Age | Commit message (Collapse) | Author |
|
NTP-server with option "allow-clients address x.x.x.x" should
accept requests only from clients addresses which declared in
configuration if this option exists
Add "restrict default ignore" to fix it, in another case it
responce to any address
|
|
wireguard: T4183: Allow to set peer IPv6 link-local address
|
|
|
|
op-mode: T4179: Add op-mode CLI show virtual-server
|
|
firewall: T4178: Use lowercase for TCP flags and add an validator
|
|
|
|
vrrp: T4182: Check if VRRP configured in op mode
|
|
|
|
There is a situation when service keepalived is active but
there a no any "vrrp" configuration. In that case "show vrrp"
hangs up because it expect data from keepalived daemon which
can't get
Check if "vrrp" exists in configuration and only then check if pid
is active
|
|
Firewall: T4181: Set correct description for ipv6-network-group
|
|
|
|
strip-private: T4177: Fix for hiding private data token/url/bucket
|
|
Add URL, token and bucket hidind data when is used function
"strip-private"
|
|
monitoring: T3872: Add just required interfaces for ethtool telegraf template
|
|
Telegraf ethtool input filter expected ethX interfaces and not
other interfaces like vlans/tunnels/dummy
Add "interface_include" option to telegraf template.
|
|
Rewrite and improve the custom input filter telegraf script
"show_interfaces_input_filter.py" to more readable and clear format
Fix bug when it failed with configured tunnel "tunX" interfaces
|
|
firewall: T4160: Fix support for inverse matches
|
|
|
|
|
|
firewall: validators: T4174: Correct upper port range boundary
|
|
policy: T2199: Update op-mode syntax to `route6`
|
|
|
|
|
|
vpn: T4162: Correct helper description for ikev2-reauth
|
|
firewall: policy: T4131: T4144: T4159: T4164: Fix reported firewall issues, policy-route refactor
|
|
* Migrates all policy route references from `ipv6-route` to `route6`
* Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6`
|
|
|
|
Migrating 1.2.8 -> 1.4-rolling-202201110811
vyos-router[970]: Waiting for NICs to settle down: settled in 0sec..
vyos-router[1085]: Started watchfrr.
vyos-router[970]: Mounting VyOS Config...done.
vyos-router[970]: Starting VyOS router: migrate
vyos-router[1490]: Traceback (most recent call last):
vyos-router[1490]: File "/opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6", line 112, in <module>
vyos-router[1490]: for if_type in config.list_nodes(['interfaces']):
vyos-router[1490]: File "/usr/lib/python3/dist-packages/vyos/configtree.py", line 236, in list_nodes
vyos-router[1490]: raise ConfigTreeError("Path [{}] doesn't exist".format(path_str))
vyos-router[1490]: vyos.configtree.ConfigTreeError: Path [b'interfaces'] doesn't exist
vyos-router[1455]: Migration script error: /opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6: Command
'['/opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6', '/opt/vyatta/etc/config/config.boot']'
returned non-zero exit status 1..
vyos-router[970]: configure.
vyos-config[979]: Configuration success
|
|
|
|
is changed
|
|
items sorted and one per line
|
|
|
|
|
|
file for group definitions.
|
|
|
|
In order to have a consistent looking CLI we should rename this CLI node.
There is:
* access-list and access-list6 (policy)
* prefix-list and prefix-list6 (policy)
* route and route6 (static routes)
|
|
|
|
frr: T4166: move log debug setting to init function for vyos-configd
|
|
containers: T2216: bugfix host networking on image upgrade
|
|
The bug was partially fixed with this commit:
https://github.com/vyos/vyos-1x/commit/358f0b481d8620cad4954e3fe418054b9a8c3ecd
The earlier commit introduced a startup retry (up to 10 times) to allow the OS
to settle before the container is started. However, it only applies if
host networking is NOT used. This change applies the same for containers
where host networking is employed.
Since the retry portion of the code (written in the earlier commit) is now
referenced twice, it has been moved to its own function.
|
|
frr.py debugging is set True if the file '/tmp/vyos.frr.debug' exists;
this check needs to be called within an init function, as frr.py will
have already been loaded by vyos-configd before the /tmp/*.debug files
are created by vyos-router, or by call to 'touch'.
|
|
Before installing a new conntrack policy into the OS Kernel, the new policy
should be verified by nftables if it can be loaded at all or if it will fail
to load. There is no need to load a "bad" configuration if we can pre-test it.
|
|
Before installing a new conntrack policy into the OS Kernel, the new policy
should be verified by nftables if it can be loaded at all or if it will fail
to load. There is no need to load a "bad" configuration if we can pre-test it.
|
|
|
|
firewall: validators: T4148: Improve validators and firewall validator usage
|
|
|
|
|
|
|
|
|
|
|