Page MenuHomeVyOS Platform
People n.fort

n.fort (Nicolas Fort)
User

Projects

User Details

User Since
Jun 9 2021, 3:23 PM (120 w, 1 d)

Recent Activity
View All

Wed, Sep 27

n.fort renamed T5616: Firewall mark - Add capabilities for matching firewall mark from Firewall marl - Add capabilities for matching firewall mark to Firewall mark - Add capabilities for matching firewall mark.
Wed, Sep 27, 5:48 PM · VyOS 1.5 Circinus
n.fort added a comment to T5616: Firewall mark - Add capabilities for matching firewall mark.

PR: https://github.com/vyos/vyos-1x/pull/2314

Wed, Sep 27, 5:48 PM · VyOS 1.5 Circinus

Tue, Sep 26

n.fort changed the status of T5616: Firewall mark - Add capabilities for matching firewall mark from Open to Confirmed.
Tue, Sep 26, 12:11 PM · VyOS 1.5 Circinus
n.fort created T5616: Firewall mark - Add capabilities for matching firewall mark.
Tue, Sep 26, 12:11 PM · VyOS 1.5 Circinus

Thu, Sep 21

n.fort changed the status of T5594: VRRP - Error if using IPv6 Link Local as hello source address from In progress to Needs testing.
Thu, Sep 21, 11:48 AM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.5 Circinus
n.fort added a comment to T5600: Firewall - Remove or extend constraint on 'interface-name'.

PR: https://github.com/vyos/vyos-1x/pull/2300

Thu, Sep 21, 11:25 AM · VyOS 1.5 Circinus

Tue, Sep 19

n.fort renamed T5600: Firewall - Remove or extend constraint on 'interface-name' from Firewall - Remove contraint on 'interface-name' to Firewall - Remove or extend constraint on 'interface-name'.
Tue, Sep 19, 6:16 PM · VyOS 1.5 Circinus
n.fort changed the status of T5600: Firewall - Remove or extend constraint on 'interface-name' from Open to In progress.
Tue, Sep 19, 5:56 PM · VyOS 1.5 Circinus
n.fort created T5600: Firewall - Remove or extend constraint on 'interface-name'.
Tue, Sep 19, 5:56 PM · VyOS 1.5 Circinus

Mon, Sep 18

n.fort changed the status of T5590: Firewall "log enable" logs every packet from Confirmed to In progress.
Mon, Sep 18, 6:12 PM · VyOS 1.5 Circinus
n.fort added a comment to T5590: Firewall "log enable" logs every packet.

PR: https://github.com/vyos/vyos-1x/pull/2283

Mon, Sep 18, 6:06 PM · VyOS 1.5 Circinus
n.fort added a comment to T5594: VRRP - Error if using IPv6 Link Local as hello source address.

PR: https://github.com/vyos/vyos-1x/pull/2281

Mon, Sep 18, 2:09 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.5 Circinus
n.fort changed the status of T5594: VRRP - Error if using IPv6 Link Local as hello source address from Open to In progress.
Mon, Sep 18, 1:18 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.5 Circinus
n.fort created T5594: VRRP - Error if using IPv6 Link Local as hello source address.
Mon, Sep 18, 1:18 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.5 Circinus
n.fort changed the status of T5590: Firewall "log enable" logs every packet from Open to Confirmed.
Mon, Sep 18, 12:57 PM · VyOS 1.5 Circinus

Thu, Sep 14

n.fort changed the status of T5579: Log firewall - Wrong command after firewall refactor, a subtask of T5160: Firewall refactor, from Confirmed to In progress.
Thu, Sep 14, 6:45 PM · VyOS 1.4 Sagitta
n.fort changed the status of T5579: Log firewall - Wrong command after firewall refactor from Confirmed to In progress.

PR: https://github.com/vyos/vyos-1x/pull/2268

Thu, Sep 14, 6:45 PM · VyOS 1.5 Circinus

Wed, Sep 13

n.fort added a subtask for T5160: Firewall refactor: T5579: Log firewall - Wrong command after firewall refactor.
Wed, Sep 13, 3:07 PM · VyOS 1.4 Sagitta
n.fort added a parent task for T5579: Log firewall - Wrong command after firewall refactor: T5160: Firewall refactor.
Wed, Sep 13, 3:07 PM · VyOS 1.5 Circinus
n.fort changed the status of T5579: Log firewall - Wrong command after firewall refactor from Open to Confirmed.
Wed, Sep 13, 3:07 PM · VyOS 1.5 Circinus
n.fort created T5579: Log firewall - Wrong command after firewall refactor.
Wed, Sep 13, 3:07 PM · VyOS 1.5 Circinus
n.fort changed the status of T5561: NAT - Inbound or outbound interface should not be mandatory from Confirmed to In progress.

