Page MenuHomeVyOS Platform
Feed Search

Search
Use Results
Hide Query

Feb 13 2023

sarthurdev moved T5003: Upgrade base system to Debian 12 "Bookworm" from Open to In Progress on the VyOS 1.4 Sagitta board.
Feb 13 2023, 12:42 AM · VyOS 1.4 Sagitta
sarthurdev changed the status of T5003: Upgrade base system to Debian 12 "Bookworm" from Open to In progress.
Feb 13 2023, 12:41 AM · VyOS 1.4 Sagitta

Feb 3 2023

sarthurdev added a comment to T3871: Resolve unexpected interface name reordering.
In T3871#141847, @jestabro wrote:

Before adopting the approach mentioned above, there was development of an alternative using pyudev within an 'interface-monitor' daemon; the following branches contain (a version of) the rebased code. It would need a few hours of attention to check the logic and add the is_persistent check from vyos-interface-rescan.py; it could use some refactoring as well.

https://github.com/vyos/vyos-1x/compare/current...jestabro:vyos-1x:interface-monitor
https://github.com/vyos/vyatta-cfg/compare/current...jestabro:vyatta-cfg:interface-monitor
https://github.com/vyos/vyos-build/compare/current...jestabro:vyos-build:interface-monitor

Feb 3 2023, 9:33 PM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA)

Jan 29 2023

sarthurdev closed T4965: empty description in firewall group causes configuration error on migration as Resolved.

Fixed in commit: https://github.com/vyos/vyos-1x/commit/6eea12512e59cc28f5c2e5ca5ec7e9e7b21731da

Jan 29 2023, 9:39 AM · VyOS 1.4 Sagitta

Jan 7 2023

sarthurdev added a comment to T4919: TPM-backed config encryption.

Draft PR: https://github.com/vyos/vyos-1x/pull/1740

Jan 7 2023, 12:03 PM · VyOS Rolling, VyOS 1.5 Circinus
c-po awarded T4919: TPM-backed config encryption a 100 token.
Jan 7 2023, 8:36 AM · VyOS Rolling, VyOS 1.5 Circinus

Jan 6 2023

sarthurdev claimed T4919: TPM-backed config encryption.
Jan 6 2023, 7:48 PM · VyOS Rolling, VyOS 1.5 Circinus
sarthurdev created T4919: TPM-backed config encryption.
Jan 6 2023, 7:44 PM · VyOS Rolling, VyOS 1.5 Circinus

Dec 23 2022

sarthurdev committed rVYOSONEXe1a6051d6b94: firewall: T2199: Add mac-address match to `destination` side.
Dec 23 2022, 9:29 PM
sarthurdev committed rVYOSONEX71468176ab6b: firewall: T2199: Fix typo in `rule-log-level.xml.i` header.
Dec 23 2022, 9:29 PM

Dec 3 2022

sarthurdev committed rVYOSONEXf916f40ee9a7: firewall: T478: Fix firewall group circular dependency check.
Dec 3 2022, 2:27 PM
sarthurdev added a comment to T478: Firewall address group (multi and nesting).

PR to fix recursion check: https://github.com/vyos/vyos-1x/pull/1691

Dec 3 2022, 11:43 AM · VyOS 1.4 Sagitta

Nov 22 2022

sarthurdev committed rVYOSONEX8b7a1399fb2b: container: T4834: Limit network names to 11 characters (15 char max including….
Nov 22 2022, 5:45 PM
sarthurdev changed the status of T4834: Limit container network name to 15 characters from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1674

Nov 22 2022, 11:58 AM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4834: Limit container network name to 15 characters from Open to In progress.
Nov 22 2022, 11:55 AM · VyOS 1.4 Sagitta
sarthurdev created T4834: Limit container network name to 15 characters.
Nov 22 2022, 11:55 AM · VyOS 1.4 Sagitta

Nov 17 2022

sarthurdev committed rVYOSONEX586b24e0af1a: policy: T2199: T4605: Migrate policy route interface to `policy route|route6….
Nov 17 2022, 4:52 PM

Nov 11 2022

sarthurdev added a comment to T4605: Firewall change default table names.

