We have both iptables/nftables. In general, all code should be for nftables, but iptables are dependencies to netavark network stack. Thats why we are having both packages now

vyos@r4:~$ show version all | match "netavar|nft|ipta"
ii  iptables                             1.8.9-2                          amd64        administration tools for packet filtering and NAT
ii  libnftables1:amd64                   1.0.8-1                          amd64        Netfilter nftables high level userspace API library
ii  libnftnl11:amd64                     1.2.6-1                          amd64        Netfilter nftables userspace API library
ii  miniupnpd-nftables                   2.3.1-1                          amd64        UPnP and NAT-PMP daemon for gateway routers - nftables backend
ii  netavark                             1.4.0-4                          amd64        Rust based network stack for containers
ii  nftables                             1.0.8-1                          amd64        Program to control packet filtering rules by Netfilter project
vyos@r4:~$

Jan 20 2024, 12:59 PM · VyOS 1.4 Sagitta (1.4.0-GA)

Viacheslav triaged T5383: Extend VyOS Configuration for initializing kubelet service as Wishlist priority.

Jan 20 2024, 12:56 PM · VyOS 1.5 Circinus

Viacheslav triaged T5382: Integrate kubeadm and kubectl as Wishlist priority.

Jan 20 2024, 12:55 PM · VyOS 1.5 Circinus

Viacheslav triaged T5381: Extend VyOS Configuration for joining kubelet service as Wishlist priority.

Jan 20 2024, 12:54 PM · VyOS 1.5 Circinus

Viacheslav triaged T5380: VyOS Kubelet (k8s) as Wishlist priority.

Jan 20 2024, 12:53 PM · VyOS 1.5 Circinus

Viacheslav changed the status of T5367: Syslog doesn't send timezone information to the server from Open to Needs reporter action.

@kwladyka Could you create a PR?

Jan 20 2024, 12:52 PM · Restricted Project, VyOS 1.5 Circinus, Restricted Project, VyOS 1.4 Sagitta (1.4.1)

Viacheslav triaged T5342: Bgp route-map will not configured in frr for the right protocol as Wishlist priority.

Jan 20 2024, 12:51 PM · VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project, VyOS 1.3 Equuleus (1.3.7), VyOS 1.5 Circinus

Viacheslav closed T5285: Add CLI for configuration mode for VPP, a subtask of T893: Add support for VPP , as Invalid.

Jan 20 2024, 12:51 PM · VyOS 1.4 Sagitta

Viacheslav closed T5285: Add CLI for configuration mode for VPP, a subtask of T1797: Implement DPDK Fast-Path using FRR's Alternate Forwarding Planes and VPP, as Invalid.

Jan 20 2024, 12:51 PM · Restricted Project, VyOS 1.5 Circinus

Viacheslav closed T5285: Add CLI for configuration mode for VPP as Invalid.

Used in addon

Jan 20 2024, 12:51 PM · VyOS 1.4 Sagitta

Viacheslav triaged T5284: Update Realtek r8152 + 8168 driver as Wishlist priority.

Jan 20 2024, 12:50 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.0-GA)

Viacheslav triaged T5278: custome firewall network-group and update CIDR from a file as Wishlist priority.

Jan 20 2024, 12:49 PM · VyOS 1.5 Circinus

Viacheslav closed T5267: Another corruption on upgrade, a subtask of T5136: Possible config corruption on upgrade, as Resolved.

Jan 20 2024, 12:48 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Viacheslav closed T5267: Another corruption on upgrade as Resolved.

Reopen it if necessary

Jan 20 2024, 12:48 PM · VyOS 1.4 Sagitta

Viacheslav triaged T5245: Wireless interfaces do not get IPv6 link-local address assigned as Low priority.

Jan 20 2024, 12:46 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.0-epa1)

Viacheslav closed T5239: Host name and domain name missing from the FRR configuration as Resolved.

Domain name was never implemented, the task T2004

Jan 20 2024, 12:46 PM · VyOS 1.3 Equuleus (1.3.7), VyOS 1.4 Sagitta (1.4.0-epa1)

Viacheslav closed T5230: 1.4 Missing enforce-first-as for bgp peers as Resolved.

Merged

Jan 20 2024, 12:44 PM

Viacheslav closed T5229: CGN -- external ports limitting as Invalid.

close as duplicate of T5169

Jan 20 2024, 12:43 PM · VyOS 1.4 Sagitta

Viacheslav closed T5219: ddclient: Cloudflare doesn't require login as Resolved.

Merged

Jan 20 2024, 12:41 PM · VyOS 1.4 Sagitta

Viacheslav moved T5217: Add firewall SYNPROXY from Need Triage to Finished on the VyOS 1.4 Sagitta board.

