summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-09-08T5518: Add basic MLD supportYuxiang Zhu
Currently VyOS has `protocol igmp` option to enable IGMP querier and reports through FRR's pimd. I would like to add support for IPv6 as well since FRR's IPv6 multicast functionality has significantly improved. Enabling both MLD and IGMP on a VyOS router will allow us to turn on multicast snooping on layer-3 switches in dual-stack networks. Example commands: ``` // Enable on interface eth0 set protocols pim6 interface eth0 // Explicitly join multicast group ff18::1234 on interface eth1 set protocols pim6 interface eth1 mld join ff18::1234 // Explicitly join source-specific multicast group ff38::5678 with source address 2001:db8::1 on interface eth1 set protocols pim6 interface eth1 mld join ff38::5678 source 2001:db8::1 ```
2023-08-31Merge pull request #2189 from sever-sever/T5531Christian Breunig
T5531: Containers add label option
2023-08-31Merge pull request #2190 from sarthurdev/T4782Christian Breunig
eapol: T4782: Support multiple CA chains
2023-08-31T5531: Containers add label optionViacheslav Hletenko
Ability to set labels for container set container name c1 allow-host-networks set container name c1 image 'busybox' set container name c1 label mypods value 'My label for containers'
2023-08-31eapol: T4782: Support multiple CA chainssarthurdev
2023-08-30Merge pull request #2186 from nicolas-fort/T5496Christian Breunig
T5496: firewall: fix op-mode command show firewall
2023-08-29T5496: firewall op-mode: add fix for source and destination when not ↵Nicolas Fort
specified (correct ::/0 for ipv6). Also, add columns for inbound and outbound interfaces
2023-08-29T5496: firewall op-mode: add fix for firewall statics. Include groups ↵Nicolas Fort
correct reference in source/destination column
2023-08-29Debian: T5521: remove unused tacacs UNIX groupChristian Breunig
2023-08-29T5496: firewall op-mode: fix show command for group member and referencesNicolas Fort
2023-08-29Debian: T5521: use bash over dash for postinstall scriptChristian Breunig
2023-08-28Debian: T5521: use --no-create-home for TACACS usersChristian Breunig
2023-08-28Debian: T5521: place AAA users in users group (besides aaa group)Christian Breunig
2023-08-28Debian: T5521: both RADIUS and TACACS users belong to aaa group, add group firstChristian Breunig
2023-08-28Merge pull request #2180 from vfreex/fix-call-hangsChristian Breunig
T5519: Fix `vyos.utils.process.call` hangs
2023-08-28T5519: Fix `vyos.utils.process.call` hangsYuxiang Zhu
See https://vyos.dev/T5519 for more information.
2023-08-27Merge pull request #2176 from sarthurdev/T5080Christian Breunig
firewall: T5080: Disable conntrack unless required by rules
2023-08-27Merge pull request #2178 from sarthurdev/labelsChristian Breunig
github: Labeler needs to run on `pull_request_target`
2023-08-27github: Labeler needs to run on `pull_request_target`sarthurdev
Ref: https://github.com/actions/labeler#permissions
2023-08-27Merge pull request #2175 from sarthurdev/labelsChristian Breunig
github: Set permissions for label workflow
2023-08-27github: Set permissions for label workflowsarthurdev
2023-08-27Merge pull request #2174 from sarthurdev/T5018_fixChristian Breunig
qos: T5018: Fix dependents only being set for QoS interfaces
2023-08-27qos: T5018: Fix dependents only being set for QoS interfacessarthurdev
2023-08-26firewall: T5080: Disable conntrack unless required by rulessarthurdev
2023-08-26Merge pull request #2163 from sarthurdev/firewall_rpfilterChristian Breunig
firewall: T3509: Add support for IPv6 reverse path filtering
2023-08-25Merge pull request #2172 from nicolas-fort/T5502Christian Breunig
T5502: firewall: add validator for interface matcher
2023-08-25T5502: firewall: add validator for interface matcher, and allow only ↵Nicolas Fort
interface-name or interface-group
2023-08-25Merge pull request #2169 from sarthurdev/currentChristian Breunig
github: Add PR labels to easily identify base branches
2023-08-25Merge pull request #2171 from sarthurdev/T5463_fixChristian Breunig
container: T5463: Fixes indentation to publish all port nodes
2023-08-25firewall: T5160: Remove unused zone templatesarthurdev
2023-08-25interface: T3509: Add per-interface IPv6 source validationsarthurdev
2023-08-25firewall: T3509: Add support for IPv6 return path filteringsarthurdev
2023-08-25container: T5463: Fix iteration to publish all port nodessarthurdev
2023-08-25github: Add PR labels to easily identify base branchessarthurdev
2023-08-24Merge pull request #2164 from jestabro/save-configJohn Estabrook
save-config: T4292: rewrite vyatta-save-config.pl to Python
2023-08-24Merge pull request #2165 from sever-sever/T5506Christian Breunig
T5506: Add link-local IPv6 address for container interfaces
2023-08-24T5506: Add link-local IPv6 address for container interfacesViacheslav Hletenko
Fix for add IPv6 link-local address for container interfaces set container network NET01 prefix '10.0.0.0/24' set container network NET01 prefix '2001:db8:2222::/64' % ip -6 addr show scope link dev pod-NET01 17: pod-NET01: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 inet6 fe80::d89c:dfff:fe1a:8689/64 scope link
2023-08-24smoketest: T5447: wpa_supplicant is only run if requiredChristian Breunig
2023-08-24system: T5505: fix zebra route-map is not removed from FRRChristian Breunig
Configuring "set system ip protocol ospf|bgp route-map foo" and commit it installs the route-map into FRR. Removing the CLI configuration "delete system ip protocol" does not remove the route-map from FRR - it stays active. This commit adds the fix and appropriate smoketests extenstion.
2023-08-23save-config: T4292: rewrite vyatta-save-config.pl to PythonJohn Estabrook
2023-08-23Merge pull request #2139 from dmbaturin/T5449-mss-probingChristian Breunig
system-ip: T5449: add TCP MSS probing options
2023-08-23Merge pull request #2159 from c-po/t5491-wifiChristian Breunig
wifi: T5491: allow white-/blacklisting station MAC addresses for security
2023-08-23Merge pull request #2160 from sever-sever/T5448Christian Breunig
T5448: Add configuration host-name for zabbix-agent
2023-08-23Merge pull request #2162 from nicolas-fort/T5472Christian Breunig
T5472: nat redirect: allow redirection without defining redirected port
2023-08-23Merge pull request #2161 from sever-sever/T5463Christian Breunig
T5463: Container allow publish listen-addresses
2023-08-23bgp: T3759: add l3vpn "import vrf default" completion helperChristian Breunig
2023-08-23vrf: T5428: stop DHCP processes on VRf removalChristian Breunig
This is a workaround for the priority inversion from T5492 ("CLI node priority is not inversed on node deletion"). As this is a corner case bug that's only triggered if an interface is removed from a VRF and also the VRF is removed in one commit, priorities are not honored. Thus we implement this workaround which stop the DHCP(v6) client processes on the VRF associated interfaces to get out the DHCP RELEASE message before interfaces are shut down.
2023-08-23vrf: T5428: move helpers to common vyos.utils.network moduleChristian Breunig
Helper functions can and will be re-use din different code places.
2023-08-23Merge pull request #2142 from nicolas-fort/T5450Christian Breunig
T5450: allow inverted matcher for interface and interface-group
2023-08-23T5472: nat redirect: allow redirection without defining redirected portNicolas Fort