I revisited this in: https://github.com/vyos/vyos-1x/pull/1147
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Jan 9 2022
@Viacheslav Yes, You're right.
in.tftpd got started (but only a few seconds).
Scenario proposed by @NikolayP gives next content in table ip filter:
A simple check works fine:
Set 20% quota for snmpd
And check it with script:
#!/usr/bin/env bash
It was fixed in above commits, wrong testing form my site.
@aha As I see tftp can't bind ipv6 link local address:
Cherry-pick PR https://github.com/vyos/vyos-1x/pull/1146
It requires checking for 1.3 as it was changed and it uses the old backend on Perl (links above).
vyos@vyos# run show config comm | grep fire set firewall name FOO default-action 'accept' set firewall name FOO rule 10 action 'accept' set firewall name FOO rule 10 source address '198.51.100.0/24' set firewall name FOO rule 999997 action 'drop' set firewall name FOO rule 999997 source address '203.0.113.0/24' [edit]
It seems -V option:
PR for 1.3 https://github.com/vyos/vyos-nhrp/pull/7
PR for 1.4 https://github.com/vyos/vyos-1x/pull/1145
Check a real generated firewall iptables/nftables config
As 10000 it is the latest default rule, so your rules can be applied after default action with seq 10000
Could you also create a pr for 1.4?
Or 1.4 doesn’t have such limits?
Does it work with vlan bridges T3115?
Some notes:
- The old syntax is quite terrible. It breaks if an image is named disk-install or running or any remote protocol. There needs to be a cleaner syntax for it, such as copy file from image My-Image/usr/local/foo to path /tmp/foo or show file in remote ftp://ftp.example.net/foo.
- 'Image tools' isn't exactly a descriptive name for it. It does four operations:
- show: List files in a directory, or spit information about a file followed by its contents (hexdump if it's binary).
- copy: Copy a file or directory from one place to another (it can merge directories).
- delete: Deletes a file or directory (doesn't work remotely).
- update and updateone: Updates an image's config directory with rsync (the only part directly related to image manipulation). This is actually called clone in the CLI.
- show, copy and delete should probably be moved to a separate (new) module related to file operations (and coupled with vyos.remote) whilst update needs to become its own thing (a helper script, perhaps).
Tested in VyOS 1.3-rolling-202201030317 & 1.4-rolling-202201070726
Jan 8 2022
@NikolayP Could you test if all works fine?
Check the real generated firewal rules.
Is it an actual task? If yes, can someone explain which configuration you expect from keepalived.conf or radvd.conf?
As I see PR 9aad6f was merged.
It requires option -6
For example:
sudo ip -6 rule add prio 10 from de:de::1 lookup 5
Show v6 rules:
vyos@r11-roll# sudo ip -6 rule show 0: from all lookup local 10: from de:de::1 lookup 5 32766: from all lookup main [edit] vyos@r11-roll#
The situation has not changed in VyOS 1.4-rolling-202201070726
Jan 7 2022
Tested in VyOS 1.4-rolling-202201060842
Works
Jan 6 2022
@rps this did not make it into 1.3.0, but was discussed recently and will be addressed; it is, as you point out, a regrettable omission in functionality
Do we know if this made it into the 1.3.0 release or is this now a 1.4 issue?
Updates the vyatta-conntrack package to work without legacy firewall and fixes the op-mode commands. Should also fix some conntrack functionality (untested).
Fixed for 1.4 in T4128 with update "keepalived".
In 1.3 we don't update this pkg and it still has this bug.
Jan 5 2022
relaxes the condition to escape non-ascii bytes. Updating the commit id in the Dockerfile and relaxing the ascii restriction in configsource.py will allow unicode chars in config.
PR https://github.com/vyos/vyos-1x/pull/1138
vyos@r11-roll:~$ show interfaces input Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- ifb0 - u/u FOO ifb1 - u/u FOO1 vyos@r11-roll:~$