In T1185#133944, @sdev wrote:A similar syntax change is in progress as part of a larger firewall refactor. It should reach the 1.4 branch in a week or so. It should allow for any valid existing interface name.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Sep 11 2022
Sep 11 2022
jack9603301 renamed T4689: Support RFS(Receive Flow Steering) from Support RFS to Support RFS(Receive Flow Steering).
initramfs updated the task description for T4688: Add support for customizing packet verdict actions in limiter traffic policy.
Sep 10 2022
Sep 10 2022
In T1185#133941, @roedie wrote:Just a suggestion, would it be a weird idea to move the firewall config from the interface section to the firewall section? A bit like the zone config. So something like:
set firewall local interface eth0 name <firewall-filter> set firewall in interface eth0 name <firewall-filter> set firewall out interface eth0 name <firewall-filter> set firewall local interface bond0.10v22v6 ipv6-name <firewall-filter>The problem is that using zone-policy firewall is a bit overkill for a pure router or even a router with async routing. In which scenario I guess only the local variant would be useful.
Or, come to think, some free from of set interfaces unknown <typeyourownname> firewall local name <ruleset> where you can only config stuff that doesn't really depend on an interface.
Just a suggestion, would it be a weird idea to move the firewall config from the interface section to the firewall section? A bit like the zone config. So something like:
jack9603301 changed the subtype of T4659: Use vtysh to display bridge and some interface parameter information from "Task" to "Feature Request".
jack9603301 changed the subtype of T4686: Provides support for veth from "Task" to "Feature Request".
jack9603301 added a subtask for T3829: Support separated TCP/IP stack via "ip netns": T4686: Provides support for veth.
jack9603301 added a parent task for T4686: Provides support for veth: T3829: Support separated TCP/IP stack via "ip netns".
Unknown Object (User) added a comment to T874: Support for Two Factor Authentication for CLI access via Google Authenticator/OTP.
First we need to include the "google-authenticator" in our build
Unknown Object (User) claimed T874: Support for Two Factor Authentication for CLI access via Google Authenticator/OTP.
initramfs updated the task description for T4685: Interface does not exist on boot when used as inbound-interface for local policy route.
Sep 9 2022
Sep 9 2022
zsdc changed the status of T2189: Adding a large port-range will take ~ 20 minutes to commit from Open to In progress.
/usr/libexec/vyos/op_mode/route.py already exists but without an execution flag
PR https://github.com/vyos/vyos-1x/pull/1531
jestabro closed T4681: Complete standardization of show_uptime.py, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
jestabro closed T4682: Rewrite 'show system storage' in standardized format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
I am suggesting marking this task as "Resolved" because the driver works by himself and NIC can be used with a proper configuration.
Viacheslav changed the status of T4679: OpenVPN site-to-site incorrect check for IPv6 local and remote address from Open to In progress.
The real check without IPv4 local/remote:
vyos@r14# commit [ interfaces openvpn vtun2 ]
Viacheslav changed the status of T4672: RADIUS server disable does not work from Open to Needs testing.
Sep 8 2022
Sep 8 2022
jestabro updated the task description for T4682: Rewrite 'show system storage' in standardized format.
jestabro renamed T4682: Rewrite 'show system storage' in standardized format from Rewrite 'show system storage' in standarized format to Rewrite 'show system storage' in standardized format.
jestabro changed the status of T4682: Rewrite 'show system storage' in standardized format from Open to In progress.
jestabro edited projects for T4681: Complete standardization of show_uptime.py, added: VyOS 1.4 Sagitta; removed VyOS 1.2 Crux.
jestabro changed the status of T4681: Complete standardization of show_uptime.py from Open to In progress.
Created pull request with fix. https://github.com/vyos/vyos-1x/pull/1527
I've tested this and it seems to work correctly.
Viacheslav changed Version from VyOS 1.3.1-S1,VyOS 1.3.2 to VyOS 1.3.1-S1, VyOS 1.3.2, VyOS 1.4-rolling-202209070217 on T4679: OpenVPN site-to-site incorrect check for IPv6 local and remote address.