PR for policy route refactor updates to vyos_mangle: https://github.com/vyos/vyos-1x/pull/1654

Nov 11 2022, 4:49 PM · VyOS 1.4 Sagitta

Nov 7 2022

sarthurdev committed rVYOSONEX81ca81d44d84: containers: T2216: Skip test if image not available.
Nov 7 2022, 4:40 PM
sarthurdev committed rVYOSONEXf9d19a14f96e: containers: T2216: Move skopeo and busybox image to smoketest post-install.
Nov 7 2022, 4:40 PM

Nov 3 2022

sarthurdev committed rVYOSONEX051e063fdf2e: firewall: T970: Refactor domain resolver, add firewall source/destination….
Nov 3 2022, 8:11 PM
sarthurdev committed rVYOSONEXb4b491d424fb: nat: T1877: T970: Add firewall groups to NAT.
Nov 3 2022, 8:11 PM
sarthurdev triaged T4797: External address/network lists for firewall (Local and remote) as Wishlist priority.
Nov 3 2022, 7:44 PM · VyOS Rolling
sarthurdev changed the status of T1097: Make firewall groups work everywhere that's appropropriate from Open to In progress.

PR adds groups to NAT: https://github.com/vyos/vyos-1x/pull/1633

Nov 3 2022, 7:41 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T1097: Make firewall groups work everywhere that's appropropriate, a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to In progress.
Nov 3 2022, 7:41 PM · VyOS 1.4 Sagitta (1.4.0-epa2)

Nov 1 2022

sarthurdev changed the status of T1877: Feature Request: Allow NAT to use network and address groups from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1633

Nov 1 2022, 12:48 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T970: Support matching domain name in firewall rules.

Adds firewall node rule N source/destination fqdn domain.com for single domains per rule and refactors resolver daemon.

Nov 1 2022, 12:47 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
sarthurdev moved T4759: domain-group on policy route not working from Open to In Progress on the VyOS 1.4 Sagitta board.
Nov 1 2022, 9:19 AM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4759: domain-group on policy route not working from Open to In progress.
Nov 1 2022, 9:19 AM · VyOS 1.4 Sagitta
sarthurdev closed T4764: NAT tables vyos_nat and vyos_static_nat not deleting after deleting nat as Resolved.
Nov 1 2022, 9:19 AM · VyOS 1.4 Sagitta
sarthurdev closed T4774: Disallow duplicate pubkey on peers of a wireguard interface as Unknown Status.
Nov 1 2022, 9:18 AM · VyOS 1.3 Equuleus (1.3.6), VyOS 1.4 Sagitta

Oct 31 2022

sarthurdev changed the status of T1877: Feature Request: Allow NAT to use network and address groups from Open to In progress.
Oct 31 2022, 8:15 PM · VyOS 1.4 Sagitta

Oct 29 2022

sarthurdev committed rVYOSONEXc2ff9aa158b8: wireguard: T4774: Prevent duplicate peer public keys.
Oct 29 2022, 7:07 PM
sarthurdev committed rVYOSONEXf9c1277f5cf5: containers: T3903: Use systemd units for containers.
Oct 29 2022, 7:06 PM
sarthurdev committed rVYOSONEXac73bc2db85b: containers: T2216: Re-enable container smoketest using busybox image.
Oct 29 2022, 7:06 PM
sarthurdev moved T4764: NAT tables vyos_nat and vyos_static_nat not deleting after deleting nat from Open to In Progress on the VyOS 1.4 Sagitta board.
Oct 29 2022, 5:54 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4782: Allow multiple CA certificates (on e.g. EAPoL) from Open to Confirmed.

Good point, I'll try and look into this and see if it can be handled everywhere the new PKI nodes are used.

