Page MenuHomeVyOS Platform
Feed Search

Search
Use Results
Hide Query

Jan 12 2024

n.fort changed the status of T5922: Firewall - bug in zone config from Confirmed to In progress.
Jan 12 2024, 12:02 PM · VyOS 1.5 Circinus
n.fort closed T5919: Firewall - opmode for ipv6 as Resolved.
Jan 12 2024, 12:01 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Jan 11 2024

n.fort changed the status of T5922: Firewall - bug in zone config from Open to Confirmed.
Jan 11 2024, 7:40 PM · VyOS 1.5 Circinus
n.fort created T5922: Firewall - bug in zone config.
Jan 11 2024, 7:40 PM · VyOS 1.5 Circinus
n.fort committed rVYOSONEX089280f82349: T5919: firewall: fix <show firewall ipv6 ..> command.
Jan 11 2024, 3:09 PM
n.fort closed T5896: Config Error on Boot with Podman and Firewall as Resolved.
Jan 11 2024, 11:11 AM · VyOS 1.4 Sagitta

Jan 10 2024

n.fort changed the status of T5919: Firewall - opmode for ipv6 from Open to In progress.
Jan 10 2024, 6:26 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort created T5919: Firewall - opmode for ipv6.
Jan 10 2024, 6:26 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort committed rVYOSONEX62f10e0ec807: T5915:firewall: re-add opmode command for zone based firewall.
Jan 10 2024, 5:28 PM
n.fort added a comment to T4610: Firewall with 20K entries cannot load after reboot.

Quick test done on a VM with 1 CPU and 1G RAM:

vyos@1.4.0-rc1# for I in  {1..2542}; do set firewall ipv6 name Test rule $I action accept ; set firewall ipv6 name Test rule $I destination port $I; set firewall ipv6 name Test rule $I protocol tcp ; done
vyos@1.4.0-rc1# time commit
Jan 10 2024, 3:30 PM · VyOS 1.4 Sagitta
n.fort assigned T5814: VyOS 1.3 to 1.4 LTS Firewall ruleset migration script breaks configuration to sarthurdev.
Jan 10 2024, 3:26 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort changed the status of T5915: Firewall zone - Re add op-mode commands from Confirmed to In progress.

PR: https://github.com/vyos/vyos-1x/pull/2784

Jan 10 2024, 12:14 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Jan 9 2024

n.fort added a comment to T5814: VyOS 1.3 to 1.4 LTS Firewall ruleset migration script breaks configuration.

I suggest changing order just as a cosmetic fix: feels more reasonable/readable to parse first "incoming", and then "outgoing"

Jan 9 2024, 9:37 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort added a comment to T5814: VyOS 1.3 to 1.4 LTS Firewall ruleset migration script breaks configuration.

Changes that seems to be needed only in migration script https://github.com/vyos/vyos-1x/blob/current/src/migration-scripts/firewall/10-to-11:

  • Use accept action for base-chains (it's done, no change needed here).
  • Migrate action=accept to action=return on every rule.
  • fix order and ensure all "in" rules are applied first.
Jan 9 2024, 8:54 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort changed the status of T5915: Firewall zone - Re add op-mode commands from Open to Confirmed.
Jan 9 2024, 12:07 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort created T5915: Firewall zone - Re add op-mode commands.
Jan 9 2024, 12:06 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort committed rVYOSONEX56141ca2165f: T1297: vrrp: backport VRRP GARP options to Equuleus.
Jan 9 2024, 11:13 AM
n.fort added a comment to T1297: Add GARP settings to VRRP/keepalived.

PR for Equuleus: https://github.com/vyos/vyos-1x/pull/2776

Jan 9 2024, 9:57 AM · VyOS 1.3 Equuleus (1.3.6), VyOS 1.4 Sagitta

Jan 8 2024

n.fort closed T5888: Firewall upgrade fails because of icmpv6 as Resolved.
Jan 8 2024, 6:42 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort changed the status of T5896: Config Error on Boot with Podman and Firewall from In progress to Needs testing.
Jan 8 2024, 6:41 PM · VyOS 1.4 Sagitta
n.fort committed rVYOSONEX02db800b3aaa: T5896: firewall: backport interface validator for firewall rules..
Jan 8 2024, 5:50 PM
n.fort added a comment to T5896: Config Error on Boot with Podman and Firewall.

