Page MenuHomeVyOS Platform
People n.fort

n.fort (Nicolas Fort)
User

Projects

User Details

User Since
Jun 9 2021, 3:23 PM (163 w, 2 d)

Recent Activity
View All

Wed, Jul 24

n.fort changed the status of T6570: Firewall bridge allways passes traffic to IP layer from Confirmed to In progress.
Wed, Jul 24, 5:41 PM · Restricted Project, VyOS 1.5 Circinus
n.fort created T6605: `ConfigError()` behavior is wrong with running `vyos-configd`.
Wed, Jul 24, 12:22 PM · VyOS 1.4 Sagitta (1.4.1), Restricted Project, VyOS 1.5 Circinus

Thu, Jul 18

n.fort claimed T6570: Firewall bridge allways passes traffic to IP layer.
Thu, Jul 18, 5:40 PM · Restricted Project, VyOS 1.5 Circinus

Fri, Jul 12

n.fort changed the status of T6570: Firewall bridge allways passes traffic to IP layer from Open to Confirmed.
Fri, Jul 12, 12:13 PM · Restricted Project, VyOS 1.5 Circinus
n.fort created T6570: Firewall bridge allways passes traffic to IP layer.
Fri, Jul 12, 12:13 PM · Restricted Project, VyOS 1.5 Circinus

Thu, Jul 4

n.fort added a comment to T5654: Migrate policy local-route.

PR: https://github.com/vyos/vyos-1x/pull/3781

Thu, Jul 4, 5:07 PM · VyOS 1.5 Circinus
n.fort closed T6488: Firewall op mode output incomplete as Resolved.
Thu, Jul 4, 11:01 AM · VyOS 1.5 Circinus
n.fort changed the status of T6536: Config migration does not work as expected when update from 1.3.2 to 1.4.0 (with NAT with wildcard and sysctl parameters) from In progress to Needs testing.
Thu, Jul 4, 10:59 AM · VyOS 1.4 Sagitta

Wed, Jul 3

n.fort changed the status of T5654: Migrate policy local-route from Open to In progress.
Wed, Jul 3, 4:05 PM · VyOS 1.5 Circinus

Tue, Jul 2

n.fort changed the status of T6536: Config migration does not work as expected when update from 1.3.2 to 1.4.0 (with NAT with wildcard and sysctl parameters) from Open to In progress.

PR: https://github.com/vyos/vyos-1x/pull/3749

Tue, Jul 2, 12:32 PM · VyOS 1.4 Sagitta

Jun 24 2024

n.fort claimed T6266: Firewall flowtable ability to set timeout for TCP and UDP flow.
Jun 24 2024, 11:07 AM · VyOS 1.5 Circinus
n.fort added a comment to T6266: Firewall flowtable ability to set timeout for TCP and UDP flow.

Now we have:

Jun 24 2024, 11:07 AM · VyOS 1.5 Circinus

Jun 19 2024

n.fort added a comment to T6503: Command 'restart ssh' not working.

Command to restart when ssh running on default vrf:

Jun 19 2024, 6:32 PM · VyOS 1.4 Sagitta (1.4.1), VyOS 1.5 Circinus
n.fort changed the status of T6503: Command 'restart ssh' not working from Open to Confirmed.
Jun 19 2024, 6:17 PM · VyOS 1.4 Sagitta (1.4.1), VyOS 1.5 Circinus
n.fort created T6503: Command 'restart ssh' not working.
Jun 19 2024, 6:16 PM · VyOS 1.4 Sagitta (1.4.1), VyOS 1.5 Circinus
n.fort added a comment to T6488: Firewall op mode output incomplete.