Oct 29 2022, 5:53 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T3903: Containers: after command "reboot" the host system will reboot after 1.5 minutes from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1628

Oct 29 2022, 5:48 PM · VyOS 1.4 Sagitta

Oct 28 2022

sarthurdev added a comment to T3903: Containers: after command "reboot" the host system will reboot after 1.5 minutes.

Best suggestion seems to be introducing a script to call podman stop -t N on shutdown/reboot to reduce the timeout before SIGKILL is sent.

Oct 28 2022, 1:27 PM · VyOS 1.4 Sagitta

Oct 27 2022

sarthurdev changed the status of T4774: Disallow duplicate pubkey on peers of a wireguard interface from Open to In progress.

1.4 PR: https://github.com/vyos/vyos-1x/pull/1621

Oct 27 2022, 10:54 PM · VyOS 1.3 Equuleus (1.3.6), VyOS 1.4 Sagitta

Oct 26 2022

sarthurdev committed rVYOSONEX2a5273e650ce: nat: T4764: Remove tables on NAT deletion.
Oct 26 2022, 2:58 PM
sarthurdev committed rVYOSONEX16207f7a8ffd: nat: T4706: Verify translation address or port exists.
Oct 26 2022, 2:58 PM

Oct 25 2022

sarthurdev changed the status of T4764: NAT tables vyos_nat and vyos_static_nat not deleting after deleting nat from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1618

Oct 25 2022, 10:02 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4764: NAT tables vyos_nat and vyos_static_nat not deleting after deleting nat from Open to In progress.
Oct 25 2022, 10:29 AM · VyOS 1.4 Sagitta

Oct 11 2022

sarthurdev closed T4741: set firewall zone Local local-zone failed as Resolved.
Oct 11 2022, 1:29 PM · VyOS 1.4 Sagitta
sarthurdev closed T4742: Autocomplete in policy route rule x set table / does not show the tables created in the static protocols as Resolved.
Oct 11 2022, 1:29 PM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEX28e06759fdbb: build: T3664: Add missing divert for /usr/share/pam-configs/radius.
Oct 11 2022, 5:25 AM

Oct 10 2022

sarthurdev committed rVYOSONEX8269866a5d46: firewall: T4741: Verify zone `from` is defined before use.
Oct 10 2022, 6:04 PM
sarthurdev committed rVYOSONEX47984a6de93b: policy: T4742: Add policy route table auto-complete.
Oct 10 2022, 6:04 PM
sarthurdev changed the status of T4742: Autocomplete in policy route rule x set table / does not show the tables created in the static protocols from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1577

Oct 10 2022, 2:27 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4741: set firewall zone Local local-zone failed from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1577

Oct 10 2022, 2:27 PM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEX9ab63d484741: firewall: T3907: Fix firewall state-policy logging.
Oct 10 2022, 6:52 AM

Sep 29 2022

sarthurdev committed rVYOSONEX10a76e846be2: firewall: T2199: Fix op-mode script for interface migration and vyos_filter….
Sep 29 2022, 11:22 AM

Sep 28 2022

sarthurdev committed rVYOSONEX87fdfa6c6ece: nat: T4713: Fix op-mode nat translation output.
Sep 28 2022, 3:35 PM
sarthurdev changed the status of T4713: vyos@vyos:~$ show nat destination rules | doesn't work from Confirmed to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1564

Sep 28 2022, 11:13 AM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4713: vyos@vyos:~$ show nat destination rules | doesn't work from Open to Confirmed.
Sep 28 2022, 9:57 AM · VyOS 1.4 Sagitta

Sep 27 2022

sarthurdev added a comment to T4713: vyos@vyos:~$ show nat destination rules | doesn't work.

Can we see example destination NAT config with the issue?

Sep 27 2022, 8:56 PM · VyOS 1.4 Sagitta

Sep 22 2022

sarthurdev committed rVYOSONEXc72d6bc68c71: nat: T4605: Fix op-mode NAT table name.
Sep 22 2022, 2:03 PM
sarthurdev committed rVYOSONEX448d4f6db9cf: nat: T4605: Refactor NAT to use python module for parsing rules.
Sep 22 2022, 5:58 AM
sarthurdev committed rVYOSONEXe6ba98a85ca7: nat66: T4605: Refactor NAT66 to use python module for parsing rules.
Sep 22 2022, 5:58 AM
sarthurdev committed rVYOSONEXc6bbe051574a: nat: T4605: Refactor static NAT to use python module for parsing rules.
Sep 22 2022, 5:58 AM

Sep 21 2022

sarthurdev added a comment to T4706: NAT and NAT66 issues.

Included a fix for this in NAT refactor: https://github.com/vyos/vyos-1x/pull/1552

Sep 21 2022, 4:12 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T4605: Firewall change default table names.

PR for NAT included with refactor: https://github.com/vyos/vyos-1x/pull/1552

Sep 21 2022, 4:12 PM · VyOS 1.4 Sagitta

Sep 14 2022

sarthurdev committed rVYOSONEX8e8c3bb1cf21: firewall: nat66: policy: T2199: Fix smoketests for nftables updated output.
Sep 14 2022, 2:33 PM
sarthurdev committed rVYOSONEX31cd47594aa5: nhrp: T2199: Use separate table in nftables for NHRP rules.
Sep 14 2022, 11:24 AM
sarthurdev committed rVYOSONEX450ca9a9b46d: firewall: T2199: Refactor firewall + zone-policy, move interfaces under….
Sep 14 2022, 5:56 AM
sarthurdev committed rVYOSONEX31587975258a: firewall: T2199: Move initial firewall tables to data.
Sep 14 2022, 5:56 AM
sarthurdev committed rVYOSONEXf38da6ba4d82: firewall: T4605: Rename filter tables to vyos_filter.
Sep 14 2022, 5:56 AM
sarthurdev committed rVYOSONEX24e5529be7b5: policy: T2199: Typo in policy route smoketest teardown.
Sep 14 2022, 5:56 AM
sarthurdev committed rVYOSONEX30945f39d6d1: zone-policy: T2199: Migrate zone-policy to firewall node.
Sep 14 2022, 5:56 AM

Sep 12 2022

sarthurdev added a comment to T2199: Rewrite firewall in new XML/Python style.

Refactor PR: https://github.com/vyos/vyos-1x/pull/1534

Sep 12 2022, 7:16 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev added a comment to T4605: Firewall change default table names.

PR for filter tables: https://github.com/vyos/vyos-1x/pull/1534

Sep 12 2022, 7:15 PM · VyOS 1.4 Sagitta

Sep 10 2022

sarthurdev added a comment to T1185: Firewall rulesets are ignored in RFC-compliant VRRP setups.
In T1185#133941, @roedie wrote:

Just a suggestion, would it be a weird idea to move the firewall config from the interface section to the firewall section? A bit like the zone config. So something like:

set firewall local interface eth0 name <firewall-filter>
set firewall in interface eth0 name <firewall-filter>
set firewall out interface eth0 name <firewall-filter>
set firewall local interface bond0.10v22v6 ipv6-name <firewall-filter>

The problem is that using zone-policy firewall is a bit overkill for a pure router or even a router with async routing. In which scenario I guess only the local variant would be useful.

Sep 10 2022, 6:23 PM

Aug 17 2022

sarthurdev added a comment to T4612: Support arbitrary netmasks in firewall rules.

Not supported at the moment, but we can look into adding it for both ipv4/v6 in 1.4

Aug 17 2022, 8:05 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T4605: Firewall change default table names.

While I'm for changing to prefixed tables, I think the issue of tailscale and custom apps should fall under the accepted risk of running custom scripts outside of the config.

Aug 17 2022, 8:02 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T4610: Firewall with 20K entries cannot load after reboot.

Any config available to test against?