PR: https://github.com/vyos/vyos-1x/pull/2771

Jan 8 2024, 11:11 AM · VyOS 1.4 Sagitta
n.fort changed the status of T5896: Config Error on Boot with Podman and Firewall from Confirmed to In progress.
Jan 8 2024, 10:14 AM · VyOS 1.4 Sagitta

Jan 5 2024

n.fort changed the status of T5896: Config Error on Boot with Podman and Firewall from Open to Confirmed.
Jan 5 2024, 3:53 PM · VyOS 1.4 Sagitta
n.fort added a comment to T4839: Dynamic Firewall groups.

New PR for dynamic address groups: https://github.com/vyos/vyos-1x/pull/2756

Jan 5 2024, 12:22 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Jan 4 2024

n.fort added a project to T4839: Dynamic Firewall groups: VyOS 1.5 Circinus.
Jan 4 2024, 12:25 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort changed the status of T4839: Dynamic Firewall groups from Open to In progress.
Jan 4 2024, 12:24 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort closed T4072: Feature Request: Firewall on bridge interfaces as Resolved.
Jan 4 2024, 10:59 AM · VyOS 1.4 Sagitta

Jan 3 2024

n.fort closed T4500: Missing firewall logs as Resolved.
Jan 3 2024, 10:13 PM · VyOS 1.4 Sagitta

Jan 2 2024

n.fort changed the status of T5888: Firewall upgrade fails because of icmpv6 from Confirmed to Needs testing.
Jan 2 2024, 7:36 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort committed rVYOSONEX1ccb3e634d45: T5888: fix migration script in order to fit new type-names for icmp and icmpv6..
Jan 2 2024, 7:13 PM
n.fort changed the status of T5888: Firewall upgrade fails because of icmpv6 from Open to Confirmed.
Jan 2 2024, 5:47 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort created T5888: Firewall upgrade fails because of icmpv6.
Jan 2 2024, 5:46 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Dec 27 2023

n.fort moved T5779: custom conntrack timeout rule not applicable from Open to Backport Candidates on the VyOS 1.5 Circinus board.
Dec 27 2023, 10:23 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort closed T5779: custom conntrack timeout rule not applicable as Unknown Status.
Dec 27 2023, 9:58 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Dec 22 2023

n.fort closed T5804: SNAT "any" interface error as Resolved.
Dec 22 2023, 10:27 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort added a comment to T160: Support NAT64.

I stil haven't tried nat64, but quick config example, for nat64 for single ipv6 address is not allowed by our cli:

Dec 22 2023, 10:26 AM · VyOS 1.4 Sagitta (1.4.0-epa1)

Dec 21 2023

n.fort closed T5676: NAT66 source rule with negation source/destination prefix causes TypeError as Resolved.
Dec 21 2023, 11:09 PM · VyOS 1.5 Circinus
n.fort closed T5637: Firewall default-action log as Resolved.
Dec 21 2023, 11:33 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort added a comment to T5676: NAT66 source rule with negation source/destination prefix causes TypeError.

Configuration shared seems to work correctly on latest version:

Dec 21 2023, 11:31 AM · VyOS 1.5 Circinus
n.fort closed T5775: Migrated Firewall Global State Policy ineffective on latest firewall zone config as Resolved.
Dec 21 2023, 11:26 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort closed T5778: The show dhcp server leases operation mode command does not work as expected as Resolved.
Dec 21 2023, 11:25 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort closed T5807: NAT66 op-mode bugs as Resolved.
Dec 21 2023, 11:09 AM · VyOS 1.5 Circinus

Dec 12 2023

n.fort committed rVYOSONEX5cb95aed965b: T5804: nat: remove inbound|outbound interface from old configuration when it….
Dec 12 2023, 8:37 PM

Dec 11 2023

n.fort committed rVYOSONEX3d3418d1585c: T5807: fix op-mode command <show nat66>, which only display rules if nat was….
Dec 11 2023, 5:23 PM
n.fort changed the status of T5778: The show dhcp server leases operation mode command does not work as expected from Confirmed to Needs testing.
Dec 11 2023, 11:08 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort changed the status of T5807: NAT66 op-mode bugs from Confirmed to In progress.
Dec 11 2023, 11:01 AM · VyOS 1.5 Circinus
n.fort added a comment to T5807: NAT66 op-mode bugs.