PR: https://github.com/vyos/vyos-1x/pull/3681

Jun 19 2024, 12:19 PM · VyOS 1.5 Circinus
n.fort changed the status of T6488: Firewall op mode output incomplete from Confirmed to In progress.
Jun 19 2024, 12:08 PM · VyOS 1.5 Circinus

Jun 14 2024

n.fort changed the status of T6488: Firewall op mode output incomplete from Open to Confirmed.
Jun 14 2024, 7:08 PM · VyOS 1.5 Circinus
n.fort created T6488: Firewall op mode output incomplete.
Jun 14 2024, 7:08 PM · VyOS 1.5 Circinus
n.fort closed T6394: Migrate conntrack timeout sysctl parameter to firewall as Resolved.
Jun 14 2024, 7:04 PM · VyOS 1.5 Circinus
n.fort closed T3900: Add support for raw tables to firewall as Resolved.
Jun 14 2024, 7:04 PM · VyOS 1.5 Circinus

Jun 6 2024

n.fort changed the status of T3900: Add support for raw tables to firewall from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/3578

Jun 6 2024, 3:25 PM · VyOS 1.5 Circinus
n.fort changed the status of T6394: Migrate conntrack timeout sysctl parameter to firewall from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/3578

Jun 6 2024, 3:25 PM · VyOS 1.5 Circinus

Jun 5 2024

n.fort moved T6375: Fix/Update NAT Logging from Need Triage to Finished on the VyOS 1.5 Circinus board.
Jun 5 2024, 7:02 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort closed T6375: Fix/Update NAT Logging as Resolved.
Jun 5 2024, 7:02 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort closed T6396: MINOR Typo: set system conntrack timeout custom ipv4 rule X as Resolved.
Jun 5 2024, 7:02 AM · VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
n.fort moved T6396: MINOR Typo: set system conntrack timeout custom ipv4 rule X from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-GA) board.
Jun 5 2024, 7:02 AM · VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus

May 24 2024

n.fort changed the status of T6394: Migrate conntrack timeout sysctl parameter to firewall from Open to In progress.
May 24 2024, 12:34 PM · VyOS 1.5 Circinus
n.fort created T6394: Migrate conntrack timeout sysctl parameter to firewall.
May 24 2024, 12:33 PM · VyOS 1.5 Circinus

May 17 2024

n.fort added a comment to T6344: multiple ntp listen-address commands not working.

Yeah, my bad!

May 17 2024, 3:02 PM · VyOS 1.4 Sagitta
n.fort added a comment to T6344: multiple ntp listen-address commands not working.

Maybe we should create another xml file identical to listen-address.xml.i but without multi option define in line 16.

May 17 2024, 2:19 PM · VyOS 1.4 Sagitta
n.fort added a comment to T6362: Create a conntrack/translations logger daemon.

Related to https://vyos.dev/T5471 ?

May 17 2024, 10:53 AM · VyOS 1.5 Circinus

May 14 2024

n.fort changed the status of T3900: Add support for raw tables to firewall from Open to In progress.
May 14 2024, 12:31 PM · VyOS 1.5 Circinus
n.fort placed T5497: Add ability to resequence rule numbers for firewall up for grabs.
May 14 2024, 10:56 AM · VyOS 1.4 Sagitta (1.4.0-epa1)

May 10 2024

n.fort closed T5497: Add ability to resequence rule numbers for firewall as Resolved.
May 10 2024, 2:10 PM · VyOS 1.4 Sagitta (1.4.0-epa1)
n.fort added a comment to T5497: Add ability to resequence rule numbers for firewall.

I'm closing this task a solution was included. I'm not in favor of introducing similar command in configuration mode.

May 10 2024, 2:10 PM · VyOS 1.4 Sagitta (1.4.0-epa1)
n.fort added a comment to T5794: Flowtable with Bond Race.

Maybe we should change firewall priority, and make sure all interfaces are defined in the system before loading firewall?

May 10 2024, 1:58 PM · VyOS 1.5 Circinus
n.fort added a comment to T6329: Firewall - Error while printing groups.

