Page MenuHomeVyOS Platform

n.fort (Nicolas Fort)
User

Projects

User Details

User Since
Jun 9 2021, 3:23 PM (77 w, 5 d)

Recent Activity

Fri, Dec 2

n.fort closed T4122: interface ip address config missing after upgrade from 1.2.8 to 1.3.0 (when redirect is configured?) as Resolved.
Fri, Dec 2, 4:19 PM · VyOS 1.3 Equuleus (1.3.3)
n.fort closed T1024: Policy Based Routing by DSCP as Resolved.
Fri, Dec 2, 4:14 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
n.fort claimed T4839: Dynamic Firewall groups.
Fri, Dec 2, 4:12 PM · VyOS 1.4 Sagitta
n.fort closed T4830: nat66 - Error in port translation rules as Resolved.
Fri, Dec 2, 4:09 PM · VyOS 1.4 Sagitta
n.fort added a project to T2998: SNMP v3 oid "exclude" option doesn't work: VyOS 1.4 Sagitta.
Fri, Dec 2, 2:26 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.3)
n.fort added a comment to T2998: SNMP v3 oid "exclude" option doesn't work.

Error also present in vyos-1.4-rolling-202212020318

Fri, Dec 2, 2:25 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.3)
n.fort changed the status of T4857: SNMP - Implement FRR SNMP recommendations from Open to Confirmed.
Fri, Dec 2, 1:38 PM · VyOS 1.4 Sagitta
n.fort created T4857: SNMP - Implement FRR SNMP recommendations.
Fri, Dec 2, 1:37 PM · VyOS 1.4 Sagitta

Thu, Nov 24

n.fort added a comment to T4839: Dynamic Firewall groups.

PR Draft: https://github.com/vyos/vyos-1x/pull/1677

Thu, Nov 24, 3:59 PM · VyOS 1.4 Sagitta
n.fort changed Version from - to vyos-1.4-rolling-202211240318 on T4839: Dynamic Firewall groups.
Thu, Nov 24, 3:24 PM · VyOS 1.4 Sagitta
n.fort created T4839: Dynamic Firewall groups.
Thu, Nov 24, 3:23 PM · VyOS 1.4 Sagitta

Tue, Nov 22

n.fort closed T4670: policy route - Update matching criteria as Resolved.
Tue, Nov 22, 2:39 PM · VyOS 1.4 Sagitta
n.fort closed T4706: NAT and NAT66 issues as Resolved.
Tue, Nov 22, 2:29 PM · VyOS 1.4 Sagitta

Sat, Nov 19

n.fort added a comment to T4830: nat66 - Error in port translation rules.

PR: https://github.com/vyos/vyos-1x/pull/1666

Sat, Nov 19, 3:55 PM · VyOS 1.4 Sagitta
n.fort changed the status of T4830: nat66 - Error in port translation rules from Open to Confirmed.
Sat, Nov 19, 3:05 PM · VyOS 1.4 Sagitta
n.fort created T4830: nat66 - Error in port translation rules.
Sat, Nov 19, 3:00 PM · VyOS 1.4 Sagitta

Thu, Nov 10

n.fort edited projects for T4153: Monitor bandwidth-test initiate not working, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.2).
Thu, Nov 10, 2:19 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
n.fort edited projects for T4153: Monitor bandwidth-test initiate not working, added: VyOS 1.3 Equuleus (1.3.2); removed VyOS 1.3 Equuleus (1.3.0).
Thu, Nov 10, 12:34 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
n.fort reopened T4153: Monitor bandwidth-test initiate not working as "Backport candidate".
Thu, Nov 10, 12:30 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Nov 3 2022

n.fort added a comment to T4797: External address/network lists for firewall (Local and remote).

From my point of fiew, looks interesting.
The proposed structure and behaviour doesn't look that different than what is currently in geoip filtering: external URLs with data, and sync from time to time.

Nov 3 2022, 5:29 PM · VyOS 1.4 Sagitta

Nov 1 2022

n.fort added a comment to T4788: Factory-reset/default command .

