Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-01-05 | firewall: zone-policy: T4133: Prevent firewall from trying to clean-up ↵ | sarthurdev | |
zone-policy chains * Prevent firewall names from using the reserved VZONE prefix | |||
2022-01-05 | Merge pull request #1138 from sever-sever/T4142 | John Estabrook | |
op-mode: T4142: Fix for show input ifbX interfaces | |||
2022-01-05 | op-mode: T4142: Fix for show input ifbX interfaces | Viacheslav | |
Ability to see interface type "input" ifbX from op-mode | |||
2022-01-05 | Merge pull request #1137 from sarthurdev/current | Christian Poessinger | |
keepalived: T4109: Update configd-include.json to reflect filename change | |||
2022-01-05 | keepalived: T4109: Update configd-include.json to reflect filename change | sarthurdev | |
2022-01-05 | Merge pull request #1136 from sarthurdev/firewall | Christian Poessinger | |
zone-policy: T4135: Raise error when using an invalid "from" zone. | |||
2022-01-05 | zone-policy: T4135: Raise error when using an invalid "from" zone. | sarthurdev | |
2022-01-05 | Merge pull request #1135 from sarthurdev/current | Christian Poessinger | |
smoketest: shim: Optimise speed of `lsof` command | |||
2022-01-05 | Merge pull request #1134 from sarthurdev/firewall | Christian Poessinger | |
firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and zone-policy | |||
2022-01-05 | smoketest: shim: Optimise speed of `lsof` command | sarthurdev | |
2022-01-05 | firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and ↵ | sarthurdev | |
zone-policy | |||
2022-01-04 | Merge pull request #1131 from sever-sever/T4132 | Christian Poessinger | |
firewall: T4132: Fix for op-mode show firewall group | |||
2022-01-04 | Merge pull request #1132 from sever-sever/T4134 | Christian Poessinger | |
firewall: T4134: Fix completion help for protocols | |||
2022-01-04 | Merge pull request #1121 from sever-sever/T4109 | Christian Poessinger | |
keepalived: T4109: Add high-availability virtual-server | |||
2022-01-04 | firewall: T4134: Fix completion help for protocols | Viacheslav | |
2022-01-04 | firewall: T4132: Fix for op-mode show firewall group | Viacheslav | |
After firewall rewriting there is impossible to show a specific firewall group, this commit fixes it. Add tagNode and completion help for op-mode firewall group | |||
2022-01-04 | keepalived: T4109: Add high-availability virtual-server | Viacheslav | |
Add new feature, high-availability virtual-server Change XML, python and templates Move vrrp to root node 'high-availability' as all logic are handler by root node 'high-availability' | |||
2022-01-04 | Merge pull request #1130 from sarthurdev/firewall | Christian Poessinger | |
firewall: T4130: Fix firewall state-policy errors | |||
2022-01-04 | firewall: T4130: Add state-policy test to firewall smoketest | sarthurdev | |
2022-01-04 | firewall: T4130: Fix firewall state-policy errors | sarthurdev | |
Also fixes: * Issue with multiple state-policy rules being created on firewall updates * Prevents interface rules being inserted before state-policy | |||
2022-01-03 | keepalived: T4128: add missing keepalived.service file | Christian Poessinger | |
2022-01-03 | keepalived: T4128: add systemd option Type=simple | Christian Poessinger | |
Without this option systemd startup will hit a timeout and the kill keepalived again. | |||
2022-01-03 | test: vyos.validate: also test interface identifier in is_ipv6_link_local() | Christian Poessinger | |
2022-01-03 | Merge pull request #1018 from sever-sever/T3872 | Christian Poessinger | |
monitoring: T3872: Add a new feature service monitoring | |||
2022-01-03 | monitoring: T3872: Add a new feature service monitoring telegraf | Viacheslav | |
2022-01-03 | Merge pull request #1124 from sever-sever/T4110 | Christian Poessinger | |
listen-address: T4110: Ability to set IPv6 link-local addresses | |||
2022-01-03 | listen-address: T4110: Ability to set IPv6 link-local addresses | Viacheslav | |
Some services allows to set link-local IPv6 addresses as listen-address. Allow it and add a validator 'ipv6-link-local' and extend listen-address.xml.i to this validator | |||
