diff options
| -rw-r--r-- | data/templates/system/ssh_config.tmpl | 7 | ||||
| -rw-r--r-- | interface-definitions/system-option.xml.in | 1 | ||||
| -rwxr-xr-x | src/conf_mode/service_webproxy.py | 2 | ||||
| -rwxr-xr-x | src/conf_mode/system-option.py | 17 |
4 files changed, 22 insertions, 5 deletions
diff --git a/data/templates/system/ssh_config.tmpl b/data/templates/system/ssh_config.tmpl index abc03f069..94dac9ed3 100644 --- a/data/templates/system/ssh_config.tmpl +++ b/data/templates/system/ssh_config.tmpl @@ -1,3 +1,8 @@ -{% if ssh_client is defined and ssh_client.source_address is defined and ssh_client.source_address is not none %} +{% if ssh_client is defined %} +{% if ssh_client.source_address is defined and ssh_client.source_address is not none %} BindAddress {{ ssh_client.source_address }} +{% endif %} +{% if ssh_client.source_interface is defined and ssh_client.source_address is not none %} +BindInterface {{ ssh_client.source_interface }} +{% endif %} {% endif %} diff --git a/interface-definitions/system-option.xml.in b/interface-definitions/system-option.xml.in index 5f80e064d..b47dde0a0 100644 --- a/interface-definitions/system-option.xml.in +++ b/interface-definitions/system-option.xml.in @@ -105,6 +105,7 @@ </properties> <children> #include <include/source-address-ipv4-ipv6.xml.i> + #include <include/source-interface.xml.i> </children> </node> <leafNode name="startup-beep"> diff --git a/src/conf_mode/service_webproxy.py b/src/conf_mode/service_webproxy.py index 9e0d73a5b..59c087aaa 100755 --- a/src/conf_mode/service_webproxy.py +++ b/src/conf_mode/service_webproxy.py @@ -245,7 +245,7 @@ def apply(proxy): if os.path.exists(squidguard_db_dir): chmod_755(squidguard_db_dir) - call('systemctl restart squid.service') + call('systemctl reload-or-restart squid.service') return None diff --git a/src/conf_mode/system-option.py b/src/conf_mode/system-option.py index ddb91aeaf..a112c2b6f 100755 --- a/src/conf_mode/system-option.py +++ b/src/conf_mode/system-option.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019-2020 VyOS maintainers and contributors +# Copyright (C) 2019-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -22,16 +22,18 @@ from time import sleep from vyos.config import Config from vyos.configdict import dict_merge +from vyos.configverify import verify_source_interface from vyos.template import render from vyos.util import cmd from vyos.validate import is_addr_assigned +from vyos.validate import is_intf_addr_assigned from vyos.xml import defaults from vyos import ConfigError from vyos import airbag airbag.enable() curlrc_config = r'/etc/curlrc' -ssh_config = r'/etc/ssh/ssh_config' +ssh_config = r'/etc/ssh/ssh_config.d/91-vyos-ssh-client-options.conf' systemd_action_file = '/lib/systemd/system/ctrl-alt-del.target' def get_config(config=None): @@ -67,8 +69,17 @@ def verify(options): if 'ssh_client' in options: config = options['ssh_client'] if 'source_address' in config: + address = config['source_address'] if not is_addr_assigned(config['source_address']): - raise ConfigError('No interface with give address specified!') + raise ConfigError('No interface with address "{address}" configured!') + + if 'source_interface' in config: + verify_source_interface(config) + if 'source_address' in config: + address = config['source_address'] + interface = config['source_interface'] + if not is_intf_addr_assigned(interface, address): + raise ConfigError(f'Address "{address}" not assigned on interface "{interface}"!') return None |