PR: https://github.com/vyos/vyos-1x/pull/2253

Wed, Sep 13, 10:47 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Tue, Sep 12

n.fort removed a project from T4072: Feature Request: Firewall on bridge interfaces: VyOS 1.3 Equuleus (1.3.5).
Tue, Sep 12, 12:16 PM · VyOS 1.4 Sagitta
n.fort changed the status of T4072: Feature Request: Firewall on bridge interfaces from In progress to Needs testing.

op-mode: https://github.com/vyos/vyos-1x/pull/2242

Tue, Sep 12, 10:17 AM · VyOS 1.4 Sagitta

Mon, Sep 11

n.fort added a comment to T5564: Both show firewall group and show firewall summary fails.

N/D == not defined

Mon, Sep 11, 9:54 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Fri, Sep 8

n.fort changed the status of T5561: NAT - Inbound or outbound interface should not be mandatory from Open to Confirmed.
Fri, Sep 8, 10:48 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort created T5561: NAT - Inbound or outbound interface should not be mandatory.
Fri, Sep 8, 10:47 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort closed T4356: DHCP v6 client only supports single interface configuration as Resolved.

I'm closing this one. No news in the last year, and the tests I've done last month were ok.

Fri, Sep 8, 10:12 AM · VyOS 1.4 Sagitta
n.fort closed T5450: Firewall interface group - Allow inverted matcher as Resolved.
Fri, Sep 8, 10:04 AM · VyOS 1.4 Sagitta
n.fort closed T5460: Firewall - remove config-trap as Resolved.
Fri, Sep 8, 10:04 AM · VyOS 1.4 Sagitta
n.fort closed T5502: Firewall - wrong parser for inbound and/or outbound interface as Resolved.
Fri, Sep 8, 10:03 AM · VyOS 1.4 Sagitta
n.fort changed the status of T4072: Feature Request: Firewall on bridge interfaces from Open to In progress.
Fri, Sep 8, 10:02 AM · VyOS 1.4 Sagitta
n.fort changed the status of T5553: Firewall - Add action continue from Confirmed to In progress.
Fri, Sep 8, 10:01 AM · VyOS 1.4 Sagitta
n.fort added a comment to T5553: Firewall - Add action continue.

Feature included in: https://github.com/vyos/vyos-1x/pull/2222

Fri, Sep 8, 10:01 AM · VyOS 1.4 Sagitta

Thu, Sep 7

n.fort added a comment to T4072: Feature Request: Firewall on bridge interfaces.

PR: https://github.com/vyos/vyos-1x/pull/2222

Thu, Sep 7, 8:47 PM · VyOS 1.4 Sagitta

Wed, Sep 6

n.fort changed the status of T5553: Firewall - Add action continue from Open to Confirmed.
Wed, Sep 6, 5:39 PM · VyOS 1.4 Sagitta
n.fort created T5553: Firewall - Add action continue.
Wed, Sep 6, 5:39 PM · VyOS 1.4 Sagitta

Tue, Sep 5

n.fort added a comment to T5482: Chrony NTP Server Fails To Sync Time.

Are you using vrf? Maybe it's an issue and router can't resolve dns for ntp servers

Tue, Sep 5, 2:11 PM · VyOS 1.4 Sagitta
n.fort claimed T4072: Feature Request: Firewall on bridge interfaces.
Tue, Sep 5, 9:40 AM · VyOS 1.4 Sagitta

Wed, Aug 30

n.fort added a comment to T5496: `show firewall` error.

Adding geo-ip and fqnd too:
https://github.com/vyos/vyos-1x/pull/2188

Wed, Aug 30, 10:27 PM · VyOS 1.4 Sagitta
n.fort changed the status of T5496: `show firewall` error from Open to Needs testing.
Wed, Aug 30, 1:54 PM · VyOS 1.4 Sagitta
n.fort changed the status of T5513: Anomalies in show firewall command after refactoring from Open to Needs testing.
Wed, Aug 30, 1:54 PM · VyOS 1.4 Sagitta
n.fort changed the status of T5250: Firewall - show firewall group from In progress to Needs testing.
Wed, Aug 30, 1:53 PM · VyOS 1.4 Sagitta
n.fort added a comment to T5513: Anomalies in show firewall command after refactoring.