PR: https://github.com/vyos/vyos-1x/pull/3442

May 10 2024, 1:39 PM · VyOS 1.4 Sagitta (1.4.0-epa3), VyOS 1.5 Circinus
n.fort changed the status of T6329: Firewall - Error while printing groups from Open to In progress.
May 10 2024, 1:05 PM · VyOS 1.4 Sagitta (1.4.0-epa3), VyOS 1.5 Circinus
n.fort created T6329: Firewall - Error while printing groups.
May 10 2024, 1:05 PM · VyOS 1.4 Sagitta (1.4.0-epa3), VyOS 1.5 Circinus

May 8 2024

n.fort added a comment to T5177: Make the chain policy configurable.

Behavior change for this issue was fix some month ago in migration scripts, in order to remain action "return" when upgrading from older versions to new syntax.

May 8 2024, 4:32 PM · VyOS 1.5 Circinus
n.fort closed T6269: Polixy route "set table" option is not working correctly as Resolved.
May 8 2024, 4:20 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort closed T6305: IPoE interface wildcard validation error in firewall rules as Resolved.
May 8 2024, 4:19 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

May 7 2024

n.fort closed T6265: Firewall flowtable should allow ethernet only interfaces as Invalid.

Further tests in lab shows that non-ehternet interfaces are needed in order to offload traffic as expected. An example is when using wireguard interface: in order to offload traffic, it's necessary to add interface wgX to the flowtable.
Otherwise, it won't work as expected

May 7 2024, 4:52 PM · VyOS 1.5 Circinus
n.fort added a comment to T6305: IPoE interface wildcard validation error in firewall rules.

PR: https://github.com/vyos/vyos-1x/pull/3424

May 7 2024, 3:25 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort changed the status of T6305: IPoE interface wildcard validation error in firewall rules from Open to In progress.
May 7 2024, 3:06 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

May 6 2024

n.fort claimed T6305: IPoE interface wildcard validation error in firewall rules.
May 6 2024, 7:14 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort added a comment to T6265: Firewall flowtable should allow ethernet only interfaces.

And similar example, using same interfaces and host, but instead of GRE tunnel, using a Wireguard site to site tunnel:

May 6 2024, 5:13 PM · VyOS 1.5 Circinus
n.fort added a comment to T6265: Firewall flowtable should allow ethernet only interfaces.

Example of using flowtables on mater interfaces, and communication between a local host that is on a VLAN (vlan eth2.22 and host 10.22.22.222), and a remote host that is reachable through a GRE tunnel (tunnel established using interface eth0):

May 6 2024, 5:12 PM · VyOS 1.5 Circinus
n.fort changed the status of T6265: Firewall flowtable should allow ethernet only interfaces from Open to In progress.
May 6 2024, 3:28 PM · VyOS 1.5 Circinus
n.fort added a comment to T6265: Firewall flowtable should allow ethernet only interfaces.

PR: https://github.com/vyos/vyos-1x/pull/3414

May 6 2024, 3:28 PM · VyOS 1.5 Circinus
n.fort added a comment to T6288: policy route ipv4 rule order behaviour.

Can you try with newver version?
New fixes were applied.
You can check this tasks:
https://vyos.dev/T6269
https://vyos.dev/T6191

May 6 2024, 11:31 AM · VyOS 1.5 Circinus

Apr 26 2024

n.fort added a comment to T6269: Polixy route "set table" option is not working correctly.

PR: https://github.com/vyos/vyos-1x/pull/3367

Apr 26 2024, 2:21 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort changed the status of T6269: Polixy route "set table" option is not working correctly from Open to In progress.
Apr 26 2024, 12:43 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort created T6269: Polixy route "set table" option is not working correctly.
Apr 26 2024, 12:43 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Apr 22 2024

n.fort created T6257: Add op mode commands for dynamic firewall address groups.
Apr 22 2024, 3:08 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort raised the priority of T4853: OpenVPN: unable to commit changes when the interface is down/unknown state from Normal to High.

Any news about this issue @SrividyaA and @c-po ?

