Page MenuHomeVyOS Platform
Feed Search

Search
Use Results
Hide Query

Sep 6 2023

sarthurdev committed rVYOSONEXbe3d2f9f6623: firewall: T3509: Split IPv4 and IPv6 reverse path filtering like on interfaces.
Sep 6 2023, 6:25 PM

Sep 5 2023

sarthurdev added a comment to T5376: Conntrack FTP helper does not work properly.

@svd135 Can you provide a version string when you last had it working? Seeing the firewall config might also be helpful.

Sep 5 2023, 7:31 PM · VyOS 1.4 Sagitta (1.4.0-epa1), VyOS 1.5 Circinus
sarthurdev changed the status of T5550: Source validation on interface does not work properly from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/2208

Sep 5 2023, 6:36 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
sarthurdev changed the status of T5550: Source validation on interface does not work properly from Open to In progress.
Sep 5 2023, 2:06 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
sarthurdev claimed T5550: Source validation on interface does not work properly.
Sep 5 2023, 10:48 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Sep 4 2023

sarthurdev changed the status of T4903: Support IPv6 addresses in "set system conntrack ignore" from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/2199

Sep 4 2023, 10:50 AM · VyOS 1.4 Sagitta (1.4.0-epa3)
sarthurdev changed the status of T4309: Support network/address-groups and ipv6-network/ipv6-address-groups in "conntrack ignore" from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/2199

Sep 4 2023, 10:50 AM · VyOS 1.4 Sagitta (1.4.0-epa3)
sarthurdev changed the status of T4309: Support network/address-groups and ipv6-network/ipv6-address-groups in "conntrack ignore" from Open to In progress.
Sep 4 2023, 9:38 AM · VyOS 1.4 Sagitta (1.4.0-epa3)
sarthurdev changed the status of T4903: Support IPv6 addresses in "set system conntrack ignore" from Open to In progress.
Sep 4 2023, 9:38 AM · VyOS 1.4 Sagitta (1.4.0-epa3)

Sep 3 2023

sarthurdev closed T4612: Support arbitrary netmasks in firewall rules as Resolved.
Sep 3 2023, 10:37 AM · VyOS 1.4 Sagitta

Aug 31 2023

sarthurdev committed rVYOSONEX493d060922f6: eapol: T4782: Support multiple CA chains.
Aug 31 2023, 3:15 PM
sarthurdev changed the status of T4782: Allow multiple CA certificates (on e.g. EAPoL) from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/2190

Aug 31 2023, 10:02 AM · VyOS 1.4 Sagitta

Aug 30 2023

sarthurdev changed the status of T4782: Allow multiple CA certificates (on e.g. EAPoL) from Confirmed to In progress.
Aug 30 2023, 11:24 PM · VyOS 1.4 Sagitta
sarthurdev closed T4485: OpenVPN: Allow multiple CAs certificates as Resolved.
Aug 30 2023, 8:50 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T3509: No BCP38 for IPv6 on VyOS.

@csszep Yes it is expected, IPv6 has no sysctl and requires the nftables rule to function. The nftables execution is slightly slower, so there's no benefit to change it for IPv4.

Aug 30 2023, 8:49 PM · VyOS 1.4 Sagitta

Aug 27 2023

sarthurdev closed T1097: Make firewall groups work everywhere that's appropropriate, a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Aug 27 2023, 7:19 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev closed T1097: Make firewall groups work everywhere that's appropropriate as Resolved.
Aug 27 2023, 7:19 PM · VyOS 1.4 Sagitta
sarthurdev closed T4759: domain-group on policy route not working as Resolved.
Aug 27 2023, 7:13 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T5499: initial arm64 support for RPI4 and QEMU VM.

@tjjh89017 This will need to be re-evaluated. The build from your PR was taking in excess of 8 hours on the build server - the defconfig likely needs to be brought down to only the minimum required modules/drivers for successful builds on target devices.

