Page MenuHomeVyOS Platform
Feed Search

Search
Use Results
Hide Query

Nov 8 2023

n.fort closed T4864: `show firewall` command errors as Resolved.

Command show zone-policy is no longer available in 1.4, and neither in 1.5
I'm closing this task.

Nov 8 2023, 7:26 PM · VyOS 1.4 Sagitta
n.fort closed T5513: Anomalies in show firewall command after refactoring as Resolved.
Nov 8 2023, 7:08 PM · VyOS 1.4 Sagitta
n.fort closed T5541: Zone-Based Firewalling in VyOS Sagitta 1.4 as Resolved.

I'm marking this one as resolved since ZBF was already re-introduced.

Nov 8 2023, 7:07 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort added a comment to T5550: Source validation on interface does not work properly.

Can we mark this one as resolved for 1.5? Seems it wasn't back-ported yet to Saggita @sdev

Nov 8 2023, 7:04 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort closed T5564: Both show firewall group and show firewall summary fails as Resolved.
Nov 8 2023, 6:58 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort committed rVYOSONEXe65d73ac2be1: T5681: firewall: bump firewall cli version to 12, which was missed in last….
Nov 8 2023, 4:04 AM

Nov 6 2023

n.fort added a comment to T5471: Conntrack logging doesnt seem to be working.

Does anyone knows real scenario where permanently storing/saving this logs are required?
Yes, this feature is not working on 1.4, neither on 1.5
But I can't think on a real case where this logs are needed. I know that keeping information of NAT for certain ISP is mandatory due lo legal requirements. But writing a log entry for every conntrack status change seems like it will flood logs, and may consume more resources than expected.
With usage of netflow/slflow, maybe this required information can be obtained in the netflow collector, and do not increase load on vyos router.

Nov 6 2023, 5:56 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.2), VyOS Rolling
n.fort committed rVYOSONEX42f5ae2e7e72: T5541: firewall: fix ZBF template and ruleset generation for loca-zone rules..
Nov 6 2023, 4:41 PM
n.fort added a comment to T5541: Zone-Based Firewalling in VyOS Sagitta 1.4.

PR: https://github.com/vyos/vyos-1x/pull/2441

Nov 6 2023, 3:34 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort added a comment to T5541: Zone-Based Firewalling in VyOS Sagitta 1.4.

Working on it! Thanks for the details!

Nov 6 2023, 9:39 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Nov 3 2023

n.fort committed rVYOSONEX72b8eb4ac66a: T5513: opmode command show firewall - Manual backport.
Nov 3 2023, 5:05 PM

Nov 2 2023

n.fort changed the status of T5513: Anomalies in show firewall command after refactoring from Open to In progress.
Nov 2 2023, 9:07 PM · VyOS 1.4 Sagitta
n.fort added a comment to T5541: Zone-Based Firewalling in VyOS Sagitta 1.4.

Good to know it worked @marc_s . Thanks for letting us know!

Nov 2 2023, 9:00 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
marc_s awarded T5541: Zone-Based Firewalling in VyOS Sagitta 1.4 a Love token.
Nov 2 2023, 6:14 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort committed rVYOSONEXc5ae7c9e2a14: T5705: rsyslog: fix error when level=all. Replace <all> with wildcard <*>, as….
Nov 2 2023, 1:24 PM
n.fort added a comment to T5705: rsyslog - Not working when using facility=all.