2022-01-01 | nat: T2199: rename iptables -> nftables variable prefix | Christian Poessinger | |
2021-12-31 | Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into current | Christian Poessinger | |
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python | |||
2021-12-31 | smoketest: ipsec: T4126: verify configured priority | Christian Poessinger | |
2021-12-31 | smoketest: ipsec: make use of setUpClass() | Christian Poessinger | |
2021-12-31 | Merge pull request #1129 from sever-sever/T4126 | Christian Poessinger | |
ipsec: T4126: Ability to set priorities for installed policy | |||
2021-12-31 | ipsec: T4126: Ability to set priorities for installed policy | Viacheslav | |
Add priority for policy based IPSec VPN tunnels If 2 tunnels have the same pair of local and remote traffic selectors (prefixes) it allows to set more preforable install policy from required peer The lowest priority is more preforable | |||
2021-12-31 | firewall: xml: T4100: increase maximum number of rules to 999999 | Christian Poessinger | |
2021-12-31 | snmp: T4124: remove snmp.py from vyos-configd | Christian Poessinger | |
Commit 566f7f24 ("snmp: T4124: migrate to get_config_dict()") changed the internal structure to support vyos-configd. When using SNMPv3 we need to alter the running config by replacing the plaintext-password with an encrypted one, this is not allowed with vyos-configd. | |||
2021-12-30 | smoketest: snmp: T4124: locally connect to SNMP service and retrieve data | Christian Poessinger | |
2021-12-30 | snmp: T4124: migrate to get_config_dict() | Christian Poessinger | |
2021-12-30 | Merge pull request #1128 from zdc/T4121-sagitta | Kim | |
dhclient: T4121: Fixed resolv.conf generation at early boot stage | |||
2021-12-30 | dhclient: T4121: Fixed resolv.conf generation at early boot stage | zsdc | |
In case if a CLI configuration is not available, dhclient cannot add nameservers to a `resolv.conf` file, because `vyos-hostsd` requires that an interface be listed in the `set system name-server` option. This commit introduces two changes: * `vyos-hostsd` service will not be started before Cloud-Init fetch all remote data. This is required because all meta-data should be available for Cloud-Init before any of VyOS-related services start since it is used for configuration generation. * the `vyos-hostsd-client` in the `dhclient-script` will be used only if the `vyos-hostsd` is running. In other words - if VyOS services already started, dhclient changes `resolv.conf` using `vyos-hostsd`; in other cases - does this directly. These changes should protect us from problems with DHCP during system boot if DHCP is required by third-party utils. | |||
2021-12-29 | Merge pull request #1126 from justsecure/current | Christian Poessinger | |
webproxy: T4116: Ability to listen on IPv6 addresses | |||
2021-12-29 | configd: T4086: use 'copy' on mutable global var default_config_data | John Estabrook | |
2021-12-29 | webproxy: T4116: Ability to listen on IPv6 addresses | Andreas | |
IPv6 addresses on webproxy/SQUID where not added correctly. They need to be added in brackets. Modified squid.conf.tmpl to bracketize the address | |||
2021-12-29 | Improve IPsec help strings | Daniil Baturin | |
2021-12-29 | More consise consistent help strings for listen-address commands | Daniil Baturin | |
2021-12-29 | Improve tunnel interface help strings | Daniil Baturin | |
2021-12-28 | Merge pull request #1123 from sever-sever/T4111 | Christian Poessinger | |
ipsec: T4111: Fix for swanctl configuration IPV6 peers | |||
2021-12-28 | ipsec: T4111: Fix for swanctl configuration IPV6 peers | Viacheslav | |
Peer name must not contain dots and colons, otherwise swanct can't generate correct configuration for swanctl.conf This is used in connection names and child SA names Add filter 'dot_colon_to_dash' which replace dots and colons | |||
2021-12-27 | smoketest: snmp: T4093: v3 user requires a group | Christian Poessinger | |
2021-12-27 | snmp: T4093: add missing verify() step for required group per snmp v3 user | Christian Poessinger | |
2021-12-27 | Merge pull request #1116 from sever-sever/T4039 | Christian Poessinger | |
syslog: T4039: Add protocol23format logging for UDP |