PR https://github.com/vyos/vyos-1x/pull/1546

PR https://github.com/vyos/vyos-1x/pull/1545
PR https://github.com/vyos/vyatta-cfg-system/pull/185

set service ids ddos-protection direction 'in'
set service ids ddos-protection listen-interface 'eth1'
set service ids ddos-protection mode mirror
set service ids ddos-protection threshold general fps '1000'
set service ids ddos-protection threshold general mbps '200'
set service ids ddos-protection threshold general pps '150000'
set service ids ddos-protection threshold tcp fps '25'
set service ids ddos-protection threshold tcp mbps '55'
set service ids ddos-protection threshold tcp pps '155'
set service ids ddos-protection threshold udp fps '100'
set service ids ddos-protection threshold udp mbps '100'
set service ids ddos-protection threshold udp pps '100'
set service ids ddos-protection threshold icmp fps '200'
set service ids ddos-protection threshold icmp mbps '210'
set service ids ddos-protection threshold icmp pps '2040'

Expected fastnermon config entries:

# General threshold
ban_for_flows = on
threshold_flows = 1000
ban_for_bandwidth = on
threshold_mbps = 200
ban_for_pps = on
threshold_pps = 150000

PR https://github.com/vyos/vyos-1x/pull/1544

Added a new pull request to make ISIS segment routing work again.

Dear Sir
Will it work with 1.4 ?
BR
Vishvas

Jool is still being maintained for bugfixes etc. and it has all the features we're looking for, then it sounds fairly ideal. If no new features are being added to it, it's less likely to break in future releases too

I re-reviewed this PR and the following commit from @c-po

Ok now its working. Thanks. My bad.

Changes on the FRR side:

• Convert xdp helper library to an optional plugin + bgp hook
• Minor fixes + cleanups
• Figured out most of the permission problems

Changes on the XDP side:

• Convert mappings from legacy iproute format to the latest libbpf one
• New mappings improve debugging experience by implementing pretty-printing for XDP map dumping
• Added an xdp-loader for xdp-tools repo

https://github.com/vyos/vyos-1x/pull/1535

PR adding libpam-google-authenticator package to VyOS:
https://github.com/vyos/vyos-1x/pull/1541

It seems that we have two constraints here.

Made a fix and now we have:

Let me see if I can fix it.

Doing further testing, it seems adding the explicit-null broke the configuration:

Good news. It seems the patch worked properly. Here we show MPLS labels generated via segment routing for the prefix command:

As I mentioned above, use it before the configuration, it described in the doc

#!/bin/vbash

Interesting article on how and when to match ipsec options: https://thermalcircle.de/doku.php?id=blog:linux:nftables_demystifying_ipsec_expressions

There is PR https://github.com/vyos/vyos-1x/pull/1516 for T4667 but it brakes all GRE traffic

PR https://github.com/vyos/vyos-1x/pull/1540

PR for 1.3 https://github.com/vyos/vyos-1x/pull/1539

Hi all,

Do you have a proposed cli format?

Added a pull request for this fix.

Nope, i use CLI for configuration and script for vrrp (wireguard interface enable/disable)

Fix for 1.3 https://github.com/vyos/vyos-build/pull/261

This is also an issue on the 1.3.x builds due to a similar issue. See https://github.com/jordansissel/fpm/issues/1923

It should be possible in https://github.com/vyos/vyos-1x/pull/1534 T2199

set firewall interface ethXvX

It seems you use some custom scripts for configuration
You have to use

if [ "$(id -g -n)" != 'vyattacfg' ] ; then
    exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@"
fi

before your configuration script

Refactor PR: https://github.com/vyos/vyos-1x/pull/1534

PR for filter tables: https://github.com/vyos/vyos-1x/pull/1534

Should be fixed in https://github.com/vyos/vyatta-cfg-firewall/pull/34

Already renamed:

PR: https://github.com/vyos/vyos-1x/pull/1533