- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Jul 11 2023
Jul 3 2023
Jun 15 2023
Should be possible when new refactor is merged: T5160
This would have to be handled with DNS and not in the firewall. Hostnames work on firewall because they are resolved prior to use in rules.
May 4 2023
It might be a boot/slow DHCP lease issue.
May 3 2023
Apr 17 2023
Apr 14 2023
Just to clarify, it changes again to pod-networkname in https://github.com/vyos/vyos-1x/commit/2a876059826927ef204e359a40395955f27503ce (next rolling image) to avoid name constraint issues.
Apr 13 2023
Can you share container config section?
Mar 29 2023
Management Commands
Mar 22 2023
Mar 11 2023
Mar 9 2023
My bad
Discovered a couple of problems with chrony using the existing CLI.
Mar 2 2023
Have started work on migrating isc-dhcp v4/v6 server to Kea.
Feb 22 2023
Feb 21 2023
Builds completing. ISO worker on Jenkins should be fixed and pushing new rolling images shortly.
Feb 13 2023
Feb 3 2023
In T3871#141847, @jestabro wrote:Before adopting the approach mentioned above, there was development of an alternative using pyudev within an 'interface-monitor' daemon; the following branches contain (a version of) the rebased code. It would need a few hours of attention to check the logic and add the is_persistent check from vyos-interface-rescan.py; it could use some refactoring as well.
https://github.com/vyos/vyos-1x/compare/current...jestabro:vyos-1x:interface-monitor
https://github.com/vyos/vyatta-cfg/compare/current...jestabro:vyatta-cfg:interface-monitor
https://github.com/vyos/vyos-build/compare/current...jestabro:vyos-build:interface-monitor
Jan 29 2023
Jan 7 2023
Jan 6 2023
Dec 3 2022
PR to fix recursion check: https://github.com/vyos/vyos-1x/pull/1691
Nov 22 2022
Nov 11 2022
PR for policy route refactor updates to vyos_mangle: https://github.com/vyos/vyos-1x/pull/1654
Nov 3 2022
PR adds groups to NAT: https://github.com/vyos/vyos-1x/pull/1633
Nov 1 2022
Adds firewall node rule N source/destination fqdn domain.com for single domains per rule and refactors resolver daemon.
Oct 31 2022
Oct 29 2022
Good point, I'll try and look into this and see if it can be handled everywhere the new PKI nodes are used.
Oct 28 2022
Best suggestion seems to be introducing a script to call podman stop -t N on shutdown/reboot to reduce the timeout before SIGKILL is sent.
Oct 27 2022
Oct 25 2022
Oct 11 2022
Oct 10 2022
Sep 28 2022
Sep 27 2022
Can we see example destination NAT config with the issue?
Sep 21 2022
Included a fix for this in NAT refactor: https://github.com/vyos/vyos-1x/pull/1552
PR for NAT included with refactor: https://github.com/vyos/vyos-1x/pull/1552
Sep 12 2022
Refactor PR: https://github.com/vyos/vyos-1x/pull/1534
PR for filter tables: https://github.com/vyos/vyos-1x/pull/1534
Sep 10 2022
In T1185#133941, @roedie wrote:Just a suggestion, would it be a weird idea to move the firewall config from the interface section to the firewall section? A bit like the zone config. So something like:
set firewall local interface eth0 name <firewall-filter> set firewall in interface eth0 name <firewall-filter> set firewall out interface eth0 name <firewall-filter> set firewall local interface bond0.10v22v6 ipv6-name <firewall-filter>The problem is that using zone-policy firewall is a bit overkill for a pure router or even a router with async routing. In which scenario I guess only the local variant would be useful.
Aug 17 2022
Not supported at the moment, but we can look into adding it for both ipv4/v6 in 1.4
While I'm for changing to prefixed tables, I think the issue of tailscale and custom apps should fall under the accepted risk of running custom scripts outside of the config.
Any config available to test against?
Jul 7 2022
Jul 6 2022
I think there's still a problem possible with /var/log/messages handling:
Confirmed issue, seems to be a problem in rsyslog/logrotate. Possibly related to T4250
Jul 5 2022
Jul 2 2022
Inverse match PR: https://github.com/vyos/vyos-1x/pull/1386
Jul 1 2022
If the counters are visible and incrementing when checking with nft list table ip filter then I don't think this is an implementation issue. Wondering if its a problem with the syslog daemon.
Jun 29 2022
Jun 27 2022
Jun 25 2022
Jun 15 2022
Jun 13 2022
Working on moving groups to named set as part of a refactor in some firewall code.