Maybe a simplified and interactive cli, as when adding new image? So user can decide what to do with other images and containers.

Nov 1 2022, 1:29 PM · VyOS 1.4 Sagitta

Oct 28 2022

n.fort added a comment to T4780: Firewall - Add interface group.

PR: https://github.com/vyos/vyos-1x/pull/1626

Oct 28 2022, 7:46 PM · VyOS 1.4 Sagitta
n.fort changed the status of T4780: Firewall - Add interface group from Open to In progress.
Oct 28 2022, 6:18 PM · VyOS 1.4 Sagitta
n.fort created T4780: Firewall - Add interface group.
Oct 28 2022, 6:17 PM · VyOS 1.4 Sagitta

Oct 19 2022

n.fort created T4759: domain-group on policy route not working.
Oct 19 2022, 11:24 AM · VyOS 1.4 Sagitta

Oct 18 2022

n.fort changed the status of T2408: DHCP Relay upstream and downstream interfaces from Open to In progress.
Oct 18 2022, 12:00 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
n.fort claimed T2408: DHCP Relay upstream and downstream interfaces.
Oct 18 2022, 12:00 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
n.fort added a comment to T2408: DHCP Relay upstream and downstream interfaces.

PR: https://github.com/vyos/vyos-1x/pull/1603

Oct 18 2022, 12:00 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Oct 12 2022

n.fort added a comment to T2408: DHCP Relay upstream and downstream interfaces.

+1 for @Viacheslav proposal.

Oct 12 2022, 9:24 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Oct 4 2022

n.fort changed the status of T4706: NAT and NAT66 issues from Confirmed to Needs testing.
Oct 4 2022, 5:53 PM · VyOS 1.4 Sagitta
n.fort closed T4700: Firewall - Add interface match criteria as Resolved.
Oct 4 2022, 5:52 PM · VyOS 1.4 Sagitta
n.fort closed T4699: Firewall - Add jump action - Add return action as Resolved.
Oct 4 2022, 12:05 PM · VyOS 1.4 Sagitta
n.fort closed T4651: Firewall - Add options to match packet size as Resolved.
Oct 4 2022, 12:05 PM · VyOS 1.4 Sagitta

Oct 3 2022

n.fort added a comment to T3655: NAT Problem with VRF.

At least on my lab, with one of the latest 1.4, this is working for me:

Oct 3 2022, 2:21 PM · Known issue, VyOS 1.4 Sagitta

Sep 26 2022

n.fort added a comment to T4700: Firewall - Add interface match criteria.

PR: https://github.com/vyos/vyos-1x/pull/1560

Sep 26 2022, 11:51 AM · VyOS 1.4 Sagitta

Sep 22 2022

n.fort added a comment to T4699: Firewall - Add jump action - Add return action.

PR for Jump: https://github.com/vyos/vyos-1x/pull/1553

Sep 22 2022, 4:20 PM · VyOS 1.4 Sagitta

Sep 21 2022

n.fort renamed T4699: Firewall - Add jump action - Add return action from Firewall - Add jump action to Firewall - Add jump action - Add return action.
Sep 21 2022, 5:45 PM · VyOS 1.4 Sagitta
n.fort added a comment to T4699: Firewall - Add jump action - Add return action.

Since jump action was added, It would be good to also add "return" action

Sep 21 2022, 12:39 PM · VyOS 1.4 Sagitta

Sep 19 2022

n.fort changed the status of T4706: NAT and NAT66 issues from Open to Confirmed.
Sep 19 2022, 6:34 PM · VyOS 1.4 Sagitta
n.fort claimed T4706: NAT and NAT66 issues.
Sep 19 2022, 6:34 PM · VyOS 1.4 Sagitta
n.fort created T4706: NAT and NAT66 issues.
Sep 19 2022, 6:33 PM · VyOS 1.4 Sagitta
n.fort changed the status of T4699: Firewall - Add jump action - Add return action from In progress to Needs testing.
Sep 19 2022, 11:02 AM · VyOS 1.4 Sagitta

Sep 16 2022

n.fort added a comment to T4699: Firewall - Add jump action - Add return action.

PR https://github.com/vyos/vyos-1x/pull/1546

Sep 16 2022, 5:11 PM · VyOS 1.4 Sagitta
n.fort changed the status of T4701: Firewall - Implement global option to use one single general chian from Open to In progress.
Sep 16 2022, 10:51 AM · VyOS 1.4 Sagitta
n.fort created T4701: Firewall - Implement global option to use one single general chian.
Sep 16 2022, 10:50 AM · VyOS 1.4 Sagitta
n.fort changed the status of T4700: Firewall - Add interface match criteria from Open to In progress.
Sep 16 2022, 10:40 AM · VyOS 1.4 Sagitta
n.fort created T4700: Firewall - Add interface match criteria.
Sep 16 2022, 10:40 AM · VyOS 1.4 Sagitta
n.fort changed the status of T4699: Firewall - Add jump action - Add return action from Open to In progress.
Sep 16 2022, 10:36 AM · VyOS 1.4 Sagitta
n.fort created T4699: Firewall - Add jump action - Add return action.
Sep 16 2022, 10:35 AM · VyOS 1.4 Sagitta

Sep 14 2022

n.fort added a comment to T4694: Allow VyOS Firewall to Match Outbound IPSec Traffic.

Interesting article on how and when to match ipsec options: https://thermalcircle.de/doku.php?id=blog:linux:nftables_demystifying_ipsec_expressions

Sep 14 2022, 6:18 PM · VyOS 1.4 Sagitta
n.fort added a comment to T4694: Allow VyOS Firewall to Match Outbound IPSec Traffic.

Do you have a proposed cli format?

Sep 14 2022, 2:22 PM · VyOS 1.4 Sagitta

Sep 8 2022

n.fort changed the status of T1024: Policy Based Routing by DSCP from In progress to Needs testing.
Sep 8 2022, 11:23 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Sep 7 2022

n.fort changed Version from - to 1.4 on T1024: Policy Based Routing by DSCP.
Sep 7 2022, 2:31 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
n.fort changed the status of T1024: Policy Based Routing by DSCP from On hold to In progress.
Sep 7 2022, 2:30 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
n.fort added a comment to T1024: Policy Based Routing by DSCP.

PR: https://github.com/vyos/vyos-1x/pull/1525

Sep 7 2022, 2:30 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Sep 6 2022

n.fort claimed T1024: Policy Based Routing by DSCP.
Sep 6 2022, 6:37 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
n.fort added a comment to T4670: policy route - Update matching criteria.

PR: https://github.com/vyos/vyos-1x/pull/1522

Sep 6 2022, 12:52 PM · VyOS 1.4 Sagitta

Sep 5 2022

n.fort renamed T4670: policy route - Update matching criteria from policy route - Update matching criterias to policy route - Update matching criteria.
Sep 5 2022, 5:16 PM · VyOS 1.4 Sagitta
n.fort created T4670: policy route - Update matching criteria.
Sep 5 2022, 5:09 PM · VyOS 1.4 Sagitta
n.fort changed the status of T4651: Firewall - Add options to match packet size from In progress to Needs testing.
Sep 5 2022, 11:49 AM · VyOS 1.4 Sagitta

Aug 30 2022

n.fort added a comment to T4502: Consider implementing (NAT/other) flow table offload.

From kernel 5.13, hardware offload is supported (if nic supports it).
Info: https://www.kernel.org/doc/html/v5.13/networking/nf_flowtable.html#hardware-offload

Aug 30 2022, 12:52 PM · VyOS 1.4 Sagitta

Aug 27 2022

n.fort added a comment to T4651: Firewall - Add options to match packet size.