Apr 22 2024, 2:53 PM · VyOS 1.3 Equuleus (1.3.9)

Apr 21 2024

n.fort moved T5535: Move disable-directed-broadcast to firewall global-options from Need Triage to Finished on the VyOS 1.5 Circinus board.
Apr 21 2024, 6:55 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort moved T5535: Move disable-directed-broadcast to firewall global-options from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
Apr 21 2024, 6:55 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort closed T5535: Move disable-directed-broadcast to firewall global-options as Resolved.
Apr 21 2024, 6:54 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort moved T6191: Policy route set-mss option is not working correctly from Need Triage to Finished on the VyOS 1.5 Circinus board.
Apr 21 2024, 6:54 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort closed T6191: Policy route set-mss option is not working correctly as Resolved.
Apr 21 2024, 6:54 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Apr 19 2024

n.fort added a project to T5153: OpenConnect route restriction via iptables is ignored: VyOS 1.3 Equuleus (1.3.7).
Apr 19 2024, 9:46 AM · VyOS 1.3 Equuleus (1.3.8), VyOS 1.5 Circinus
n.fort added a comment to T5153: OpenConnect route restriction via iptables is ignored.

And do you have similar setup and situation in newer version?

Apr 19 2024, 9:46 AM · VyOS 1.3 Equuleus (1.3.8), VyOS 1.5 Circinus

Apr 18 2024

n.fort added a comment to T5153: OpenConnect route restriction via iptables is ignored.

Output seems to be for VyOS 1.3, rather than 1.5
Can you show VyOS version @PeppyH ?

Apr 18 2024, 5:21 PM · VyOS 1.3 Equuleus (1.3.8), VyOS 1.5 Circinus

Apr 17 2024

n.fort added a comment to T6247: Add CGN "full cone" EIF support per RFC6888 REQ-7.

I saw such repository more than once, but it seems that it has been abandoned. Last commit is dated two years ago.

Apr 17 2024, 7:01 PM
n.fort changed the status of T5535: Move disable-directed-broadcast to firewall global-options from Confirmed to Needs testing.
Apr 17 2024, 8:57 AM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort changed the status of T6191: Policy route set-mss option is not working correctly from Confirmed to Needs testing.
Apr 17 2024, 8:56 AM · VyOS 1.4 Sagitta (1.4.0-epa3)

Apr 16 2024

n.fort added a comment to T6191: Policy route set-mss option is not working correctly.

PR: https://github.com/vyos/vyos-1x/pull/3320

Apr 16 2024, 5:51 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort changed Version from 1.4.0-epa2 to 1.4.0-epa2, 1.5-rolling-202404141045 on T6191: Policy route set-mss option is not working correctly.
Apr 16 2024, 4:57 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort changed the status of T6191: Policy route set-mss option is not working correctly from Open to Confirmed.
Apr 16 2024, 4:57 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Apr 15 2024

n.fort added a comment to T5535: Move disable-directed-broadcast to firewall global-options.

PR: https://github.com/vyos/vyos-1x/pull/3309

Apr 15 2024, 2:25 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort changed the status of T5535: Move disable-directed-broadcast to firewall global-options from Open to Confirmed.
Apr 15 2024, 10:12 AM · VyOS 1.4 Sagitta (1.4.0-epa3)

Apr 12 2024

n.fort closed T6214: Error when using some constraints as Resolved.
Apr 12 2024, 5:29 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
n.fort moved T6213: Validations in firewall groups mistakenly reject correct configurations from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Apr 12 2024, 5:28 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort moved T6213: Validations in firewall groups mistakenly reject correct configurations from Need Triage to Finished on the VyOS 1.5 Circinus board.
Apr 12 2024, 5:28 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort closed T6213: Validations in firewall groups mistakenly reject correct configurations as Resolved.
Apr 12 2024, 5:28 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Apr 10 2024

n.fort claimed T6216: Firewall group names that contain the '+' character break the config.
Apr 10 2024, 2:34 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort changed the status of T6216: Firewall group names that contain the '+' character break the config, a subtask of T5938: Migration fail root task for 1.4-rc, from Confirmed to In progress.
Apr 10 2024, 2:01 PM · VyOS 1.4 Sagitta (1.4.1)
n.fort changed the status of T6216: Firewall group names that contain the '+' character break the config from Confirmed to In progress.
Apr 10 2024, 2:01 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort added a comment to T6216: Firewall group names that contain the '+' character break the config.

