- User Since
- Feb 18 2018, 11:26 AM (190 w, 6 d)
Jun 3 2019
I was looking on this issue. Please find below a description of what I think is the root cause for this issue:
Apr 11 2018
I have created a new pull request in order to solve an issue I noticed during tests for IPv6 firewall groups.
How to replicate the issue:
- configure an address-group/network group for ipv6
- configure an address-group/network group for ipv4
- configure an ipv4 firewall rule
- commit and save the cofig
- reload the vyos
After reload the IPv6 address-groups/network-groups are deleted.
Mar 23 2018
I discovered an issue with port-group that have root cause the change implemented for ipv6 address and network groups.
Mar 14 2018
I've changed the code in order to have IPv6 address and network groups under global group configuration tree
Please take a look on the pull request I've created https://github.com/vyos/vyatta-cfg-firewall/pull/8 and please merge it to the current branch
Mar 12 2018
I've created a change that add support for ipv6 address and network groups to vyos. Please review it https://github.com/vyos/vyatta-cfg-firewall/pull/7 an provide your feedback.
@dmbaturin merged this to current branch 1.2.0-rc1
Feb 23 2018
if we setup the volume as working dir inside the container the mknod function during the make iso process will fail if the docker host is MacOs or Windows.
The error is "mknod: Function not implemented " and is related to how docker engine is implemented to run on Mac and Windows systems
Feb 21 2018
Perfect. I will update the Readme and push again the change.
I've created this pull request for Dockerfile to vyos-build repository
thank you for this.
I would suggest to install more dependencies using this docker file. The complete list of what I think we should use is:
squashfs-tools # Required for squashfs file system git # Required, for cloning the source autoconf # Required, for generating build scripts dpkg-dev # Required, used in build scripts live-helper # Required, for ISO build syslinux # Required, for ISO build genisoimage # Required, for ISO build make # Required, for ISO build lsb-release # Required, used by configure script ssh # Optional, for cloning over SSH sudo # Optional, ISO build requires root privileges fakechroot # Required, for ISO build devscripts # Optional, for building submodules (kernel etc) kernel-package # Optional, for building the kernel libtool # Optional, for building certain packages (eg vyatta-op-vpn) libglib2.0-dev # Optional, for building vyatta-cfg libboost-filesystem-dev # Optional, for building vyatta-cfg libapt-pkg-dev # Optional, for building vyatta-cfg flex # Optional, for building vyatta-cfg bison # Optional, for building vyatta-cfg libperl-dev # Optional, for building vyatta-cfg libnfnetlink-dev # Optional, for building vyatta-cfg-vpn vim # Optional, vim, vi, nano or other text editor
Feb 20 2018
I've created pull request https://github.com/vyos/vyos-build/pull/15 to solve this issue
Feb 19 2018
The use case this patch solve is the following:
-we have a firewall with multiple rules set
-the firewall is mapped to an interface
-we want to remove one/or multiple rules from the rule chain (this is not possible using current VyOs version as long as the filter is mapped to an interface)