The interface naming is incorrect after this change for the second interface with the same VRID. It breaks show int.
Sep 7 2022
Sep 7 2022
Viacheslav updated the task description for T4676: IPoE server with mac authentication generates a wrong dictionary.
jestabro changed Is it a breaking change? from none to compatible on T4669: Extend numeric.ml for inversion of values and range values.
Viacheslav added a comment to T4617: VRF specification is needed for telegraf prometheus-client listen-address <address> .
@aserkin Could you create a PR?
As @zsdc says, it's not enough to just have the driver, the problem is that it doesn't work with MTUs over 1460, and VyOS now tries to force it to 1500 if it's not specified. We need to adjust that logic so that MTU setting error doesn't cause a commit error.
aserkin added a comment to T4617: VRF specification is needed for telegraf prometheus-client listen-address <address> .
I'd suggest adding
**Restart=always RestartSec=10**
to /usr/share/vyos/templates/telegraf/override.conf.j2 as it is done for ntp.service.
Otherwise the telegraf service do not start - it does 5 start attempts very quickly during boot with error:
Sep 07 11:43:59 vyos-lns-1 systemd[1]: telegraf.service: Failed with result 'exit-code'. Sep 07 11:43:59 vyos-lns-1 systemd[1]: telegraf.service: Scheduled restart job, restart counter is at 5. Sep 07 11:43:59 vyos-lns-1 systemd[1]: telegraf.service: Start request repeated too quickly. Sep 07 11:43:59 vyos-lns-1 systemd[1]: telegraf.service: Failed with result 'exit-code'.
and stays in a failed state.
see boot log attached.
vyos-boot.log240 KBDownload
Sep 6 2022
Sep 6 2022
jestabro closed T4674: API should show op-mode error message, if present, a subtask of T4640: Integrate op-mode exception hierarchy into API, as Resolved.
jestabro changed the status of T4674: API should show op-mode error message, if present from Open to In progress.
jestabro closed T4640: Integrate op-mode exception hierarchy into API, a subtask of T2719: Standardized op mode script structure, as Resolved.
jestabro closed T4640: Integrate op-mode exception hierarchy into API, a subtask of T3993: Extend HTTP API GraphQL support, as Resolved.
jestabro changed the status of T4673: op-mode bridge.py should raise error on show_fdb for nonexistent bridge interface from Open to In progress.
Changes for the inversion operator (--not-range instead of !) have been made. Generalizing exit codes, as suggested in PR comments will be handled in a separate task.
The PR:
initramfs updated the task description for T4671: linux-firmware package is missing symlinks defined in WHENCE file.
zsdc moved T4646: USB serial output console does not work from Finished to Backport Candidates on the VyOS 1.4 Sagitta board.
zsdc moved T4646: USB serial output console does not work from Need Triage to Finished on the VyOS 1.4 Sagitta board.
zsdc changed the status of T4646: USB serial output console does not work from Needs testing to Backport pending.
The [email protected] seems to work well after the fix. We should backport this to the equuleus as well.
Viacheslav changed the status of T4557: fastnetmon: allow configure limits per protocol (tcp, udp, icmp) from Open to In progress.
Viacheslav added a comment to T4557: fastnetmon: allow configure limits per protocol (tcp, udp, icmp).
As we have threshold it seems require migration threshold => threshold general
vyos@r14# set service ids ddos-protection threshold Possible completions: fps Flows per second mbps Megabits per second pps Packets per second
Viacheslav closed T4597: Check bind port before assign service HTTPS API and openconnect as Resolved.
Sep 5 2022
Sep 5 2022
PR https://github.com/vyos/vyos-1x/pull/1521
set system update-check auto-check set system update-check url 'http://192.168.122.14:8080/download/image-version.json'
PR for VyOS 1.3
jack9603301 added a comment to T4636: VLAN-Aware bridge not handling local traffic (and not able to perform inter-vlan routing).
When the interface of the bridge registers VLANs, the bridge itself must register the same VLANs at the same time, otherwise the bridge will not forward VLANs
n.fort renamed T4670: policy route - Update matching criteria from policy route - Update matching criterias to policy route - Update matching criteria.