It should be possible in https://github.com/vyos/vyos-1x/pull/1534 T2199
set firewall interface ethXvX
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Sep 13 2022
Sep 13 2022
Viacheslav added a comment to T4687: Canot change configuration after image update from 202207220217 to 202209090217.
It seems you use some custom scripts for configuration
You have to use
if [ "$(id -g -n)" != 'vyattacfg' ] ; then
exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@"
fibefore your configuration script
c-po moved T4691: Upgrade Linux Kernel to latest 5.15.y train from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
c-po changed the status of T4691: Upgrade Linux Kernel to latest 5.15.y train from Open to In progress.
Sep 12 2022
Sep 12 2022
Refactor PR: https://github.com/vyos/vyos-1x/pull/1534
PR for filter tables: https://github.com/vyos/vyos-1x/pull/1534
Should be fixed in https://github.com/vyos/vyatta-cfg-firewall/pull/34
jestabro changed the status of T4690: Update GraphQL resolver for 'SystemStatus' following changes to 'show_uptime' op-mode script from Open to In progress.
Already renamed:
c-po renamed T3318: Update Linux Kernel to v5.4.208 / 5.10.142 from Update Linux Kernel to v5.4.208 / 5.10.135 to Update Linux Kernel to v5.4.208 / 5.10.142.
jack9603301 moved T4689: Support RFS(Receive Flow Steering) from In Progress to Finished on the VyOS 1.4 Sagitta board.
jack9603301 changed the status of T4689: Support RFS(Receive Flow Steering) from In progress to Needs testing.
Sep 11 2022
Sep 11 2022
jack9603301 changed the status of T4689: Support RFS(Receive Flow Steering) from Open to In progress.
jack9603301 moved T4689: Support RFS(Receive Flow Steering) from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
jack9603301 renamed T4689: Support RFS(Receive Flow Steering) from Support RFS to Support RFS(Receive Flow Steering).
initramfs updated the task description for T4688: Add support for customizing packet verdict actions in limiter traffic policy.
Sep 10 2022
Sep 10 2022
In T1185#133944, @sdev wrote:A similar syntax change is in progress as part of a larger firewall refactor. It should reach the 1.4 branch in a week or so. It should allow for any valid existing interface name.
In T1185#133941, @roedie wrote:Just a suggestion, would it be a weird idea to move the firewall config from the interface section to the firewall section? A bit like the zone config. So something like:
set firewall local interface eth0 name <firewall-filter> set firewall in interface eth0 name <firewall-filter> set firewall out interface eth0 name <firewall-filter> set firewall local interface bond0.10v22v6 ipv6-name <firewall-filter>The problem is that using zone-policy firewall is a bit overkill for a pure router or even a router with async routing. In which scenario I guess only the local variant would be useful.
Or, come to think, some free from of set interfaces unknown <typeyourownname> firewall local name <ruleset> where you can only config stuff that doesn't really depend on an interface.
Just a suggestion, would it be a weird idea to move the firewall config from the interface section to the firewall section? A bit like the zone config. So something like:
jack9603301 changed the subtype of T4659: Use vtysh to display bridge and some interface parameter information from "Task" to "Feature Request".
jack9603301 changed the subtype of T4686: Provides support for veth from "Task" to "Feature Request".
jack9603301 added a subtask for T3829: Support separated TCP/IP stack via "ip netns": T4686: Provides support for veth.
jack9603301 added a parent task for T4686: Provides support for veth: T3829: Support separated TCP/IP stack via "ip netns".
Unknown Object (User) added a comment to T874: Support for Two Factor Authentication for CLI access via Google Authenticator/OTP.
First we need to include the "google-authenticator" in our build
Unknown Object (User) claimed T874: Support for Two Factor Authentication for CLI access via Google Authenticator/OTP.
initramfs updated the task description for T4685: Interface does not exist on boot when used as inbound-interface for local policy route.
Sep 9 2022
Sep 9 2022
zsdc changed the status of T2189: Adding a large port-range will take ~ 20 minutes to commit from Open to In progress.
/usr/libexec/vyos/op_mode/route.py already exists but without an execution flag
PR https://github.com/vyos/vyos-1x/pull/1531
jestabro closed T4681: Complete standardization of show_uptime.py, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
jestabro closed T4682: Rewrite 'show system storage' in standardized format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
I am suggesting marking this task as "Resolved" because the driver works by himself and NIC can be used with a proper configuration.
Viacheslav changed the status of T4679: OpenVPN site-to-site incorrect check for IPv6 local and remote address from Open to In progress.
The real check without IPv4 local/remote:
vyos@r14# commit [ interfaces openvpn vtun2 ]
Viacheslav changed the status of T4672: RADIUS server disable does not work from Open to Needs testing.
Sep 8 2022
Sep 8 2022
jestabro updated the task description for T4682: Rewrite 'show system storage' in standardized format.
jestabro renamed T4682: Rewrite 'show system storage' in standardized format from Rewrite 'show system storage' in standarized format to Rewrite 'show system storage' in standardized format.
jestabro changed the status of T4682: Rewrite 'show system storage' in standardized format from Open to In progress.
jestabro edited projects for T4681: Complete standardization of show_uptime.py, added: VyOS 1.4 Sagitta; removed VyOS 1.2 Crux.
jestabro changed the status of T4681: Complete standardization of show_uptime.py from Open to In progress.
Created pull request with fix. https://github.com/vyos/vyos-1x/pull/1527
I've tested this and it seems to work correctly.
Viacheslav changed Version from VyOS 1.3.1-S1,VyOS 1.3.2 to VyOS 1.3.1-S1, VyOS 1.3.2, VyOS 1.4-rolling-202209070217 on T4679: OpenVPN site-to-site incorrect check for IPv6 local and remote address.
The interface naming is incorrect after this change for the second interface with the same VRID. It breaks show int.
Sep 7 2022
Sep 7 2022
Viacheslav updated the task description for T4676: IPoE server with mac authentication generates a wrong dictionary.
jestabro changed Is it a breaking change? from none to compatible on T4669: Extend numeric.ml for inversion of values and range values.
Viacheslav added a comment to T4617: VRF specification is needed for telegraf prometheus-client listen-address <address> .
@aserkin Could you create a PR?
As @zsdc says, it's not enough to just have the driver, the problem is that it doesn't work with MTUs over 1460, and VyOS now tries to force it to 1500 if it's not specified. We need to adjust that logic so that MTU setting error doesn't cause a commit error.
aserkin added a comment to T4617: VRF specification is needed for telegraf prometheus-client listen-address <address> .
I'd suggest adding
**Restart=always RestartSec=10**
to /usr/share/vyos/templates/telegraf/override.conf.j2 as it is done for ntp.service.
Otherwise the telegraf service do not start - it does 5 start attempts very quickly during boot with error:
Sep 07 11:43:59 vyos-lns-1 systemd[1]: telegraf.service: Failed with result 'exit-code'. Sep 07 11:43:59 vyos-lns-1 systemd[1]: telegraf.service: Scheduled restart job, restart counter is at 5. Sep 07 11:43:59 vyos-lns-1 systemd[1]: telegraf.service: Start request repeated too quickly. Sep 07 11:43:59 vyos-lns-1 systemd[1]: telegraf.service: Failed with result 'exit-code'.
and stays in a failed state.
see boot log attached.
vyos-boot.log240 KBDownload
Sep 6 2022
Sep 6 2022
jestabro closed T4674: API should show op-mode error message, if present, a subtask of T4640: Integrate op-mode exception hierarchy into API, as Resolved.
jestabro changed the status of T4674: API should show op-mode error message, if present from Open to In progress.