VyOS command definitions, scripts, and utilities (mirror of https://github.com/marekm72/vyos-1x.git) https://git.amelek.net/marekm72/vyos-1x.git/atom?h=1.3.8 2019-12-06T19:58:56+00:00 2019-12-06T19:58:56+00:00 Christian Poessinger christian@poessinger.com 2019-12-03T21:01:19+00:00 urn:sha1:0d4d4dd840e06c18250d73f27de61261ff141944 A lot of XML code is duplicated (VLAN, interface address) for instance. Such XML definitions should be moved to feature.xml.i files and then just pulled in via GCC preprocessor #include definition in e.g. bond or ethernet definitions. This will give us the ability to single-source repeating node definitions as: * Interface Address * Interface Description * Interface Disable * VLAN (both vif-s and vif-c) The .in suffix of the interface-definitions is a marker that those files are input files to the GCC preprocessor. They will be rendered into proper XML files in the build directory. Some node definitions have been reworder to remove escaped double quote occurances which would have been warned about by the GCC preprocessor. 2019-08-20T10:02:49+00:00 Christian Poessinger christian@poessinger.com 2019-08-20T10:02:49+00:00 urn:sha1:dbdd50e96f5af8f59d884f03df1cdeed9bac39d1 2019-08-20T09:50:58+00:00 Christian Poessinger christian@poessinger.com 2019-08-20T09:50:55+00:00 urn:sha1:dc0f641956d002fa8588ef8d1213791cf36e92f2 Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918 private IP addresses. Due to the aggressive nature of the internet these days, it is highly recommended to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do not get an answer. https://docs.powerdns.com/recursor/settings.html#allow-from Imagine an ISP network with non RFC1918 IP adresses - they can't make use of PowerDNS recursor. As of now VyOS hat allow-from set to 0.0.0.0/0 and ::/0 which created an open resolver. If there is no allow-from statement a config-migrator will add the appropriate nodes to the configuration, resulting in: service { dns { forwarding { allow-from 0.0.0.0/0 allow-from ::/0 cache-size 0 ignore-hosts-file listen-address 192.0.2.1 } } } 2019-07-21T16:30:27+00:00 Christian Poessinger christian@poessinger.com 2019-07-21T16:30:27+00:00 urn:sha1:d99bf6a3a623433e743bb2d1d72e2ef3e0ab5057 2019-01-12T09:56:34+00:00 Christian Poessinger christian@poessinger.com 2019-01-12T09:49:42+00:00 urn:sha1:3c563b3ae8397da33a03c0429c17b97eb9625c5f The name-server option under "service dns-forwarding" was never mandatory so users never needed to specify an upstream server. With the recent switch to PowerDNS recursor in VyOS 1.2.0 we will act as a full DNS recursor when there is no upstream DNS server configured. 2018-12-09T20:46:34+00:00 Christian Poessinger christian@poessinger.com 2018-12-09T20:46:00+00:00 urn:sha1:f968d0846abc416c0eac51aeff55551f9df2dea0 2018-12-09T20:39:20+00:00 Christian Poessinger christian@poessinger.com 2018-12-09T20:39:20+00:00 urn:sha1:f9ad571f6d2a6238fe841f8eb1acf7daced1c7d5 2018-10-17T18:14:55+00:00 Christian Poessinger christian@poessinger.com 2018-10-17T18:14:55+00:00 urn:sha1:5cfbc160631beb93b19ebb6abff48230544d1f38 2018-08-02T18:00:22+00:00 mb300sd mb300sd@github 2018-08-02T06:27:58+00:00 urn:sha1:63bcf3df3b33994ded58b5a47d38afc574c94c92 2018-06-08T19:50:30+00:00 Christian Poessinger christian@poessinger.com 2018-06-08T19:50:30+00:00 urn:sha1:59db66e83687f52496027197e5b988d17371f651