As I mentioned above, use it before the configuration, it described in the doc
#!/bin/vbash
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Sep 14 2022
Sep 14 2022
Viacheslav changed the status of T4685: Interface does not exist on boot when used as inbound-interface for local policy route from Open to Needs testing.
Viacheslav changed the status of T4695: Add 'es' and 'jp106' keymap option keyboard-layout from In progress to Needs testing.
Viacheslav added a comment to T4687: Canot change configuration after image update from 202207220217 to 202209090217.
GitHub <noreply@github.com> committed rVYOSONEX3ed4341db4b3: Merge pull request #1540 from sever-sever/T4695 (authored by c-po).
Viacheslav changed the status of T4693: ISIS segment routing was broken... from Open to Needs testing.
Interesting article on how and when to match ipsec options: https://thermalcircle.de/doku.php?id=blog:linux:nftables_demystifying_ipsec_expressions
There is PR https://github.com/vyos/vyos-1x/pull/1516 for T4667 but it brakes all GRE traffic
Viacheslav changed the status of T4695: Add 'es' and 'jp106' keymap option keyboard-layout from Open to In progress.
Viacheslav renamed T4695: Add 'es' and 'jp106' keymap option keyboard-layout from Add 'es' and 'jp106' keymap to Add 'es' and 'jp106' keymap option keyboard-layout.
Viacheslav added a comment to T4679: OpenVPN site-to-site incorrect check for IPv6 local and remote address.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1539
Hi all,
GitHub <noreply@github.com> committed rVYOSONEXf379df09d839: Merge pull request #1530 from sever-sever/T4679 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX2309f4075831: Merge pull request #1538 from sarthurdev/nftables1_tests (authored by c-po).
Do you have a proposed cli format?
GitHub <noreply@github.com> committed rVYOSONEX5c21529c812b: Merge pull request #1537 from sarthurdev/nhrp_nftables (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXe5c9f290b70c: Merge pull request #1534 from sarthurdev/firewall_interfaces (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX24fc5a832dbd: Merge pull request #1536 from Cheeze-It/current (authored by c-po).
Added a pull request for this fix.
xPakrikx added a comment to T4687: Canot change configuration after image update from 202207220217 to 202209090217.
Nope, i use CLI for configuration and script for vrrp (wireguard interface enable/disable)
Sep 13 2022
Sep 13 2022
Fix for 1.3 https://github.com/vyos/vyos-build/pull/261
c-po edited projects for T2913: Failure to install fpm while building builder docker image, added: VyOS 1.2 Crux (VyOS 1.2.8), VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.2 Crux.
c-po changed the status of T2913: Failure to install fpm while building builder docker image from Open to In progress.
absolutesantaja added a comment to T2913: Failure to install fpm while building builder docker image.
This is also an issue on the 1.3.x builds due to a similar issue. See https://github.com/jordansissel/fpm/issues/1923
It should be possible in https://github.com/vyos/vyos-1x/pull/1534 T2199
set firewall interface ethXvX
Viacheslav added a comment to T4687: Canot change configuration after image update from 202207220217 to 202209090217.
It seems you use some custom scripts for configuration
You have to use
if [ "$(id -g -n)" != 'vyattacfg' ] ; then
exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@"
fibefore your configuration script
c-po moved T4691: Upgrade Linux Kernel to latest 5.15.y train from Open to In Progress on the VyOS 1.4 Sagitta board.
c-po changed the status of T4691: Upgrade Linux Kernel to latest 5.15.y train from Open to In progress.
Sep 12 2022
Sep 12 2022
Refactor PR: https://github.com/vyos/vyos-1x/pull/1534
PR for filter tables: https://github.com/vyos/vyos-1x/pull/1534
Should be fixed in https://github.com/vyos/vyatta-cfg-firewall/pull/34
jestabro changed the status of T4690: Update GraphQL resolver for 'SystemStatus' following changes to 'show_uptime' op-mode script from Open to In progress.
Already renamed:
c-po renamed T3318: Update Linux Kernel to v5.4.208 / 5.10.142 from Update Linux Kernel to v5.4.208 / 5.10.135 to Update Linux Kernel to v5.4.208 / 5.10.142.
jack9603301 moved T4689: Support RFS(Receive Flow Steering) from In Progress to Finished on the VyOS 1.4 Sagitta board.
jack9603301 changed the status of T4689: Support RFS(Receive Flow Steering) from In progress to Needs testing.
GitHub <noreply@github.com> committed rVYOSONEXd2338b7f5b09: Merge pull request #1526 from roedie/T4665-2 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX84ee78e52471: Merge pull request #1533 from jack9603301/T4689 (authored by c-po).
Sep 11 2022
Sep 11 2022
jack9603301 changed the status of T4689: Support RFS(Receive Flow Steering) from Open to In progress.
jack9603301 moved T4689: Support RFS(Receive Flow Steering) from Open to In Progress on the VyOS 1.4 Sagitta board.
jack9603301 renamed T4689: Support RFS(Receive Flow Steering) from Support RFS to Support RFS(Receive Flow Steering).
initramfs updated the task description for T4688: Add support for customizing packet verdict actions in limiter traffic policy.
Sep 10 2022
Sep 10 2022
In T1185#133944, @sdev wrote:A similar syntax change is in progress as part of a larger firewall refactor. It should reach the 1.4 branch in a week or so. It should allow for any valid existing interface name.
In T1185#133941, @roedie wrote:Just a suggestion, would it be a weird idea to move the firewall config from the interface section to the firewall section? A bit like the zone config. So something like:
set firewall local interface eth0 name <firewall-filter> set firewall in interface eth0 name <firewall-filter> set firewall out interface eth0 name <firewall-filter> set firewall local interface bond0.10v22v6 ipv6-name <firewall-filter>The problem is that using zone-policy firewall is a bit overkill for a pure router or even a router with async routing. In which scenario I guess only the local variant would be useful.
Or, come to think, some free from of set interfaces unknown <typeyourownname> firewall local name <ruleset> where you can only config stuff that doesn't really depend on an interface.
Just a suggestion, would it be a weird idea to move the firewall config from the interface section to the firewall section? A bit like the zone config. So something like:
jack9603301 changed the subtype of T4659: Use vtysh to display bridge and some interface parameter information from "Task" to "Feature Request".
jack9603301 changed the subtype of T4686: Provides support for veth from "Task" to "Feature Request".
jack9603301 added a subtask for T3829: Support separated TCP/IP stack via "ip netns": T4686: Provides support for veth.
jack9603301 added a parent task for T4686: Provides support for veth: T3829: Support separated TCP/IP stack via "ip netns".
GitHub <noreply@github.com> committed rVYOSONEX1a2a1591cc73: Merge pull request #1532 from initramfs/current-local-policy-priority (authored by c-po).
Unknown Object (User) added a comment to T874: Support for Two Factor Authentication for CLI access via Google Authenticator/OTP.
First we need to include the "google-authenticator" in our build
Unknown Object (User) claimed T874: Support for Two Factor Authentication for CLI access via Google Authenticator/OTP.
initramfs updated the task description for T4685: Interface does not exist on boot when used as inbound-interface for local policy route.
Sep 9 2022
Sep 9 2022
zsdc changed the status of T2189: Adding a large port-range will take ~ 20 minutes to commit from Open to In progress.
GitHub <noreply@github.com> committed rVYOSONEX65d00bbd7331: Merge pull request #1531 from sever-sever/T4684 (authored by jestabro).
/usr/libexec/vyos/op_mode/route.py already exists but without an execution flag
PR https://github.com/vyos/vyos-1x/pull/1531