Page MenuHomePhabricator

strip-private command improvement for additional masking
Open, Requires assessmentPublic


I think need improve some private data. If we set set system login user vyos full-name 'First Second Third ...' after stripe-private returned only first word masking

set system login user xxxxxx full-name xxxxxx Second Third ...'

And same history with ipv6 addresses which is unmasked

set interfaces tunnel tun0 address '2001:DB8::1/32'
set interfaces ethernet eth1 ipv6 router-advert name-server '2001:DB8:100::1'

I propose check ours configs with show configuration commands | strip-private command and add to this task additional unmasked private data


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close

Event Timeline

Dmitry created this task.Aug 8 2019, 10:33 AM
Dmitry created this object in space S1 VyOS Public.

@Dmitry Do you know ABOUT BGP Communities filtering?

c-po added a subscriber: c-po.Aug 8 2019, 11:19 AM

@Dmity stripping is done here:

Maybe we should use IPv4/IPv6 documentation prefixes instead of just masking them?

@c-po yes, I saw this script. About documentation prefixes is not bad idea, but with XXXXX view more pretty, I think.

@noitcennok , can you provide some example?

@Dmitry i want to secure my /24 from layer 7 attacks? i already contacted my upstream he said:

Upstream said: you will have to add bgp community 940 to your advertisement in order for filtering to work properly.

I have a post already at can you please reply there i will thankful to you.

c-po added a comment.EditedAug 8 2019, 11:36 AM

@noitcennok stop polluting non relevant threads and stick to your original forum post.

If it is an urgent matter you can buy support from

Dmitry added a comment.EditedAug 8 2019, 8:57 PM

Created PR
Need check. If you any additional info about unmasked config data, please write here

Dmitry added a comment.Aug 9 2019, 7:06 AM

Would we masking snmp community and email addresses in config for privacy?

set service snmp community no-public
set service snmp contact ''
pasik added a subscriber: pasik.Aug 9 2019, 10:28 AM