this new command was merge in order to solved this problem :
vyos@vrf-test:~$ show configuration commands | match disable set protocols bgp parameters disable-ebgp-connected-route-check
this new command was merge in order to solved this problem :
vyos@vrf-test:~$ show configuration commands | match disable set protocols bgp parameters disable-ebgp-connected-route-check
The original issue was resolved.
Always exclude this address from any defined range. This address will never be assigned by the DHCP server.
Ok, it will exclude in any range.
Forget about it
The issue seems to be in zebra/interface.c:
This actually also happens without a reboot on my test system.
After the fix
Personally I dont think its a good idea to be able to use VyOS as a jumphost towards victims of scanning.
@ServerForge It is question for hsflowd
You can open the issue on their git repo
ok, i'll change a port list and nmap scenario
Its no longer failing to start, but it seems to be only capturing inbound traffic on the tunnel, no outbound. I'm also observing this behavior on vlan interfaces, IE bond0.10.
Proposed CLI:
set nat cgnat pool external <external> range 192.0.2.0/30 seq 1 set nat cgnat pool external <external> range 192.0.2.128-192.0.2.132 seq 2 set nat cgnat pool external <external> per-user-limit port 1024 set nat cgnat pool external <external> global-port-range 1024-65535 set nat cgnat pool internal <internal> range 100.64.1.0/24
I'm not sure that a list of ports will be helpful in this way.
From time to time, we need to scan specific ports.
What about
force scan-port-host <x.x.x.x> proto <tcp|udp> port '8080-8081,9200' force port--discovery-host <x.x.x.x> proto <tcp|udp> port '8080' force port-scan host <x.x.x.x> proto <tcp|udp> port '8080'
And use native nmap binaries (as python3 nmap module is not installed by default)
Also, it has XML format if you want a custom table:
sudo nmap -oX - 127.0.0.1
Probably VNI is applied after BGP
vyos@r4:~$ /usr/libexec/vyos/priority.py | match "vrf|bri|vxlan" 11 vrf.py ['vrf'] 310 interfaces_bridge.py ['interfaces', 'bridge'] 460 interfaces_vxlan.py ['interfaces', 'vxlan'] 481 protocols_static.py ['vrf', 'name', 'protocols', 'static'] 611 protocols_isis.py ['vrf', 'name', 'protocols', 'isis'] 621 protocols_ospf.py ['vrf', 'name', 'protocols', 'ospf'] 621 protocols_ospfv3.py ['vrf', 'name', 'protocols', 'ospfv3'] 821 protocols_bgp.py ['vrf', 'name', 'protocols', 'bgp'] 821 protocols_eigrp.py ['vrf', 'name', 'protocols', 'eigrp'] 822 vrf_vni.py ['vrf', 'name', 'vni'] vyos@r4:~$
The current priorities:
vyos@r4:~$ /usr/libexec/vyos/priority.py | match "vrf|bri|vxlan" 11 vrf.py ['vrf'] 310 interfaces_bridge.py ['interfaces', 'bridge'] 460 interfaces_vxlan.py ['interfaces', 'vxlan'] 481 protocols_static.py ['vrf', 'name', 'protocols', 'static'] 611 protocols_isis.py ['vrf', 'name', 'protocols', 'isis'] 621 protocols_ospf.py ['vrf', 'name', 'protocols', 'ospf'] 621 protocols_ospfv3.py ['vrf', 'name', 'protocols', 'ospfv3'] 821 protocols_bgp.py ['vrf', 'name', 'protocols', 'bgp'] 821 protocols_eigrp.py ['vrf', 'name', 'protocols', 'eigrp'] 822 vrf_vni.py ['vrf', 'name', 'vni'] vyos@r4:~$
@kevinrausch Thank you for the report, next time it is better to use set of the commands to reproduce
vyos@r4:~$ generate tech-support archive /tmp/foo Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/generate_tech-support_archive.py", line 123, in <module> tmp_dir.mkdir() File "/usr/lib/python3.11/pathlib.py", line 1117, in mkdir os.mkdir(self, mode) FileNotFoundError: [Errno 2] No such file or directory: '/tmp/foo/drops-debug_2024-03-31T12-07-09' vyos@r4:~$
It seems hardcoded here https://github.com/vyos/vyos-1x/blob/252d03d6e419aae14ae75caed38d1b1001c916a2/src/op_mode/generate_tech-support_archive.py#L96
I think the wrapping should be left for the output to select since you can either be in a regular serialconsole of 80x25 or some highresmode which brings more characters per line or even through SSH with a 4k monitor which will be plenty of lines.
Since descriptions can be very long I assume there will be a linewrap at the end?
Since descriptions can be very long I assume there will be a linewrap at the end?
line 107: available_images: list[str] = annotated_list(grub.version_list())
Should be: available_images: list[str] = grub.version_list()