Query: All Stories

	Include stories about projects I am a member of.

I couldn't open those files, but it can be related our firewall refactor :

I confirm this warning message , although, on Linux doesn't affect or at least with our server/client work as expected :

The similar task https://vyos.dev/T4797

This error not only occurs for new settings in global-options but also for older:

Priority must be less than -200 https://github.com/vyos/vyos-1x/blob/08cb4f350b335d5af401f30850d410b4be38530d/data/vyos-firewall-init.conf#L23-L32
https://wiki.nftables.org/wiki-nftables/index.php/Setting_packet_connection_tracking_metainformation#notrack_-_Bypass_connection_tracking

	chain PREROUTING {
		type filter hook prerouting priority -200; policy accept;
		counter packets 6405 bytes 444828 jump VYOS_CT_IGNORE
		counter packets 6405 bytes 444828 jump VYOS_CT_TIMEOUT
		counter packets 6405 bytes 444828 jump VYOS_CT_PREROUTING_HOOK
		counter packets 6405 bytes 444828 jump FW_CONNTRACK
		notrack
	}

Tested after merging T5476 and now we see a proper DHCP release message

It could be incorrect process name name='ddclient - sleeping for 10 seconds' expectedd ddclient, possible bug after commit https://github.com/vyos/vyos-1x/commit/58a20e42087cbb7a1b3b4725fa40fd15a31bb4ed

psutil.Process(pid=2282, name='sshd', started='12:29:23')
psutil.Process(pid=2283, name='vbash', started='12:29:23')
psutil.Process(pid=2625, name='rsyslogd', started='12:30:31')
psutil.Process(pid=9841, name='vbash', started='13:02:24')
psutil.Process(pid=10249, name='kworker/u2:1-events_unbound', started='13:03:58')
psutil.Process(pid=10735, name='kworker/0:1-mm_percpu_wq', started='13:10:42')
psutil.Process(pid=10737, name='kworker/u2:2-events_unbound', started='13:10:42')
psutil.Process(pid=10987, name='ddclient - sleeping for 10 seconds', started='13:12:47')

Thanks @Apachez - closing

In T5160#156049, @Apachez wrote:

If there would never be such then "INVALID" wouldnt exist as an option.

Another update. I noticed that all firewall configuration was gone (apart from the groups) after a reboot.

If there would never be such then "INVALID" wouldnt exist as an option.

I have attached both files.

In T5160#156025, @Apachez wrote:

2.2: Invalid shall ALWAYS be processed BEFORE established/related/other rules otherwise it will not serve it purpose.

I will suggest to move all arm64 kernel flavour to "arm64-vyos" as "amd64-vyos" in x86_64.
It will be better not to have "LOCALVERSION=-v8" in kernel configs.

Thanks, @jestabro
Zabbix-agent really can include config directory, and if it is set and exists any *.conf file it thinks that those files related to zabbix-agent and expects specific config syntax/options.
I.e. it extends zabbix-agent with custom .confg files.
As it was a wrong format, most likely it can't start at all.

2.2: Invalid shall ALWAYS be processed BEFORE established/related/other rules otherwise it will not serve it purpose.

yes, but it's in process to merge : https://github.com/vyos/vyos-documentation/pull/1035

Now we have this included in the nightly builds, is there any documentation on how these refactored rules should be modified? Just bumped my version and was completely lost

Could you share the full configuration ? so we can analyze what is the source of this problem .

All Stories
Use Results
Edit Query
Hide Query

Aug 18 2023

Aug 17 2023

Aug 16 2023

Aug 15 2023

All StoriesUse ResultsEdit QueryHide Query

Aug 18 2023

Aug 17 2023

Aug 16 2023

Aug 15 2023

All Stories
Use Results
Edit Query
Hide Query