Page MenuHomeVyOS Platform
People JeffWDH

JeffWDH (JeffWDH)
User

Projects

User does not belong to any projects.

User Details

User Since
Jul 20 2023, 1:16 AM (40 w, 2 d)

Recent Activity
View All

Mar 5 2024

JeffWDH updated the task description for T6102: Clear dhcp-server lease throws python exception on 1.5-rolling.
Mar 5 2024, 1:29 PM · VyOS 1.5 Circinus
JeffWDH created T6102: Clear dhcp-server lease throws python exception on 1.5-rolling.
Mar 5 2024, 1:28 PM · VyOS 1.5 Circinus

Jan 14 2024

JeffWDH added a comment to T5942: Failover Route using DHCP provided gateway.

Can confirm, short term testing worked.

Jan 14 2024, 4:23 PM · VyOS 1.5 Circinus
JeffWDH added a comment to T5942: Failover Route using DHCP provided gateway.

100% agree. I have submitted a similar feature request here:

Jan 14 2024, 1:53 PM · VyOS 1.5 Circinus

Dec 20 2023

JeffWDH updated the task description for T5647: Extend failover route functionality to use dynamically assigned interface next hops.
Dec 20 2023, 2:35 PM · VyOS 1.5 Circinus

Nov 28 2023

JeffWDH created T5787: dhcp-server allows duplicate static-mapping for the same IP address.
Nov 28 2023, 9:03 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Nov 22 2023

JeffWDH added a project to T5771: GeoIP - Include RFC reserved IP ranges in inverse-match rules: VyOS 1.5 Circinus.
Nov 22 2023, 2:10 PM · VyOS 1.5 Circinus

Nov 21 2023

JeffWDH added a comment to T5771: GeoIP - Include RFC reserved IP ranges in inverse-match rules.

Although, now that I look at the contents of the 'zz' country code, I wonder if there are unintended consequences to specifying some of these... Such as the multicast ones, etc.

Nov 21 2023, 7:56 PM · VyOS 1.5 Circinus
JeffWDH updated the task description for T5771: GeoIP - Include RFC reserved IP ranges in inverse-match rules.
Nov 21 2023, 7:39 PM · VyOS 1.5 Circinus
JeffWDH updated the task description for T5771: GeoIP - Include RFC reserved IP ranges in inverse-match rules.
Nov 21 2023, 7:37 PM · VyOS 1.5 Circinus
JeffWDH created T5771: GeoIP - Include RFC reserved IP ranges in inverse-match rules.
Nov 21 2023, 7:35 PM · VyOS 1.5 Circinus

Nov 16 2023

JeffWDH added a comment to T3983: show pki certificate Doesnt show x509 certificates.

https://github.com/vyos/vyos-1x/pull/2495

Nov 16 2023, 1:32 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Nov 15 2023

JeffWDH closed T5661: Add show show ssh dynamic-protection attacker and show log ssh dynamic-protection as Resolved.
Nov 15 2023, 5:56 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.5)
JeffWDH closed T5732: generate firewall rule-resequence drops geoip country-code from output as Resolved.
Nov 15 2023, 5:53 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
JeffWDH added a comment to T5732: generate firewall rule-resequence drops geoip country-code from output.

Fix was merged into 1.4 and 1.5.

Nov 15 2023, 5:53 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
JeffWDH added a comment to T3983: show pki certificate Doesnt show x509 certificates.

This is still an issue in 1.5. I tried importing a cert signed by my own CA and got the same error.

Nov 15 2023, 4:33 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
JeffWDH added a comment to T5732: generate firewall rule-resequence drops geoip country-code from output.

https://github.com/vyos/vyos-1x/pull/2486

Nov 15 2023, 12:34 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Nov 14 2023

JeffWDH updated subscribers of T5732: generate firewall rule-resequence drops geoip country-code from output.
Nov 14 2023, 7:07 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
JeffWDH added a comment to T5732: generate firewall rule-resequence drops geoip country-code from output.

The country-code item in the config_dict is type list and gets skipped by the convert_to_set_commands function.

Nov 14 2023, 6:54 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Nov 12 2023

JeffWDH added a comment to T5167: Add a simple file server.

What about using nginx which seems to be already leveraged by the web API?

Nov 12 2023, 6:22 PM · VyOS 1.5 Circinus

Nov 11 2023

JeffWDH created T5732: generate firewall rule-resequence drops geoip country-code from output.
Nov 11 2023, 12:28 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Nov 10 2023

JeffWDH added a comment to T5730: Add ability for VyOS to sendmail.

Here is another candidate, although msmtp still looks like a better choice:
https://wiki.debian.org/nullmailer

Nov 10 2023, 3:37 PM · VyOS 1.5 Circinus

Nov 7 2023

JeffWDH added a comment to T5681: Interface match - Simplified and unified cli.

According to firewall-version.xml.i, the firewall config version was not updated to 12. Was this intentional?

