Age | Commit message (Collapse) | Author |
|
conntrack: T6147: Enable conntrack when firewall state-policy is defined
|
|
* Move global state-policy smoketest to it's own test, verify conntrack
|
|
T6143: Increase configuratble timeout range for service config-sync
|
|
The maximum timeout for the `service config-sync` is 300 seconds
(Connection API timeout). It could not be enough for the real massive
configurations.
Increase the maximum value to 3600
```
set service config-sync secondary address 192.0.2.1
set service config-sync secondary timeout 3600
```
|
|
qos: T1871: add MTU option when configure limiter traffic-policy
|
|
T5996: selectively escape and restore single backslashes in config
|
|
T6138: Fix op-mode show conntrack table with flowtable offloads
|
|
The op-mode command `show conntrack table ipv4` fails if gets a
conntrack entrie with `flowtable` offload. Those entries do not
have key `timeout`
```
File "/usr/libexec/vyos/op_mode/conntrack.py", line 115, in get_formatted_output
timeout = meta['timeout']
~~~~^^^^^^^^^^^
```
Use the timeout `n/a` for those offload conntrack entries
|
|
T6127: Fixed show log firewall for rule with offload
|
|
T6136: add error checks when using dynamic firewall groups
|
|
|
|
|
|
|
|
|
|
|
|
add mtu to default and specified class
update smoke test
|
|
op-mode: T6133: add support to manually trigger commit-archive update
|
|
Automatic update of the remote commit-archive could fail under certian
circumstances, add an op-mode command to manually trigger the update:
cpo@LR1.wue3# run force commit-archive
Archiving config...
git+https://git.FOOO.de/cpo/vyos-config-backup [edit]
|
|
policy: T6129: add route-map option "as-path exclude all"
|
|
T6133: append domain-name to commit-archive if defined
|
|
|
|
Remove all AS numbers from the AS_PATH of the BGP path's NLRI.
set policy route-map <name> rule <rule> set as-path exclude all
|
|
conntrack: T4022: add RTSP conntrack helper
|
|
T6121: Extend service config-sync to new sections
|
|
T6090: policy: fix migration script
|
|
occurs also if only <policy route> is defined.
|
|
Extend `service config-sync` with new sections:
- LeafNodes: pki, policy, vpn, vrf (syncs the whole sections)
- Nodes: interfaces, protocols, service (syncs subsections)
In this cae the Node allows to uses the next level section
i.e subsection
For example any of the subsection of the node `interfaces`:
- set service config-sync section interfaces pseudo-ethernet
- set service config-sync section interfaces virtual-ethernet
Example of the config:
```
set service config-sync mode 'load'
set service config-sync secondary address '192.0.2.1'
set service config-sync secondary key 'xxx'
set service config-sync section firewall
set service config-sync section interfaces pseudo-ethernet
set service config-sync section interfaces virtual-ethernet
set service config-sync section nat
set service config-sync section nat66
set service config-sync section protocols static
set service config-sync section pki
set service config-sync section vrf
```
|
|
xml: T2518: T160: improve NAT66/NPTv6 and NAT64 help string s
|
|
|
|
|
|
xml: T3642: improve PKI CLI help string
|
|
|
|
radvd: T6118: add nat64prefix support RFC8781
|
|
grub: T4548: Fixed GRUB configuration files order
|
|
To iterate files on ext* file systems GRUB reads their inodes one by one,
ignoring names. This breaks our configuration logic that relies on proper
loading order.
This commit adds a helper `sort_inodes()` that needs to be used whenever GRUB
configuration files are created. It recreates files, changing their inodes in a
way where inodes order matches alphabetical order.
|
|
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime
must not be smaller than the "interface interval max" definition which defaults
to 600.
set service router-advert interface eth1 nat64prefix 64:ff9b::/96
|
|
|
|
conntrack: T5080: Fix rule order for applied conntrack modules
|
|
T6114: fix broken migration dhcpv6-server 4-to-5
|
|
|
|
|
|
xml: T6098: relax description constraint to allow non-ascii characters
|
|
A restriction to ascii in the constraint disallowed earlier support for
unicode bytes.
|
|
dhcp-client: T6093: extend regex for client class-id's with DOT
|
|
The regex used is not working if the string contains dots.
Originally authored by: Lucas <pinheirolucas@pm.me>
|
|
xml: T5738: revert invalid change from lower character limit - 0 length must be allowed
|
|
be allowed
This reverts a change from commit a72ededa0 ("xml: T5738: lower maximum
description to 255 characters") which incresaed the lower limit from 0 to 1.
We actually require 0 length value for description nodes as introduced in
commit 6eea12512e ("xml: T1579: allow zero length for description").
|
|
firewall: T6071: truncate rule description field to 255 characters
|
|
|
|
e.g. Linux Kernel only supports 255 and not 256 characters for the ifalias field.
|