Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-01-18 | firewall: T4188: Create default conntrack `FW_CONNTRACK` chain | sarthurdev | |
This chain was missing from the XML/Python rewrite thus all traffic fell through to the `notrack` rule. | |||
2022-01-17 | bgp: T3741: bugfix migrator - exit() was called without saving | Christian Poessinger | |
2022-01-17 | Merge pull request #1174 from sarthurdev/firewall | Christian Poessinger | |
firewall: T4178: T3873: tcp flags syntax refactor, intra-zone-filtering fix | |||
2022-01-17 | firewall: T2199: Fix `port-range` validator to accept service names | sarthurdev | |
2022-01-17 | zone-policy: T3873: Fix intra-zone-filtering return to zone default-action | sarthurdev | |
2022-01-17 | firewall: policy: T4178: Migrate and refactor tcp flags | sarthurdev | |
* Add support for ECN and CWR flags | |||
2022-01-16 | Revert "migrator: interfaces: T4171: bugfix ConfigTreeError" | Christian Poessinger | |
This reverts commit 29efbf51efea559773f61703f11a77a8aee6de36. | |||
2022-01-16 | Revert "migrator: interfaces: T4171: bugfix ConfigTreeError" | Christian Poessinger | |
This reverts commit 391ce22b76190309f81e048ebffab778b0fdee1d. | |||
2022-01-16 | dns-forwarding: T1595: remove unnecessary nesting in migration script 1 -> 2 | Christian Poessinger | |
2022-01-16 | bgp: T3741: remove unnecessary exit() in migration script 1 -> 2 | Christian Poessinger | |
2022-01-15 | smoketest: ntp: T4184: check for "restrict default ignore" presencex | Christian Poessinger | |
2022-01-15 | smoketest: ntp: re-organize testcases | Christian Poessinger | |
Drop the overcomplex function get_config_value() to search for NTPd configuration values. Rather assemble the required string and probe for its presence in the configuration like we do on most other smoketests. | |||
2022-01-15 | Merge pull request #1171 from sever-sever/T4184 | Christian Poessinger | |
ntp: T4184: Fix allow-clients address | |||
2022-01-15 | ntp: T4184: Fix allow-clients address | Viacheslav | |
NTP-server with option "allow-clients address x.x.x.x" should accept requests only from clients addresses which declared in configuration if this option exists Add "restrict default ignore" to fix it, in another case it responce to any address | |||
2022-01-15 | Merge pull request #1169 from sever-sever/T4183 | Christian Poessinger | |
wireguard: T4183: Allow to set peer IPv6 link-local address | |||
2022-01-14 | wireguard: T4183: Allow to set peer IPv6 link-local address | Viacheslav | |
2022-01-14 | Merge pull request #1164 from sever-sever/T4179 | Christian Poessinger | |
op-mode: T4179: Add op-mode CLI show virtual-server | |||
2022-01-14 | Merge pull request #1167 from sarthurdev/firewall | Christian Poessinger | |
firewall: T4178: Use lowercase for TCP flags and add an validator | |||
2022-01-14 | firewall: T4178: Use lowercase for TCP flags and add an validator | sarthurdev | |
2022-01-13 | Merge pull request #1166 from sever-sever/T4182 | Christian Poessinger | |
vrrp: T4182: Check if VRRP configured in op mode | |||
2022-01-13 | op-mode: T4179: Add op-mode CLI show virtual-server | Viacheslav | |
2022-01-13 | vrrp: T4182: Check if VRRP configured in op mode | Viacheslav | |
There is a situation when service keepalived is active but there a no any "vrrp" configuration. In that case "show vrrp" hangs up because it expect data from keepalived daemon which can't get Check if "vrrp" exists in configuration and only then check if pid is active | |||
2022-01-13 | Merge pull request #1168 from fett0/T4181 | Christian Poessinger | |
Firewall: T4181: Set correct description for ipv6-network-group | |||
2022-01-13 | Firewall: T4181: Set correct description for ipv6-network-group | fett0 | |
2022-01-13 | Merge pull request #1163 from sever-sever/T4177 | Christian Poessinger | |
strip-private: T4177: Fix for hiding private data token/url/bucket | |||
2022-01-13 | strip-private: T4177: Fix for hiding private data token/url/bucket | Viacheslav | |
Add URL, token and bucket hidind data when is used function "strip-private" | |||
2022-01-13 | Merge pull request #1162 from sever-sever/T3872 | Christian Poessinger | |
monitoring: T3872: Add just required interfaces for ethtool telegraf template | |||
2022-01-13 | monitoring: T3872: Add just required interfaces for ethtool | Viacheslav | |