Aug 27 2023, 4:23 PM
sarthurdev added a comment to T3275: Disable conntrack helpers by default.

This does still need to be addressed in 1.4. Without a version string, the 2-to-3 migrator is adding the conntrack helpers to the default config.

Aug 27 2023, 10:58 AM · VyOS 1.5 Circinus
sarthurdev closed T5515: Conntrack helpers should be disabled by default as Invalid.

Duplicate T3275

Aug 27 2023, 10:56 AM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEX6b5d3568b88f: firewall: T5080: Disable conntrack unless required by rules.
Aug 27 2023, 10:33 AM
sarthurdev committed rVYOSONEX0d413f5c5516: github: Labeler needs to run on `pull_request_target`.
Aug 27 2023, 10:32 AM
sarthurdev committed rVYOSONEX8b62065eaa59: github: Set permissions for label workflow.
Aug 27 2023, 10:14 AM
sarthurdev added a comment to T5479: Helper leftovers found in nftables (firewall) even with all helpers disabled.

The kernel modules handle tracking of those, rpc/tns are userspace helpers.

Aug 27 2023, 10:14 AM · VyOS 1.4 Sagitta
sarthurdev added a comment to T5479: Helper leftovers found in nftables (firewall) even with all helpers disabled.

They are only defined. Only when the VYOS_CT_HELPER chain is reached will they take effect - see links in my above comment. Being in the default config will have no effect on connection tracking if bypassed by the notrack rule.

Aug 27 2023, 8:48 AM · VyOS 1.4 Sagitta
sarthurdev changed the status of T5080: Disable conntrack by default, a subtask of T5160: Firewall refactor, from In progress to Needs testing.
Aug 27 2023, 8:22 AM · VyOS 1.4 Sagitta
sarthurdev changed the status of T5080: Disable conntrack by default from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/2176

Aug 27 2023, 8:22 AM · VyOS 1.4 Sagitta (1.4.0-epa3)
sarthurdev closed T5479: Helper leftovers found in nftables (firewall) even with all helpers disabled as Invalid.

They are created but unused by default (see VYOS_CT_HELPER chain)

Aug 27 2023, 8:14 AM · VyOS 1.4 Sagitta
sarthurdev changed the status of T5511: Cleanup of unused directories (and files) in order to shrink image-size from Open to Needs testing.
Aug 27 2023, 8:07 AM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEX0e1ec63e513a: qos: T5018: Fix dependents only being set for QoS interfaces.
Aug 27 2023, 5:05 AM
sarthurdev changed the status of T5018: Redirect to IFB removed after change in qos policy from Confirmed to Needs testing.

Thanks for following up on this issue @rayzilt

Aug 27 2023, 12:13 AM · VyOS 1.4 Sagitta

Aug 26 2023

sarthurdev closed T5039: Can't add new local user as Resolved.
Aug 26 2023, 9:42 PM · VyOS 1.4 Sagitta
sarthurdev closed T5023: PKI commit fails to update dependents as Resolved.
Aug 26 2023, 9:40 PM · VyOS 1.4 Sagitta
sarthurdev closed T4512: enable-default-log on zone-policy as Resolved.
Aug 26 2023, 9:39 PM · VyOS 1.4 Sagitta
sarthurdev closed T5003: Upgrade base system to Debian 12 "Bookworm" as Resolved.
Aug 26 2023, 9:38 PM · VyOS 1.4 Sagitta
sarthurdev closed T5404: Ability to completely disable firewall/conntrack as Invalid.

