Page MenuHomeVyOS Platform
Feed All Stories

All Stories
Use Results
Edit Query

Jan 22 2022

sarthurdev committed rVYOSONEX3e55af0ccdf0: Firewall: T4186: Adding icmpv6 corrections, in corcondancy of what was done for… (authored by Nicolas Fort <nicolasfort1988@gmail.com>).
Jan 22 2022, 7:55 AM
GitHub <noreply@github.com> committed rVYOSONEX3b7629eaa4c8: Merge pull request #1184 from sarthurdev/firewall_icmp (authored by c-po).
Jan 22 2022, 7:55 AM
jack9603301 added a comment to T2898: Support NDP proxy.

@hensur See PR, I implemented a merge script and provided three solutions.

Jan 22 2022, 6:36 AM · VyOS 1.4 Sagitta
kroy created T4202: NFT: Zone policies fail to apply when "l2tp+" is in the interface list.
Jan 22 2022, 4:53 AM · VyOS 1.4 Sagitta

Jan 21 2022

artooro closed T4200: Assigning ipv6-name to interface is not generating nftables rules as Resolved.
Jan 21 2022, 10:35 PM · VyOS 1.4 Sagitta
artooro added a comment to T4200: Assigning ipv6-name to interface is not generating nftables rules.

Confirmed, I just built a new image using 1.4-rolling-202201212148 and I can no longer reproduce the issue.

Jan 21 2022, 10:34 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T4186: Firewall icmp type - Offered options not supported.

PR + migration: https://github.com/vyos/vyos-1x/pull/1184

Jan 21 2022, 10:08 PM · VyOS 1.4 Sagitta
artooro added a comment to T4199: Commit failed when setting icmpv6 type any.
In T4199#117215, @n.fort wrote:
Jan 21 2022, 9:42 PM · VyOS 1.4 Sagitta
n.fort added a comment to T4131: Show firewall group incorrect format members.

Loading address group described in task and then printing, works OK.

Jan 21 2022, 6:52 PM · VyOS 1.4 Sagitta
n.fort closed T4144: Firewall address-group - Improve error messages as Resolved.
Jan 21 2022, 6:44 PM · VyOS 1.4 Sagitta
n.fort added a comment to T4144: Firewall address-group - Improve error messages.

Tested on VyOS 1.4-rolling-202201180317 and working as expected.

Jan 21 2022, 6:44 PM · VyOS 1.4 Sagitta
n.fort closed T4133: Firewall network group error with zone-based firewall rules as Resolved.
Jan 21 2022, 6:35 PM · VyOS 1.4 Sagitta, VyConf
n.fort added a comment to T4133: Firewall network group error with zone-based firewall rules.

Seems solved, Not reproducible on VyOS 1.4-rolling-202201180317

Jan 21 2022, 6:35 PM · VyOS 1.4 Sagitta, VyConf
n.fort changed the status of T4199: Commit failed when setting icmpv6 type any from In progress to Confirmed.
Jan 21 2022, 6:20 PM · VyOS 1.4 Sagitta
n.fort added a comment to T4199: Commit failed when setting icmpv6 type any.

Did did work as expeced

vyos@vyos# run show config comm | grep fire
set firewall ipv6-name FOO rule 10 action 'accept'
set firewall ipv6-name FOO rule 10 icmpv6 type 'echo-request'
set firewall ipv6-name FOO rule 10 protocol 'ipv6-icmp'
Jan 21 2022, 6:03 PM · VyOS 1.4 Sagitta
n.fort added a comment to T4199: Commit failed when setting icmpv6 type any.

Also, while matching parameters valid in nftables, such as echo-reply, commit fails too:

Jan 21 2022, 4:29 PM · VyOS 1.4 Sagitta
Viacheslav closed T4137: Firewall group configuration allows to set incorrect port range and invalid port as Resolved.
Jan 21 2022, 4:22 PM · VyOS 1.4 Sagitta
n.fort created T4201: Firewall - ICMPv6 matches not working as expected on 1.3.0.
Jan 21 2022, 4:20 PM · VyOS 1.3 Equuleus (1.3.0)
hensur committed rVYOSONEX2e4bceee568d: policy: T4151: Bugfix policy ipv6-local-route.
Jan 21 2022, 1:51 PM
GitHub <noreply@github.com> committed rVYOSONEXf791d3ef4c33: Merge pull request #1183 from hensur/current-ipv6-local-route (authored by c-po).
Jan 21 2022, 1:51 PM
hensur added a comment to T4151: IPV6 local PBR Support.

Should be fixed with https://github.com/vyos/vyos-1x/pull/1183

Jan 21 2022, 12:29 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
n.fort added a comment to T4199: Commit failed when setting icmpv6 type any.

