summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-01-22Merge pull request #1184 from sarthurdev/firewall_icmpChristian Poessinger
firewall: T4130: T4186: ICMP/v6 updates, ipv6 state policy check fix
2022-01-21Firewall: T4186: Adding icmpv6 corrections, in corcondancy of what was done ↵Nicolas Fort
for icmp
2022-01-21Firewall: T4186: typo correction on address-mask-reply descriptionNicolas Fort
2022-01-21Firewall: T4186: Correct icmp type-name options for firewall rulesNicolas Fort
2022-01-21firewall: T2199: Verify correct ICMP protocol for ipv4/ipv6sarthurdev
2022-01-21firewall: T4186: ICMP/v6 migrationssarthurdev
2022-01-21firewall: T4130: Use correct table to check for state policy rulesarthurdev
2022-01-21Merge pull request #1183 from hensur/current-ipv6-local-routeChristian Poessinger
policy: T4151: Bugfix policy ipv6-local-route
2022-01-21policy: T4151: Bugfix policy ipv6-local-routeHenning Surmeier
2022-01-21Merge pull request #1180 from goodNETnick/dhcp-client-prefixChristian Poessinger
DHCP: T4196: fix client-prefix-length parameter
2022-01-20DHCP: T4196: fix client-prefix-length parametergoodNETnick
2022-01-20Merge pull request #1182 from jestabro/migrate-while-udevChristian Poessinger
interface-names: T3871: use tempfile during virtual migration
2022-01-20Merge pull request #1181 from sarthurdev/firewallChristian Poessinger
firewall: T2199: Add log prefix to match legacy perl behaviour
2022-01-20interface-names: T3871: use tempfile during virtual migrationJohn Estabrook
Use tempfile to avoid race conditions during virtual migration.
2022-01-20Merge pull request #1144 from hensur/current-ipv6-local-routeChristian Poessinger
policy: T4151: Add policy ipv6-local-route
2022-01-20firewall: T2199: Add log prefix to match legacy perl behavioursarthurdev
Example syslog: [FWNAME-default-D] ... * Also clean-up firewall default-action
2022-01-19Merge pull request #1177 from sarthurdev/mac_groupsChristian Poessinger
firewall: T3560: Add support for MAC address groups
2022-01-19Merge pull request #1176 from sarthurdev/firewallChristian Poessinger
firewall: T1292: T2199: Cleanup rules used by chain to be deleted, check if chain in use by zone-policy
2022-01-19Merge pull request #1179 from fett0/T4195Christian Poessinger
OSPF : T4195: ability to set maximum paths for OSPF
2022-01-19OSPF : T4195: ability to set maximum paths for OSPFfett0
2022-01-18firewall: T2199: Raise ConfigError if deleted node is used in zone-policysarthurdev
2022-01-18firewall: policy: T1292: Clean up any rules required to delete a chainsarthurdev
2022-01-18firewall: T3560: Add support for MAC address groupssarthurdev
2022-01-18Merge pull request #1178 from sarthurdev/firewall_T4188Christian Poessinger
firewall: T4188: Create default conntrack `FW_CONNTRACK` chain
2022-01-18firewall: T4188: Create default conntrack `FW_CONNTRACK` chainsarthurdev
This chain was missing from the XML/Python rewrite thus all traffic fell through to the `notrack` rule.
2022-01-17bgp: T3741: bugfix migrator - exit() was called without savingChristian Poessinger
2022-01-17Merge pull request #1174 from sarthurdev/firewallChristian Poessinger
firewall: T4178: T3873: tcp flags syntax refactor, intra-zone-filtering fix
2022-01-17firewall: T2199: Fix `port-range` validator to accept service namessarthurdev
2022-01-17zone-policy: T3873: Fix intra-zone-filtering return to zone default-actionsarthurdev
2022-01-17firewall: policy: T4178: Migrate and refactor tcp flagssarthurdev
* Add support for ECN and CWR flags
2022-01-16Revert "migrator: interfaces: T4171: bugfix ConfigTreeError"Christian Poessinger
This reverts commit 29efbf51efea559773f61703f11a77a8aee6de36.
2022-01-16Revert "migrator: interfaces: T4171: bugfix ConfigTreeError"Christian Poessinger
This reverts commit 391ce22b76190309f81e048ebffab778b0fdee1d.
2022-01-16dns-forwarding: T1595: remove unnecessary nesting in migration script 1 -> 2Christian Poessinger
2022-01-16bgp: T3741: remove unnecessary exit() in migration script 1 -> 2Christian Poessinger
2022-01-15smoketest: ntp: T4184: check for "restrict default ignore" presencexChristian Poessinger
2022-01-15smoketest: ntp: re-organize testcasesChristian Poessinger
Drop the overcomplex function get_config_value() to search for NTPd configuration values. Rather assemble the required string and probe for its presence in the configuration like we do on most other smoketests.
2022-01-15Merge pull request #1171 from sever-sever/T4184Christian Poessinger
ntp: T4184: Fix allow-clients address
2022-01-15ntp: T4184: Fix allow-clients addressViacheslav
NTP-server with option "allow-clients address x.x.x.x" should accept requests only from clients addresses which declared in configuration if this option exists Add "restrict default ignore" to fix it, in another case it responce to any address
2022-01-15Merge pull request #1169 from sever-sever/T4183Christian Poessinger
wireguard: T4183: Allow to set peer IPv6 link-local address
2022-01-14wireguard: T4183: Allow to set peer IPv6 link-local addressViacheslav
2022-01-14Merge pull request #1164 from sever-sever/T4179Christian Poessinger
op-mode: T4179: Add op-mode CLI show virtual-server
2022-01-14Merge pull request #1167 from sarthurdev/firewallChristian Poessinger
firewall: T4178: Use lowercase for TCP flags and add an validator
2022-01-14firewall: T4178: Use lowercase for TCP flags and add an validatorsarthurdev
2022-01-14policy: T4151: Add policy ipv6-local-routeHenning Surmeier
Adds support for `ip -6 rule` policy based routing. Also, extends the existing ipv4 implemenation with a `destination` key, which is translated as `ip rule add to x.x.x.x/x` rules. https://phabricator.vyos.net/T4151
2022-01-13Merge pull request #1166 from sever-sever/T4182Christian Poessinger
vrrp: T4182: Check if VRRP configured in op mode
2022-01-13op-mode: T4179: Add op-mode CLI show virtual-serverViacheslav
2022-01-13vrrp: T4182: Check if VRRP configured in op modeViacheslav
There is a situation when service keepalived is active but there a no any "vrrp" configuration. In that case "show vrrp" hangs up because it expect data from keepalived daemon which can't get Check if "vrrp" exists in configuration and only then check if pid is active
2022-01-13Merge pull request #1168 from fett0/T4181Christian Poessinger
Firewall: T4181: Set correct description for ipv6-network-group
2022-01-13Firewall: T4181: Set correct description for ipv6-network-groupfett0
2022-01-13Merge pull request #1163 from sever-sever/T4177Christian Poessinger
strip-private: T4177: Fix for hiding private data token/url/bucket