PR: https://github.com/vyos/vyos-1x/pull/2612

Dec 11 2023, 11:01 AM · VyOS 1.5 Circinus

Dec 7 2023

n.fort committed rVYOSONEXda83b3f96dce: T5778: dhcp server: patch op-mode command <show dhcp server leases>. If *pool*….
Dec 7 2023, 3:54 PM
n.fort committed rVYOSONEX57761a370d22: T5778: dhcp server: fix op-mode command <show dhcp server leases ...>..
Dec 7 2023, 3:53 PM
n.fort committed rVYOSONEX64ee13cf9374: T5775: firewall: re-add state-policy to firewall. These commands are now….
Dec 7 2023, 3:21 PM
n.fort committed rVYOSONEX4ded8814f036: T5575: Update migration scripts for state policy parsing.
Dec 7 2023, 3:21 PM
n.fort changed the status of T5807: NAT66 op-mode bugs from Open to Confirmed.
Dec 7 2023, 11:09 AM · VyOS 1.5 Circinus

Dec 6 2023

n.fort added a comment to T5804: SNAT "any" interface error.

PR: https://github.com/vyos/vyos-1x/pull/2611

Dec 6 2023, 2:37 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort changed the status of T5804: SNAT "any" interface error from Open to Confirmed.
Dec 6 2023, 11:48 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort added a comment to T5804: SNAT "any" interface error.

In the past any interface was supported, and it has been removed.

Dec 6 2023, 11:48 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort changed the status of T5779: custom conntrack timeout rule not applicable from In progress to Needs testing.
Dec 6 2023, 10:05 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort added a comment to T5804: SNAT "any" interface error.

If you want to match any interface, you can complete remove interface matcher from the rule, since it's not mandatory (as it was in the past):

delete nat source rule 110 outbound-interface
Dec 6 2023, 9:58 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Dec 5 2023

n.fort committed rVYOSONEX24a1a70596fa: T5779: conntrack: Apply fixes to <set system conntrack timeout custom>. Remove….
Dec 5 2023, 7:56 PM
n.fort added a comment to T5779: custom conntrack timeout rule not applicable.

PR: https://github.com/vyos/vyos-1x/pull/2574

Dec 5 2023, 11:00 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Nov 29 2023

n.fort changed the status of T5779: custom conntrack timeout rule not applicable from Confirmed to In progress.
Nov 29 2023, 10:15 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Nov 28 2023

n.fort changed the status of T2737: DHCP Lease not displayed with a static map from In progress to Confirmed.
Nov 28 2023, 5:03 PM · Bugs, VyOS Rolling, VyOS 1.5 Circinus
n.fort added a comment to T5778: The show dhcp server leases operation mode command does not work as expected.

PR: https://github.com/vyos/vyos-1x/pull/2551

Nov 28 2023, 4:56 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort changed the status of T2737: DHCP Lease not displayed with a static map from Open to In progress.
Nov 28 2023, 2:51 PM · Bugs, VyOS Rolling, VyOS 1.5 Circinus
n.fort changed the status of T5775: Migrated Firewall Global State Policy ineffective on latest firewall zone config from Confirmed to In progress.
Nov 28 2023, 12:49 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort added a comment to T5775: Migrated Firewall Global State Policy ineffective on latest firewall zone config.

PR: https://github.com/vyos/vyos-1x/pull/2539

Nov 28 2023, 12:49 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Nov 27 2023

n.fort added a project to T5779: custom conntrack timeout rule not applicable: VyOS 1.4 Sagitta.
Nov 27 2023, 11:27 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort changed the status of T5779: custom conntrack timeout rule not applicable from Open to Confirmed.
Nov 27 2023, 11:23 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort added a comment to T5778: The show dhcp server leases operation mode command does not work as expected.

The problem is that, comparing to command output on 1.3, it only show the leases granted by the router (and doesn't contain leases granted by the second router, regardless of states primary|secondary.
So user might think synchronization between routers defined in fail-over mode is broken.
But this is not the case. As explained in the description, all information about leases, granted by both routers, is present on lease files on both routers.

Nov 27 2023, 9:49 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Nov 24 2023

n.fort changed the status of T5778: The show dhcp server leases operation mode command does not work as expected from Open to Confirmed.
Nov 24 2023, 5:54 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort added a comment to T5778: The show dhcp server leases operation mode command does not work as expected.

And going further, we may create an extra column, in order to print if the lease was granted by Local-Router or by fail-over router..
Example:

Nov 24 2023, 5:34 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort added a comment to T5778: The show dhcp server leases operation mode command does not work as expected.

Changing this line: https://github.com/vyos/vyos-1x/blob/current/src/op_mode/dhcp.py#L117C9-L117C107

Nov 24 2023, 3:43 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Nov 23 2023

n.fort added a comment to T5775: Migrated Firewall Global State Policy ineffective on latest firewall zone config.

We'll discuss this internally, but for sure a fix should be applied.
Thanks for such a detailed bug-report.