PR: https://github.com/vyos/vyos-1x/pull/2424

Nov 2 2023, 9:30 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Nov 1 2023

n.fort changed the status of T5705: rsyslog - Not working when using facility=all from Confirmed to In progress.
Nov 1 2023, 5:08 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort changed the status of T5705: rsyslog - Not working when using facility=all from Open to Confirmed.
Nov 1 2023, 2:29 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort created T5705: rsyslog - Not working when using facility=all.
Nov 1 2023, 2:29 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Oct 29 2023

n.fort committed rVYOSONEX6248b2ae1a45: T5558: smoketest: fix nat definitions on dialup-router-medium-vpn..
Oct 29 2023, 2:30 PM
n.fort committed rVYOSONEXcd5316c26665: T5513: T5564: update op-mode command show firewall. Counter available for….
Oct 29 2023, 1:50 PM

Oct 26 2023

n.fort closed T5594: VRRP - Error if using IPv6 Link Local as hello source address as Resolved.
Oct 26 2023, 7:06 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.5 Circinus
n.fort closed T5600: Firewall - Remove or extend constraint on 'interface-name' as Resolved.
Oct 26 2023, 7:04 PM · VyOS 1.5 Circinus
n.fort changed the status of T5681: Interface match - Simplified and unified cli from In progress to Needs testing.
Oct 26 2023, 12:19 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort changed the status of T5643: NAT - Allow interface groups on nat rules from In progress to Needs testing.

This error was already fixed in https://github.com/vyos/vyos-1x/pull/2406

Oct 26 2023, 12:18 PM · VyOS 1.5 Circinus
n.fort added a comment to T5681: Interface match - Simplified and unified cli.

PR for op-mode command that fits new cli: https://github.com/vyos/vyos-1x/pull/2408

Oct 26 2023, 10:26 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort added a comment to T5513: Anomalies in show firewall command after refactoring.

PR: https://github.com/vyos/vyos-1x/pull/2408

Oct 26 2023, 10:25 AM · VyOS 1.4 Sagitta
n.fort added a comment to T5564: Both show firewall group and show firewall summary fails.

PR: https://github.com/vyos/vyos-1x/pull/2408

Oct 26 2023, 10:25 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Oct 25 2023

n.fort committed rVYOSONEX51abbc0f1b2c: T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher….
Oct 25 2023, 6:30 PM
n.fort added a comment to T5681: Interface match - Simplified and unified cli.

PR: https://github.com/vyos/vyos-1x/pull/2406

Oct 25 2023, 12:11 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Oct 24 2023

n.fort committed rVYOSONEXa9e93ef54bd3: T5637: Firewall: add new rule at the end of base chains for default-actions..
Oct 24 2023, 6:53 PM
n.fort changed the status of T5681: Interface match - Simplified and unified cli from Open to In progress.
Oct 24 2023, 2:52 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort created T5681: Interface match - Simplified and unified cli.
Oct 24 2023, 2:52 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort changed the status of T5680: Allow selecting mac-groups in bridge firewall from Open to Confirmed.
Oct 24 2023, 1:21 PM · Restricted Project, VyOS 1.5 Circinus
n.fort committed rVYOSONEX2f2c3fa22478: T5643: nat: add interface-groups to nat. Use same cli structure for interface….
Oct 24 2023, 4:17 AM

Oct 23 2023

n.fort closed T5637: Firewall default-action log as Resolved.

For RQ for Sagitta: https://github.com/vyos/vyos-1x/pull/2399

Oct 23 2023, 4:58 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort changed the status of T5564: Both show firewall group and show firewall summary fails from Needs testing to In progress.

1.5 should not have such issues.
1.4: op-mode should be working as expected. Backport for https://github.com/vyos/vyos-1x/pull/2344 failed. I'll submit PR for 1.4 for such feature.

Oct 23 2023, 11:33 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Oct 21 2023

n.fort committed rVYOSONEX9975ad209704: T5541: firewall: re-add zone-based firewall..
Oct 21 2023, 6:04 AM

Oct 20 2023

n.fort added a comment to T5541: Zone-Based Firewalling in VyOS Sagitta 1.4.

PR for Saggita: https://github.com/vyos/vyos-1x/pull/2388

Oct 20 2023, 8:22 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Oct 19 2023

n.fort committed rVYOSONEXc74ecbaaccde: T5541: firewall zone: re add firewall zone-base firewall.
Oct 19 2023, 6:07 PM
n.fort committed rVYOSONEXc82fe6540c0c: T5541: remove migration script from zone-based firewall to new cli. Syntax….
Oct 19 2023, 6:07 PM
n.fort committed rVYOSONEX6582bbc0f431: T5637: add new rule at the end of base chains for default-actions. This enables….
Oct 19 2023, 5:10 PM

Oct 13 2023

n.fort changed the status of T5541: Zone-Based Firewalling in VyOS Sagitta 1.4 from Open to In progress.
Oct 13 2023, 2:10 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Oct 11 2023

n.fort changed the status of T5644: Firewall groups deletion can break config from Open to Confirmed.
Oct 11 2023, 10:22 AM · VyOS 1.5 Circinus
n.fort created T5644: Firewall groups deletion can break config.
Oct 11 2023, 10:20 AM · VyOS 1.5 Circinus

Oct 10 2023

n.fort changed the status of T5643: NAT - Allow interface groups on nat rules from Confirmed to In progress.
Oct 10 2023, 6:18 PM · VyOS 1.5 Circinus
n.fort added a comment to T5643: NAT - Allow interface groups on nat rules.

PR: https://github.com/vyos/vyos-1x/pull/2355

Oct 10 2023, 6:18 PM · VyOS 1.5 Circinus
n.fort changed the status of T5643: NAT - Allow interface groups on nat rules from Open to Confirmed.
Oct 10 2023, 10:40 AM · VyOS 1.5 Circinus
n.fort created T5643: NAT - Allow interface groups on nat rules.
Oct 10 2023, 10:40 AM · VyOS 1.5 Circinus
n.fort closed T5014: Destination NAT - Add Load Balancing capabilities as Resolved.
Oct 10 2023, 10:37 AM · VyOS 1.4 Sagitta
n.fort added a comment to T5564: Both show firewall group and show firewall summary fails.

Once PR https://github.com/vyos/vyos-1x/pull/2344 is merged, counters and logs for default action should be available once again.

Oct 10 2023, 10:08 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort added a comment to T5497: Add ability to resequence rule numbers for firewall.

It's an op-mode command, so it does not changes configuration. User may get something different from what he expected, so at least on this very first attempt of re-generating and re-ordering firewall rules, it's done in op-mode command with no impact on running configuration.

Oct 10 2023, 10:00 AM · VyOS 1.4 Sagitta (1.4.0-epa1)

Oct 6 2023

n.fort changed the status of T5637: Firewall default-action log from Confirmed to In progress.
Oct 6 2023, 2:42 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort added a comment to T5637: Firewall default-action log.

PR: https://github.com/vyos/vyos-1x/pull/2344

Oct 6 2023, 2:42 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort changed the status of T5637: Firewall default-action log from Open to Confirmed.
Oct 6 2023, 12:06 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort created T5637: Firewall default-action log.
Oct 6 2023, 12:06 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort closed T5096: Change 'accept' firewall rule action from 'return' to 'accept' as Resolved.

Closing this one, because it's already implemented

Oct 6 2023, 11:59 AM · VyOS 1.4 Sagitta

Oct 3 2023

n.fort changed the status of T5616: Firewall mark - Add capabilities for matching firewall mark from In progress to Needs testing.
Oct 3 2023, 7:02 PM · VyOS 1.5 Circinus
n.fort changed the status of T5600: Firewall - Remove or extend constraint on 'interface-name' from In progress to Needs testing.
Oct 3 2023, 7:02 PM · VyOS 1.5 Circinus
n.fort closed T5579: Log firewall - Wrong command after firewall refactor, a subtask of T5160: Firewall refactor, as Resolved.
Oct 3 2023, 7:01 PM · VyOS 1.4 Sagitta
n.fort closed T5579: Log firewall - Wrong command after firewall refactor as Resolved.
Oct 3 2023, 7:01 PM · VyOS 1.5 Circinus
n.fort closed T5561: NAT - Inbound or outbound interface should not be mandatory as Resolved.
Oct 3 2023, 7:00 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort closed T5553: Firewall - Add action continue as Resolved.
Oct 3 2023, 7:00 PM · VyOS 1.4 Sagitta
n.fort closed T5250: Firewall - show firewall group as Resolved.
Oct 3 2023, 6:58 PM · VyOS 1.4 Sagitta

