Should probably add "-M rpki" permanently to FRR/bgp.

Could the error from latest nightly be due to that rpki module isnt loaded for FRR/bgp?

@fernando This is really nice. Thank you for the testing!

Could https://vyos.dev/T2044 be related to the failed nightly build from last night?

Added PR here https://github.com/vyos/vyos-1x/pull/2263

This is still the case in VyOS 1.5-rolling-202309130022:

Suggestion of "hidden" ruleset (visible when doing show firewall and show firewall statistics):

PR created: https://github.com/vyos/vyos-build/pull/406

Found out that mksquashfs supports -ef EXCLUDE_FILE as a file that (line by line) defines which files and directories to be excluded during creation of filesystem.squashfs. Adding -wildcard will make it possible to use wildcards within the EXCLUDE_FILE.

PR for 1.5: https://github.com/vyos/vyos-1x/pull/2256

PR updated: https://github.com/vyos/vyos-1x/pull/2255

Something like this console command but more handy in op-mode?

PR https://github.com/vyos/vyos-1x/pull/2257

@sdev greats !!!

PR created: https://github.com/vyos/vyos-1x/pull/2255

Turns out that the values who override the vyos-config values are set in /etc/sysctl.d/30-vyos-router.conf:

PR: https://github.com/vyos/vyos-1x/pull/2253

I can confirm that setting these values AFTER boot (and doing commit) they will be properly set.

PR for 1.3.x https://github.com/vyos/vyatta-cfg-quagga/pull/102

@fernando See here: https://github.com/vyos/vyos-build/pull/297

Which VyOS 1.4-rolling will have the fixes made by FRRouting?

Turns out to exist an RFC for this regarding IPv6 along with a naming:

command on 1.5 :

@Apachez note that all lb commands take --debug and --verbose: using 'lb build --debug' in scripts/build-vyos-image will output the full mksquashfs command.

@vfreex I've tested in my labs related this issues , I can confirm that it work as expected . this original zone solved the problem when there was a src-nat /dst-nat with different VRFs or leaking with them ,Thanks you for this contribution .

In T2405#159522, @Apachez wrote:

Note that command = command.lstrip() for def cmd in python/vyos/utils/process.py was reverted yesterday.

Causes funny problems during smoketests.

Note that command = command.lstrip() for def cmd in python/vyos/utils/process.py was reverted yesterday.

I created a PR for Git support here: https://github.com/vyos/vyos-1x/pull/2241

I have created a PR upstream which hopefully resolves why the logging didnt work as expected in VyOS (since the binary_rootfs in vyos-live-build isnt used by the nightly build who uses vyos-build and the deb-package of live-build from Debian 12.x (bookworm)):

op-mode: https://github.com/vyos/vyos-1x/pull/2242

100% agree. If this isn't too big of a hassle to implement, I would very much appreciate the approach/workaround of @Apachez, until nftables supports this feature ootb...

Checked with #netfilter irc-channel.

I just tested this with a firewall config with no connection tracking config enabled, still the conntrack modules are loaded and used.

The same situation as @svd135

I was thinking about N/D and personally I would prefer "None" to be listed for the various "show firewall" commands instead of N/D.

Resolved by: https://vyos.dev/T5564

This can be put to resolved when the backports are confirmed aswell.

N/D == not defined

In T5564#159459, @Apachez wrote:

Confirmed working with VyOS 1.5-rolling-202309110651

A question before setting this to resolved:

What does N/D mean?

Shouldnt it be N/A instead?

Confirmed working with VyOS 1.5-rolling-202309110651

Im a bit allergic to have stuff automatically created which clearly is not enabled by the config.

pim6reg is created by FFR's pim6d. It seems to me that it will create such as interface for each VRF. Does this interface have any functional impact on your setup?

Builds passing: https://github.com/vyos/vyos-rolling-nightly-builds/actions/runs/6142937552

current PR: https://github.com/vyos/vyatta-cfg-system/pull/205

PR https://github.com/vyos/vyos-1x/pull/2240

set protocols static proxy-arp 192.0.2.1 interface eth0
set protocols static proxy-arp 192.0.2.1 interface eth1
set protocols static proxy-ndp 2001:db8::1 interface eth1

I dont know if its related to this task but I noticed recently that even if I have no IPv6 configured on any interface and have IPv6 disabled for forwarding:

set system ipv6 disable-forwarding

I can in VyOS 1.5-rolling-202309080021 see an additional pim6reg interface!?

vyos@vyos:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
...
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq master MGMT state UP group default qlen 1000
...
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq master INTERNET state UP group default qlen 1000
...
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq master INTERNET state UP group default qlen 1000
...
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq master INTERNET state UP group default qlen 1000
...
6: pim6reg@NONE: <NOARP,UP,LOWER_UP> mtu 1452 qdisc noqueue state UNKNOWN group default qlen 1000
    link/pimreg 
7: INTERNET: <NOARP,MASTER,UP,LOWER_UP> mtu 65575 qdisc noqueue state UP group default qlen 1000
...
8: MGMT: <NOARP,MASTER,UP,LOWER_UP> mtu 65575 qdisc noqueue state UP group default qlen 1000
...

Its also visible when running:

monitor bandwidth interface *