Forgot that my PR for WLB was still a draft. That the jump does seem to be created properly with this PR in place.
Tue, Jan 11
That build at 08:11 UTC was a couple of hours before the commit was merged: https://github.com/vyos/vyos-1x/commit/f97144259335102c3d96b232cbb0af4970120d62
yes , i'm using this version :
Seems to be working on my latest build?
I've checked with this new build , it works with validator ranges/port :
I've been testing and it works :
Thanks, I really like the include idea and have implemented it in the attached PR. Also added a check in firewall.py to reload policy-route script to keep any group changes updated.
PR removes the empty line when there are no group members, also adds a warning message when empty groups are used in rules.
@Viacheslav Not using exact ipset format, however addresses are sorted and output one per line.
Should resolve the rest of the error messages.
well , I think it should be something like this :
Chained exceptions are covered too (and backported to Equuleus).
Invalid - already available - I looked into an 1.2.8 image.
Hi, I've just submitted a pull request (https://github.com/vyos/vyos-1x/pull/1154) to hopefully complete this bugfix.
Mon, Jan 10
@fernando Thanks, do you have any idea about syntax?
IPv4 address range error messages are included in PR: https://github.com/vyos/vyos-1x/pull/1152
this PR https://github.com/vyos/vyos-1x/pull/1088 only include how to enable daemon , but it doesn't add VyOS-cli commands in BGP (the daemon only allows you to enable it).
@vindenesen that is a bug I have also seen in the old iptables based implementation. Can you please file a bug report towards VyOS 1.2 and 1.3?
There is PR which includes this feature https://github.com/vyos/vyos-1x/pull/1088
Thanks for catching that!
Previous example was expanded, in order to test filtering between native bridge interface and vlans interface on bridge.
- Filter traffic from vlan br0.55 to br0.66
- Filter traffic from vlan1 to br0.55
- Allow all
I'm experiencing this with a custom ISO built from the stable 1.3 sources. Haven't done further debugging yet, a bgpd restart helped every time.
In 1.3 (VyOS 1.3-rolling-202201030317) the rules are handled correctly (except for the numbers in description).
Ah! ok, I will close this. Looking at the man pages, seems like open nhrp doesn't have a no-unique registration feature?
We don’t use frr nhrpd, more details T2326
We use opennhrp
I just realize it's getting more complicated as python/vyos/firewall.py will later write out the rules for these empty groups and when reading-them in, nftables will complain (again) when trying to resolve them, e.g.
Pythonic reimplementation complete. Now only the XML op-mode definition and the auto-complete script remain.
To my understanding, the template data/templates/firewall/nftables.tmpl is probably the culprit, as it doesn't check whether group_conf.address (and similarly the others) has any elements at all and introduces the offending white-space:
Sun, Jan 9
In ISC dhcpd this corresponds to the boot-size option http://www.ipamworldwide.com/ipam/isc-dhcpv4-options.html