PR for Equuleus: https://github.com/vyos/vyos-1x/pull/2776

The errors here were fixed in:
https://vyos.dev/T4052
https://vyos.dev/T4053
in equuleus and subsequent.

The new firewall implementation by Nicholas et al. supports bridge firewalls.

I suppose with the new firewall implementation, this is no longer relevant.

I suppose the current PKI CLI does fulfill the requirements of this task.

I'm closing this since no new details surfaced. If it's still relevant, feel free to reopen.

Multiple people report both working UDP offload and firewall configurations, so I presume this issue is no longer relevant. Feel free to reopen if new details surface.

Closed for implementation via T5886

@dmbaturin @c-po can you see this and tell me if it's still current

Just a heads up that the above script can potentially destroy the config on boot, because if the system is fast enough, the hook will run before the boot config has finished loading. This will result either in an error when commiting because the config is locked (good outcome), or the config not being loaded at all (bad outcome). I've changed it a bit to actually wait for the boot config to load and now it runs safer, but it's still a bit janky in my opinion, I'm still hoping we can get something that works in-system for this case

@c-po apologies for the delay, missed this over the holidays.

Fix for 1.5 which will be backported
https://github.com/vyos/vyos-1x/pull/2703

Tested in 1.3.5, the issue still exist as stated by @fernando

In T3127#168455, @Viacheslav wrote:

Implemented in 1.4-1.5 T5248

this fix is not merge yet : https://github.com/vyos/vyatta-op-vpn/pull/37

This would be a useful feature to have.

Not reproduced in 1.3.5

vyos@r1# set service https vrf foo
[edit]
vyos@r1# commit
[edit]
vyos@r1# del service https vrf foo
[edit]
vyos@r1# commit
[edit]
vyos@r1# curl -k --location --request POST 'https://localhost/retrieve'   --form data='{"op": "showConfig", "path": ["system", "ip"]}'   --form key='foo'
{"success": true, "data": {"arp": {"table-size": "32768"}}, "error": null}[edit]
vyos@r1# 
[edit]
vyos@r1# run show ver

@SrividyaA could you re-check and close it?

@zsdc Can we backport it?

Implemented in 1.4-1.5 T5248

Implemented

vyos@r1# set system option root-partition-auto-resize
[edit]
vyos@r1# run show ver

You can use policy local-route to archive your goals
There is no way to use eth1v1 for the policy route (rewritten for 1.4/1.5)

Fixed

vyos@r1# set interfaces ethernet eth2 description foo
[edit]
vyos@r1# set interfaces ethernet eth2 mtu 1200
[edit]
vyos@r1# commit
[ interfaces ethernet eth2 ]
link-local IPv6 address will be configured on interface "eth2", the
required minimum MTU is 1280!

Close it, as it is not bug/feature

@zsdc Can we close it?

@w4 could you provide some links or retest? Which patches?
The bug is not clear.

Close it due to https://github.com/vyos/vyos-1x/pull/2183#issuecomment-1696022296

@zsdc Can we close it?

It won't fix due the old backend
Fixed in 1.4/1.5

We agree not to use raw options anymore.
If some options are required, it should be a separate PR per configured option.

Most of the changes are not supported by reload accel-cmd/systemctl unit.
Accel-ppp cannot apply some features/changes without the daemon restarting. In other words, there are only several features that could be applied by reload.

The current FRR 7.5
There are no reports with this bug.
Close it. Re-open if you still have issues or create a new bug report.

We don't use /usr/libexec/vyos/validate-value.py anymore
There should be a separates tasks if required.

There is nothing to do there, all checks for linter Jinja included to vyos-build.
Close it.

It was changed for 1.4/1.5 and won't be changed for 1.3 LTS (old backend)
If someone wants it for 1.3

set protocols bgp 65001 parameters default no-ipv4-unicast

We are using sshguard

set service ssh dynamic-protection

@thomas-mangin Do you have a PoC?

Comparing boot time for now 1.3 and 1.1.8 is not actual
There are 2 different systems :)
Also, some validators were rewritten on 1.2 to Python and for 1.3 to sh, OCAML and so on (python validators could be cause of the issue)
In my internal test VM loads ~40 sec tested in VyOS 1.3.5
We always can improve something, but lets find what we can improve in separate tasks.

@mb300sd could you re-check?

The main issue is synchronization between all routing daemons and zebra, especially with "policy".
So you are getting strange things like a policy configured for zebra but the same policy not exists/applied for other daemons.
It is impossible to integrate it the correct way.
Reopen for 1.5, 2.0 if required and if it will be possible in the future with correct syncing between all daemons.

We can't do more due to old backend on the 1.3
If there will be a specific options to improve it should be a separate task
Close it.

Refactored in 1.4/1.5
Let's avoid the firewall migrations for the stable branch.

Configs weren't provided, so closed the task as invalid. Works with internal tetts.
Re-open it or add steps to reproduce.

Implemented in 1.4
Wontfix for 1.3 due to old backend.

Forgot to ever reply to this - I just wanted it added as a standard debian package so that scripts that depend on it can have it available without needing to be installed seperately.

Think this can be closed - there's no such command in 1.3 is there?