summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-01-11firewall: policy: T4159: T4164: Fix empty firewall groups, create separate ↵sarthurdev
file for group definitions.
2022-01-11remote: T3950: Gracefully handle chained exceptionserkin
2022-01-11policy: T4170: rename "policy ipv6-route" -> "policy route6"Christian Poessinger
In order to have a consistent looking CLI we should rename this CLI node. There is: * access-list and access-list6 (policy) * prefix-list and prefix-list6 (policy) * route and route6 (static routes)
2022-01-11policy: T2199: add missing rule constraintsChristian Poessinger
2022-01-11Merge pull request #1153 from jestabro/frr_debugChristian Poessinger
frr: T4166: move log debug setting to init function for vyos-configd
2022-01-11Merge pull request #1154 from imathew/currentChristian Poessinger
containers: T2216: bugfix host networking on image upgrade
2022-01-11containers: T2216: bugfix host networking on image upgradeMathew Inkson
The bug was partially fixed with this commit: https://github.com/vyos/vyos-1x/commit/358f0b481d8620cad4954e3fe418054b9a8c3ecd The earlier commit introduced a startup retry (up to 10 times) to allow the OS to settle before the container is started. However, it only applies if host networking is NOT used. This change applies the same for containers where host networking is employed. Since the retry portion of the code (written in the earlier commit) is now referenced twice, it has been moved to its own function.
2022-01-10frr: T4166: move log debug setting to init function for vyos-configdJohn Estabrook
frr.py debugging is set True if the file '/tmp/vyos.frr.debug' exists; this check needs to be called within an init function, as frr.py will have already been loaded by vyos-configd before the /tmp/*.debug files are created by vyos-router, or by call to 'touch'.
2022-01-10nat: T2199: dry-run newly generated config before installChristian Poessinger
Before installing a new conntrack policy into the OS Kernel, the new policy should be verified by nftables if it can be loaded at all or if it will fail to load. There is no need to load a "bad" configuration if we can pre-test it.
2022-01-10conntrack: T3579: dry-run newly generated config before installChristian Poessinger
Before installing a new conntrack policy into the OS Kernel, the new policy should be verified by nftables if it can be loaded at all or if it will fail to load. There is no need to load a "bad" configuration if we can pre-test it.
2022-01-10conntrack: T3579: prepare for "conntrack timeout custom rule" CLI commandsChristian Poessinger
2022-01-10Merge pull request #1152 from sarthurdev/firewall_validatorsChristian Poessinger
firewall: validators: T4148: Improve validators and firewall validator usage
2022-01-10conntrack: T3579: make the timeout tree re-usable as XML includeChristian Poessinger
2022-01-10conntrack: T3579: use "notrack" over "return" in nft statementsChristian Poessinger
2022-01-10conntrack: T3579: migrate "conntrack ignore" tree to vyos-1x and nftablesChristian Poessinger
2022-01-10validators: Stricter checking on port-range validatorsarthurdev
2022-01-10validators: T4148: Add text output when validators failsarthurdev
2022-01-10firewall: validators: T2199: Improve port validationsarthurdev
2022-01-10Merge pull request #1151 from sarthurdev/firewallChristian Poessinger
firewall: policy: T4149: T4155: Fix incorrect table variable, fix handling of deleted base firewall node
2022-01-10Merge pull request #1150 from nicolas-fort/T4161Christian Poessinger
policy: T4161: Set correct description for local-preference
2022-01-10firewall: 4149: Fix verify steps being bypassed when base node is removedsarthurdev
2022-01-10policy: T4161: Set correct description for local-preferenceNicolas Fort
2022-01-10Merge pull request #1149 from tacerus/pipDaniil Baturin
T4157: Add `jinja2` to pip test requirements
2022-01-09policy: T4155: Fix using incorrect table variablesarthurdev
2022-01-09T4157: Add jinja2 to test-requirements.txtGeorg
Signed-off-by: Georg <georg@lysergic.dev>
2022-01-09Merge pull request #1143 from sever-sever/T1972Christian Poessinger
vrrp: T1972: Ability to set IP address on not vrrp interface
2022-01-09Merge pull request #1142 from sever-sever/T4150Christian Poessinger
keepalived: T4150: Fix template option conntrack_sync_group
2022-01-09Merge pull request #1145 from sever-sever/T4152Christian Poessinger
nhrp: T4152: Fix template holding-time for nhrp
2022-01-09nhrp: T4152: Fix template holding-time for nhrpViacheslav
Add missed 'holding-time' option for shortcut-target address
2022-01-09vrrp: T1972: Ability to set IP address on not vrrp interfaceViacheslav
Ability to set virtual_address on not vrrp-listen interface Add ability don't track primary vrrp interface "exclude-vrrp-interface" Add ability to set tracking (state UP/Down) on desired interfaces For example eth0 is used for vrrp and we want to track another eth1 interface that not belong to any vrrp-group
2022-01-08keepalived: T4150: Fix template option conntrack_sync_groupViacheslav
conntrack_sync_group option not under 'vrrp' section but part of high-avalability dictionary
2022-01-07xml: nat: use generic bulding block for rule descriptionChristian Poessinger
2022-01-07xml: firewall: T4130: add protocol completion helper all and tcp_udpChristian Poessinger
2022-01-07Debian: T4133: add required nfct package dependencyChristian Poessinger
2022-01-06https: T4146: do not listen on port 80John Estabrook
2022-01-06Merge pull request #1139 from sarthurdev/firewallChristian Poessinger
firewall: zone-policy: T4133: Prevent firewall from trying to clean-up zone-policy chains
2022-01-06vrrp: T4141: bugfix missing {% if %} clause when adding sync-groupsChristian Poessinger
2022-01-05config: T3785: drop restriction to ascii in decodeJohn Estabrook
Following the update to vyos1x-config, commit 64263617, UTF-8 characters are supported within the config file, hence in the output of showConfig.
2022-01-05firewall: zone-policy: T4133: Prevent firewall from trying to clean-up ↵sarthurdev
zone-policy chains * Prevent firewall names from using the reserved VZONE prefix
2022-01-05Merge pull request #1138 from sever-sever/T4142John Estabrook
op-mode: T4142: Fix for show input ifbX interfaces
2022-01-05op-mode: T4142: Fix for show input ifbX interfacesViacheslav
Ability to see interface type "input" ifbX from op-mode
2022-01-05Merge pull request #1137 from sarthurdev/currentChristian Poessinger
keepalived: T4109: Update configd-include.json to reflect filename change
2022-01-05keepalived: T4109: Update configd-include.json to reflect filename changesarthurdev
2022-01-05Merge pull request #1136 from sarthurdev/firewallChristian Poessinger
zone-policy: T4135: Raise error when using an invalid "from" zone.
2022-01-05zone-policy: T4135: Raise error when using an invalid "from" zone.sarthurdev
2022-01-05Merge pull request #1135 from sarthurdev/currentChristian Poessinger
smoketest: shim: Optimise speed of `lsof` command
2022-01-05Merge pull request #1134 from sarthurdev/firewallChristian Poessinger
firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and zone-policy
2022-01-05smoketest: shim: Optimise speed of `lsof` commandsarthurdev
2022-01-05firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and ↵sarthurdev
zone-policy
2022-01-04Merge pull request #1131 from sever-sever/T4132Christian Poessinger
firewall: T4132: Fix for op-mode show firewall group