Forgot that my PR for WLB was still a draft. That the jump does seem to be created properly with this PR in place.

That build at 08:11 UTC was a couple of hours before the commit was merged: https://github.com/vyos/vyos-1x/commit/f97144259335102c3d96b232cbb0af4970120d62

yes , i'm using this version :

PR https://github.com/vyos/vyos-opennhrp/pull/3

Seems to be working on my latest build?

I've checked with this new build , it works with validator ranges/port :

PR: https://github.com/vyos/vyos-1x/pull/1160

I've been testing and it works :

Thanks, I really like the include idea and have implemented it in the attached PR. Also added a check in firewall.py to reload policy-route script to keep any group changes updated.

PR removes the empty line when there are no group members, also adds a warning message when empty groups are used in rules.

@Viacheslav Not using exact ipset format, however addresses are sorted and output one per line.

Should resolve the rest of the error messages.

well , I think it should be something like this :

PR: https://github.com/vyos/vyos-1x/pull/1157

PR: https://github.com/vyos/vyos-build/pull/212

Chained exceptions are covered too (and backported to Equuleus).

Invalid - already available - I looked into an 1.2.8 image.

Hi, I've just submitted a pull request (https://github.com/vyos/vyos-1x/pull/1154) to hopefully complete this bugfix.

@fernando Thanks, do you have any idea about syntax?

IPv4 address range error messages are included in PR: https://github.com/vyos/vyos-1x/pull/1152

Error for rule being in use when deleting base node was fixed in https://github.com/vyos/vyos-1x/pull/1151

PR: https://github.com/vyos/vyos-1x/pull/1152

this PR https://github.com/vyos/vyos-1x/pull/1088 only include how to enable daemon , but it doesn't add VyOS-cli commands in BGP (the daemon only allows you to enable it).

@Viacheslav / @vindenesen that is a bug I have also seen in the old iptables based implementation. Can you please file a bug report towards VyOS 1.2 and 1.3?

There is PR which includes this feature https://github.com/vyos/vyos-1x/pull/1088

PR: https://github.com/vyos/vyos-1x/pull/1151

Thanks for catching that!

PR: https://github.com/vyos/vyos-1x/pull/1150

Previous example was expanded, in order to test filtering between native bridge interface and vlans interface on bridge.
Filtering rules:

• Filter traffic from vlan br0.55 to br0.66
• Filter traffic from vlan1 to br0.55
• Allow all

I'm experiencing this with a custom ISO built from the stable 1.3 sources. Haven't done further debugging yet, a bgpd restart helped every time.

In 1.3 (VyOS 1.3-rolling-202201030317) the rules are handled correctly (except for the numbers in description).

Ah! ok, I will close this. Looking at the man pages, seems like open nhrp doesn't have a no-unique registration feature?

We don’t use frr nhrpd, more details T2326
We use opennhrp

I just realize it's getting more complicated as python/vyos/firewall.py will later write out the rules for these empty groups and when reading-them in, nftables will complain (again) when trying to resolve them, e.g.

Pythonic reimplementation complete. Now only the XML op-mode definition and the auto-complete script remain.

To my understanding, the template data/templates/firewall/nftables.tmpl is probably the culprit, as it doesn't check whether group_conf.address (and similarly the others) has any elements at all and introduces the offending white-space:

In ISC dhcpd this corresponds to the boot-size option http://www.ipamworldwide.com/ipam/isc-dhcpv4-options.html

Package upgraded