PR for 1.3 https://github.com/vyos/vyos-1x/pull/2181
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Aug 28 2023
I don't see any errors in VyOS 1.3-stable-202308240442
vyos@r1# set firewall group network-group FW-OUT network '191.200.161.8/31' [edit] vyos@r1# set firewall group network-group FW-OUT network '191.200.161.8/32' [edit] vyos@r1# commit [edit] vyos@r1# delete firewall group [edit] vyos@r1# commit [edit] vyos@r1#
limitations of old backend
Fixed
[edit] vyos@r1# set policy route-map TEST rule 10 set metric -10 [edit] vyos@r1# commit [edit] vyos@r1# sudo vtysh -c "show run" Building configuration...
This task for the ldpd
https://vyos.dev/T4020
My bad, I don't know how I missed them!
The smoketest was in the same PR https://github.com/vyos/vyos-1x/pull/2162/files#diff-59a88cf4e56c56db9de173bbdeb31600f9733d8598570831364d2d368402af77
@Apachez thanks to you.
Let me check it.
Some tests on filesystem.squashfs from VyOS 1.4-rolling-202308280021.
In T5472#157591, @aderouineau wrote:Should a smoke test be added?
Better to have it
it will be fixed eventually
A note from https://forum.vyos.io/t/clear-logs-on-vyos/6878/10?u=viacheslav that there might be issues if removing directories from within / var/log/* doesnt occur to PR381 since that PR was specific about which files and directories to remove when it comes to / var/log. That is only files NOT directories were removed from / var/log.
Validated the change on version 1.4-rolling-202308250021.
https://github.com/vyos/vyos-1x/pull/2180 implement a workaround by changing the default values of stdout and stderr from PIPE to None.
Aug 27 2023
A baseline could be to look at the linux kernel config used by Alpine Linux for their RPI-builds:
@sdev I saw c-po revert the merge.
and I didn't expect that it will cost lots of time also.
It's better to revert it.
Currently, I will maintain kernel configs in my own branch.
@tjjh89017 This will need to be re-evaluated. The build from your PR was taking in excess of 8 hours on the build server - the defconfig likely needs to be brought down to only the minimum required modules/drivers for successful builds on target devices.
Just a comment:
It should be fixed via https://github.com/vyos/vyos-build/pull/382
This does still need to be addressed in 1.4. Without a version string, the 2-to-3 migrator is adding the conntrack helpers to the default config.
Duplicate T3275
The kernel modules handle tracking of those, rpc/tns are userspace helpers.
So how are all the other helpers added to the ruleset if not dynamically?
They are only defined. Only when the VYOS_CT_HELPER chain is reached will they take effect - see links in my above comment. Being in the default config will have no effect on connection tracking if bypassed by the notrack rule.
Then how come these helpers are always enabled as pointed out at https://vyos.dev/T5080#149232 ?
How come these helpers (pointed out by @saintclairpcarvalho but also )https://vyos.dev/T5479) are always enabled?
They are created but unused by default (see VYOS_CT_HELPER chain)
Found some anomalies regarding show firewall command (I assume related to the refactoring) which I have reported in https://vyos.dev/T5513
Thanks for following up on this issue @rayzilt
Aug 26 2023
The refactored firewall frontend uses rule numbers as described in: https://docs.vyos.io/en/latest/configuration/firewall/general.html#firewall-rules
PR created: https://github.com/vyos/vyos-build/pull/381