wow christian, to move from iptables to nftables is not a small project.
As far I remember vyos has a quite complex iptables chains.
Bu in fact, I'm quite disconnected from vyos.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Nov 16 2019
I guess we will make use of nftables when the firewall codebase is rewritten. That rewrite is a major effort and on the roadmap - but it does not have momentum/priority yet due to limited resources.
as I read your script it works in a different way. Also its location seems to be wrong. OpenVPN is handled here:
https://github.com/vyos/vyatta-cfg-system/commit/bb686343fc913413ff51edfeb63929759bee0fde
Nov 14 2019
I agree. Users should be able to change the port independently from the address.
The suggested debian package qrencode seems handy for terminal use. Actually, using QRcodes to transfer information would be interesting for other uses as well, such as exporting other kinds of keys such as OpenVPN. As a remote support measure, if a config is causing issues that prevent remote login, having a local login being able to emit the current config as a QRcode might be interesting...
Nov 13 2019
In PR https://github.com/vyos/vyos-1x/pull/162, util.py is pulled in to the nosetests path; T1804 will need to be closed before merging.