You mean this existing option, or I am missing something?
vyos@vyos-suri:~$ conf [edit] vyos@vyos-suri# set int eth eth0 description TEST [edit] vyos@vyos-suri# set serv ssh port 8877 [edit] vyos@vyos-suri# set system host-name foo [edit] vyos@vyos-suri# compare [interfaces ethernet eth0] + description "TEST" [service ssh] + port "8877" [system] - host-name "vyos-suri" + host-name "foo"
I suppose the maintainers already considered the below but I got a suggestion on how to resolve this issue:
Created https://vyos.dev/T5622 which must first be resolved before T5593 can get successfully merged.
PR updated for part 1/2 (vyatta-cfg-system): https://github.com/vyos/vyatta-cfg-system/pull/209
PR updated for part 2/2 (vyos-build): https://github.com/vyos/vyos-build/pull/427
This should fix the problem: https://github.com/vyos/vyos-build/pull/428
show-dhcp-leases.pl under vyatta-op remains the only extant deadweight Vyatta script and needs to be removed.
It seems this problem is not caused by IPsec, but it was caused by GRE implementation.
PR for sagitta:
https://github.com/vyos/vyos-1x/pull/2315
Add option protocol, PR https://github.com/vyos/vyos-1x/pull/2313
set policy local-route rule 100 destination '192.0.2.12' set policy local-route rule 100 protocol 'tcp' set policy local-route rule 100 set table '100'
Adding use outline from PR for future reference; the dir vyos-1x-current below refers to a local copy of the vyos-1x source:
PR created for part 1/2 (vyatta-cfg-system): https://github.com/vyos/vyatta-cfg-system/pull/209
Fixed
Build was successful and smoketests are currently in progress.
If build and smoketests are successful a commit will arrive later today.
... of course, feel free to experiment; I have not yet considered the proposed idea.
@Apachez note that those legacy image install scripts will be removed following
https://vyos.dev/T4516
Work on completing that is active this week and should be finished soon. You may want to hold off on this investigation until then.
Point 1 might be solved by using a hooks/live-script for the binary part which is the part after the chroot have been created.
PR created: https://github.com/vyos/vyos-build/pull/426
Turned out to be little of a challenge do "just" strip all binaries (and libraries, modules etc).
Also added flowtable as nothing needs to be sequenced in there either:
https://github.com/JeffWDH/vyos-1x/commit/ac22cc054d9c15af010c824ac9a05f5cc71fc954
I have not contributed code to this project before so let me know if I've missed conventions...
Just to be clear, the build I'm going from is just my own build of current to my own build of current -- it says 1.4 because I only changed the version string to 1.5 after this build went through since i'm the only one using my build :)
I just noticed that this still is a problem. Excerpt below from downloading an upgrade:
PR for 1.3 https://github.com/vyos/vyos-1x/pull/2310
In T5497#160905, @JeffWDH wrote:1.5-rolling-202309250022
Is there a reason why some global options and some address groups (not all) are included in the output? Seems unintentional to me.
Is there a reason why some global options and some address groups (not all) are included in the output? Seems unintentional to me.
We have fwmark for policy local-route
But it is only for match mark and routing decision
vyos@vyos-lns# set policy local-route rule 100 Possible completions: + destination Destination address or prefix fwmark Match fwmark value inbound-interface Inbound Interface > set Packet modifications + source Source address or prefix
Have to add "binutils-common" to make "strip" work within the dockerimage.
This is an artifact of the remaining use in 1.3 of the legacy XorpConfigParser: the last use of that legacy piece was removed from 1.4 in Jan 2021, but is still called by 'vyatta_interface_rescan' so will be seen after changing MAC addresses if the config is not saved. A quick summary of the history is here and quoted below:
Implement hooks-script for livebuild that recursively go through following directories using "strip --strip-all" (syntax to be verified):
Shouldnt that be default for lb then in the vyos buildscripts and how does --debug affect things other than logging during build?
What is the "system update-check url" supposed to be once its implemented?
Note that is is the "--debug" flag that one wants in order to see the full mksquashfs command that is executed.
@stingalleman As mentioned above (and confirmed in discussions earlier this week), we've had few if any reports of issues with the udev approach, so we would be very interested to hear details of your case.
Not sure what to do on this one. The firewall is depending on conntrack module, which updates the conntrack related sysctls. It'd be the same if someone defines custom sysctls used by other conf scripts.
When will this bug be fixed? I am having a lot of issues with this.
Verified to be working as expected.
@jestabro I havent verified it yet but then perhaps the buildscript for VyOS should be altered to include --verbose?
Verified through smoketests.
Verified through smoketests.
PR removing zone-policy op-mode: https://github.com/vyos/vyos-1x/pull/2304