The refactored firewall frontend uses rule numbers as described in: https://docs.vyos.io/en/latest/configuration/firewall/general.html#firewall-rules
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Aug 27 2023
Aug 27 2023
syncer edited projects for T5004: DHCP-Relay potential bug. Static configurations of DHCP-Relay Interfaces, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus.
syncer edited projects for T5140: Firewall network-group problems, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus.
syncer edited projects for T5190: Cloud-Init cannot fetch Meta-data on machines where the main Ethernet interface is not eth0, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus.
syncer edited projects for T5180: initramfs-tools ignores firmware from updates directory, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus.
syncer edited projects for T5182: Update Intel ice driver, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus.
syncer edited projects for T5187: Update Realtek r8152 driver, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus.
syncer edited projects for T5220: Unattended installation, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus.
syncer edited projects for T5192: RNDIS Missing from Kernel, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus.
syncer edited projects for T5235: SSH keys with special characters cannot be applied via Cloud-init, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus.
syncer edited projects for T5279: vrf bind-to-all not working for TCP, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus.
syncer edited projects for T5389: add `ftps`, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus.
syncer edited projects for T5485: pppoe: using dialer interfaces in wan-load balancing does not re-install default route, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus.
Aug 26 2023
Aug 26 2023
Apachez added a comment to T5511: Cleanup of unused directories (and files) in order to shrink image-size.
PR created: https://github.com/vyos/vyos-build/pull/381
Closing as dupe of T5080
sarthurdev changed the status of T5080: Disable conntrack by default, a subtask of T5160: Firewall refactor, from Open to In progress.
tjjh89017 added a comment to T5512: build linux-firmware script cannot expand asterisks if firmware name is a glob string.
Raspberry pi 4 wifi driver requires some missing files.
sarthurdev changed the status of T3509: No BCP38 for IPv6 on VyOS from In progress to Needs testing.
GitHub <[email protected]> committed rVYOSONEX75aa90cf2b23: Merge pull request #2163 from sarthurdev/firewall_rpfilter (authored by c-po).
In T2229#142155, @Viacheslav wrote:@skoenman Could you write some examples of configuration?
Ill see if i can get a example more or less of what one wants but it would be there were you asign the queue to the pppoe accoynt when authing..
Aug 25 2023
Aug 25 2023
Using VyOS 1.4-rolling-202308250021.
syncer edited projects for T1185: Firewall rulesets are ignored in RFC-compliant VRRP setups, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T2934: proxy-arp-pvlan on VRRP interface, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T2289: Denest cerbot certificate configuration from service https, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T3651: Move certbot request to op-mode, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T3574: Add constraintGroup for combining validators with logical AND, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T3022: Allow to provide custom TLS certificates for the HTTP virtual hosts, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T3980: vrrp transition-script validator makes warning fatal and also causes a python NameError exception, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T5247: the bug of the command "show interfaces system", added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T5270: Make OpenVPN `tls dh-params` optional, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T4146: Nginx should not listen on port 80, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T5269: OpenVPN non-TLS site-to-site mode deprecation, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T4318: Add ability to mark nodes as non-tag nodes, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T5268: OpenVPN: upgrade package to 2.6 series, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T5271: Add support for peer-fingerprint to OpenVPN, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T5273: Add op mode commands for displaying certificate details and fingerprints, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T5275: Add op mode commands for exporting certificates to PEM files with correct headers, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T5274: Add a deprecation warning for OpenVPN site-to-site with pre-shared secret, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T75: NetFlow have impact on performance, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
Aug 25 2023, 9:48 PM · VyOS 1.5 Circinus, VyOS Rolling, VyOS 1.4 Sagitta, VyOS 1.3 Equuleus, Restricted Project
syncer edited projects for T5280: Update Expired keys (2023-06-08) for PowerDNS, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T5309: Issues when trying to remove OSPF configuration, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T102: Add a command like "set service dns dynamic http-request url ...", added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T117: Cannot install from ISO via serial console on ttyS1, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T305: loadbalancing does not work with one pppoe connection and another connection of either dhcp or static , added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T177: SSD tweaks, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T190: two factor authentication for OpenVPN remote VPN tunnels, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T440: VTI/IPSec with dynamic peer, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T445: iptables error with policy routing, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T362: Proper target dependencies and error checking in the vyos-build makefile, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T469: Problem after commit with errors, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T577: Unconfigured Ethernet interface discovery partial failure on boot, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T659: Static DHCP mappings aren't available on DNS, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T681: Traffic-policy (shaper), returns: 'lowdelay unknown DSCP value', added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
Aug 25 2023, 9:48 PM · Restricted Project
syncer edited projects for T660: 802.1p CoS priority support, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T693: net-snmp-cert missing in rolling release, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T695: Address-group commits with duplicate, but fails when adding rule later., added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T732: Netflow: generate ASNs from the uacctd BGP thread., added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T840: VRRP V3 backup router sending ND RA, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T738: Add local-port and resolver port options for powerdns in CLI configuration tree, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T922: OSPF - Process Crash after peer reboot, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T925: Debug image, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T941: BGP neighbours with IPv6 link-local addresses, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T927: IPv6 GRE packets not being forwarded, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T970: Support matching domain name in firewall rules, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T948: integrate aws cloud watch scripts into AMI, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T971: authentication public-keys options quoting issue, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T973: Create Prometheus Exporter for VyOS , added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T1002: install image - fast install, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T1005: Support for multiple SSID in station mode , WPA-EAP, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T1012: vyos-build configure script should check /etc/issue to avoid confusion, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T1014: Mellanox cards, problem with interrupts, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T1022: Set Channel number in mode a , added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T1028: Suspending and resuming VyOS in VMware will result in loss of static ip addresses, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T1035: SNMP BGP 32 bit AS number fail, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T1044: Dead loop on virtual device, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T1055: Duplicate Address Detection happens on interfaces other than eth0, too, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
Aug 25 2023, 9:46 PM · Restricted Project
syncer edited projects for T1070: SWANCTL: DMVPN: ALL peers are deleted in swan when opennhrp tries to delete ONE peer, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
Aug 25 2023, 9:46 PM · Restricted Project, VyOS 1.3 Equuleus (1.3.9), VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project
syncer edited projects for T1078: Problems in RED/WRED implementation (QoS), added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T1085: Certificates containing CRLF aren't accepted, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T1110: DHCP lease wont changed it's IP after creating static mac-ip mapping, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T1101: Spoke site dynamic IP over NAT connect to Hub site, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T1113: Unwanted/broken "disable" option in firewall state, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T1118: Obsolete "utc" option in time selector in firewall, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T1125: GPG signature warning, default 'no' still goes ahead and starts installing, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T1124: Support BGP Prefix Origin Validation State Extended Community (RFC 8097), added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T1161: Does Vyos take advantage of linux's improved security features?, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
syncer edited projects for T1155: VyOS don't install on USB Stick , added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).