Nov 7 2023, 12:58 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Nov 2 2023

JeffWDH added a comment to T5681: Interface match - Simplified and unified cli.

I understand (and accept) the risks of running rolling.

Nov 2 2023, 1:20 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
JeffWDH added a comment to T5681: Interface match - Simplified and unified cli.

When moving from vyos-1.5-rolling-202310090023 to vyos-1.5-rolling-202311020022 all of my inbound-interfaces got dropped from my firewall config. The NAT ones got migrated successfully.

Nov 2 2023, 12:11 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Oct 29 2023

JeffWDH added a comment to T5661: Add show show ssh dynamic-protection attacker and show log ssh dynamic-protection.

This has been implemented in 1.5 and 1.4.

Oct 29 2023, 2:28 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.5)

Oct 28 2023

JeffWDH added a comment to T5653: Command to display fingerprint.

This functionality has also been backported to 1.4 so it will be in the next LTS release.

Oct 28 2023, 1:49 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Oct 16 2023

JeffWDH added a comment to T5653: Command to display fingerprint.

@fsbof This change was accepted so it should end up in the 1.5 rolling soon. I suspect backporting to 1.4 wouldn't be an issue but that is a question for a more senior dev. But as for 1.3, I am unsure as I have never ran that version and don't know if there are any changes between those releases that would make it a pain to backport.

Oct 16 2023, 8:07 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
JeffWDH added a comment to T5661: Add show show ssh dynamic-protection attacker and show log ssh dynamic-protection.

Once accepted, I will update the documentation for this change as well as the ssh fingerprint change (T5653).

Oct 16 2023, 8:05 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.5)
JeffWDH added a comment to T5661: Add show show ssh dynamic-protection attacker and show log ssh dynamic-protection.

https://github.com/vyos/vyos-1x/pull/2369

Oct 16 2023, 8:03 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.5)
JeffWDH created T5661: Add show show ssh dynamic-protection attacker and show log ssh dynamic-protection.
Oct 16 2023, 7:55 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.5)

Oct 14 2023

JeffWDH added a comment to T5653: Command to display fingerprint.

I've updated this to default to no ASCII art as I think it's cleaner, but added an option to show it if you want to see it:

Oct 14 2023, 12:18 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Oct 13 2023

JeffWDH added a comment to T5653: Command to display fingerprint.
$ show ssh fingerprints
SSH server public key fingerprints:
Oct 13 2023, 5:10 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
JeffWDH added a comment to T5652: Config migrate to image upgrade does not properly generate home directory.

I had a similar issue going from 1.5-rolling-202309250022 to 1.5-rolling-202310090023.

Oct 13 2023, 12:10 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Oct 12 2023

JeffWDH added a comment to T5647: Extend failover route functionality to use dynamically assigned interface next hops.

An additional "nice to have" would be a hook that runs on route state change.
Examples:

set protocols failover route 0.0.0.0/0 next-hop 100.100.100.1 hook '/config/scripts/failover-hook-100.100.100.1'
Oct 12 2023, 1:53 PM · VyOS 1.5 Circinus

Oct 11 2023

Viacheslav awarded T5647: Extend failover route functionality to use dynamically assigned interface next hops a Like token.
Oct 11 2023, 6:12 PM · VyOS 1.5 Circinus
JeffWDH created T5647: Extend failover route functionality to use dynamically assigned interface next hops.
Oct 11 2023, 4:58 PM · VyOS 1.5 Circinus

Sep 28 2023

JeffWDH added a comment to T5497: Add ability to resequence rule numbers for firewall.

https://github.com/vyos/vyos-1x/pull/2323

Sep 28 2023, 11:26 AM · VyOS 1.4 Sagitta (1.4.0-epa1)

Sep 26 2023

JeffWDH added a comment to T5497: Add ability to resequence rule numbers for firewall.

Also added flowtable as nothing needs to be sequenced in there either:
https://github.com/JeffWDH/vyos-1x/commit/ac22cc054d9c15af010c824ac9a05f5cc71fc954

Sep 26 2023, 6:10 PM · VyOS 1.4 Sagitta (1.4.0-epa1)
JeffWDH added a comment to T5497: Add ability to resequence rule numbers for firewall.

I have not contributed code to this project before so let me know if I've missed conventions...

Sep 26 2023, 5:52 PM · VyOS 1.4 Sagitta (1.4.0-epa1)
JeffWDH added a comment to T5497: Add ability to resequence rule numbers for firewall.

Is there a reason why some global options and some address groups (not all) are included in the output? Seems unintentional to me.

Sep 26 2023, 2:24 PM · VyOS 1.4 Sagitta (1.4.0-epa1)

Jul 20 2023

JeffWDH added a comment to T1237: Static Route Path Monitoring, failover.
Jul 20 2023, 12:34 PM · VyOS 1.4 Sagitta