PR: https://github.com/vyos/vyos-1x/pull/3290

Apr 10 2024, 2:01 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Apr 9 2024

n.fort added a subtask for T5938: Migration fail root task for 1.4-rc: T6216: Firewall group names that contain the '+' character break the config.
Apr 9 2024, 12:20 PM · VyOS 1.4 Sagitta (1.4.1)
n.fort added a parent task for T6216: Firewall group names that contain the '+' character break the config: T5938: Migration fail root task for 1.4-rc.
Apr 9 2024, 12:20 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort changed the status of T6216: Firewall group names that contain the '+' character break the config from Open to Confirmed.
Apr 9 2024, 12:11 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort created T6216: Firewall group names that contain the '+' character break the config.
Apr 9 2024, 12:11 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort added a comment to T6213: Validations in firewall groups mistakenly reject correct configurations.

PR: https://github.com/vyos/vyos-1x/pull/3281

Apr 9 2024, 11:13 AM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort added a comment to T6214: Error when using some constraints.

PR: https://github.com/vyos/vyos-1x/pull/3281

Apr 9 2024, 11:13 AM · VyOS 1.4 Sagitta (1.4.0-epa2)
n.fort renamed T6214: Error when using some constraints from Error when using some contraints to Error when using some constraints.
Apr 9 2024, 9:45 AM · VyOS 1.4 Sagitta (1.4.0-epa2)
n.fort created T6214: Error when using some constraints.
Apr 9 2024, 9:44 AM · VyOS 1.4 Sagitta (1.4.0-epa2)

Apr 8 2024

n.fort moved T6068: Support active-active and active-passive high availability modes in DHCP server from Need Triage to Finished on the VyOS 1.5 Circinus board.
Apr 8 2024, 12:04 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort moved T6068: Support active-active and active-passive high availability modes in DHCP server from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Apr 8 2024, 12:03 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort closed T6068: Support active-active and active-passive high availability modes in DHCP server as Resolved.
Apr 8 2024, 12:03 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort changed the status of T6213: Validations in firewall groups mistakenly reject correct configurations from Open to In progress.
Apr 8 2024, 11:12 AM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort created T6213: Validations in firewall groups mistakenly reject correct configurations.
Apr 8 2024, 11:11 AM · VyOS 1.4 Sagitta (1.4.0-epa3)

Apr 5 2024

n.fort changed the status of T6205: ipoe: error in migration script logic while renaming mac-address to mac, a subtask of T5938: Migration fail root task for 1.4-rc, from Open to Confirmed.
Apr 5 2024, 2:59 PM · VyOS 1.4 Sagitta (1.4.1)
n.fort changed the status of T6205: ipoe: error in migration script logic while renaming mac-address to mac from Open to Confirmed.
Apr 5 2024, 2:59 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Apr 3 2024

n.fort added a comment to T6171: Rename the DHCP server "failover" command to "high-availability mode".

PR for Sagitta: https://github.com/vyos/vyos-1x/pull/3239

Apr 3 2024, 6:09 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort added a comment to T6068: Support active-active and active-passive high availability modes in DHCP server.

PR for Sagitta: https://github.com/vyos/vyos-1x/pull/3239

Apr 3 2024, 6:09 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort added a comment to T6200: Error on adding a wildcard interface.

Try with:

Apr 3 2024, 6:08 PM · VyOS 1.4 Sagitta

Mar 25 2024

n.fort added a comment to T6171: Rename the DHCP server "failover" command to "high-availability mode".

PR for current: https://github.com/vyos/vyos-1x/pull/3188

Mar 25 2024, 6:40 PM · VyOS 1.4 Sagitta (1.4.0-epa3)