vyos-1x.git/data/templates/firewall, branch 1.4.0

vyos-1x.git/data/templates/firewall, branch 1.4.0 VyOS command definitions, scripts, and utilities (mirror of https://github.com/marekm72/vyos-1x.git) https://git.amelek.net/marekm72/vyos-1x.git/atom?h=1.4.0 2024-05-14T17:37:45+00:00 T3420: Remove service upnp 2024-05-14T17:37:45+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2024-05-14T16:47:29+00:00 urn:sha1:f844b28a6164fcc3f2ad5992b3a1da2bcb6194f9 Remove `service upnp` as it never worked as expected, nft rules do not integrated and custom patches do not seem like a suitable solution for now. Security: UPnP has been historically associated with security risks due to its automatic and potentially unauthenticated nature. UPnP devices might be vulnerable to unauthorized access or exploitation. (cherry picked from commit 7c438caa2c21101cbefc2eec21935ab55af19c46) Merge pull request #2925 from vyos/mergify/bp/sagitta/pr-2897 2024-02-01T20:41:17+00:00 Christian Breunig christian@breunig.cc 2024-02-01T20:41:17+00:00 urn:sha1:b5a907135ef1943b4dbf8d195cae38cfff360d65 T5989 fix: Add ipv4-prefix as a valid option for UPnP ACLs. (backport #2897) upnp: T5989: add ipv4-prefix as a valid option for UPnP ACLs 2024-02-01T20:25:31+00:00 Chris Buechler cbuechler@gmail.com 2024-02-01T20:24:26+00:00 urn:sha1:2c7fd390372629a9b8911efd792bd0fa469af1bb (cherry picked from commit 0307801b8928bbaaa20caf5bd10b928bae459490) T4839: firewall: Add dynamic address group in firewall configuration, and appropiate commands to populate such groups using source and destination address of the packet. 2024-02-01T20:22:26+00:00 Nicolas Fort nicolasfort1988@gmail.com 2024-01-05T12:13:17+00:00 urn:sha1:3ce9583b9420ed72cf45728f439f00b1c4cf5800 (cherry picked from commit 6ce5fedb602c5ea0df52049a5e9c4fb4f5a86122) vrf: T5973: move initial conntrack firewall table to startup 2024-01-30T11:12:53+00:00 Christian Breunig christian@breunig.cc 2024-01-22T19:48:44+00:00 urn:sha1:f5590b63f2a849ebe63bf453c561930f846598d5 There is no need to add and remove this table during runtime - it can lurk in the standard firewall init code. (cherry picked from commit 89f0d347bfe5e468355817a617dc71823a58c284) firewall: T5729: T5681: T5217: backport subsystem from current branch 2024-01-22T06:47:17+00:00 Christian Breunig christian@breunig.cc 2024-01-19T20:01:52+00:00 urn:sha1:2ec023752bdd400835eb69a8f1f9d2873cef61fa This is a combined backport for all accumulated changes done to the firewall subsystem on the current branch. Merge pull request #2793 from sarthurdev/T5550_sagitta 2024-01-11T05:41:17+00:00 Christian Breunig christian@breunig.cc 2024-01-11T05:41:17+00:00 urn:sha1:68bacdc20c10566671ce809e9668ca27666bca22 interface: T5550: Interface source-validation priority over global value (backport) firewall: T5834: Add support for default log for route policy 2023-12-30T19:32:36+00:00 Indrajit Raychaudhuri irc@indrajit.com 2023-12-27T01:19:10+00:00 urn:sha1:468984d7cde4039143d3fc90bffc3eac2f2e05d1 One can now do `set policy route foo default-log` which will add log to the policy route chain. (cherry picked from commit 6278ce9b7cb2060c8226a60ccbdb580a0d8a3fb5) T5775: Fix collisions and adjust for 1.4 2023-12-15T20:28:51+00:00 Bjarke Istrup Pedersen gurli@gurlinet.dk 2023-12-09T16:22:16+00:00 urn:sha1:601616c022d938d39eeeab26673f01a6f7238bf3 T5775: firewall: re-add state-policy to firewall. These commands are now included in <set firewall global-options state-policy> node. 2023-12-15T20:28:51+00:00 Nicolas Fort nicolasfort1988@gmail.com 2023-11-24T10:24:48+00:00 urn:sha1:fcedc85e2b4d3d6663b0c78c3fb3bd93db91fcc2