Closing as dupe of T5080

Aug 26 2023, 9:36 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T5080: Disable conntrack by default, a subtask of T5160: Firewall refactor, from Open to In progress.
Aug 26 2023, 9:35 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T5080: Disable conntrack by default from Open to In progress.
Aug 26 2023, 9:35 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
sarthurdev changed the status of T3509: No BCP38 for IPv6 on VyOS from In progress to Needs testing.
Aug 26 2023, 5:40 PM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEXd62f8ed1e360: firewall: T3509: Add support for IPv6 return path filtering.
Aug 26 2023, 12:59 PM
sarthurdev committed rVYOSONEXb6f742716da5: interface: T3509: Add per-interface IPv6 source validation.
Aug 26 2023, 12:59 PM
sarthurdev committed rVYOSONEX2509a1ab84cd: firewall: T5160: Remove unused zone template.
Aug 26 2023, 12:59 PM

Aug 25 2023

sarthurdev committed rVYOSONEX8884f021582e: github: Add PR labels to easily identify base branches.
Aug 25 2023, 4:14 PM
sarthurdev committed rVYOSONEX14c7264de462: container: T5463: Fix iteration to publish all port nodes.
Aug 25 2023, 4:12 PM
sarthurdev added a comment to T5463: Containers allow publish IPv6 address port.

PR to fix indentation: https://github.com/vyos/vyos-1x/pull/2171

Aug 25 2023, 1:46 PM · VyOS 1.4 Sagitta

Aug 23 2023

sarthurdev claimed T3509: No BCP38 for IPv6 on VyOS.

Draft PR: https://github.com/vyos/vyos-1x/pull/2163

Aug 23 2023, 11:52 PM · VyOS 1.4 Sagitta

Aug 22 2023

sarthurdev added a comment to T3509: No BCP38 for IPv6 on VyOS.

I did start writing support for this but didn't have time to build and test it at the time. If anyone wants to test it out: https://github.com/sarthurdev/vyos-1x/commit/9199b75d75ceea3b7d49f0e3d71a19175b7b1326

Aug 22 2023, 6:34 PM · VyOS 1.4 Sagitta

Aug 16 2023

sarthurdev added a comment to T5160: Firewall refactor.
In T5160#156025, @Apachez wrote:

2.2: Invalid shall ALWAYS be processed BEFORE established/related/other rules otherwise it will not serve it purpose.

Aug 16 2023, 9:57 AM · VyOS 1.4 Sagitta

Jul 27 2023

sarthurdev added a comment to T5404: Ability to completely disable firewall/conntrack.

It is a bug that it’s on by default, see other task. Will be fixed after new firewall refactor is merged.

Jul 27 2023, 9:31 AM · VyOS 1.4 Sagitta

Jul 11 2023

sarthurdev committed rVYOSONEX3cd4da1b41a9: pki: T5275: Add op-mode output options for PEM format.
Jul 11 2023, 10:24 PM
sarthurdev added a comment to T5080: Disable conntrack by default.

@syncer Will address this after T5160 is merged

Jul 11 2023, 9:33 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
sarthurdev moved T5275: Add op mode commands for exporting certificates to PEM files with correct headers from Open to In Progress on the VyOS 1.4 Sagitta board.
Jul 11 2023, 9:26 PM · VyOS 1.3 Equuleus (1.3.6), VyOS 1.4 Sagitta
sarthurdev changed the status of T5275: Add op mode commands for exporting certificates to PEM files with correct headers from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/2087

Jul 11 2023, 9:25 PM · VyOS 1.3 Equuleus (1.3.6), VyOS 1.4 Sagitta

Jul 3 2023

sarthurdev claimed T5275: Add op mode commands for exporting certificates to PEM files with correct headers.
Jul 3 2023, 8:48 PM · VyOS 1.3 Equuleus (1.3.6), VyOS 1.4 Sagitta

Jun 15 2023

sarthurdev added a comment to T5293: Support for Floating Rules (Global Firewall-Rules that are automatically applied before all other Zone Rules).

Should be possible when new refactor is merged: T5160

Jun 15 2023, 5:43 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T5294: Wildcard Domains / TLDs in Firewall-Rules (and perhaps groups).

This would have to be handled with DNS and not in the firewall. Hostnames work on firewall because they are resolved prior to use in rules.

Jun 15 2023, 5:42 PM · VyOS Rolling

May 4 2023

sarthurdev added a comment to T5200: Static routing tables are not created with dhcp route.

