PR for op-mode https://github.com/vyos/vyos-1x/pull/1204
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Feb 3 2022
Feb 3 2022
dmbaturin committed rVYOSONEX1920c4faa9d2: firewall-bridge: T4193: Add verify for action reject (authored by Viacheslav).
GitHub <noreply@github.com> committed rVYOSONEX26774b890443: Merge pull request #1201 from sarthurdev/T4178_2 (authored by c-po).
Thanks - works again
Feb 2 2022
Feb 2 2022
sarthurdev changed the status of T4178: policy based routing tcp flags issue from In progress to Needs testing.
sarthurdev changed the status of T4178: policy based routing tcp flags issue from Needs testing to In progress.
Adding this issue to this task: https://forum.vyos.io/t/firewall-configuration-issue-after-upgrade/8414
Unknown Object (User) created T4226: VRRP transition-script does not work for groups name which contains -(minus) sign.
PR https://github.com/vyos/vyos-1x/pull/1200
Fix for telegraf template/scripts for services.
Viacheslav changed the status of T4194: prefix-list no check for duplicate entries from Open to Needs testing.
Unknown Object (User) added a comment to T4210: NAT source/destination negated ports throws an error.
I've used for these tests (VyOS 1.4-rolling-202202010836)
The same situation in general when you want to use "!".
Bad exampels.
set nat source rule 10 destination port !1-5 set nat source rule 10 destination port !22 set nat source rule 10 destination port !http set nat source rule 10 destination port telnet,!http,!123,1001-1005 set nat source rule 10 destination port telnet,http,!123,1001-1005
Feb 1 2022
Feb 1 2022
Unknown Object (User) added a comment to T4218: firewall: rule name is not allowed to start with a number.
( VyOS 1.4-rolling-202202010836)- Rule name which starts with a number work well.
I have found the following links:
tested my previous code in latest rolling, looking good so far.
no errors on commiting.
Seems like this is already handled in T4101
Is there any Linux implementation?
c-po added a comment to T4224: Ethernet interfaces configured for DHCP not working on latest rolling snapshot (vyos-1.4-rolling-202201291849-amd64.iso).
reverted broken commit
reverted commit
Unknown Object (User) changed the status of T4224: Ethernet interfaces configured for DHCP not working on latest rolling snapshot (vyos-1.4-rolling-202201291849-amd64.iso) from Open to Confirmed.
mshipman updated the task description for T4224: Ethernet interfaces configured for DHCP not working on latest rolling snapshot (vyos-1.4-rolling-202201291849-amd64.iso).
Unknown Object (User) added a comment to T4224: Ethernet interfaces configured for DHCP not working on latest rolling snapshot (vyos-1.4-rolling-202201291849-amd64.iso).
Confirm
VyOS 1.4-rolling-202201291849
mshipman added a comment to T4224: Ethernet interfaces configured for DHCP not working on latest rolling snapshot (vyos-1.4-rolling-202201291849-amd64.iso).
My hunch would be that this is the breaking commit, given the context:
Jan 31 2022
Jan 31 2022
c-po renamed T3318: Update Linux Kernel to v5.4.208 / 5.10.142 from Update Linux Kernel to v5.4.174 / 5.10.94 to Update Linux Kernel to v5.4.175 / 5.10.95.
GitHub <noreply@github.com> committed rVYOSONEXb3066e73ff48: Merge pull request #1196 from hensur/current-ipv6-local-route-iif (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX36e54482a242: Merge pull request #1199 from sarthurdev/T4218 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX3aa1ec3f03a9: Merge pull request #1198 from vyos/force_to_list (authored by c-po).
Thanks!😀
sarthurdev changed the status of T4216: Firewall: can't use negated groups in firewall rules from In progress to Needs testing.
sarthurdev changed the status of T4218: firewall: rule name is not allowed to start with a number from In progress to Needs testing.
sarthurdev changed the status of T4223: policy route cannot have several entries with the same table from In progress to Needs testing.
sarthurdev changed the status of T4223: policy route cannot have several entries with the same table from Open to In progress.
I already have a fix for this from your comment on T4213. Will have it included in a PR shortly.
dmbaturin triaged T4221: Add a template filter for converting scalars to single-item lists as Low priority.
Jan 30 2022
Jan 30 2022
dmbaturin committed rVYOSONEX3700c3780ede: firewall-bridge: T4193: Checks if firewall or group not configured (authored by Viacheslav).
I don't know what I'm building. How can I be sure I'm actually building 1.3.0 rather than 1.4? I ask because when I boot off the build I compiled I get the following message at the start of the boot process. Is it 1.3.0 or sagitta (1.4)?
Jan 29 2022
Jan 29 2022
Unknown Object (User) added a comment to T4218: firewall: rule name is not allowed to start with a number.
The same situation if you set the number or special symbol.
sarthurdev changed the status of T4218: firewall: rule name is not allowed to start with a number from Open to In progress.
sarthurdev changed the status of T4216: Firewall: can't use negated groups in firewall rules from Confirmed to In progress.
Unknown Object (User) added a comment to T4214: [DHCP] static route dhcp-interface issues.
I've checked the same scenario on the cisco router.
GitHub <noreply@github.com> committed rVYOSONEX0a0d4abc02da: Merge pull request #1195 from hensur/current-ipv6-local-route (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXd679e9517657: Merge pull request #1197 from sarthurdev/T4178_1 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX8aa7ea8f6c84: Merge pull request #789 from jack9603301/T3420 (authored by dmbaturin).
Failover is handled by my firewall which is upstream of VyOS which I am using more as a router than anything. The commit you listed I believe is actually the fix for T4206, not for this, but I can certainly try that to see if I'm up and running and to see if the issue I'm reporting here is resolved, since I have only tried this setup in 1.3.0 RC6. I'm not sure why you'd think I'd need " failover with custom hook-scripts" for this issue. All I'm trying to do is have a PBR for traffic with the destination IP of local VyOS interfaces to use the main table rather than the vrf table. I also have an issue where if I ping the IP on the FIOS WAN interface from upstream, the reply traffic from the VyOS is sent downstream to the FiOS gateway, so this fails. However, the VyOS isn't doing that for the WOW! WAN interface, and I get the replies as expected. So it seems there are strange things happening. Either things not being cleaned up and/or not being set up right.
Jan 28 2022
Jan 28 2022
Unknown Object (User) added a comment to T4215: Change the description of the "reboot in" command..
Good question. I missed this moment.
So, if you want to reload in some minutes, VYOS offered you two variants:
- To choose between 1 and 99
- To set time when you want to reload VYOS if 99 minutes too short for you (for example 10:00, 12:45, 23:59, and so on)
But descriptions of thees command doesn't have enough information about it.
c-po closed T4217: firewall: port-group requires protocol to be set - but not in VyOS 1.3 as Resolved.
c-po changed the status of T4217: firewall: port-group requires protocol to be set - but not in VyOS 1.3 from Open to In progress.
I've actually found a way to define this properly, resulting rule now looks like below:
tcp dport { 22 } add @FOO_30 { ip saddr limit rate over 4/minute burst 4 packets } counter packets 3 bytes 156 reject comment "FOO-30"
ct state { new } tcp dport { 22 } counter packets 5 bytes 260 return comment "FOO-40"sarthurdev changed the status of T4216: Firewall: can't use negated groups in firewall rules from Open to Confirmed.
I could commit a merge request but I have not figured out in which repo the file is located.
@Viacheslav steps to reproduce: