bug in 1.4

Jan 19 2022, 10:29 AM · VyOS 1.4 Sagitta
FileGo added a comment to T4188: Firewall does not correctly handle conntracking.

Seems to be working fine as far as I can see.

Jan 19 2022, 7:52 AM · VyOS 1.4 Sagitta
hexes added a comment to T4025: OpenVPN server with TAP interface, client didn’t see network.

Hello @Viacheslav, thanks for reply, so, if you'll bridge vtun94 and eth0.94 to br94 will it work in L2 level?
Did you push this update to nightbuild?

Jan 19 2022, 3:39 AM · Bugs, VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.1), Restricted Project, openvpn
Unknown Object (User) created T4194: prefix-list no check for duplicate entries.
Jan 19 2022, 2:00 AM · VyOS 1.4 Sagitta

Jan 18 2022

Viacheslav added a comment to T4072: Feature Request: Firewall on bridge interfaces.

Some details in T4193

Jan 18 2022, 8:51 PM · VyOS 1.4 Sagitta
dmbaturin created T4193: Add support for transparent firewall.
Jan 18 2022, 7:41 PM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEXa7e14cba820f: firewall: T4188: Create default conntrack `FW_CONNTRACK` chain.
Jan 18 2022, 6:59 PM
GitHub <noreply@github.com> committed rVYOSONEXc77369761f9c: Merge pull request #1178 from sarthurdev/firewall_T4188 (authored by c-po).
Jan 18 2022, 6:59 PM
n.fort closed T292: [ZBF] Allow filtering intra zone traffic as Resolved.
Jan 18 2022, 6:29 PM · VyOS 1.4 Sagitta
n.fort added a comment to T292: [ZBF] Allow filtering intra zone traffic.

Resolved in T3873

Jan 18 2022, 6:29 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4188: Firewall does not correctly handle conntracking from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1178

Jan 18 2022, 6:02 PM · VyOS 1.4 Sagitta
johannrichard awarded T3560: Ability to create groups of MAC addresses a Like token.
Jan 18 2022, 5:46 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T3560: Ability to create groups of MAC addresses, a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to Needs testing.
Jan 18 2022, 5:35 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev changed the status of T3560: Ability to create groups of MAC addresses from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1177

Jan 18 2022, 5:35 PM · VyOS 1.4 Sagitta
sarthurdev renamed T4188: Firewall does not correctly handle conntracking from Firewall does not match ICMPv6 packets to Firewall does not correctly handle conntracking.
Jan 18 2022, 5:30 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4188: Firewall does not correctly handle conntracking from Open to In progress.

Okay, thanks for the update. I have found a conntrack issue in the code. Will have a fix in shortly.

Jan 18 2022, 5:29 PM · VyOS 1.4 Sagitta
Unknown Object (User) added a comment to T3522: policy based routing not working.

Looks like I see the same issue for 1.3.0. Reproducing steps:

set interfaces ethernet eth1 address 'dhcp'
set protocols static table 1 route 0.0.0.0/0 dhcp-interface eth1
Jan 18 2022, 4:06 PM · VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project
FileGo reopened T4188: Firewall does not correctly handle conntracking as "Open".

Thanks, this does fix the ICMP issue, however rule 10 which is supposed to accept packets with related/established states (say a HTTP response following a request), doesn't seem to match any packets, and the packets get dropped by the default rule.

Jan 18 2022, 4:04 PM · VyOS 1.4 Sagitta
n.fort added a comment to T4178: policy based routing tcp flags issue.

TCP Flags seems to be working on firewall filter config.

Jan 18 2022, 3:01 PM · VyOS 1.4 Sagitta
n.fort closed T3873: Zone based Firewall - Filter traffic in same zone as Resolved.
Jan 18 2022, 2:18 PM · VyOS 1.4 Sagitta
n.fort added a comment to T3873: Zone based Firewall - Filter traffic in same zone.

Tested on VyOS 1.4-rolling-202201180317 and working as expected

Jan 18 2022, 2:18 PM · VyOS 1.4 Sagitta
sarthurdev closed T4159: Empty firewall group (address, network & port) generates invalid nftables config, commit fails, a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Jan 18 2022, 1:50 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev closed T4159: Empty firewall group (address, network & port) generates invalid nftables config, commit fails as Resolved.
Jan 18 2022, 1:50 PM · VyOS 1.4 Sagitta
sarthurdev closed T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases , a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Jan 18 2022, 1:50 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev closed T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases as Resolved.
Jan 18 2022, 1:50 PM · VyOS 1.4 Sagitta
sarthurdev closed T3286: Switch the firewall from iptables to nftables, a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Jan 18 2022, 1:47 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev closed T3286: Switch the firewall from iptables to nftables as Resolved.
Jan 18 2022, 1:47 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T1292: Issues while deleting all rules from a firewall, a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to Needs testing.
Jan 18 2022, 1:45 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev changed the status of T1292: Issues while deleting all rules from a firewall from Open to Needs testing.

Fixed in 1.4 PR: https://github.com/vyos/vyos-1x/pull/1176

Jan 18 2022, 1:45 PM · VyOS 1.4 Sagitta
atoy40 added a comment to T4139: Wireless interface member of a bridge.

@klipz In my case, the only problem is adding the wlan interface to the bridge at startup (looks like an order thing), when vyos is started (and the wlan interface is up) no problem to add it to the bridge witth the CLI.

Jan 18 2022, 8:03 AM · VyOS 1.3 Equuleus (1.3.6)
c-po added a comment to T4187: XDP broken for VLAN/vif interfaces with hardware offloading.

The XDP proof of concept program that is availbale in 1.4 does not support 802.1q - those headers are not parsed and processed.

Jan 18 2022, 5:42 AM · VyOS 1.4 Sagitta
c-po changed the status of T4187: XDP broken for VLAN/vif interfaces with hardware offloading from Open to Confirmed.
Jan 18 2022, 5:41 AM · VyOS 1.4 Sagitta
c-po added a comment to T4189: Ability to set dns forwarding in vrf.

What would be the use-case? We can start PDNS in one VRF context only.

Jan 18 2022, 5:40 AM · VyOS 1.4 Sagitta
c-po changed the status of T3700: Support VLAN tunnel mapping of VLAN aware bridges, a subtask of T3137: Let VLAN aware bridge approach the behavior of professional equipment, from In progress to On hold.
Jan 18 2022, 5:26 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
c-po changed the status of T3700: Support VLAN tunnel mapping of VLAN aware bridges from In progress to On hold.
Jan 18 2022, 5:26 AM · VyOS 1.4 Sagitta
nikeshhajari created T4192: OpenVPN custom option for "--client-to-client" causes configuration error.
Jan 18 2022, 4:11 AM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a project to T2762: VRF: when SSHd is VRF bound all commands are executed in VRF context: VyOS 1.4 Sagitta.
Jan 18 2022, 2:28 AM · VyOS Rolling

Jan 17 2022

Viacheslav added a comment to T2762: VRF: when SSHd is VRF bound all commands are executed in VRF context.

PR for ping https://github.com/vyos/vyos-1x/pull/1175

Jan 17 2022, 11:47 PM · VyOS Rolling
Viacheslav updated the task description for T4191: Lost access to host after VRF re-creating.
Jan 17 2022, 8:12 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav created T4191: Lost access to host after VRF re-creating.
Jan 17 2022, 8:09 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
First
Prev
Next