4 files changed, 38 insertions, 21 deletions

diff --git a/src/services/vyos-commitd b/src/services/vyos-commitd
index 8dbd39058..e7f2d82c7 100755
--- a/src/services/vyos-commitd
+++ b/src/services/vyos-commitd
@@ -72,8 +72,6 @@ class Session:
     # pylint: disable=too-many-instance-attributes
 
     session_id: str = ''
-    named_active: str = None
-    named_proposed: str = None
     dry_run: bool = False
     atomic: bool = False
     background: bool = False
@@ -235,8 +233,9 @@ def initialization(session: Session) -> Session:
     scripts_called = []
     setattr(config, 'scripts_called', scripts_called)
 
-    dry_run = False
-    setattr(config, 'dry_run', dry_run)
+    dry_run = session.dry_run
+    config.set_bool_attr('dry_run', dry_run)
+    logger.debug(f'commit dry_run is {dry_run}')
 
     session.config = config
 
@@ -249,11 +248,16 @@ def run_script(script_name: str, config: Config, args: list) -> tuple[bool, str]
     script = conf_mode_scripts[script_name]
     script.argv = args
     config.set_level([])
+    dry_run = config.get_bool_attr('dry_run')
     try:
         c = script.get_config(config)
         script.verify(c)
-        script.generate(c)
-        script.apply(c)
+        if not dry_run:
+            script.generate(c)
+            script.apply(c)
+        else:
+            if hasattr(script, 'call_dependents'):
+                script.call_dependents()
     except ConfigError as e:
         logger.error(e)
         return False, str(e)
diff --git a/src/services/vyos-conntrack-logger b/src/services/vyos-conntrack-logger
index 9c31b465f..ec0e1f717 100755
--- a/src/services/vyos-conntrack-logger
+++ b/src/services/vyos-conntrack-logger
@@ -15,10 +15,8 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import argparse
-import grp
 import logging
 import multiprocessing
-import os
 import queue
 import signal
 import socket
diff --git a/src/services/vyos-domain-resolver b/src/services/vyos-domain-resolver
index aba5ba9db..fb18724af 100755
--- a/src/services/vyos-domain-resolver
+++ b/src/services/vyos-domain-resolver
@@ -28,7 +28,7 @@ from vyos.utils.commit import commit_in_progress
 from vyos.utils.dict import dict_search_args
 from vyos.utils.kernel import WIREGUARD_REKEY_AFTER_TIME
 from vyos.utils.file import makedir, chmod_775, write_file, read_file
-from vyos.utils.network import is_valid_ipv4_address_or_range
+from vyos.utils.network import is_valid_ipv4_address_or_range, is_valid_ipv6_address_or_range
 from vyos.utils.process import cmd
 from vyos.utils.process import run
 from vyos.xml_ref import get_defaults
@@ -92,12 +92,14 @@ def resolve(domains, ipv6=False):
     for domain in domains:
         resolved = fqdn_resolve(domain, ipv6=ipv6)
 
+        cache_key = f'{domain}_ipv6' if ipv6 else domain
+
         if resolved and cache:
-            domain_state[domain] = resolved
+            domain_state[cache_key] = resolved
         elif not resolved:
-            if domain not in domain_state:
+            if cache_key not in domain_state:
                 continue
-            resolved = domain_state[domain]
+            resolved = domain_state[cache_key]
 
         ip_list = ip_list | resolved
     return ip_list
@@ -141,10 +143,11 @@ def update_remote_group(config):
         for set_name, remote_config in remote_groups.items():
             if 'url' not in remote_config:
                 continue
-            nft_set_name = f'R_{set_name}'
+            nft_ip_set_name = f'R_{set_name}'
+            nft_ip6_set_name = f'R6_{set_name}'
 
             # Create list file if necessary
-            list_file = os.path.join(firewall_config_dir, f"{nft_set_name}.txt")
+            list_file = os.path.join(firewall_config_dir, f"{nft_ip_set_name}.txt")
             if not os.path.exists(list_file):
                 write_file(list_file, '', user="root", group="vyattacfg", mode=0o644)
 
@@ -157,16 +160,32 @@ def update_remote_group(config):
 
             # Read list file
             ip_list = []
+            ip6_list = []
+            invalid_list = []
             for line in read_file(list_file).splitlines():
                 line_first_word = line.strip().partition(' ')[0]
 
                 if is_valid_ipv4_address_or_range(line_first_word):
                     ip_list.append(line_first_word)
+                elif is_valid_ipv6_address_or_range(line_first_word):
+                    ip6_list.append(line_first_word)
+                else:
+                    if line_first_word[0].isalnum():
+                        invalid_list.append(line_first_word)
 
-            # Load tables
+            # Load ip tables
             for table in ipv4_tables:
-                if (table, nft_set_name) in valid_sets:
-                    conf_lines += nft_output(table, nft_set_name, ip_list)
+                if (table, nft_ip_set_name) in valid_sets:
+                    conf_lines += nft_output(table, nft_ip_set_name, ip_list)
+
+            # Load ip6 tables
+            for table in ipv6_tables:
+                if (table, nft_ip6_set_name) in valid_sets:
+                    conf_lines += nft_output(table, nft_ip6_set_name, ip6_list)
+
+            invalid_str = ", ".join(invalid_list)
+            if invalid_str:
+                logger.info(f'Invalid address for set {set_name}: {invalid_str}')
 
             count += 1
 
diff --git a/src/services/vyos-hostsd b/src/services/vyos-hostsd
index 1ba90471e..44f03586c 100755
--- a/src/services/vyos-hostsd
+++ b/src/services/vyos-hostsd
@@ -233,10 +233,7 @@
 # }
 
 import os
-import sys
-import time
 import json
-import signal
 import traceback
 import re
 import logging
@@ -245,7 +242,6 @@ import zmq
 from voluptuous import Schema, MultipleInvalid, Required, Any
 from collections import OrderedDict
 from vyos.utils.file import makedir
-from vyos.utils.permission import chown
 from vyos.utils.permission import chmod_755
 from vyos.utils.process import popen
 from vyos.utils.process import process_named_running