wow christian, to move from iptables to nftables is not a small project.
As far I remember vyos has a quite complex iptables chains.
Bu in fact, I'm quite disconnected from vyos.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Nov 16 2019
Nov 16 2019
syncer moved T1727: Wireless regulatory.db missing from Need Triage to Finished on the VyOS 1.2 Crux board.
syncer moved T1779: Tunnel interfaces aren't suggested as being available for bridging from Need Triage to Finished on the VyOS 1.2 Crux board.
syncer moved T1750: "tail -f unrecognized file system type error" in coreutils version 8.23 from Need Triage to Finished on the VyOS 1.2 Crux board.
syncer moved T1798: SNMPv3: allow hypen in username from Need Triage to Finished on the VyOS 1.2 Crux board.
syncer moved T1664: Ipoe with bond per vlan don't work from Backlog to Finished on the VyOS 1.2 Crux board.
syncer moved T1724: wireguard - add endpoint check in verify() from Backlog to Finished on the VyOS 1.2 Crux board.
syncer moved T1722: Add ability to debug Wireguard connections from In Progress to Finished on the VyOS 1.2 Crux board.
syncer changed the status of T770: Bonded interfaces get updated with incorrect hw-id in config. from In progress to Needs testing.
syncer changed the status of T1626: BGP exchanges prefixes without specified address-family from Open to Needs testing.
syncer changed the status of T1643: Deleting all firewall zones failed and locked out box from Open to Needs testing.
syncer changed the status of T1668: Integration between VyOS installs and a centralized repository. from Open to In progress.
syncer moved T1678: hostfile-update missing line feed from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer changed the status of T1678: hostfile-update missing line feed from Open to Backport candidate.
syncer changed the status of T1693: DNS Forwarding Services not responding with Allow-From from Open to Needs testing.
syncer moved T1694: NTPd: Do not listen on all interfaces by default from Needs Triage to Backlog on the VyOS 1.2 Crux (VyOS 1.2.4) board.
syncer changed the status of T1694: NTPd: Do not listen on all interfaces by default from Open to Backport candidate.
syncer moved T1701: Delete domain-name and domain-search won't work from Needs Triage to Backlog on the VyOS 1.2 Crux (VyOS 1.2.4) board.
syncer moved T1701: Delete domain-name and domain-search won't work from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer changed the status of T1701: Delete domain-name and domain-search won't work from In progress to Backport candidate.
syncer changed the status of T1714: Disable DHCP Nameservers Not Working from Open to Needs testing.
syncer changed the status of T1721: Recursive Next Hop not updated for static routes from Open to Needs testing.
syncer edited projects for T1730: Adding the remote syslog feature to webproxy, added: VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.
syncer edited projects for T1739: Serial interface seems not to be deleted properly, added: VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.
syncer changed the status of T1744: Config load fails in ConfigTree with ValueError: Failed to parse config: lexing: empty token from Open to Needs testing.
syncer reassigned T1747: L2TP breaks after upgrading to VyOS 1.2-rolling-201910180117 [issue report and proposed solution] from Unknown Object (User) to jestabro.
syncer changed the status of T1747: L2TP breaks after upgrading to VyOS 1.2-rolling-201910180117 [issue report and proposed solution] from In progress to Backport candidate.
syncer moved T1749: numeric validator doesn't support multiple ranges from Needs Triage to Backlog on the VyOS 1.2 Crux (VyOS 1.2.4) board.
syncer changed the status of T1749: numeric validator doesn't support multiple ranges from Open to Backport candidate.
syncer edited projects for T1749: numeric validator doesn't support multiple ranges, added: VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.4); removed VyOS 1.2 Crux.
syncer changed the status of T1751: DNS server addresses from DHCPv6 are not added to resolv.conf from Open to Needs testing.
dmbaturin edited projects for T1509: Support for BGP replace-as option, added: VyOS 1.2 Crux (VyOS 1.2.2); removed VyOS 1.2 Crux (VyOS 1.2.4).
syncer changed the status of T1753: Configuring `ip source-validation loose` doesn't properly configure `sysctl` from Open to Needs testing.
dmbaturin renamed T1509: Support for BGP replace-as option from Pleas support bgp replace-as to Support for BGP replace-as option.
syncer edited projects for T1754: DHCPv6 client is impossible to restart, added: VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.
syncer moved T1509: Support for BGP replace-as option from Needs Triage to In Progress on the VyOS 1.2 Crux (VyOS 1.2.4) board.
syncer moved T1509: Support for BGP replace-as option from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer edited projects for T1509: Support for BGP replace-as option, added: VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.4); removed VyOS-1.2.0-GA.
syncer changed the status of T1755: Python KeyError exceptions raised with 'show vpn ipsec sa' command under use of certain IPSEC cipher suites from Open to Backport candidate.
syncer triaged T1760: RADIUS shared secret is not redacted from "show configuration" op mode command as Low priority.
syncer edited projects for T1760: RADIUS shared secret is not redacted from "show configuration" op mode command, added: VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.
syncer triaged T1761: Disallow saving when there are non-committed changes in the session as Normal priority.
syncer changed the status of T1770: webproxy breaks commit and http access on routed client from Open to Needs testing.
syncer moved T1772: <regex> constraints in XML are partially broken from Needs Triage to Backlog on the VyOS 1.2 Crux (VyOS 1.2.4) board.
syncer moved T1772: <regex> constraints in XML are partially broken from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer changed the status of T1772: <regex> constraints in XML are partially broken from Open to Backport candidate.
syncer changed the status of T1781: Inconsistent leveling output from json printout from Open to Needs testing.
syncer changed the status of T1785: Deleting partitions on disks (Raid1) with default value 'no' from Open to Needs testing.
syncer triaged T1786: disable-dhcp-nameservers is missed in current host_name.py implementation as Normal priority.
syncer moved T1786: disable-dhcp-nameservers is missed in current host_name.py implementation from Need Triage to Backlog on the VyOS 1.3 Equuleus board.
syncer changed the status of T1786: disable-dhcp-nameservers is missed in current host_name.py implementation from In progress to Backport candidate.
syncer edited projects for T1786: disable-dhcp-nameservers is missed in current host_name.py implementation, added: VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.4); removed VyOS 1.2 Crux.
syncer edited projects for T1392: Large firewall rulesets cause the system to lose configuration and crash at startup, added: VyOS 1.2 Crux (VyOS 1.2.4); removed VyOS 1.2 Crux (VyOS 1.2.3).
syncer moved T1351: accel-pppoe adding CIDR based IP pool option from Needs Triage to Backlog on the VyOS 1.2 Crux (VyOS 1.2.4) board.
syncer edited projects for T1351: accel-pppoe adding CIDR based IP pool option, added: VyOS 1.2 Crux (VyOS 1.2.4); removed VyOS 1.2 Crux (VyOS 1.2.3).
syncer moved T1376: Incorrect DHCP lease counting from Needs Triage to Backlog on the VyOS 1.2 Crux (VyOS 1.2.4) board.
syncer edited projects for T1376: Incorrect DHCP lease counting, added: VyOS 1.2 Crux (VyOS 1.2.4); removed VyOS 1.2 Crux (VyOS 1.2.3).
syncer edited projects for T1246: VyOS 1.2.0 "openvpn-options" configuration does not allow quotes in values, added: VyOS 1.2 Crux (VyOS 1.2.4); removed VyOS 1.2 Crux (VyOS 1.2.3).
syncer raised the priority of T1470: improve output of "show dhcpv6 server leases" from Wishlist to Normal.
syncer edited projects for T1470: improve output of "show dhcpv6 server leases", added: VyOS 1.2 Crux (VyOS 1.2.4); removed VyOS 1.2 Crux (VyOS 1.2.3).
syncer moved T1430: Add options for custom DHCP client-id and hostname from Needs Triage to Backlog on the VyOS 1.2 Crux (VyOS 1.2.4) board.
syncer edited projects for T1430: Add options for custom DHCP client-id and hostname, added: VyOS 1.2 Crux (VyOS 1.2.4); removed VyOS 1.2 Crux (VyOS 1.2.3).
syncer edited projects for T1452: accel-pppoe - add vendor option to shaper , added: VyOS 1.2 Crux (VyOS 1.2.4); removed VyOS 1.2 Crux (VyOS 1.2.3).
I guess we will make use of nftables when the firewall codebase is rewritten. That rewrite is a major effort and on the roadmap - but it does not have momentum/priority yet due to limited resources.
as I read your script it works in a different way. Also its location seems to be wrong. OpenVPN is handled here:
https://github.com/vyos/vyatta-cfg-system/commit/bb686343fc913413ff51edfeb63929759bee0fde
Nov 14 2019
Nov 14 2019
dmbaturin changed Is it a breaking change? from none to syntax on T1807: Improve WireGuard CLI "endpoint" on.
dmbaturin edited projects for T1807: Improve WireGuard CLI "endpoint" on, added: VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.
I agree. Users should be able to change the port independently from the address.
jestabro closed T1710: [equuleus] buster: add patch to fix live-build missing key error as Resolved.
elbandi created T1806: Add missing documentation on how to use quote characters inside dhcp-server raw parameters.
Nov 14 2019, 2:48 PM · Restricted Project
The suggested debian package qrencode seems handy for terminal use. Actually, using QRcodes to transfer information would be interesting for other uses as well, such as exporting other kinds of keys such as OpenVPN. As a remote support measure, if a config is causing issues that prevent remote login, having a local login being able to emit the current config as a QRcode might be interesting...
Nov 13 2019
Nov 13 2019
In PR https://github.com/vyos/vyos-1x/pull/162, util.py is pulled in to the nosetests path; T1804 will need to be closed before merging.