Sep 30 2023

n.fort committed rVYOSONEX37df2912586a: T5600: firewall: change constraints for inbound|outbound interface-name. Now….
Sep 30 2023, 6:57 AM
n.fort committed rVYOSONEX2ae3de0848de: T5616: firewall: add option to be able to match firewall marks in firewall….
Sep 30 2023, 3:56 AM

Sep 29 2023

n.fort added a comment to T5621: Show uncommited "commands" (compare | commands).

You mean this existing option, or I am missing something?

vyos@vyos-suri:~$ conf
[edit]
vyos@vyos-suri# set int eth eth0 description TEST
[edit]
vyos@vyos-suri# set serv ssh port 8877
[edit]
vyos@vyos-suri# set system host-name foo
[edit]
vyos@vyos-suri# compare 
[interfaces ethernet eth0]
+ description "TEST"
[service ssh]
+ port "8877"
[system]
- host-name "vyos-suri"
+ host-name "foo"
Sep 29 2023, 10:43 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Sep 27 2023

n.fort renamed T5616: Firewall mark - Add capabilities for matching firewall mark from Firewall marl - Add capabilities for matching firewall mark to Firewall mark - Add capabilities for matching firewall mark.
Sep 27 2023, 5:48 PM · VyOS 1.5 Circinus
n.fort added a comment to T5616: Firewall mark - Add capabilities for matching firewall mark.

PR: https://github.com/vyos/vyos-1x/pull/2314

Sep 27 2023, 5:48 PM · VyOS 1.5 Circinus

Sep 26 2023

n.fort changed the status of T5616: Firewall mark - Add capabilities for matching firewall mark from Open to Confirmed.
Sep 26 2023, 12:11 PM · VyOS 1.5 Circinus
n.fort created T5616: Firewall mark - Add capabilities for matching firewall mark.
Sep 26 2023, 12:11 PM · VyOS 1.5 Circinus

Sep 21 2023

n.fort changed the status of T5594: VRRP - Error if using IPv6 Link Local as hello source address from In progress to Needs testing.
Sep 21 2023, 11:48 AM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.5 Circinus
n.fort added a comment to T5600: Firewall - Remove or extend constraint on 'interface-name'.

PR: https://github.com/vyos/vyos-1x/pull/2300

Sep 21 2023, 11:25 AM · VyOS 1.5 Circinus

Sep 19 2023

n.fort renamed T5600: Firewall - Remove or extend constraint on 'interface-name' from Firewall - Remove contraint on 'interface-name' to Firewall - Remove or extend constraint on 'interface-name'.
Sep 19 2023, 6:16 PM · VyOS 1.5 Circinus
n.fort changed the status of T5600: Firewall - Remove or extend constraint on 'interface-name' from Open to In progress.
Sep 19 2023, 5:56 PM · VyOS 1.5 Circinus
n.fort created T5600: Firewall - Remove or extend constraint on 'interface-name'.
Sep 19 2023, 5:56 PM · VyOS 1.5 Circinus
n.fort committed rVYOSONEX70f0a6142cc6: T5594: vrrp: extend function is_ipv6_tentative.
Sep 19 2023, 4:49 PM

Sep 18 2023

n.fort committed rVYOSONEX93cc0b65c2cb: T5590: firewall log rule: fix order which rule are processed. Log options….
Sep 18 2023, 7:30 PM
n.fort changed the status of T5590: Firewall "log enable" logs every packet from Confirmed to In progress.
Sep 18 2023, 6:12 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort added a comment to T5590: Firewall "log enable" logs every packet.

