- User Since
- Jul 29 2022, 1:49 PM (69 w, 5 d)
Sep 11 2023
I just tested this with a firewall config with no connection tracking config enabled, still the conntrack modules are loaded and used.
Jun 9 2023
On another router I've changed the base mounts to sync ie: mount /dev/md127 /boot -o remount,rw,noatime,sync before upgrading, but after a reboot it came back corrupted.
Jun 8 2023
Apr 3 2023
I think one of the problems is that all tables are generated even if there are no rules in it.
Apr 1 2023
Jan 11 2023
@jestabro I've created the backport PR just now.
Will push the backport for 1.3 as well.
Jan 7 2023
Jan 6 2023
Dec 31 2022
Dec 18 2022
Dec 17 2022
Backport for this PR. I am not running 1.3 so YMMV.
Had a quick look at the 1.3 implementation and it seems the bug isn't present there. So no back-porting needed @c-po
Dec 16 2022
After screwin up the previous PR:
Nov 23 2022
This task can be closed since the PR is merged.
Nov 16 2022
Nov 8 2022
I've added PR https://github.com/vyos/vyos-1x/pull/1649 for review. Not tested yet, I want to know if I'm on the right path.
Oct 30 2022
Oct 10 2022
@florin If this is needed I'll make a pull request coming week.
Sep 18 2022
Sep 17 2022
It works for me (tm)
Sep 10 2022
Or, come to think, some free from of set interfaces unknown <typeyourownname> firewall local name <ruleset> where you can only config stuff that doesn't really depend on an interface.
Just a suggestion, would it be a weird idea to move the firewall config from the interface section to the firewall section? A bit like the zone config. So something like:
Sep 8 2022
I've tested this and it seems to work correctly.
The interface naming is incorrect after this change for the second interface with the same VRID. It breaks show int.
Sep 2 2022
In case of filtering on a VRF, would it be an idea to use the MAC address instead of the interface name in the rule?
I will modify the docs.
Sep 1 2022
I do see I need to update the docs. Will do if this change is going to be merged.
Aug 23 2022
While reading the FRR docs I see it is only used in BGP and nowhere else. That would make something like set protocols bgp parameters next-hop-track resolve-via-default logical.
@Viacheslav Do you just want this option added to the zebra config, or you it also be possible to enable/disable this via the conf mode?
Aug 22 2022
I've create a PR which does the retry part. It retries 10 time every 0.5 seconds until it succeeds or it's out of retries.
The problem here seems to be that keepalived is started before the complete commit is finished. So conf.get_config_dict() fails to get the config.
Created PR for this https://github.com/vyos/vyos-build/pull/256
Hi, I've created https://github.com/vyos/vyos-1x/pull/1483 for this one.