PR: https://github.com/vyos/vyos-1x/pull/1502

Aug 27 2022, 3:47 PM · VyOS 1.4 Sagitta
n.fort changed the status of T4651: Firewall - Add options to match packet size from Open to In progress.
Aug 27 2022, 2:44 PM · VyOS 1.4 Sagitta
n.fort claimed T4651: Firewall - Add options to match packet size.
Aug 27 2022, 2:44 PM · VyOS 1.4 Sagitta
n.fort created T4651: Firewall - Add options to match packet size.
Aug 27 2022, 2:44 PM · VyOS 1.4 Sagitta

Aug 24 2022

n.fort added a comment to T4641: prefix-list allows ipv6 prefix as input.

PR: https://github.com/vyos/vyos-1x/pull/1492

Aug 24 2022, 12:00 PM · VyOS 1.4 Sagitta
n.fort claimed T4641: prefix-list allows ipv6 prefix as input.
Aug 24 2022, 11:44 AM · VyOS 1.4 Sagitta
n.fort changed the status of T4641: prefix-list allows ipv6 prefix as input from Open to In progress.
Aug 24 2022, 11:44 AM · VyOS 1.4 Sagitta
n.fort created T4641: prefix-list allows ipv6 prefix as input.
Aug 24 2022, 11:44 AM · VyOS 1.4 Sagitta

Aug 17 2022

n.fort closed T4480: add an ability to configure squid acl safe ports and acl ssl safe ports as Resolved.
Aug 17 2022, 1:47 PM · VyOS 1.4 Sagitta
n.fort closed T4598: nat66 - Add exclude options, a subtask of T2518: Support NAT for ipv6(NPT), as Resolved.
Aug 17 2022, 1:46 PM · VyOS 1.4 Sagitta
n.fort closed T4598: nat66 - Add exclude options as Resolved.
Aug 17 2022, 1:46 PM · VyOS 1.4 Sagitta

Aug 10 2022

n.fort added a comment to T4602: DHCP `ping-check` enabled by default.

What version you are using?

Aug 10 2022, 3:44 PM · VyOS 1.4 Sagitta

Aug 9 2022

n.fort added a comment to T4602: DHCP `ping-check` enabled by default.

As remarked and as expected, this option is not enable by default.
Proofs:

  • Fist scenario: no ping-check option introduced in configuration:
Aug 9 2022, 5:05 PM · VyOS 1.4 Sagitta
n.fort changed the status of T4598: nat66 - Add exclude options, a subtask of T2518: Support NAT for ipv6(NPT), from In progress to Needs testing.
Aug 9 2022, 10:40 AM · VyOS 1.4 Sagitta
n.fort changed the status of T4598: nat66 - Add exclude options from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1461

Aug 9 2022, 10:39 AM · VyOS 1.4 Sagitta

Aug 8 2022

n.fort added a subtask for T2518: Support NAT for ipv6(NPT): T4598: nat66 - Add exclude options.
Aug 8 2022, 11:01 AM · VyOS 1.4 Sagitta
n.fort added a parent task for T4598: nat66 - Add exclude options: T2518: Support NAT for ipv6(NPT).
Aug 8 2022, 11:01 AM · VyOS 1.4 Sagitta

Aug 5 2022

n.fort changed the status of T4598: nat66 - Add exclude options from Open to In progress.
Aug 5 2022, 3:16 PM · VyOS 1.4 Sagitta
n.fort claimed T4598: nat66 - Add exclude options.
Aug 5 2022, 3:15 PM · VyOS 1.4 Sagitta
n.fort created T4598: nat66 - Add exclude options.
Aug 5 2022, 3:15 PM · VyOS 1.4 Sagitta

Aug 4 2022

n.fort added a comment to T2408: DHCP Relay upstream and downstream interfaces.

Currently thinking on how to implement this.
One option could be:

Aug 4 2022, 8:11 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
n.fort added a project to T2408: DHCP Relay upstream and downstream interfaces: VyOS 1.4 Sagitta.
Aug 4 2022, 7:59 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Jul 29 2022

n.fort added a comment to T3933: The firewall does not filter incoming traffic on the interface with vrf..

