3 files changed, 31 insertions, 16 deletions
diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py
index 2110fd9e0..ac3dc536b 100755
--- a/src/conf_mode/container.py
+++ b/src/conf_mode/container.py
@@ -90,10 +90,10 @@ def get_config(config=None):
             container['name'][name] = dict_merge(default_values, container['name'][name])
 
     # Delete container network, delete containers
-    tmp = node_changed(conf, base + ['container', 'network'])
+    tmp = node_changed(conf, base + ['network'])
     if tmp: container.update({'network_remove' : tmp})
 
-    tmp = node_changed(conf, base + ['container', 'name'])
+    tmp = node_changed(conf, base + ['name'])
     if tmp: container.update({'container_remove' : tmp})
 
     return container
@@ -132,7 +132,7 @@ def verify(container):
 
                 # Check if the specified container network exists
                 network_name = list(container_config['network'])[0]
-                if network_name not in container['network']:
+                if network_name not in container.get('network', {}):
                     raise ConfigError(f'Container network "{network_name}" does not exist!')
 
                 if 'address' in container_config['network'][network_name]:
@@ -270,12 +270,13 @@ def apply(container):
     # Option "--force" allows to delete containers with any status
     if 'container_remove' in container:
         for name in container['container_remove']:
-            call(f'podman stop {name}')
+            call(f'podman stop --time 3 {name}')
             call(f'podman rm --force {name}')
 
     # Delete old networks if needed
     if 'network_remove' in container:
         for network in container['network_remove']:
+            call(f'podman network rm {network}')
             tmp = f'/etc/cni/net.d/{network}.conflist'
             if os.path.exists(tmp):
                 os.unlink(tmp)
@@ -294,7 +295,7 @@ def apply(container):
                 # check if there is a container by that name running
                 tmp = _cmd('podman ps -a --format "{{.Names}}"')
                 if name in tmp:
-                    _cmd(f'podman stop {name}')
+                    _cmd(f'podman stop --time 3 {name}')
                     _cmd(f'podman rm --force {name}')
                 continue
 
diff --git a/src/conf_mode/service_router-advert.py b/src/conf_mode/service_router-advert.py
index 71b758399..ff7caaa84 100755
--- a/src/conf_mode/service_router-advert.py
+++ b/src/conf_mode/service_router-advert.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2018-2021 VyOS maintainers and contributors
+# Copyright (C) 2018-2022 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -17,7 +17,7 @@
 import os
 
 from sys import exit
-
+from vyos.base import Warning
 from vyos.config import Config
 from vyos.configdict import dict_merge
 from vyos.template import render
@@ -79,22 +79,35 @@ def verify(rtradv):
     if 'interface' not in rtradv:
         return None
 
-    for interface in rtradv['interface']:
-        interface = rtradv['interface'][interface]
+    for interface, interface_config in rtradv['interface'].items():
         if 'prefix' in interface:
-            for prefix in interface['prefix']:
-                prefix = interface['prefix'][prefix]
-                valid_lifetime = prefix['valid_lifetime']
+            for prefix, prefix_config in interface_config['prefix'].items():
+                valid_lifetime = prefix_config['valid_lifetime']
                 if valid_lifetime == 'infinity':
                     valid_lifetime = 4294967295
 
-                preferred_lifetime = prefix['preferred_lifetime']
+                preferred_lifetime = prefix_config['preferred_lifetime']
                 if preferred_lifetime == 'infinity':
                     preferred_lifetime = 4294967295
 
                 if not (int(valid_lifetime) > int(preferred_lifetime)):
                     raise ConfigError('Prefix valid-lifetime must be greater then preferred-lifetime')
 
+        if 'name_server_lifetime' in interface_config:
+            # man page states:
+            # The maximum duration how long the RDNSS entries are used for name
+            # resolution. A value of 0 means the nameserver must no longer be
+            # used. The value, if not 0, must be at least MaxRtrAdvInterval. To
+            # ensure stale RDNSS info gets removed in a timely fashion, this
+            # should not be greater than 2*MaxRtrAdvInterval.
+            lifetime = int(interface_config['name_server_lifetime'])
+            interval_max = int(interface_config['interval']['max'])
+            if lifetime > 0:
+                if lifetime < int(interval_max):
+                    raise ConfigError(f'RDNSS lifetime must be at least "{interval_max}" seconds!')
+                if lifetime > 2* interval_max:
+                    Warning(f'RDNSS lifetime should not exceed "{2 * interval_max}" which is two times "interval max"!')
+
     return None
 
 def generate(rtradv):
@@ -105,15 +118,16 @@ def generate(rtradv):
     return None
 
 def apply(rtradv):
+    systemd_service = 'radvd.service'
     if not rtradv:
         # bail out early - looks like removal from running config
-        call('systemctl stop radvd.service')
+        call(f'systemctl stop {systemd_service}')
         if os.path.exists(config_file):
             os.unlink(config_file)
 
         return None
 
-    call('systemctl restart radvd.service')
+    call(f'systemctl reload-or-restart {systemd_service}')
 
     return None
 
diff --git a/src/op_mode/firewall.py b/src/op_mode/firewall.py
index 3146fc357..0aea17b3a 100755
--- a/src/op_mode/firewall.py
+++ b/src/op_mode/firewall.py
@@ -270,7 +270,7 @@ def show_firewall_group(name=None):
             references = find_references(group_type, group_name)
             row = [group_name, group_type, '\n'.join(references) or 'N/A']
             if 'address' in group_conf:
-                row.append("\n".join(sorted(group_conf['address'], key=ipaddress.ip_address)))
+                row.append("\n".join(sorted(group_conf['address'])))
             elif 'network' in group_conf:
                 row.append("\n".join(sorted(group_conf['network'], key=ipaddress.ip_network)))
             elif 'mac_address' in group_conf: