It should be possible in https://github.com/vyos/vyos-1x/pull/1534 T2199
set firewall interface ethXvX
It should be possible in https://github.com/vyos/vyos-1x/pull/1534 T2199
set firewall interface ethXvX
It seems you use some custom scripts for configuration
You have to use
if [ "$(id -g -n)" != 'vyattacfg' ] ; then exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@" fi
before your configuration script
Refactor PR: https://github.com/vyos/vyos-1x/pull/1534
PR for filter tables: https://github.com/vyos/vyos-1x/pull/1534
Should be fixed in https://github.com/vyos/vyatta-cfg-firewall/pull/34
Already renamed:
In T1185#133944, @sdev wrote:A similar syntax change is in progress as part of a larger firewall refactor. It should reach the 1.4 branch in a week or so. It should allow for any valid existing interface name.
In T1185#133941, @roedie wrote:Just a suggestion, would it be a weird idea to move the firewall config from the interface section to the firewall section? A bit like the zone config. So something like:
set firewall local interface eth0 name <firewall-filter> set firewall in interface eth0 name <firewall-filter> set firewall out interface eth0 name <firewall-filter> set firewall local interface bond0.10v22v6 ipv6-name <firewall-filter>The problem is that using zone-policy firewall is a bit overkill for a pure router or even a router with async routing. In which scenario I guess only the local variant would be useful.
Or, come to think, some free from of set interfaces unknown <typeyourownname> firewall local name <ruleset> where you can only config stuff that doesn't really depend on an interface.
Just a suggestion, would it be a weird idea to move the firewall config from the interface section to the firewall section? A bit like the zone config. So something like:
First we need to include the "google-authenticator" in our build
/usr/libexec/vyos/op_mode/route.py already exists but without an execution flag
PR https://github.com/vyos/vyos-1x/pull/1531
I am suggesting marking this task as "Resolved" because the driver works by himself and NIC can be used with a proper configuration.
The real check without IPv4 local/remote:
vyos@r14# commit [ interfaces openvpn vtun2 ]
Created pull request with fix. https://github.com/vyos/vyos-1x/pull/1527
I've tested this and it seems to work correctly.
The interface naming is incorrect after this change for the second interface with the same VRID. It breaks show int.
@aserkin Could you create a PR?
As @zsdc says, it's not enough to just have the driver, the problem is that it doesn't work with MTUs over 1460, and VyOS now tries to force it to 1500 if it's not specified. We need to adjust that logic so that MTU setting error doesn't cause a commit error.
I'd suggest adding
**Restart=always RestartSec=10**
to /usr/share/vyos/templates/telegraf/override.conf.j2 as it is done for ntp.service.
Otherwise the telegraf service do not start - it does 5 start attempts very quickly during boot with error:
Sep 07 11:43:59 vyos-lns-1 systemd[1]: telegraf.service: Failed with result 'exit-code'. Sep 07 11:43:59 vyos-lns-1 systemd[1]: telegraf.service: Scheduled restart job, restart counter is at 5. Sep 07 11:43:59 vyos-lns-1 systemd[1]: telegraf.service: Start request repeated too quickly. Sep 07 11:43:59 vyos-lns-1 systemd[1]: telegraf.service: Failed with result 'exit-code'.
and stays in a failed state.
see boot log attached.