Fixed on this op-mode commands were introduced on PR https://github.com/vyos/vyos-1x/pull/2186

Wed, Aug 30, 1:53 PM · VyOS 1.4 Sagitta
n.fort added a comment to T5496: `show firewall` error.

Corrections and improvements were applied. Please check on next rolling release

Wed, Aug 30, 1:52 PM · VyOS 1.4 Sagitta

Aug 25 2023

n.fort changed the status of T5472: NAT redirect should not require port from In progress to Needs testing.
Aug 25 2023, 5:03 PM · VyOS 1.4 Sagitta
n.fort closed T5501: Firewall - Allow multiple inbound outbound interface as Invalid.

Closing this task because better way to match multiple interfaces in firewall rules would be using interface groups.

Aug 25 2023, 4:56 PM · VyOS 1.4 Sagitta
n.fort added a comment to T5508: Configuration Migration Fails to New Netfilter Firewall Syntax.

Missing vrrp cli version in last line in config.boot file:

Aug 25 2023, 2:16 PM · VyOS 1.4 Sagitta

Aug 23 2023

n.fort changed the status of T5502: Firewall - wrong parser for inbound and/or outbound interface from Open to Confirmed.
Aug 23 2023, 6:51 PM · VyOS 1.4 Sagitta
n.fort created T5502: Firewall - wrong parser for inbound and/or outbound interface.
Aug 23 2023, 6:51 PM · VyOS 1.4 Sagitta
n.fort changed the status of T5501: Firewall - Allow multiple inbound outbound interface from Open to Confirmed.
Aug 23 2023, 6:48 PM · VyOS 1.4 Sagitta
n.fort created T5501: Firewall - Allow multiple inbound outbound interface.
Aug 23 2023, 6:48 PM · VyOS 1.4 Sagitta
n.fort changed the status of T5450: Firewall interface group - Allow inverted matcher from In progress to Needs testing.
Aug 23 2023, 4:30 PM · VyOS 1.4 Sagitta
n.fort added a comment to T5472: NAT redirect should not require port.

PR: https://github.com/vyos/vyos-1x/pull/2162

Aug 23 2023, 1:03 PM · VyOS 1.4 Sagitta
n.fort changed the status of T5472: NAT redirect should not require port from Confirmed to In progress.
Aug 23 2023, 11:49 AM · VyOS 1.4 Sagitta
n.fort added a comment to T4610: Firewall with 20K entries cannot load after reboot.

This delay is not only present in latest version. Huge firewall (and not only firewall) config leads to more processing while committing changes.
Bare in mind that for every firewall config command, python scripts are invoked for sanity checks and for config generation.
If direct nft commands are used, then all this scripts are not called.

Aug 23 2023, 11:19 AM · VyOS 1.4 Sagitta
n.fort closed T4889: Add nftables NAT REDIRECT [to localhost] to CLI as Resolved.
Aug 23 2023, 11:17 AM · vyatta-nat, VyOS 1.4 Sagitta
n.fort changed the status of T5160: Firewall refactor from In progress to Needs testing.
Aug 23 2023, 11:16 AM · VyOS 1.4 Sagitta
n.fort closed T5446: bgp: validity check for bestpath med option as Resolved.
Aug 23 2023, 11:16 AM · VyOS 1.4 Sagitta
n.fort closed T5453: Fix nat66 - broken after load-balance was introduced in nat as Resolved.
Aug 23 2023, 11:14 AM · VyOS 1.4 Sagitta
n.fort changed the status of T5478: Cannot configure resolver-cache options for firewall from In progress to Needs testing.
Aug 23 2023, 11:12 AM · VyOS 1.4 Sagitta

Aug 22 2023

n.fort added a comment to T3509: No BCP38 for IPv6 on VyOS.

There's request for fib matcher: https://vyos.dev/T5119
It would be useful if you could propose cli design for this feature in that task, so we can discuss about it and then work on adding it

Aug 22 2023, 6:30 PM · VyOS 1.4 Sagitta

Aug 15 2023

n.fort changed the status of T5478: Cannot configure resolver-cache options for firewall from Confirmed to In progress.