PR: https://github.com/vyos/vyos-1x/pull/2283

Sep 18 2023, 6:06 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort committed rVYOSONEXb6ae59354b5d: T5594: vrrp: extend function is_ipv6_tentative to analysis all type of ipv6….
Sep 18 2023, 4:48 PM
n.fort added a comment to T5594: VRRP - Error if using IPv6 Link Local as hello source address.

PR for latest: https://github.com/vyos/vyos-1x/pull/2281
PR for Equuleus: https://github.com/vyos/vyos-1x/pull/2282

Sep 18 2023, 2:09 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.5 Circinus
n.fort changed the status of T5594: VRRP - Error if using IPv6 Link Local as hello source address from Open to In progress.
Sep 18 2023, 1:18 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.5 Circinus
n.fort created T5594: VRRP - Error if using IPv6 Link Local as hello source address.
Sep 18 2023, 1:18 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.5 Circinus
n.fort changed the status of T5590: Firewall "log enable" logs every packet from Open to Confirmed.
Sep 18 2023, 12:57 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Sep 14 2023

n.fort committed rVYOSONEXe326ad5bc6eb: T5579: show log firewall - Fix command in order to fit new firewall cli….
Sep 14 2023, 6:47 PM
n.fort changed the status of T5579: Log firewall - Wrong command after firewall refactor, a subtask of T5160: Firewall refactor, from Confirmed to In progress.
Sep 14 2023, 6:45 PM · VyOS 1.4 Sagitta
n.fort changed the status of T5579: Log firewall - Wrong command after firewall refactor from Confirmed to In progress.

PR: https://github.com/vyos/vyos-1x/pull/2268

Sep 14 2023, 6:45 PM · VyOS 1.5 Circinus
n.fort committed rVYOSONEX063de842144a: T4072: Firewall op-mode command: add bridge capabilities.
Sep 14 2023, 5:14 PM
n.fort committed rVYOSONEXec5437913e48: T5561: nat: defining inbound|outbound interface should not be mandatory while….
Sep 14 2023, 5:13 PM

Sep 13 2023

n.fort added a subtask for T5160: Firewall refactor: T5579: Log firewall - Wrong command after firewall refactor.
Sep 13 2023, 3:07 PM · VyOS 1.4 Sagitta
n.fort added a parent task for T5579: Log firewall - Wrong command after firewall refactor: T5160: Firewall refactor.
Sep 13 2023, 3:07 PM · VyOS 1.5 Circinus
n.fort changed the status of T5579: Log firewall - Wrong command after firewall refactor from Open to Confirmed.
Sep 13 2023, 3:07 PM · VyOS 1.5 Circinus
n.fort created T5579: Log firewall - Wrong command after firewall refactor.
Sep 13 2023, 3:07 PM · VyOS 1.5 Circinus
n.fort changed the status of T5561: NAT - Inbound or outbound interface should not be mandatory from Confirmed to In progress.

PR: https://github.com/vyos/vyos-1x/pull/2253

Sep 13 2023, 10:47 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Sep 12 2023

n.fort removed a project from T4072: Feature Request: Firewall on bridge interfaces: VyOS 1.3 Equuleus (1.3.5).
Sep 12 2023, 12:16 PM · VyOS 1.4 Sagitta
n.fort changed the status of T4072: Feature Request: Firewall on bridge interfaces from In progress to Needs testing.

op-mode: https://github.com/vyos/vyos-1x/pull/2242

Sep 12 2023, 10:17 AM · VyOS 1.4 Sagitta

Sep 11 2023

n.fort added a comment to T5564: Both show firewall group and show firewall summary fails.

N/D == not defined

Sep 11 2023, 9:54 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Sep 8 2023

n.fort committed rVYOSONEX1772c0a72327: T4072: add firewall bridge filtering. First implementation only applies for….
Sep 8 2023, 3:36 PM
n.fort changed the status of T5561: NAT - Inbound or outbound interface should not be mandatory from Open to Confirmed.
Sep 8 2023, 10:48 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
First
Prev
Next