Moving in from forwardto prerouting doesn't seem to be a good idea. Filtering in prerouting will also filter local traffic.
Also, as remarked in previous entry, I would try to avoid using marks in mangle, since it may lead to mayor problems/incompatibilities when PBR also present in configuration.

Jul 29 2022, 2:27 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Jul 25 2022

n.fort added a comment to T4497: ping cannot force ipv4 or ipv6.

Agree that both options are not available in cli.. But, you can use source-address:

Jul 25 2022, 11:37 AM · VyOS 1.4 Sagitta

Jul 20 2022

n.fort placed T4475: route-map does not support ipv6 peer up for grabs.
Jul 20 2022, 5:16 PM · VyOS 1.3 Equuleus (1.3.3)
n.fort added a comment to T4475: route-map does not support ipv6 peer.

Modyfing file pointed by @Viacheslav , makes ipv6 peer option available.
But while testing config, it's not possible to insert an ipv6 address: validator rejects input.
Validator used: syntax:expression: exec "/opt/vyatta/sbin/vyatta-policy.pl --check-peer-syntax $VAR(@)"; "peer must be either an IP or local"

Jul 20 2022, 5:10 PM · VyOS 1.3 Equuleus (1.3.3)

Jun 28 2022

n.fort closed T4458: Firewall - add support for matching ip ttl in firewall rules as Resolved.
Jun 28 2022, 12:49 PM · VyOS 1.4 Sagitta
n.fort closed T3907: Firewall - Set log levels as Resolved.
Jun 28 2022, 12:48 PM · VyOS 1.4 Sagitta

Jun 26 2022

n.fort changed the status of T4480: add an ability to configure squid acl safe ports and acl ssl safe ports from Open to In progress.
Jun 26 2022, 3:49 PM · VyOS 1.4 Sagitta
n.fort added a project to T4480: add an ability to configure squid acl safe ports and acl ssl safe ports: VyOS 1.4 Sagitta.
Jun 26 2022, 3:49 PM · VyOS 1.4 Sagitta
n.fort added a comment to T4480: add an ability to configure squid acl safe ports and acl ssl safe ports.

PR: https://github.com/vyos/vyos-1x/pull/1369

Jun 26 2022, 3:48 PM · VyOS 1.4 Sagitta
n.fort claimed T4480: add an ability to configure squid acl safe ports and acl ssl safe ports.
Jun 26 2022, 12:25 PM · VyOS 1.4 Sagitta

Jun 21 2022

n.fort changed the status of T4475: route-map does not support ipv6 peer from Open to In progress.

PR for 1.4: https://github.com/vyos/vyos-1x/pull/1367

Jun 21 2022, 5:43 PM · VyOS 1.3 Equuleus (1.3.3)
n.fort added a project to T4475: route-map does not support ipv6 peer: VyOS 1.4 Sagitta.
Jun 21 2022, 5:43 PM · VyOS 1.3 Equuleus (1.3.3)
n.fort claimed T4475: route-map does not support ipv6 peer.
Jun 21 2022, 3:20 PM · VyOS 1.3 Equuleus (1.3.3)

Jun 15 2022

n.fort closed T4450: Route-map - Extend options for ip|ipv6 address match as Resolved.
Jun 15 2022, 3:03 PM · VyOS 1.4 Sagitta
n.fort closed T4449: Route-map - Extend options for ip next-hop match as Resolved.
Jun 15 2022, 3:03 PM · VyOS 1.4 Sagitta
n.fort closed T990: Make DNAT/SNAT a valid state in firewall rules. as Resolved.
Jun 15 2022, 3:02 PM · VyOS 1.4 Sagitta, test

Jun 14 2022

n.fort added a comment to T4460: nhrp not starting due to missing cisco-authentication value.

Since in previous version set protocols nhrp tunnel tun0 cisco-authentication "" was allowed, a migration script is required. Otherwise, when upgrading, configuration fails.

Jun 14 2022, 2:54 PM · VyOS 1.4 Sagitta