Page MenuHomeVyOS Platform

sdev (Simon)
User

Projects

User Details

User Since
May 6 2021, 3:27 PM (60 w, 1 d)

Recent Activity

Today

sdev added a comment to T4299: Firewall - GeoIP filtering.

Inverse match PR: https://github.com/vyos/vyos-1x/pull/1386

Sat, Jul 2, 12:52 AM · VyOS 1.4 Sagitta

Yesterday

sdev added a comment to T4500: Missing firewall logs.

If the counters are visible and incrementing when checking with nft list table ip filter then I don't think this is an implementation issue. Wondering if its a problem with the syslog daemon.

Fri, Jul 1, 9:49 PM · VyOS 1.4 Sagitta

Wed, Jun 29

sdev added a comment to T4485: OpenVPN: Allow multiple CAs certificates.

PR: https://github.com/vyos/vyos-1x/pull/1380

Wed, Jun 29, 10:11 PM · VyOS 1.4 Sagitta

Mon, Jun 27

sdev closed T4484: Firewall op-mode summary doesn't correctly handle address group containing ranges as Resolved.
Mon, Jun 27, 8:16 PM · VyOS 1.4 Sagitta

Sat, Jun 25

sdev changed the status of T4485: OpenVPN: Allow multiple CAs certificates from Open to In progress.
Sat, Jun 25, 9:58 PM · VyOS 1.4 Sagitta
sdev changed the status of T4484: Firewall op-mode summary doesn't correctly handle address group containing ranges from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1368

Sat, Jun 25, 9:48 PM · VyOS 1.4 Sagitta
sdev changed the status of T4484: Firewall op-mode summary doesn't correctly handle address group containing ranges from Open to In progress.
Sat, Jun 25, 9:46 PM · VyOS 1.4 Sagitta

Wed, Jun 15

sdev changed the status of T4435: Policy route and firewall - error when using undefined group from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1362

Wed, Jun 15, 9:15 PM · VyOS 1.4 Sagitta
sdev changed the status of T4147: New Firewall Implementation - proposed changes on group implementation from In progress to Needs testing.
Wed, Jun 15, 1:33 PM · VyOS 1.4 Sagitta
sdev added a comment to T4147: New Firewall Implementation - proposed changes on group implementation.

PR: https://github.com/vyos/vyos-1x/pull/1361

Wed, Jun 15, 1:32 PM · VyOS 1.4 Sagitta

Mon, Jun 13

sdev changed the status of T4147: New Firewall Implementation - proposed changes on group implementation from Open to In progress.

Working on moving groups to named set as part of a refactor in some firewall code.

Mon, Jun 13, 12:11 PM · VyOS 1.4 Sagitta

Fri, Jun 10

sdev changed the status of T4299: Firewall - GeoIP filtering from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1357

Fri, Jun 10, 11:02 PM · VyOS 1.4 Sagitta
sdev changed the status of T478: Firewall address group (multi and nesting), a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to Needs testing.
Fri, Jun 10, 7:23 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
sdev changed the status of T478: Firewall address group (multi and nesting) from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1356

Fri, Jun 10, 7:23 PM · VyOS 1.4 Sagitta

May 31 2022

sdev closed T3659: Configuration won't accept IPv6 addresses for site-to-site VPN tunnel prefixes/traffic selectors as Resolved.
May 31 2022, 6:13 PM · VyOS 1.4 Sagitta
sdev closed T4148: Firewall - Error messages not that clear as it were in old firewall as Resolved.
May 31 2022, 6:11 PM · VyOS 1.4 Sagitta
sdev closed T4199: Commit failed when setting icmpv6 type any as Resolved.
May 31 2022, 6:09 PM · VyOS 1.4 Sagitta
sdev closed T4212: PermissionError when generating/installing server Certificate (generate pki certificate sign ...) as Resolved.
May 31 2022, 6:05 PM · VyOS 1.4 Sagitta

May 30 2022

sdev added a comment to T3642: PKI configuration.

PR for op-mode importing existing PKI files into config: https://github.com/vyos/vyos-1x/pull/1343

May 30 2022, 10:59 PM · VyOS 1.4 Sagitta

May 27 2022

sdev added a comment to T1230: Improving Boot Time for Large Firewall Configurations.

1.4 rolling does not help me, so there must be something "wrong" with my configuration. I've attached the private config, it would be awesome if someone might find what's broken.

May 27 2022, 6:20 PM · VyOS 1.3 Equuleus (1.3.0)

May 26 2022

sdev added a comment to T1230: Improving Boot Time for Large Firewall Configurations.

@panachoi If you can share the anonymized config that works in 1.2.8 that would be useful. I'd expect migrating to 1.4 to see a decent improvement in firewall load times.

May 26 2022, 10:07 AM · VyOS 1.3 Equuleus (1.3.0)

Apr 20 2022

sdev closed T4345: New firewall code does not accept "rate/time interval" syntax used in old config as Resolved.
Apr 20 2022, 11:58 AM · VyOS 1.4 Sagitta

Apr 14 2022

sdev added a comment to T4358: Image sizes have grown significantly in 1.4.

30 largest packages in 1.4 dev build:

telegraf 144 MB
linux-image-5.10.109-amd64-vyos 107 MB
libwireshark14 100 MB
vyos-linux-firmware 68.8 MB
containernetworking-plugins 51.2 MB
vyos-http-api-tools 40.4 MB
podman 37.3 MB
python3-pycryptodome 36.0 MB
libicu67 33.9 MB
vim-runtime 32.9 MB
vyos-1x 29.2 MB
libperl5.32 28.5 MB
salt-common 27.9 MB
nmap-common 21.2 MB
frr 20.2 MB
libruby2.7 17.9 MB
coreutils 17.9 MB
perl-modules-5.32 17.9 MB
grub-common 17.8 MB
systemd 16.4 MB
locales 16.4 MB
libc6 13.1 MB
pmacct 13.0 MB
ieee-data 12.3 MB
vyos-intel-qat 11.7 MB
aptitude-common 10.3 MB
gdb 10.0 MB
udev 9,184 kB
grub-efi-amd64-bin 8,831 kB
squid 8,582 kB
Apr 14 2022, 3:01 PM · VyOS 1.4 Sagitta

Apr 6 2022

sdev changed the status of T4345: New firewall code does not accept "rate/time interval" syntax used in old config from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1275

Apr 6 2022, 2:11 PM · VyOS 1.4 Sagitta
sdev moved T4345: New firewall code does not accept "rate/time interval" syntax used in old config from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Apr 6 2022, 12:01 PM · VyOS 1.4 Sagitta
sdev changed the status of T4345: New firewall code does not accept "rate/time interval" syntax used in old config from Open to In progress.
Apr 6 2022, 12:01 PM · VyOS 1.4 Sagitta

Mar 29 2022

sdev closed T3635: Add ability to use mDNS repeater with VRRP as Resolved.
Mar 29 2022, 9:30 PM · VyOS 1.4 Sagitta

Mar 18 2022

sdev added a comment to T4299: Firewall - GeoIP filtering.

Perhaps only in-use sets can be determined and loaded?

Mar 18 2022, 5:36 PM · VyOS 1.4 Sagitta
sdev added a comment to T4307: Policy routing anymore, Commit generating errors.

Error implies that firewall failed to configure on boot as mangle table is missing. Any logs/config trace from boot?

Mar 18 2022, 1:42 PM · VyOS 1.4 Sagitta

Feb 24 2022

sdev changed the status of T4262: install image doesn't respect chosen root partition size from Confirmed to Needs testing.

1.3 PR: https://github.com/vyos/vyatta-cfg-system/pull/176
1.4 PR: https://github.com/vyos/vyatta-cfg-system/pull/177

Feb 24 2022, 12:49 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.0)
sdev changed the status of T4262: install image doesn't respect chosen root partition size from Open to Confirmed.

@n.fort I have been able to reproduce this, it only occurs when installing for UEFI.

Feb 24 2022, 11:51 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.0)

Feb 20 2022

sdev added a comment to T4262: install image doesn't respect chosen root partition size.

sgdisk man says -n should have a partition number followed by start/end values. Looking at the code this bug is present in all versions 1.2 and above.

Feb 20 2022, 7:51 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.0)
sdev closed Restricted Maniphest Task, a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, as Resolved.
Feb 20 2022, 7:21 PM · VyOS 1.4 Sagitta

Feb 15 2022

sdev updated subscribers of T4145: Conntrack table not showing after firewall rewriting.

I think @c-po has started migrating it in T3579 but op-mode not yet complete.

Feb 15 2022, 7:10 PM · VyOS 1.4 Sagitta

Feb 6 2022

sdev closed T3970: Add support for op-mode PKI direct install into an active config session, a subtask of T3642: PKI configuration, as Resolved.
Feb 6 2022, 12:51 PM · VyOS 1.4 Sagitta
sdev closed T3970: Add support for op-mode PKI direct install into an active config session as Resolved.
Feb 6 2022, 12:51 PM · VyOS 1.4 Sagitta
sdev closed T3828: ipsec: Subtle change in "pfs enable" behavior from equuleus -> sagitta as Resolved.
Feb 6 2022, 12:48 PM · VyOS 1.4 Sagitta
sdev closed T4164: PBR: network groups (as well as address and port groups) don't resolve in `nftables_policy.conf` as Resolved.
Feb 6 2022, 12:47 PM · VyOS 1.4 Sagitta
sdev closed T4178: policy based routing tcp flags issue as Resolved.
Feb 6 2022, 12:47 PM · VyOS 1.4 Sagitta
sdev closed T4216: Firewall: can't use negated groups in firewall rules as Resolved.
Feb 6 2022, 12:46 PM · VyOS 1.4 Sagitta
sdev closed T4223: policy route cannot have several entries with the same table as Resolved.
Feb 6 2022, 12:45 PM · VyOS 1.4 Sagitta

Feb 4 2022

sdev changed the status of T4209: Firewall incorrect handler for recent count and time from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1206

Feb 4 2022, 12:51 AM · VyOS 1.4 Sagitta

Feb 2 2022

sdev changed the status of T4178: policy based routing tcp flags issue from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1201

Feb 2 2022, 11:36 PM · VyOS 1.4 Sagitta
sdev changed the status of T4178: policy based routing tcp flags issue from Needs testing to In progress.

Adding this issue to this task: https://forum.vyos.io/t/firewall-configuration-issue-after-upgrade/8414

Feb 2 2022, 11:07 PM · VyOS 1.4 Sagitta

Jan 31 2022

sdev changed the status of T4216: Firewall: can't use negated groups in firewall rules from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1199

Jan 31 2022, 5:06 PM · VyOS 1.4 Sagitta
sdev changed the status of T4218: firewall: rule name is not allowed to start with a number from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1199

Jan 31 2022, 5:06 PM · VyOS 1.4 Sagitta
sdev changed the status of T4223: policy route cannot have several entries with the same table from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1199

Jan 31 2022, 5:05 PM · VyOS 1.4 Sagitta
sdev changed the status of T4223: policy route cannot have several entries with the same table from Open to In progress.

I already have a fix for this from your comment on T4213. Will have it included in a PR shortly.

Jan 31 2022, 4:47 PM · VyOS 1.4 Sagitta

Jan 29 2022

sdev changed the status of T4218: firewall: rule name is not allowed to start with a number from Open to In progress.
Jan 29 2022, 10:34 PM · VyOS 1.4 Sagitta
sdev changed the status of T4216: Firewall: can't use negated groups in firewall rules from Confirmed to In progress.
Jan 29 2022, 10:34 PM · VyOS 1.4 Sagitta

Jan 28 2022

sdev added a comment to T4209: Firewall incorrect handler for recent count and time.

I've actually found a way to define this properly, resulting rule now looks like below:

tcp dport { 22 } add @FOO_30 { ip saddr limit rate over 4/minute burst 4 packets } counter packets 3 bytes 156 reject comment "FOO-30"
ct state { new } tcp dport { 22 } counter packets 5 bytes 260 return comment "FOO-40"
Jan 28 2022, 6:00 PM · VyOS 1.4 Sagitta
sdev changed the status of T4216: Firewall: can't use negated groups in firewall rules from Open to Confirmed.
Jan 28 2022, 5:02 PM · VyOS 1.4 Sagitta

Jan 27 2022

sdev closed T4213: ipv6 policy routing not working anymore as Resolved.

Good to hear, going to mark this as resolved.

Jan 27 2022, 10:08 PM · VyOS 1.4 Sagitta
sdev changed the status of T4213: ipv6 policy routing not working anymore from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1194

Jan 27 2022, 9:23 PM · VyOS 1.4 Sagitta
sdev added a comment to T4209: Firewall incorrect handler for recent count and time.
In T4209#117429, @sdev wrote:

Would changing the guide to use limit rate 4/minute achieve the same target functionality?

What is the practical difference between limit rate and recent? Is it just two different ways of accomplishing the same?

Jan 27 2022, 8:38 PM · VyOS 1.4 Sagitta
sdev changed the status of T4209: Firewall incorrect handler for recent count and time from Open to In progress.
Jan 27 2022, 8:30 PM · VyOS 1.4 Sagitta
sdev added a comment to T4209: Firewall incorrect handler for recent count and time.

I've come up with a working idea how to implement but would like feedback before submitting a PR.

Jan 27 2022, 8:29 PM · VyOS 1.4 Sagitta
sdev changed the status of T4213: ipv6 policy routing not working anymore from Open to In progress.

Thanks for the report, I believe I know what's caused it to break. Hopefully will have a fix in for the build tomorrow.

Jan 27 2022, 5:19 PM · VyOS 1.4 Sagitta
sdev added a comment to T2199: Rewrite firewall in new XML/Python style.

@johannrichard Hey sorry I didn't see your comment, I suggest we move the discussion to the dedicated task: https://phabricator.vyos.net/T4209

Jan 27 2022, 3:33 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
sdev moved T2199: Rewrite firewall in new XML/Python style from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Jan 27 2022, 3:29 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
sdev closed T3762: Support network and address groups for policy ipv6-route, a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Jan 27 2022, 3:28 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
sdev closed T3762: Support network and address groups for policy ipv6-route as Resolved.

This was included with the new firewall, going to mark as resolved.

Jan 27 2022, 3:28 PM · VyOS 1.4 Sagitta
sdev closed T3495: Modernising port/protocol definitions, a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Jan 27 2022, 3:25 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
sdev closed T3495: Modernising port/protocol definitions as Resolved.

The new firewall niw has no such restrictions on port definitions, going to close this as resolved.

Jan 27 2022, 3:25 PM · vyatta-cfg, VyOS 1.4 Sagitta
sdev moved T3580: Refactoring firewall ipv6 rule icmpv6 from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Jan 27 2022, 2:45 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
sdev added a comment to T3580: Refactoring firewall ipv6 rule icmpv6.

This is now implemented in 1.4

Jan 27 2022, 2:44 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
sdev added a comment to T4160: Firewall - Error in rules that matches everything except something.

Should be fixed now with https://github.com/vyos/vyos-1x/pull/1193

Jan 27 2022, 2:39 PM · VyOS 1.4 Sagitta
sdev closed T4188: Firewall does not correctly handle conntracking as Resolved.
Jan 27 2022, 12:41 PM · VyOS 1.4 Sagitta
sdev added a comment to T4178: policy based routing tcp flags issue.

Above fixed in PR: https://github.com/vyos/vyos-1x/pull/1193

Jan 27 2022, 12:25 PM · VyOS 1.4 Sagitta
sdev closed T3560: Ability to create groups of MAC addresses, a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Jan 27 2022, 11:55 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
sdev closed T3560: Ability to create groups of MAC addresses as Resolved.
Jan 27 2022, 11:55 AM · VyOS 1.4 Sagitta

Jan 26 2022

sdev changed the status of T4212: PermissionError when generating/installing server Certificate (generate pki certificate sign ...) from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1192

Jan 26 2022, 4:00 PM · VyOS 1.4 Sagitta
sdev changed the status of T4212: PermissionError when generating/installing server Certificate (generate pki certificate sign ...) from Open to In progress.

As reproducing the exact issue seems to be difficult, I'm going to instead change the install function so it catches errors and outputs the set pki ... syntax so it behaves like generate pki ... install <name> is run from op-mode anyway.

Jan 26 2022, 3:33 PM · VyOS 1.4 Sagitta
sdev added a comment to T4210: NAT source/destination negated ports throws an error.

This issue is due to negated source/destination port not being handled properly in code, not validation.

Jan 26 2022, 10:18 AM · VyOS 1.4 Sagitta
sdev added a comment to T4212: PermissionError when generating/installing server Certificate (generate pki certificate sign ...).

It looks like it’s trying to directly install the certificate into the config from op-mode, that is only supposed to happen while you're in configure mode calling the command using run generate pki ... install <name>.

Jan 26 2022, 10:14 AM · VyOS 1.4 Sagitta

Jan 25 2022

sdev created T4210: NAT source/destination negated ports throws an error.
Jan 25 2022, 7:56 PM · VyOS 1.4 Sagitta
sdev added a comment to T4209: Firewall incorrect handler for recent count and time.

I had forgotten about the recent syntax and it was merged in a broken state (https://github.com/vyos/vyos-1x/blob/current/python/vyos/firewall.py#L164). We should try and find a remedy, or remove it from CLI.

Jan 25 2022, 5:23 PM · VyOS 1.4 Sagitta

Jan 21 2022

sdev added a comment to T4186: Firewall icmp type - Offered options not supported.

PR + migration: https://github.com/vyos/vyos-1x/pull/1184

Jan 21 2022, 10:08 PM · VyOS 1.4 Sagitta
sdev changed the status of T4199: Commit failed when setting icmpv6 type any from Open to In progress.
Jan 21 2022, 12:22 PM · VyOS 1.4 Sagitta
sdev added a comment to T4200: Assigning ipv6-name to interface is not generating nftables rules.

I can't reproduce this issue on latest rolling

Jan 21 2022, 12:03 PM · VyOS 1.4 Sagitta

Jan 18 2022

sdev changed the status of T4188: Firewall does not correctly handle conntracking from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1178

Jan 18 2022, 6:02 PM · VyOS 1.4 Sagitta
johannrichard awarded T3560: Ability to create groups of MAC addresses a Like token.
Jan 18 2022, 5:46 PM · VyOS 1.4 Sagitta
sdev changed the status of T3560: Ability to create groups of MAC addresses, a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to Needs testing.
Jan 18 2022, 5:35 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
sdev changed the status of T3560: Ability to create groups of MAC addresses from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1177

Jan 18 2022, 5:35 PM · VyOS 1.4 Sagitta
sdev renamed T4188: Firewall does not correctly handle conntracking from Firewall does not match ICMPv6 packets to Firewall does not correctly handle conntracking.
Jan 18 2022, 5:30 PM · VyOS 1.4 Sagitta
sdev changed the status of T4188: Firewall does not correctly handle conntracking from Open to In progress.

Okay, thanks for the update. I have found a conntrack issue in the code. Will have a fix in shortly.

Jan 18 2022, 5:29 PM · VyOS 1.4 Sagitta
sdev closed T4159: Empty firewall group (address, network & port) generates invalid nftables config, commit fails, a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Jan 18 2022, 1:50 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
sdev closed T4159: Empty firewall group (address, network & port) generates invalid nftables config, commit fails as Resolved.
Jan 18 2022, 1:50 PM · VyOS 1.4 Sagitta
sdev closed T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases , a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Jan 18 2022, 1:50 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
sdev closed T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases as Resolved.
Jan 18 2022, 1:50 PM · VyOS 1.4 Sagitta
sdev closed T3286: Switch the firewall from iptables to nftables, a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Jan 18 2022, 1:47 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
sdev closed T3286: Switch the firewall from iptables to nftables as Resolved.
Jan 18 2022, 1:47 PM · VyOS 1.4 Sagitta
sdev changed the status of T1292: Issues while deleting all rules from a firewall, a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to Needs testing.
Jan 18 2022, 1:45 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
sdev changed the status of T1292: Issues while deleting all rules from a firewall from Open to Needs testing.

Fixed in 1.4 PR: https://github.com/vyos/vyos-1x/pull/1176

Jan 18 2022, 1:45 PM · VyOS 1.4 Sagitta

Jan 17 2022

sdev closed T4188: Firewall does not correctly handle conntracking as Invalid.

You need to remove the state new match on the rule and it'll work.

Jan 17 2022, 7:54 PM · VyOS 1.4 Sagitta
sdev added a comment to T4178: policy based routing tcp flags issue.

Included those flags in PR: https://github.com/vyos/vyos-1x/pull/1174

Jan 17 2022, 11:29 AM · VyOS 1.4 Sagitta
sdev added a comment to T3873: Zone based Firewall - Filter traffic in same zone.

Included in PR: https://github.com/vyos/vyos-1x/pull/1174

Jan 17 2022, 11:08 AM · VyOS 1.4 Sagitta

Jan 16 2022

sdev changed the status of T3873: Zone based Firewall - Filter traffic in same zone from Open to In progress.

Thanks, will include a fix in a PR shortly

Jan 16 2022, 9:43 PM · VyOS 1.4 Sagitta

Jan 13 2022

sdev changed the status of T4178: policy based routing tcp flags issue from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1167

Jan 13 2022, 8:29 PM · VyOS 1.4 Sagitta
sdev changed the status of T4178: policy based routing tcp flags issue from Open to In progress.

Thanks for the report, working on the fix now.

Jan 13 2022, 11:55 AM · VyOS 1.4 Sagitta