Jan 20 2024, 12:40 PM · VyOS 1.4 Sagitta

Viacheslav closed T5217: Add firewall SYNPROXY as Resolved.

Jan 20 2024, 12:40 PM · VyOS 1.4 Sagitta

Viacheslav triaged T5216: Add encrypting syslog traffic with TLS (SSL) as Low priority.

Jan 20 2024, 12:40 PM · VyOS 1.4 Sagitta

Viacheslav closed T5211: route-map allows both IPv4 and IPv6 in one rule which never match as Invalid.

Jan 20 2024, 12:39 PM

Viacheslav added a project to T5207: Improper NAT66 Support: VyOS 1.5 Circinus.

Jan 20 2024, 12:39 PM · VyOS 1.5 Circinus

Viacheslav triaged T5207: Improper NAT66 Support as Wishlist priority.

Jan 20 2024, 12:39 PM · VyOS 1.5 Circinus

Viacheslav triaged T5204: DHCPv6-PD: Shouldn't require an interface to assign the delegated prefix as Normal priority.

Jan 20 2024, 12:38 PM · VyOS 1.4 Sagitta (1.4.1)

Viacheslav closed T5203: load-balancing wan add systemd unit instead of old vyatta-wanloadbalance.init, a subtask of T4470: Rewrite load-balancing wan to XML/Python, as Resolved.

Jan 20 2024, 12:37 PM · VyOS 1.4 Sagitta

Viacheslav closed T5203: load-balancing wan add systemd unit instead of old vyatta-wanloadbalance.init as Resolved.

Jan 20 2024, 12:37 PM · VyOS 1.4 Sagitta

Viacheslav changed the status of T5201: Add Split Tunneling for L2TP/PPTP/SSTP VPN Clients from In progress to Needs reporter action.

@a.apostoliuk should we close it as wontfix?

Jan 20 2024, 12:37 PM · VyOS 1.5 Circinus

Viacheslav changed the status of T5200: Static routing tables are not created with dhcp route from Open to Needs testing.

@sdev Can you reproduce it?

Jan 20 2024, 12:35 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.1)

Viacheslav closed T5199: Salt-minion cannot connect to server in python 3.10 and up as Resolved.

The current version 3005.4+ds-1

Jan 20 2024, 12:34 PM · VyOS 1.4 Sagitta

Viacheslav triaged T5189: bgp: add evpn anycast gateway support as Normal priority.

Jan 20 2024, 12:33 PM · Restricted Project, VyOS 1.5 Circinus

Viacheslav triaged T5188: Update Intel igc driver for improved 2.5 GbE support as Wishlist priority.

Jan 20 2024, 12:33 PM · VyOS 1.3 Equuleus (1.3.8)

Viacheslav closed T5187: Update Realtek r8152 driver as Resolved.

Jan 20 2024, 12:33 PM · VyOS 1.3 Equuleus (1.3.6)

Viacheslav closed T5182: Update Intel ice driver as Resolved.

Jan 20 2024, 12:32 PM · VyOS 1.3 Equuleus (1.3.6)

Viacheslav moved T5180: initramfs-tools ignores firmware from updates directory from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.6) board.

Jan 20 2024, 12:32 PM · VyOS 1.3 Equuleus (1.3.6)

Viacheslav closed T5180: initramfs-tools ignores firmware from updates directory as Resolved.

Merged

Jan 20 2024, 12:32 PM · VyOS 1.3 Equuleus (1.3.6)

Viacheslav changed the status of T5177: Make the chain policy configurable from Open to Needs testing.

@n.fort needs your comments

Jan 20 2024, 12:31 PM · VyOS 1.5 Circinus

Viacheslav triaged T5169: Add CGNAT Carrier-Grade NAT based on nftables as High priority.

Jan 20 2024, 12:30 PM · Restricted Project, VyOS 1.5 Circinus

Viacheslav triaged T5164: op cmd: "show dhcp server leases state" with available options does not show any result as High priority.

Jan 20 2024, 12:29 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Viacheslav closed T5158: Refactoring the commad '$ sh interfaces counters' as Resolved.

Jan 20 2024, 12:28 PM

Viacheslav changed the status of T5156: vyos unable to tell that it updated dynamic DNS on cloudflare correctly from Open to Needs reporter action.

DDNS was rewritten
@HappyShr00m can you re-check?

Jan 20 2024, 12:28 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.1)

Viacheslav changed the status of T5155: restart bgp daemon throws route-map error from Open to Needs reporter action.

@Arc771 Can you update the task?

