summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-01-28firewall: T4217: install protocol tcp_udp if port group does not use a protocolChristian Poessinger
2022-01-27Merge pull request #1194 from sarthurdev/T4213Christian Poessinger
policy: T4213: Fix rule creation/deletion for IPv6 policy routes
2022-01-27policy: T4213: Fix rule creation/deletion for IPv6 policy routessarthurdev
2022-01-27Merge pull request #1190 from sever-sever/T4194Christian Poessinger
policy: T4194: Add prefix-list duplication checks
2022-01-27Merge pull request #1193 from sarthurdev/T4178Christian Poessinger
firewall: T4178: Fix tcp flags output when `not` isn't used
2022-01-27firewall: T4178: Fix tcp flags output when `not` isn't usedsarthurdev
2022-01-26Merge pull request #1191 from sever-sever/T4138Christian Poessinger
nat: T4138: Add port-range validation for NAT
2022-01-26Merge pull request #1192 from sarthurdev/T4212Christian Poessinger
pki: T4212: Catch `install_into_config` errors and output for manual command entry
2022-01-26pki: T4212: Catch `install_into_config` errors and output for manual command ↵sarthurdev
entry
2022-01-25nat: T4138: Add port-range validation for NATViacheslav Hletenko
Add port-validators for NAT rules that prevent to set incorrect port-ranges (21-5) and incorrect ports (70000)
2022-01-25Merge pull request #1189 from sever-sever/T3872Christian Poessinger
monitoring: T3872: Delete iptables input plugin as we use nft
2022-01-25policy: T4194: Add prefix-list duplication checksViacheslav Hletenko
Prefix-list should not be duplicatied as FRR doesn't accept it One option when it can be duplicated when it uses "le" or "ge"
2022-01-25monitoring: T3872: Delete iptables input plugin as we use nftViacheslav
Telegraf inputs iptables plugin incompatible with nftables As it tries to get statistics from "iptables -L -n -v" which doesnt display required data in 1.4 as we don't use iptables anymore
2022-01-25Merge pull request #1188 from sever-sever/T4205Christian Poessinger
sshd: T4205: Hide extra version suffix "Debian"
2022-01-25sshd: T4205: Hide extra version suffix "Debian"Viacheslav Hletenko
Disable distribution-specified extra version suffix is included during initial protocol handshake SSH-2.0-OpenSSH_8.4p1 Debian-5 => SSH-2.0-OpenSSH_8.4p1
2022-01-22Merge pull request #1186 from nicolas-fort/T4153Christian Poessinger
bandwidth-test: T4153: Fixed bandwidth-test initiate
2022-01-22bandwidth-test: T4153: Fixed bandwidth-test initiate, which was not working ↵Nicolas Fort
with ipv4
2022-01-22Merge pull request #1184 from sarthurdev/firewall_icmpChristian Poessinger
firewall: T4130: T4186: ICMP/v6 updates, ipv6 state policy check fix
2022-01-21Firewall: T4186: Adding icmpv6 corrections, in corcondancy of what was done ↵Nicolas Fort
for icmp
2022-01-21Firewall: T4186: typo correction on address-mask-reply descriptionNicolas Fort
2022-01-21Firewall: T4186: Correct icmp type-name options for firewall rulesNicolas Fort
2022-01-21firewall: T2199: Verify correct ICMP protocol for ipv4/ipv6sarthurdev
2022-01-21firewall: T4186: ICMP/v6 migrationssarthurdev
2022-01-21firewall: T4130: Use correct table to check for state policy rulesarthurdev
2022-01-21Merge pull request #1183 from hensur/current-ipv6-local-routeChristian Poessinger
policy: T4151: Bugfix policy ipv6-local-route
2022-01-21policy: T4151: Bugfix policy ipv6-local-routeHenning Surmeier
2022-01-21Merge pull request #1180 from goodNETnick/dhcp-client-prefixChristian Poessinger
DHCP: T4196: fix client-prefix-length parameter
2022-01-20DHCP: T4196: fix client-prefix-length parametergoodNETnick
2022-01-20Merge pull request #1182 from jestabro/migrate-while-udevChristian Poessinger
interface-names: T3871: use tempfile during virtual migration
2022-01-20Merge pull request #1181 from sarthurdev/firewallChristian Poessinger
firewall: T2199: Add log prefix to match legacy perl behaviour
2022-01-20interface-names: T3871: use tempfile during virtual migrationJohn Estabrook
Use tempfile to avoid race conditions during virtual migration.
2022-01-20Merge pull request #1144 from hensur/current-ipv6-local-routeChristian Poessinger
policy: T4151: Add policy ipv6-local-route
2022-01-20firewall: T2199: Add log prefix to match legacy perl behavioursarthurdev
Example syslog: [FWNAME-default-D] ... * Also clean-up firewall default-action
2022-01-19Merge pull request #1177 from sarthurdev/mac_groupsChristian Poessinger
firewall: T3560: Add support for MAC address groups
2022-01-19Merge pull request #1176 from sarthurdev/firewallChristian Poessinger
firewall: T1292: T2199: Cleanup rules used by chain to be deleted, check if chain in use by zone-policy
2022-01-19Merge pull request #1179 from fett0/T4195Christian Poessinger
OSPF : T4195: ability to set maximum paths for OSPF
2022-01-19OSPF : T4195: ability to set maximum paths for OSPFfett0
2022-01-18firewall: T2199: Raise ConfigError if deleted node is used in zone-policysarthurdev
2022-01-18firewall: policy: T1292: Clean up any rules required to delete a chainsarthurdev
2022-01-18firewall: T3560: Add support for MAC address groupssarthurdev
2022-01-18Merge pull request #1178 from sarthurdev/firewall_T4188Christian Poessinger
firewall: T4188: Create default conntrack `FW_CONNTRACK` chain
2022-01-18firewall: T4188: Create default conntrack `FW_CONNTRACK` chainsarthurdev
This chain was missing from the XML/Python rewrite thus all traffic fell through to the `notrack` rule.
2022-01-17bgp: T3741: bugfix migrator - exit() was called without savingChristian Poessinger
2022-01-17Merge pull request #1174 from sarthurdev/firewallChristian Poessinger
firewall: T4178: T3873: tcp flags syntax refactor, intra-zone-filtering fix
2022-01-17firewall: T2199: Fix `port-range` validator to accept service namessarthurdev
2022-01-17zone-policy: T3873: Fix intra-zone-filtering return to zone default-actionsarthurdev
2022-01-17firewall: policy: T4178: Migrate and refactor tcp flagssarthurdev
* Add support for ECN and CWR flags
2022-01-16Revert "migrator: interfaces: T4171: bugfix ConfigTreeError"Christian Poessinger
This reverts commit 29efbf51efea559773f61703f11a77a8aee6de36.
2022-01-16Revert "migrator: interfaces: T4171: bugfix ConfigTreeError"Christian Poessinger
This reverts commit 391ce22b76190309f81e048ebffab778b0fdee1d.
2022-01-16dns-forwarding: T1595: remove unnecessary nesting in migration script 1 -> 2Christian Poessinger