It might be a boot/slow DHCP lease issue.

May 4 2023, 9:54 AM · Invalid

May 3 2023

sarthurdev renamed T5200: Static routing tables are not created with dhcp route from Static routing tables are not created to Static routing tables are not created with dhcp route.
May 3 2023, 10:46 PM · Invalid
sarthurdev created T5200: Static routing tables are not created with dhcp route.
May 3 2023, 10:36 PM · Invalid

Apr 20 2023

sarthurdev committed rVYOSONEX77858da1e564: pki: T3642: Fix show command if no CA certs are present.
Apr 20 2023, 5:35 AM

Apr 17 2023

sarthurdev added a comment to T3316: Use Kea DHCP(v6) instead of ISC DHCP(v6).

Draft PR: https://github.com/vyos/vyos-1x/pull/1960

Apr 17 2023, 1:20 PM · VyOS 1.5 Circinus

Apr 14 2023

sarthurdev changed the status of T5162: Invalid json in configd-include.json from Open to Needs testing.
Apr 14 2023, 11:02 PM
sarthurdev added a comment to T5157: Containers are inaccessable on vyos-1.4-rolling-202304070317.

Just to clarify, it changes again to pod-networkname in https://github.com/vyos/vyos-1x/commit/2a876059826927ef204e359a40395955f27503ce (next rolling image) to avoid name constraint issues.

Apr 14 2023, 8:23 AM

Apr 13 2023

sarthurdev added a comment to T5157: Containers are inaccessable on vyos-1.4-rolling-202304070317.

Can you share container config section?

Apr 13 2023, 9:29 PM

Mar 29 2023

sarthurdev added a comment to T5101: VYOS 1.4 release no longer displayes output for 'sudo ipsec statusall'.
Management Commands
Mar 29 2023, 9:30 PM · VyOS 1.4 Sagitta

Mar 23 2023

sarthurdev committed rVYOSONEX62875954a667: ipsec: T2816: Cleanup dhcp hook file if not required.
Mar 23 2023, 2:19 PM
sarthurdev committed rVYOSONEX98940e92d5c7: ipsec: T5003: Resolve issue with ipsec DHCP test.
Mar 23 2023, 2:19 PM

Mar 22 2023

sarthurdev changed the status of T5018: Redirect to IFB removed after change in qos policy from In progress to Needs testing.
Mar 22 2023, 4:18 PM · VyOS 1.4 Sagitta

Mar 11 2023

sarthurdev claimed T5080: Disable conntrack by default.
Mar 11 2023, 3:40 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
sarthurdev created T5080: Disable conntrack by default.
Mar 11 2023, 3:39 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Mar 9 2023

sarthurdev committed rVYOSONEX25b64f32a22c: qos: T5018: Fix interface tc qdisc cleanup.
Mar 9 2023, 6:38 PM
sarthurdev committed rVYOSONEXc3039903aff9: qos: T5018: Use configdep to fix interface mirror/redirect issue.
Mar 9 2023, 6:38 PM
sarthurdev added a comment to T5018: Redirect to IFB removed after change in qos policy.

PR: https://github.com/vyos/vyos-1x/pull/1881

Mar 9 2023, 5:09 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T5018: Redirect to IFB removed after change in qos policy from Confirmed to In progress.
Mar 9 2023, 4:26 PM · VyOS 1.4 Sagitta
sarthurdev closed T5075: QoS removes interface mirror/redirect rules as Invalid.

My bad

Mar 9 2023, 3:23 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T5075: QoS removes interface mirror/redirect rules from Open to In progress.
Mar 9 2023, 3:15 PM · VyOS 1.4 Sagitta
sarthurdev created T5075: QoS removes interface mirror/redirect rules.
Mar 9 2023, 3:15 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T3008: Migrate from ntpd to chronyd.

Discovered a couple of problems with chrony using the existing CLI.