Telegraf ethtool input filter expected ethX interfaces and not other interfaces like vlans/tunnels/dummy Add "interface_include" option to telegraf template. | |||
2022-01-13 | monitoring: T3872: Rewrite input filter custom_script | Viacheslav | |
Rewrite and improve the custom input filter telegraf script "show_interfaces_input_filter.py" to more readable and clear format Fix bug when it failed with configured tunnel "tunX" interfaces | |||
2022-01-12 | Merge pull request #1161 from sarthurdev/firewall | Christian Poessinger | |
firewall: T4160: Fix support for inverse matches | |||
2022-01-12 | firewall: T4160: Fix support for inverse matches | sarthurdev | |
2022-01-11 | migrator: interfaces: T4171: bugfix ConfigTreeError | Christian Poessinger | |
2022-01-11 | Merge pull request #1160 from bjw-s/T4174 | Christian Poessinger | |
firewall: validators: T4174: Correct upper port range boundary | |||
2022-01-11 | Merge pull request #1159 from sarthurdev/firewall | Christian Poessinger | |
policy: T2199: Update op-mode syntax to `route6` | |||
2022-01-11 | firewall: validators: T4174: Correct upper port range boundary | Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs | |
2022-01-11 | policy: T2199: Update op-mode syntax to `route6` | sarthurdev | |
2022-01-11 | Merge pull request #1157 from nicolas-fort/T4162 | Christian Poessinger | |
vpn: T4162: Correct helper description for ikev2-reauth | |||
2022-01-11 | Merge pull request #1158 from sarthurdev/firewall | Christian Poessinger | |
firewall: policy: T4131: T4144: T4159: T4164: Fix reported firewall issues, policy-route refactor | |||
2022-01-11 | policy: T2199: Refactor policy route script for better error handling | sarthurdev | |
* Migrates all policy route references from `ipv6-route` to `route6` * Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6` | |||
2022-01-11 | ike-group: T4162: Correct helper description for ikev2-reauth | Nicolas Fort | |
2022-01-11 | migrator: interfaces: T4171: bugfix ConfigTreeError | Christian Poessinger | |
Migrating 1.2.8 -> 1.4-rolling-202201110811 vyos-router[970]: Waiting for NICs to settle down: settled in 0sec.. vyos-router[1085]: Started watchfrr. vyos-router[970]: Mounting VyOS Config...done. vyos-router[970]: Starting VyOS router: migrate vyos-router[1490]: Traceback (most recent call last): vyos-router[1490]: File "/opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6", line 112, in <module> vyos-router[1490]: for if_type in config.list_nodes(['interfaces']): vyos-router[1490]: File "/usr/lib/python3/dist-packages/vyos/configtree.py", line 236, in list_nodes vyos-router[1490]: raise ConfigTreeError("Path [{}] doesn't exist".format(path_str)) vyos-router[1490]: vyos.configtree.ConfigTreeError: Path [b'interfaces'] doesn't exist vyos-router[1455]: Migration script error: /opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6: Command '['/opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6', '/opt/vyatta/etc/config/config.boot']' returned non-zero exit status 1.. vyos-router[970]: configure. vyos-config[979]: Configuration success | |||
2022-01-11 | firewall: T4159: Add warning when an empty group is applied to a rule | sarthurdev | |
2022-01-11 | firewall: policy: T2199: Reload policy route script if `firewall group` node ↵ | sarthurdev | |
is changed | |||
2022-01-11 | firewall: op-mode: T4131: Display `show firewall group` reference and member ↵ | sarthurdev | |
items sorted and one per line | |||
2022-01-11 | firewall: T2199: Add ipv6-range support to IPv6 address group | sarthurdev | |
2022-01-11 | validators: T4144: Add error messages to the majority of IP validators | sarthurdev | |
2022-01-11 | firewall: policy: T4159: T4164: Fix empty firewall groups, create separate ↵ | sarthurdev | |
file for group definitions. | |||
2022-01-11 | remote: T3950: Gracefully handle chained exceptions | erkin | |
2022-01-11 | policy: T4170: rename "policy ipv6-route" -> "policy route6" | Christian Poessinger | |
In order to have a consistent looking CLI we should rename this CLI node. There is: * access-list and access-list6 (policy) * prefix-list and prefix-list6 (policy) * route and route6 (static routes) | |||
2022-01-11 | policy: T2199: add missing rule constraints | Christian Poessinger | |