User Details
- User Since
- Jun 9 2021, 3:23 PM (77 w, 5 d)
Fri, Dec 2
Error also present in vyos-1.4-rolling-202212020318
Thu, Nov 24
Tue, Nov 22
Sat, Nov 19
Thu, Nov 10
Nov 3 2022
From my point of fiew, looks interesting.
The proposed structure and behaviour doesn't look that different than what is currently in geoip filtering: external URLs with data, and sync from time to time.
Nov 1 2022
Maybe a simplified and interactive cli, as when adding new image? So user can decide what to do with other images and containers.
Oct 28 2022
Oct 19 2022
Oct 18 2022
Oct 12 2022
+1 for @Viacheslav proposal.
Oct 4 2022
Oct 3 2022
At least on my lab, with one of the latest 1.4, this is working for me:
Sep 26 2022
Sep 22 2022
PR for Jump: https://github.com/vyos/vyos-1x/pull/1553
Sep 21 2022
Since jump action was added, It would be good to also add "return" action
Sep 19 2022
Sep 16 2022
Sep 14 2022
Interesting article on how and when to match ipsec options: https://thermalcircle.de/doku.php?id=blog:linux:nftables_demystifying_ipsec_expressions
Do you have a proposed cli format?
Sep 8 2022
Sep 7 2022
Sep 6 2022
Sep 5 2022
Aug 30 2022
From kernel 5.13, hardware offload is supported (if nic supports it).
Info: https://www.kernel.org/doc/html/v5.13/networking/nf_flowtable.html#hardware-offload
Aug 27 2022
Aug 24 2022
Aug 17 2022
Aug 10 2022
What version you are using?
Aug 9 2022
As remarked and as expected, this option is not enable by default.
Proofs:
- Fist scenario: no ping-check option introduced in configuration:
Aug 8 2022
Aug 5 2022
Aug 4 2022
Currently thinking on how to implement this.
One option could be:
Jul 29 2022
Moving in from forwardto prerouting doesn't seem to be a good idea. Filtering in prerouting will also filter local traffic.
Also, as remarked in previous entry, I would try to avoid using marks in mangle, since it may lead to mayor problems/incompatibilities when PBR also present in configuration.
Jul 25 2022
Agree that both options are not available in cli.. But, you can use source-address:
Jul 20 2022
Modyfing file pointed by @Viacheslav , makes ipv6 peer option available.
But while testing config, it's not possible to insert an ipv6 address: validator rejects input.
Validator used: syntax:expression: exec "/opt/vyatta/sbin/vyatta-policy.pl --check-peer-syntax $VAR(@)"; "peer must be either an IP or local"
Jun 28 2022
Jun 26 2022
Jun 21 2022
PR for 1.4: https://github.com/vyos/vyos-1x/pull/1367
Jun 15 2022
Jun 14 2022
Since in previous version set protocols nhrp tunnel tun0 cisco-authentication "" was allowed, a migration script is required. Otherwise, when upgrading, configuration fails.