PR: https://github.com/vyos/vyos-1x/pull/2149

Aug 15 2023, 12:01 PM · VyOS 1.4 Sagitta
n.fort changed the status of T5478: Cannot configure resolver-cache options for firewall from Open to Confirmed.
Aug 15 2023, 10:18 AM · VyOS 1.4 Sagitta
n.fort added a comment to T5160: Firewall refactor.

2.1:
Suggestion that established/related merges to a single rule such as:

Aug 15 2023, 10:09 AM · VyOS 1.4 Sagitta

Aug 14 2023

n.fort changed the status of T5472: NAT redirect should not require port from Open to Confirmed.
Aug 14 2023, 10:09 AM · VyOS 1.4 Sagitta

Aug 11 2023

n.fort changed the status of T5460: Firewall - remove config-trap from Confirmed to Needs testing.
Aug 11 2023, 10:21 PM · VyOS 1.4 Sagitta

Aug 10 2023

n.fort changed the status of T5460: Firewall - remove config-trap from Open to Confirmed.
Aug 10 2023, 7:04 PM · VyOS 1.4 Sagitta
n.fort created T5460: Firewall - remove config-trap.
Aug 10 2023, 7:04 PM · VyOS 1.4 Sagitta
n.fort closed T5416: Ignoring "ipsec match-none" for firewall as Resolved.
Aug 10 2023, 6:54 PM · VyOS 1.4 Sagitta
n.fort claimed T5453: Fix nat66 - broken after load-balance was introduced in nat.
Aug 10 2023, 6:38 PM · VyOS 1.4 Sagitta
n.fort added a comment to T660: 802.1p CoS priority support.

Some internal test where done, using integration between:

  • Traffic shaper. Currently supported in vyos cli
  • Bridge firewall. Currently not supported in vyos cli.
Aug 10 2023, 1:53 PM · VyOS 1.3 Equuleus (1.3.5), VyOS 1.4 Sagitta

Aug 9 2023

n.fort added a comment to T5450: Firewall interface group - Allow inverted matcher.

PR https://github.com/vyos/vyos-1x/pull/2142

Aug 9 2023, 9:19 PM · VyOS 1.4 Sagitta
n.fort changed the status of T5450: Firewall interface group - Allow inverted matcher from Confirmed to In progress.
Aug 9 2023, 9:18 PM · VyOS 1.4 Sagitta
n.fort changed the status of T5453: Fix nat66 - broken after load-balance was introduced in nat from Open to Needs testing.
Aug 9 2023, 6:48 PM · VyOS 1.4 Sagitta
n.fort renamed T5453: Fix nat66 - broken after load-balance was introduced in nat from Fix nat66 smoketest to Fix nat66 - broken after load-balance was introduced in nat.
Aug 9 2023, 10:53 AM · VyOS 1.4 Sagitta
n.fort added a comment to T5453: Fix nat66 - broken after load-balance was introduced in nat.

Not only affects, smoketest.. nat66 got broken

Aug 9 2023, 10:52 AM · VyOS 1.4 Sagitta
n.fort created T5453: Fix nat66 - broken after load-balance was introduced in nat.
Aug 9 2023, 10:03 AM · VyOS 1.4 Sagitta

Aug 8 2023

n.fort changed the status of T5450: Firewall interface group - Allow inverted matcher from Open to Confirmed.
Aug 8 2023, 6:03 PM · VyOS 1.4 Sagitta
n.fort created T5450: Firewall interface group - Allow inverted matcher.
Aug 8 2023, 6:02 PM · VyOS 1.4 Sagitta

Aug 7 2023

n.fort added a comment to T5446: bgp: validity check for bestpath med option.

PR: https://github.com/vyos/vyos-1x/pull/2137

Aug 7 2023, 5:07 PM · VyOS 1.4 Sagitta
n.fort changed the status of T5446: bgp: validity check for bestpath med option from Open to In progress.
Aug 7 2023, 4:07 PM · VyOS 1.4 Sagitta
n.fort closed T5406: "update webproxy blacklists" fails when vrf is being configured as Resolved.
Aug 7 2023, 9:43 AM · VyOS 1.4 Sagitta

Aug 3 2023

n.fort closed T5301: NTP: chrony only allows one bind address as Resolved.
Aug 3 2023, 11:22 AM · VyOS 1.4 Sagitta
n.fort closed T5154: Chrony - multiple listen addresses as Resolved.
Aug 3 2023, 11:21 AM · VyOS 1.4 Sagitta

Jul 31 2023

n.fort updated the task description for T5420: nftables - upgrade to latest 1.0.8.
Jul 31 2023, 5:19 PM · VyOS 1.4 Sagitta
n.fort created T5420: nftables - upgrade to latest 1.0.8.
Jul 31 2023, 5:17 PM · VyOS 1.4 Sagitta
n.fort changed the status of T5406: "update webproxy blacklists" fails when vrf is being configured from Open to In progress.