Bug related: https://phabricator.vyos.net/T4186

Jan 21 2022, 12:27 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4199: Commit failed when setting icmpv6 type any from Open to In progress.
Jan 21 2022, 12:22 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T4200: Assigning ipv6-name to interface is not generating nftables rules.

I can't reproduce this issue on latest rolling

Jan 21 2022, 12:03 PM · VyOS 1.4 Sagitta
hensur added a comment to T4151: IPV6 local PBR Support.

I'm looking into it. From the logs it seems like for src in (pbr[rule_rm][rule]['source'] or ['']) doesn't work if 'source' doesn't exist.

Jan 21 2022, 9:44 AM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
goodNETnick <pknet@ya.ru> committed rVYOSONEX28a92e75cf93: DHCP: T4196: fix client-prefix-length parameter.
Jan 21 2022, 7:59 AM
GitHub <noreply@github.com> committed rVYOSONEXec5eb00bd83a: Merge pull request #1180 from goodNETnick/dhcp-client-prefix (authored by c-po).
Jan 21 2022, 7:59 AM
Viacheslav added a comment to T4151: IPV6 local PBR Support.

@hensur Smoketest failed.

Jan 21 2022, 7:12 AM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
Unknown Object (User) added a comment to T4154: Error add second gre tunnel with the same source interface.

(VyOS 1.4-rolling-202201200814) - The same.

Jan 21 2022, 2:39 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Unknown Object (User) added a comment to T4137: Firewall group configuration allows to set incorrect port range and invalid port.

I ve testet it on (Version:VyOS 1.4-rolling-202201200814). It seems well.

Jan 21 2022, 2:21 AM · VyOS 1.4 Sagitta
Unknown Object (User) added a comment to T4115: reboot in <x> not working as expected.

I ve tested this scenario on VyOS 1.4-rolling-202201200814, as said Srividya you can choose minutes betwen 1-99.
If this is critical, you can expand the range by opening a "feature request".

Jan 21 2022, 12:52 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta

Jan 20 2022

c-po closed T4171: Interface config migration error on 1.2.8 -> 1.4 upgrade, a subtask of T3871: Resolve unexpected interface name reordering, as Resolved.
Jan 20 2022, 7:45 PM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA)
c-po closed T4171: Interface config migration error on 1.2.8 -> 1.4 upgrade as Resolved.
Jan 20 2022, 7:45 PM · VyOS 1.4 Sagitta
c-po added a subtask for T3871: Resolve unexpected interface name reordering: T4171: Interface config migration error on 1.2.8 -> 1.4 upgrade.
Jan 20 2022, 7:45 PM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA)
c-po added a parent task for T4171: Interface config migration error on 1.2.8 -> 1.4 upgrade: T3871: Resolve unexpected interface name reordering.
Jan 20 2022, 7:45 PM · VyOS 1.4 Sagitta
c-po added a comment to T4171: Interface config migration error on 1.2.8 -> 1.4 upgrade.

Seems to have fixed it

Jan 20 2022, 7:44 PM · VyOS 1.4 Sagitta
jestabro committed rVYOSONEXa41826759ae7: interface-names: T3871: use tempfile during virtual migration.
Jan 20 2022, 7:44 PM
GitHub <noreply@github.com> committed rVYOSONEX93cdb6f1ca00: Merge pull request #1182 from jestabro/migrate-while-udev (authored by c-po).
Jan 20 2022, 7:44 PM
sarthurdev committed rVYOSONEXd1d0150b6a40: firewall: T2199: Add log prefix to match legacy perl behaviour.
Jan 20 2022, 7:22 PM
GitHub <noreply@github.com> committed rVYOSONEXfcb1b6c69ffc: Merge pull request #1181 from sarthurdev/firewall (authored by c-po).
Jan 20 2022, 7:22 PM
SrividyaA claimed T4115: reboot in <x> not working as expected.
Jan 20 2022, 5:43 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
artooro added a project to T4200: Assigning ipv6-name to interface is not generating nftables rules: VyOS 1.4 Sagitta.
Jan 20 2022, 5:25 PM · VyOS 1.4 Sagitta
artooro updated artooro.
Jan 20 2022, 5:21 PM
artooro created T4200: Assigning ipv6-name to interface is not generating nftables rules.
Jan 20 2022, 5:19 PM · VyOS 1.4 Sagitta
artooro created T4199: Commit failed when setting icmpv6 type any.
Jan 20 2022, 4:55 PM · VyOS 1.4 Sagitta
Viacheslav renamed T4197: Vyos arm64-latest build issue with telegraf pkg from Vyos arm64-latest build issue to Vyos arm64-latest build issue with telegraf pkg.
Jan 20 2022, 4:01 PM · VyOS 1.4 Sagitta
Viacheslav updated the task description for T4197: Vyos arm64-latest build issue with telegraf pkg.
Jan 20 2022, 4:01 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4198: Error shown on commit.