Jan 20 2024, 12:26 PM · VyOS 1.4 Sagitta

Viacheslav triaged T5153: OpenConnect route restriction via iptables is ignored as Wishlist priority.

Needs to find the solution for nftables/netfilter.

Jan 20 2024, 12:24 PM · Restricted Project, Restricted Project, VyOS 1.5 Circinus

Viacheslav closed T5138: Add patch to accel-ppp build L2TP LNS use Calling-Number as RADIUS Calling-Station-ID as Resolved.

Jan 20 2024, 12:23 PM · VyOS 1.4 Sagitta

Viacheslav triaged T5133: Add comments for items in address-group and network-group in firewall as Normal priority.

Proposed CLI
We need only change leafNode address to the tagNode

set firewall group address-group test123 address 192.0.2.1 description "blackhole"

Jan 20 2024, 12:21 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Viacheslav changed the status of T5124: Python3 deprecation distutils.version import LooseVersion from Open to Needs testing.

Jan 20 2024, 12:18 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Viacheslav changed the status of T5122: Move "archive-areas" to defaults.toml to support "non-free-firmware" repository from Needs testing to In progress.

Jan 20 2024, 12:16 PM · VyOS 1.4 Sagitta (1.4.0-epa1)

Viacheslav changed the status of T5121: Incorrect "architecture" config loaded from Open to In progress.

Jan 20 2024, 12:16 PM · VyOS 1.4 Sagitta (1.4.0-epa2)

Viacheslav changed the status of T5120: Override all debian mirror server name in url from Open to In progress.

Jan 20 2024, 12:15 PM · VyOS 1.4 Sagitta (1.4.1)

Viacheslav assigned T5119: "fib" statement support for firewall and nat configuration to n.fort.

Jan 20 2024, 12:13 PM · VyOS 1.5 Circinus

Viacheslav triaged T5117: wide-dhcpv6 prefix delegation & router adverts for prefixes not working with decrement-lifetimes as Normal priority.

Jan 20 2024, 12:12 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.1)

Viacheslav changed the status of T5103: DHCP default route duplicated when moving interface between VRFs from Open to Needs testing.

Jan 20 2024, 12:12 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.1)

Viacheslav closed T5101: VYOS 1.4 release no longer displayes output for 'sudo ipsec statusall' as Invalid.

Jan 20 2024, 12:11 PM · VyOS 1.4 Sagitta

Viacheslav triaged T5084: Interfrace negotiation may not work on some platforms as High priority.

Jan 20 2024, 12:11 PM · Restricted Project, VyOS 1.5 Circinus

Viacheslav closed T5083: extend interface schema to include which parameters are required as Resolved.

Fixed VyOS 1.5-rolling-202401190024

vyos@r4:~$ curl -k --location --request POST 'https://localhost/configure' --form data='{"op": "set", "path": ["service", "broadcast-relay", "id", "33", "description", "test"]}' --form key='VyOS-key'
{"success": false, "error": "[ service broadcast-relay ]\nPort number is mandatory for UDP broadcast relay \"33\"\n\n[[service broadcast-relay]] failed\nCommit failed\n", "data": null}

Jan 20 2024, 12:10 PM

Viacheslav triaged T5077: routes completely dropped from the node while running L2TP LNS service as Normal priority.

Jan 20 2024, 12:07 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.1)

Viacheslav closed T5054: ipsec: "show vpn ipsec remote-access" does not list active connections as Resolved.

Fixed int T5042

Jan 20 2024, 12:06 PM · VyOS 1.4 Sagitta

Viacheslav closed T5053: Vyatta-cfg Post-Removal Hook Tries to Disable Deleted Service as Resolved.

merged

Jan 20 2024, 12:05 PM · VyOS 1.4 Sagitta

Viacheslav triaged T5049: Configure GRE over IPsec tunnel when source port is in VRF, OSPF causes GRE tunnel broken. as Low priority.

Jan 20 2024, 12:05 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.0-GA)

Viacheslav triaged T5046: CLI for password complexity enforcement PAM module as Normal priority.

Jan 20 2024, 12:03 PM · VyOS 1.5 Circinus

Viacheslav triaged T5041: PMTU per route-based as Wishlist priority.

Jan 20 2024, 12:01 PM · Restricted Project, VyOS 1.5 Circinus

Viacheslav triaged T5038: WAN load balancing sticky-connections inbound does not work. as Normal priority.

Jan 20 2024, 11:57 AM · Restricted Project, VyOS 1.3 Equuleus (1.3.9)

Viacheslav closed T5035: Add more actions to policy route rule as Resolved.

merged

Jan 20 2024, 11:56 AM · VyOS 1.4 Sagitta

Viacheslav triaged T5032: VRRP aware DHCP relay as Wishlist priority.