PR: https://github.com/vyos/vyos-1x/pull/2123

Jul 31 2023, 4:59 PM · VyOS 1.4 Sagitta
n.fort added a comment to T5416: Ignoring "ipsec match-none" for firewall.

PR: https://github.com/vyos/vyos-1x/pull/2121

Jul 31 2023, 10:12 AM · VyOS 1.4 Sagitta
n.fort changed the status of T5416: Ignoring "ipsec match-none" for firewall from Open to Confirmed.
Jul 31 2023, 10:00 AM · VyOS 1.4 Sagitta

Jul 27 2023

n.fort claimed T5406: "update webproxy blacklists" fails when vrf is being configured.
Jul 27 2023, 10:11 AM · VyOS 1.4 Sagitta

Jul 26 2023

n.fort added a comment to T5399: "show ntp" fails when vrf is being configured.

Thanks for testing and submitting PR

Jul 26 2023, 1:37 PM · VyOS 1.4 Sagitta

Jul 25 2023

n.fort added a comment to T5399: "show ntp" fails when vrf is being configured.

Can you check changing

Jul 25 2023, 5:07 PM · VyOS 1.4 Sagitta

Jul 24 2023

n.fort added a comment to T4460: nhrp not starting due to missing cisco-authentication value.

Re opening this task. Migration script needs to be added.

Jul 24 2023, 6:39 PM · VyOS 1.4 Sagitta
n.fort reopened T4460: nhrp not starting due to missing cisco-authentication value as "Confirmed".
Jul 24 2023, 6:38 PM · VyOS 1.4 Sagitta
n.fort changed the status of T4889: Add nftables NAT REDIRECT [to localhost] to CLI from In progress to Needs testing.
Jul 24 2023, 10:11 AM · vyatta-nat, VyOS 1.4 Sagitta

Jul 21 2023

n.fort changed the status of T5014: Destination NAT - Add Load Balancing capabilities from Open to In progress.
Jul 21 2023, 6:05 PM · VyOS 1.4 Sagitta
n.fort added a comment to T5014: Destination NAT - Add Load Balancing capabilities.
vyos@nat-lb-july# run show config comm | grep nat
set nat destination rule 10 destination port '443'
set nat destination rule 10 inbound-interface 'eth3'
set nat destination rule 10 protocol 'tcp'
set nat destination rule 10 translation load-balance mode 'round-robin'
set nat destination rule 10 translation load-balance translation-address 1.1.1.1 hash-value '0'
set nat destination rule 10 translation load-balance translation-address 2.2.2.2 hash-value '1'
set nat destination rule 10 translation load-balance translation-address 3.3.3.3 hash-value '2'
set nat destination rule 10 translation load-balance upper-limit '3'
set nat destination rule 20 destination port '53'
set nat destination rule 20 inbound-interface 'eth3'
set nat destination rule 20 protocol 'udp'
set nat destination rule 20 translation load-balance mode 'random'
set nat destination rule 20 translation load-balance translation-address 1.1.1.1 hash-value '0-24'
set nat destination rule 20 translation load-balance translation-address 2.2.2.2 hash-value '25-49'
set nat destination rule 20 translation load-balance translation-address 3.3.3.3 hash-value '50-99'
set nat destination rule 20 translation load-balance upper-limit '100'
set system host-name 'nat-lb-july'
[edit]
Jul 21 2023, 6:05 PM · VyOS 1.4 Sagitta

Jul 20 2023

n.fort moved T1297: Add GARP settings to VRRP/keepalived from Need Triage to Backport Candidates on the VyOS 1.4 Sagitta board.
Jul 20 2023, 10:41 AM · VyOS 1.3 Equuleus (1.3.5), VyOS 1.4 Sagitta
n.fort closed T4497: ping cannot force ipv4 or ipv6 as Resolved.
Jul 20 2023, 10:38 AM · VyOS 1.4 Sagitta