@adestis Could you share commands, on how to reproduce this bug? Thanks.

Jan 20 2022, 3:50 PM · VyOS 1.3 Equuleus (1.3.0)
adestis created T4198: Error shown on commit.
Jan 20 2022, 3:40 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav changed the status of T4151: IPV6 local PBR Support from Open to Needs testing.
Jan 20 2022, 2:24 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
hensur committed rVYOSONEX0d4079ca3a3d: policy: T4151: Add policy ipv6-local-route.
Jan 20 2022, 2:16 PM
GitHub <noreply@github.com> committed rVYOSONEX876d108c5dba: Merge pull request #1144 from hensur/current-ipv6-local-route (authored by c-po).
Jan 20 2022, 2:16 PM
Viacheslav changed the subtype of T4196: DHCP server client-prefix-length parameter results in non-functional leases from "Task" to "Bug".
Jan 20 2022, 12:58 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)
Viacheslav changed the status of T4196: DHCP server client-prefix-length parameter results in non-functional leases from Open to In progress.
Jan 20 2022, 12:58 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)
Unknown Object (User) added a comment to T4196: DHCP server client-prefix-length parameter results in non-functional leases.

PR:
https://github.com/vyos/vyos-1x/pull/1180/files

Jan 20 2022, 12:07 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)
al-pankov created T4197: Vyos arm64-latest build issue with telegraf pkg.
Jan 20 2022, 6:47 AM · VyOS 1.4 Sagitta
Unknown Object (User) added a comment to T4196: DHCP server client-prefix-length parameter results in non-functional leases.

From ISC-DHCP manual pages:
https://kb.isc.org/docs/isc-dhcp-44-manual-pages-dhcp-options

Jan 20 2022, 4:38 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)
Unknown Object (User) updated the task description for T4196: DHCP server client-prefix-length parameter results in non-functional leases.
Jan 20 2022, 4:22 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)
Unknown Object (User) created T4196: DHCP server client-prefix-length parameter results in non-functional leases.
Jan 20 2022, 4:11 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)

Jan 19 2022

sarthurdev committed rVYOSONEX0a5a78621b2b: firewall: T3560: Add support for MAC address groups.
Jan 19 2022, 5:56 PM
GitHub <noreply@github.com> committed rVYOSONEX569dfa77f07c: Merge pull request #1177 from sarthurdev/mac_groups (authored by c-po).
Jan 19 2022, 5:56 PM
c-po triaged T4195: [OSPF-ECMP]enable set maximun-path as Low priority.
Jan 19 2022, 5:53 PM · VyOS 1.4 Sagitta
c-po closed T4195: [OSPF-ECMP]enable set maximun-path as Resolved.
Jan 19 2022, 5:53 PM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEX081fc4466f20: firewall: policy: T1292: Clean up any rules required to delete a chain.
Jan 19 2022, 5:06 PM
sarthurdev committed rVYOSONEXf96a4fcd5d0c: firewall: T2199: Raise ConfigError if deleted node is used in zone-policy.
Jan 19 2022, 5:06 PM
GitHub <noreply@github.com> committed rVYOSONEX10a740096edb: Merge pull request #1176 from sarthurdev/firewall (authored by c-po).
Jan 19 2022, 5:06 PM
fett0 <fernando.gmaidana@gmail.com> committed rVYOSONEXc31f085b5d87: OSPF : T4195: ability to set maximum paths for OSPF.
Jan 19 2022, 5:06 PM
GitHub <noreply@github.com> committed rVYOSONEX258dd07904be: Merge pull request #1179 from fett0/T4195 (authored by c-po).
Jan 19 2022, 5:06 PM
fernando added a comment to T4195: [OSPF-ECMP]enable set maximun-path.

PR : https://github.com/vyos/vyos-1x/pull/1179

Jan 19 2022, 4:11 PM · VyOS 1.4 Sagitta
fernando created T4195: [OSPF-ECMP]enable set maximun-path.
Jan 19 2022, 4:00 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4193: Add support for transparent firewall.

PR for required interface "nodes" https://github.com/vyos/vyatta-cfg-firewall/pull/30

Jan 19 2022, 12:31 PM · VyOS 1.4 Sagitta
Viacheslav changed the subtype of T4194: prefix-list no check for duplicate entries from "Task" to "Bug".

In fact you find a new bug in 1.4

Jan 19 2022, 10:29 AM · VyOS 1.4 Sagitta
FileGo added a comment to T4188: Firewall does not correctly handle conntracking.

Seems to be working fine as far as I can see.

Jan 19 2022, 7:52 AM · VyOS 1.4 Sagitta
hexes added a comment to T4025: OpenVPN server with TAP interface, client didn’t see network.