Jan 20 2024, 11:56 AM · VyOS 1.4 Sagitta

Viacheslav triaged T5019: Add tunnel type bareudp as Normal priority.

Jan 20 2024, 11:54 AM · VyOS 1.5 Circinus

Viacheslav triaged T5016: Policy Route - Add load balancer capabilities as Wishlist priority.

Jan 20 2024, 11:53 AM · VyOS 1.5 Circinus

Viacheslav changed the status of T5004: DHCP-Relay potential bug. Static configurations of DHCP-Relay Interfaces from Confirmed to Needs testing.

Was this fixed?

Jan 20 2024, 11:52 AM · VyOS 1.4 Sagitta (1.4.1)

Viacheslav triaged T5000: Extend NAT66 NPTv6 to support dynamic prefix mapping as Normal priority.

Jan 20 2024, 11:51 AM · VyOS 1.5 Circinus

Viacheslav triaged T4996: Exposing bgp received and advertised routes via the GraphQL HTTP-API as Wishlist priority.

Jan 20 2024, 11:51 AM · VyOS 1.5 Circinus

Viacheslav moved T4990: Commit results may not be properly saved if power is cut immediately after a successful commit from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.6) board.

Jan 20 2024, 11:50 AM · VyOS 1.3 Equuleus (1.3.6), VyOS 1.4 Sagitta

Viacheslav moved T4990: Commit results may not be properly saved if power is cut immediately after a successful commit from Need Triage to Finished on the VyOS 1.4 Sagitta board.

Jan 20 2024, 11:50 AM · VyOS 1.3 Equuleus (1.3.6), VyOS 1.4 Sagitta

Viacheslav closed T4990: Commit results may not be properly saved if power is cut immediately after a successful commit as Resolved.

Merged and looks working

Jan 20 2024, 11:50 AM · VyOS 1.3 Equuleus (1.3.6), VyOS 1.4 Sagitta

Viacheslav closed T4988: Expose time and size conversion functions as Jinja2 filters as Resolved.

Merged

Jan 20 2024, 11:49 AM · VyOS 1.4 Sagitta

Viacheslav closed T4986: Ability to filter traffic originating from the router itself via firewall as Resolved.

It seems to work :)

set firewall ipv4 output filter rule 10 action reject 
commit

Jan 20 2024, 11:48 AM · VyOS 1.4 Sagitta

Viacheslav triaged T4984: Firewall add mark for outgoing packets as Normal priority.

Jan 20 2024, 11:44 AM · VyOS 1.5 Circinus

Viacheslav triaged T4983: `shutdown_required` should be set when running command `connect interface wwan0` as Low priority.

Jan 20 2024, 11:44 AM

Viacheslav triaged T4982: OpenConnect should have TLS 1.0 and TLS 1.1 disabled by default as Normal priority.

Jan 20 2024, 11:43 AM · VyOS 1.4 Sagitta (1.4.0-epa3)

Viacheslav added a project to T4981: Warn when a nat rule evicts a set of other active rules: VyOS 1.5 Circinus.

Jan 20 2024, 11:43 AM · VyOS 1.5 Circinus

Viacheslav triaged T4981: Warn when a nat rule evicts a set of other active rules as Wishlist priority.

Jan 20 2024, 11:42 AM · VyOS 1.5 Circinus

Viacheslav triaged T5044: High Availability in DHCPv6 -ISC DHCP Failover/Kea as Normal priority.

Jan 20 2024, 11:41 AM · VyOS 1.5 Circinus

Viacheslav added a comment to T5044: High Availability in DHCPv6 -ISC DHCP Failover/Kea.

Can we close it?

Jan 20 2024, 11:40 AM · VyOS 1.5 Circinus

Viacheslav edited projects for T4976: Unable to form bond with Broadcom Inc. BCM57454 NetXtrem-E, added: VyOS 1.5 Circinus; removed VyOS 1.3 Equuleus (1.3.6).

@ghavag Does it work for 1.5?

Jan 20 2024, 11:38 AM · Restricted Project, VyOS 1.5 Circinus

Viacheslav triaged T4976: Unable to form bond with Broadcom Inc. BCM57454 NetXtrem-E as Wishlist priority.

Jan 20 2024, 11:38 AM · Restricted Project, VyOS 1.5 Circinus

Viacheslav closed T4966: UDEV deadlock on interface name shuffle as Resolved.

Merged

Jan 20 2024, 11:37 AM

All StoriesUse ResultsEdit QueryHide Query

Jan 20 2024

All Stories
Use Results
Edit Query
Hide Query