Nov 23 2023, 12:49 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort changed the status of T5775: Migrated Firewall Global State Policy ineffective on latest firewall zone config from Open to Confirmed.
Nov 23 2023, 10:48 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort claimed T5775: Migrated Firewall Global State Policy ineffective on latest firewall zone config.
Nov 23 2023, 10:30 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Nov 22 2023

n.fort closed T5590: Firewall "log enable" logs every packet as Resolved.
Nov 22 2023, 7:18 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort closed T5616: Firewall mark - Add capabilities for matching firewall mark as Resolved.
Nov 22 2023, 7:16 PM · VyOS 1.5 Circinus
n.fort closed T5643: NAT - Allow interface groups on nat rules as Resolved.
Nov 22 2023, 7:15 PM · VyOS 1.5 Circinus
n.fort closed T5681: Interface match - Simplified and unified cli as Resolved.
Nov 22 2023, 7:14 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort closed T5729: Firewall, nat and policy route - Switch to valueless as Resolved.
Nov 22 2023, 7:11 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort changed the status of T5637: Firewall default-action log from Confirmed to Needs testing.
Nov 22 2023, 7:07 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort committed rVYOSONEXc45b695ca068: T5637: firewall: extend rule for default-action to firewall bridge, in order to….
Nov 22 2023, 12:24 PM
n.fort added a comment to T5637: Firewall default-action log.

PR for bridge: https://github.com/vyos/vyos-1x/pull/2528

Nov 22 2023, 12:08 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort committed rVYOSONEX4e8839b6d78c: T5419: firewall: backport firewall flowtable to Sagitta..
Nov 22 2023, 12:09 AM

Nov 21 2023

n.fort changed the status of T4072: Feature Request: Firewall on bridge interfaces from In progress to Needs testing.
Nov 21 2023, 5:46 PM · VyOS 1.4 Sagitta

Nov 19 2023

n.fort committed rVYOSONEX2dc2df575bc4: T4072: firewall: backport bridge firewall to sagitta.
Nov 19 2023, 7:10 AM

Nov 16 2023

n.fort added a project to T5637: Firewall default-action log: VyOS 1.4 Sagitta.
Nov 16 2023, 6:01 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort reopened T5637: Firewall default-action log as "Confirmed".

Re-Opening. this need to be extended to bridge firewall

Nov 16 2023, 6:01 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort changed the status of T4072: Feature Request: Firewall on bridge interfaces from Needs testing to In progress.
Nov 16 2023, 1:20 PM · VyOS 1.4 Sagitta

Nov 15 2023

n.fort committed rVYOSONEX9e053268355f: T5729: T5590: T5616: backport to sagita fwall marks, fix on firewall logs….
Nov 15 2023, 11:48 AM

Nov 14 2023

n.fort committed rVYOSONEXadf5d78e4239: T5729: firewall and policy: fix latest migration script.
Nov 14 2023, 11:19 AM
n.fort added a comment to T5729: Firewall, nat and policy route - Switch to valueless.

New patch for migration scripts in 1.5: https://github.com/vyos/vyos-1x/pull/2480

Nov 14 2023, 10:27 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Nov 13 2023

n.fort added a comment to T5729: Firewall, nat and policy route - Switch to valueless.

PR for Sagitta: https://github.com/vyos/vyos-1x/pull/2478

Nov 13 2023, 7:01 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort added a project to T5590: Firewall "log enable" logs every packet: VyOS 1.4 Sagitta.
Nov 13 2023, 7:00 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort reopened T5590: Firewall "log enable" logs every packet as "Needs testing".

PR for Sagitta: https://github.com/vyos/vyos-1x/pull/2478

Nov 13 2023, 7:00 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort added a comment to T5616: Firewall mark - Add capabilities for matching firewall mark.

PR for Sagitta: https://github.com/vyos/vyos-1x/pull/2478

Nov 13 2023, 6:59 PM · VyOS 1.5 Circinus
n.fort changed the status of T5729: Firewall, nat and policy route - Switch to valueless from In progress to Needs testing.
Nov 13 2023, 9:33 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Nov 11 2023

n.fort committed rVYOSONEXc4409d6a4e11: T5729: firewall: switch to valueless in order to remove unnecessary….
Nov 11 2023, 12:05 PM

Nov 10 2023

n.fort changed the status of T5729: Firewall, nat and policy route - Switch to valueless from Open to In progress.
Nov 10 2023, 11:47 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort created T5729: Firewall, nat and policy route - Switch to valueless.
Nov 10 2023, 11:47 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
First
Prev
Next