Hello @Viacheslav, thanks for reply, so, if you'll bridge vtun94 and eth0.94 to br94 will it work in L2 level?
Did you push this update to nightbuild?

Jan 19 2022, 3:39 AM · Bugs, VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.1), Restricted Project, openvpn
Unknown Object (User) created T4194: prefix-list no check for duplicate entries.
Jan 19 2022, 2:00 AM · VyOS 1.4 Sagitta

Jan 18 2022

Viacheslav added a comment to T4072: Feature Request: Firewall on bridge interfaces.

Some details in T4193

Jan 18 2022, 8:51 PM · VyOS 1.4 Sagitta
dmbaturin created T4193: Add support for transparent firewall.
Jan 18 2022, 7:41 PM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEXa7e14cba820f: firewall: T4188: Create default conntrack `FW_CONNTRACK` chain.
Jan 18 2022, 6:59 PM
GitHub <noreply@github.com> committed rVYOSONEXc77369761f9c: Merge pull request #1178 from sarthurdev/firewall_T4188 (authored by c-po).
Jan 18 2022, 6:59 PM
n.fort closed T292: [ZBF] Allow filtering intra zone traffic as Resolved.
Jan 18 2022, 6:29 PM · VyOS 1.4 Sagitta
n.fort added a comment to T292: [ZBF] Allow filtering intra zone traffic.

Resolved in T3873

Jan 18 2022, 6:29 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4188: Firewall does not correctly handle conntracking from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1178

Jan 18 2022, 6:02 PM · VyOS 1.4 Sagitta
johannrichard awarded T3560: Ability to create groups of MAC addresses a Like token.
Jan 18 2022, 5:46 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T3560: Ability to create groups of MAC addresses, a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to Needs testing.
Jan 18 2022, 5:35 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev changed the status of T3560: Ability to create groups of MAC addresses from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1177

Jan 18 2022, 5:35 PM · VyOS 1.4 Sagitta
sarthurdev renamed T4188: Firewall does not correctly handle conntracking from Firewall does not match ICMPv6 packets to Firewall does not correctly handle conntracking.
Jan 18 2022, 5:30 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4188: Firewall does not correctly handle conntracking from Open to In progress.

Okay, thanks for the update. I have found a conntrack issue in the code. Will have a fix in shortly.

Jan 18 2022, 5:29 PM · VyOS 1.4 Sagitta
Unknown Object (User) added a comment to T3522: policy based routing not working.

Looks like I see the same issue for 1.3.0. Reproducing steps:

set interfaces ethernet eth1 address 'dhcp'
set protocols static table 1 route 0.0.0.0/0 dhcp-interface eth1
Jan 18 2022, 4:06 PM · VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project
FileGo reopened T4188: Firewall does not correctly handle conntracking as "Open".

Thanks, this does fix the ICMP issue, however rule 10 which is supposed to accept packets with related/established states (say a HTTP response following a request), doesn't seem to match any packets, and the packets get dropped by the default rule.

Jan 18 2022, 4:04 PM · VyOS 1.4 Sagitta
n.fort added a comment to T4178: policy based routing tcp flags issue.

TCP Flags seems to be working on firewall filter config.

Jan 18 2022, 3:01 PM · VyOS 1.4 Sagitta
n.fort closed T3873: Zone based Firewall - Filter traffic in same zone as Resolved.
Jan 18 2022, 2:18 PM · VyOS 1.4 Sagitta
n.fort added a comment to T3873: Zone based Firewall - Filter traffic in same zone.

Tested on VyOS 1.4-rolling-202201180317 and working as expected

Jan 18 2022, 2:18 PM · VyOS 1.4 Sagitta
sarthurdev closed T4159: Empty firewall group (address, network & port) generates invalid nftables config, commit fails, a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Jan 18 2022, 1:50 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev closed T4159: Empty firewall group (address, network & port) generates invalid nftables config, commit fails as Resolved.
Jan 18 2022, 1:50 PM · VyOS 1.4 Sagitta
sarthurdev closed T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases , a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Jan 18 2022, 1:50 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev closed T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases as Resolved.
Jan 18 2022, 1:50 PM · VyOS 1.4 Sagitta
sarthurdev closed T3286: Switch the firewall from iptables to nftables, a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Jan 18 2022, 1:47 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev closed T3286: Switch the firewall from iptables to nftables as Resolved.
Jan 18 2022, 1:47 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T1292: Issues while deleting all rules from a firewall, a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to Needs testing.
Jan 18 2022, 1:45 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev changed the status of T1292: Issues while deleting all rules from a firewall from Open to Needs testing.

Fixed in 1.4 PR: https://github.com/vyos/vyos-1x/pull/1176

Jan 18 2022, 1:45 PM · VyOS 1.4 Sagitta
First
Prev
Next