Mar 9 2023, 12:25 PM · VyOS 1.4 Sagitta

Mar 2 2023

sarthurdev committed rVYOSONEX19ad6dc524bc: login: T5039: Support hashing rounds in `encrypted-password` values.
Mar 2 2023, 4:13 PM
sarthurdev changed the status of T5039: Can't add new local user from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1863

Mar 2 2023, 2:46 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T5039: Can't add new local user from Open to In progress.
Mar 2 2023, 2:06 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T3316: Use Kea DHCP(v6) instead of ISC DHCP(v6), a subtask of T3315: Supports dhcpv6 agent execution from pppoe0 interface, from Open to In progress.
Mar 2 2023, 1:41 PM
sarthurdev changed the status of T3316: Use Kea DHCP(v6) instead of ISC DHCP(v6) from Open to In progress.

Have started work on migrating isc-dhcp v4/v6 server to Kea.

Mar 2 2023, 1:41 PM · VyOS 1.5 Circinus

Feb 22 2023

sarthurdev committed rVYOSONEX806273bff6a6: openconnect: T5023: Conf script missing optional config parameter.
Feb 22 2023, 9:12 AM
sarthurdev changed the status of T5023: PKI commit fails to update dependents from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1840

Feb 22 2023, 9:03 AM · VyOS 1.4 Sagitta
sarthurdev changed the status of T5023: PKI commit fails to update dependents from Open to In progress.
Feb 22 2023, 8:54 AM · VyOS 1.4 Sagitta
sarthurdev created T5023: PKI commit fails to update dependents.
Feb 22 2023, 8:54 AM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEX1ab7b853114c: ipsec: T4593: Remove references to deleted variables.
Feb 22 2023, 5:45 AM

Feb 21 2023

sarthurdev changed the status of T5003: Upgrade base system to Debian 12 "Bookworm" from In progress to Needs testing.

Builds completing. ISO worker on Jenkins should be fixed and pushing new rolling images shortly.

Feb 21 2023, 8:43 PM · VyOS 1.4 Sagitta

Feb 15 2023

sarthurdev committed rVYOSONEX7bacde871bb9: debian: T5003: Fixes for Debian Bookworm.
Feb 15 2023, 6:06 PM
sarthurdev committed rVYOSONEX71f91f08f45c: debian: T5003: Update XDP for latest libbpf.
Feb 15 2023, 6:06 PM
sarthurdev committed rVYOSONEXda37c537975d: debian: T5003: Remove obsolete crda package.
Feb 15 2023, 6:06 PM
sarthurdev committed rVYOSONEX06ce53e7ea7d: debian: T5003: Temp fix for smoketest running.
Feb 15 2023, 6:06 PM
sarthurdev committed rVYOSONEX9e32eb737444: debian: T5003: Build tests require iproute2.
Feb 15 2023, 6:06 PM
sarthurdev committed rVYOSONEX27ca5b9d6d69: debian: T5003: Update WLB smoketest for Bookworm.
Feb 15 2023, 6:06 PM
sarthurdev committed rVYOSONEX19d19fc97e3b: debian: T5003: Fixes dynamic DNS for Bookworm.
Feb 15 2023, 6:06 PM
sarthurdev committed rVYOSONEX819eab870836: debian: T5003: Fix chronyd start error.
Feb 15 2023, 6:06 PM
sarthurdev committed rVYOSONEX45b16864b11e: ipsec: T4593: Migrate and remove legacy `include-ipsec` nodes.
Feb 15 2023, 6:03 PM

Feb 13 2023

sarthurdev added a comment to T5003: Upgrade base system to Debian 12 "Bookworm".

https://github.com/vyos/vyos-build/pull/306
https://github.com/vyos/vyos-1x/pull/1817
https://github.com/vyos/vyatta-cfg/pull/60
https://github.com/vyos/vyos-http-api-tools/pull/3

Feb 13 2023, 5:57 PM · VyOS 1.4 Sagitta
First
Prev
Next