Yes, I agree with that, readability will be better if everything is in order.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Jan 9 2024
Jan 9 2024
dutty added a comment to T5814: VyOS 1.3 to 1.4 LTS Firewall ruleset migration script breaks configuration.
n.fort added a comment to T5814: VyOS 1.3 to 1.4 LTS Firewall ruleset migration script breaks configuration.
I suggest changing order just as a cosmetic fix: feels more reasonable/readable to parse first "incoming", and then "outgoing"
dutty added a comment to T5814: VyOS 1.3 to 1.4 LTS Firewall ruleset migration script breaks configuration.
@n.fort
Looks like 1) and 2) is correct, as well as 'Action=accept in vyos command shall remain as accept in nftables'.
However, the 3) is not obvious to me. As long as all rules with Action=Accept in both IN and OUT chains will migrate to Action=return, looks like there should be no difference in order, other than probably for performance reason.
I stopped using conntrack-sync before I moved to 1.3 (which I am currently running) so I can't confirm either way.
I expect it's no longer an issue though and this task can be closed.
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXc3ee4b05ff04: console: T4646: Fixed USB console issues (authored by zsdc).
dmbaturin closed T3513: Attempting to remove firewall rule results in error, a subtask of T2199: Rewrite firewall in new XML/Python style, as Not Applicable.
Should be a non-issue with the new firewall implementation.
dmbaturin removed a project from T3763: wireguard checks if port already binding: VyOS 1.3 Equuleus (1.3.6).
sarthurdev changed the status of T5912: DHCP Static mapping don't work on every first lease, a subtask of T3316: Use Kea DHCP(v6) instead of ISC DHCP(v6), from Open to Confirmed.
sarthurdev changed the status of T5912: DHCP Static mapping don't work on every first lease from Open to Confirmed.
n.fort added a comment to T5814: VyOS 1.3 to 1.4 LTS Firewall ruleset migration script breaks configuration.
Changes that seems to be needed only in migration script https://github.com/vyos/vyos-1x/blob/current/src/migration-scripts/firewall/10-to-11:
- Use accept action for base-chains (it's done, no change needed here).
- Migrate action=accept to action=return on every rule.
- fix order and ensure all "in" rules are applied first.
vyos-vm-images will soon be phased out completely.
Jan 9 2024, 8:52 PM · Restricted Project
This issue is on and off, but mostly solved now.
dmbaturin changed the status of T3489: NUMA has been disabled for the past few years and no-one has noticed from Unknown Status to Resolved.
dmbaturin closed T3479: route-maps containing "aggregator as" can not be deleted, a subtask of T2175: Rewriting all FRR processes allow for reloading and to XML/Python style, as Not Applicable.
Jan 9 2024, 8:47 PM · Restricted Project
dmbaturin triaged T3449: Unsuccessful attempt at network boot causes packet loss on associated VLAN as High priority.
Jan 9 2024, 8:44 PM · Restricted Project
dmbaturin triaged T3430: Cloud-init failing with “Unable to render networking” on VyOS 1.3 as High priority.
dmbaturin triaged T3334: Changing serial settings from a serial console ends session abruptly as High priority.
dmbaturin triaged T3338: Some Cloud-Init configurations can prevent login on the router as High priority.
dmbaturin triaged T3011: router becomes unreachable for few minutes when vti interfaces goes down as High priority.
dmbaturin closed T3209: Load balancing rules in firewall, a subtask of T3116: Support back-end L4 level load balancing, as Invalid.
This needs to be properly worded as a feature request, if it's still relevant with the new firewall implementation.
dmbaturin triaged T3204: Performance system option destroy defined sysctl custom params as High priority.
dmbaturin edited projects for T3203: BGP unnumbered - commit fails when route-reflector-client is set, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.6).
dmbaturin closed T3203: BGP unnumbered - commit fails when route-reflector-client is set, a subtask of T2174: Rewrite protocol BGP to new XML/Python style, as Not Applicable.
dmbaturin closed T3203: BGP unnumbered - commit fails when route-reflector-client is set as Not Applicable.
No longer reproducible in 1.5
dmbaturin closed T3154: route-map CLI allows 32-bit ASNs in community options even though FRR doesn't as Not Applicable.
The CLI prevents that now.
dmbaturin added a comment to T3062: Multiple Wireless SSID's on Single Wireless Card causes a crash.
Someone needs to test it on a system with a real wireless NIC.
dmbaturin triaged T3062: Multiple Wireless SSID's on Single Wireless Card causes a crash as High priority.
dmbaturin triaged T2971: Provide a CLI solution for Ingress Shaping when there is SNAT as Low priority.
dmbaturin edited projects for T2845: BGP conf_mode unable to delete configuration with peer-group, added: VyOS 1.3 Equuleus; removed VyOS 1.3 Equuleus (1.3.6).
dmbaturin closed T2845: BGP conf_mode unable to delete configuration with peer-group, a subtask of T2174: Rewrite protocol BGP to new XML/Python style, as Resolved.
dmbaturin removed a project from T2844: BGP conf_mode errors disable-send-community: VyOS 1.3 Equuleus (1.3.6).
dmbaturin closed T2844: BGP conf_mode errors disable-send-community, a subtask of T2174: Rewrite protocol BGP to new XML/Python style, as Resolved.
The script was rewritten and adds all servers now.
dmbaturin triaged T2825: Support for x32 user space ABI (32-bit pointers) on x86-64 arch as Wishlist priority.
Jan 9 2024, 8:10 PM · Restricted Project
I presume it's no longer an issue, but I'd like to confirm.
dmbaturin closed T2793: compare + TAB completion does not show proper username if user contains _ as Not Applicable.
No longer reproducible, the underscore is displayed as expected.
dmbaturin triaged T2770: Allow any character to be used in the SNMP community field as Low priority.
dmbaturin triaged T2762: VRF: when SSHd is VRF bound all commands are executed in VRF context as High priority.
If any new information turns up, feel free to reopen.
dmbaturin triaged T2505: XCP-ng packet drops for small packets (e.g. icmp) under Xen and AWS as High priority.
dmbaturin triaged T2747: "enable-local-traffic" has no effect in load-balancing to redirect local traffic as High priority.
The PR was rejected.
dmbaturin triaged T2477: Make VyOS interactively ask whether user trust remote host SSH fingerprint as Low priority.
dmbaturin removed a project from T2376: /config/user-data and "preserved during image upgrade!": VyOS 1.3 Equuleus (1.3.6).
dmbaturin edited projects for T2254: Provide more information on the build branch in the version data, added: VyOS 1.3 Equuleus; removed VyOS 1.3 Equuleus (1.3.6).
dmbaturin closed T2254: Provide more information on the build branch in the version data as Resolved.
I suppose we need a clearer idea of what we do with sysctl values.
dmbaturin changed the status of T3721: ARM64: 1.4: Fastnetmon in current is a precompiled custom "blob" and amd64 only. (blocks all arm64 builds) from Needs testing to On hold.
Crux is unsupported now.
dmbaturin removed a project from T3712: route-map comm-list can't be used without option delete: VyOS 1.4 Sagitta.
The original syntax is now allowed anymore.
Should be easy to do now that ipaddrcheck supports range validation.
dmbaturin closed T3587: Intel QAT support is broken on VyOS 1.4 due to a Kernel Crash as Not Applicable.
dmbaturin closed T3061: OSPF v2 - Filtered route is added to the routing table as inactive as Not Applicable.