Aug 17 2022, 7:53 PM · VyOS 1.4 Sagitta

Jul 7 2022

sarthurdev triaged T4515: Reduce telegraf binary size as Wishlist priority.
Jul 7 2022, 11:01 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEX52ce65950902: syslog: T4500: Remove max-size from rsyslog leaving rotation to logrotate.
Jul 7 2022, 9:43 AM

Jul 6 2022

sarthurdev committed rVYOSONEX9b6d03061b6f: firewall: T4500: Fix logrotate size to match rsyslog default value.
Jul 6 2022, 4:03 PM
sarthurdev added a comment to T4250: Organize logrotate settings to avoid duplicates.

I think there's still a problem possible with /var/log/messages handling:

Jul 6 2022, 3:50 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4500: Missing firewall logs from Confirmed to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1398

Jul 6 2022, 3:46 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4500: Missing firewall logs from Open to Confirmed.

Confirmed issue, seems to be a problem in rsyslog/logrotate. Possibly related to T4250

Jul 6 2022, 2:50 PM · VyOS 1.4 Sagitta

Jul 5 2022

sarthurdev closed T478: Firewall address group (multi and nesting), a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Jul 5 2022, 11:41 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev closed T478: Firewall address group (multi and nesting) as Resolved.
Jul 5 2022, 11:41 PM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEXf29dbc415a8b: zone-policy: T4512: Add support for `enable-default-log`.
Jul 5 2022, 8:10 PM
sarthurdev committed rVYOSONEXd9ba5d4a6f38: firewall: T2199: Fix migration when `icmpv6 type` is an integer.
Jul 5 2022, 8:10 PM
sarthurdev changed the status of T4512: enable-default-log on zone-policy from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1394

Jul 5 2022, 6:08 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4512: enable-default-log on zone-policy from Open to In progress.
Jul 5 2022, 5:27 PM · VyOS 1.4 Sagitta

Jul 4 2022

sarthurdev committed rVYOSONEX884f68b25455: firewall: T4299: Add ability to inverse match country codes.
Jul 4 2022, 6:56 PM
sarthurdev committed rVYOSONEXf801d869a2ef: openvpn: T4485: Add CRL to OpenVPN config test.
Jul 4 2022, 7:22 AM
sarthurdev committed rVYOSONEXd09e22772bd6: smoketest: T4485: Move smoketest PKI generation to vyos-1x.
Jul 4 2022, 7:22 AM

Jul 2 2022

sarthurdev added a comment to T4299: Firewall - GeoIP filtering.

Inverse match PR: https://github.com/vyos/vyos-1x/pull/1386

Jul 2 2022, 12:52 AM · VyOS 1.4 Sagitta

Jul 1 2022

sarthurdev added a comment to T4500: Missing firewall logs.

If the counters are visible and incrementing when checking with nft list table ip filter then I don't think this is an implementation issue. Wondering if its a problem with the syslog daemon.

Jul 1 2022, 9:49 PM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEX0d5ac59894ae: openvpn: T4485: Accept multiple `tls ca-certificate` values.
Jul 1 2022, 9:21 AM
sarthurdev committed rVYOSONEXefd956f912b8: openvpn: T4485: Update PKI migrator to handle full CA chain migration.
Jul 1 2022, 9:20 AM

Jun 29 2022

sarthurdev added a comment to T4485: OpenVPN: Allow multiple CAs certificates.

PR: https://github.com/vyos/vyos-1x/pull/1380

Jun 29 2022, 10:11 PM · VyOS 1.4 Sagitta

Jun 27 2022

sarthurdev closed T4484: Firewall op-mode summary doesn't correctly handle address group containing ranges as Resolved.
Jun 27 2022, 8:16 PM · VyOS 1.4 Sagitta

Jun 26 2022

sarthurdev committed rVYOSONEXa54c755991af: firewall: T4484: Fix op-mode summary for address groups with ranges..
Jun 26 2022, 8:54 AM

Jun 25 2022

sarthurdev changed the status of T4485: OpenVPN: Allow multiple CAs certificates from Open to In progress.
Jun 25 2022, 9:58 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4484: Firewall op-mode summary doesn't correctly handle address group containing ranges from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1368

Jun 25 2022, 9:48 PM · VyOS 1.4 Sagitta
First
Prev
Next