Age | Commit message (Collapse) | Author | |
---|---|---|---|
2023-10-31 | nat: T5681: fix CLI version | Christian Breunig | |
Fix commit 51abbc0f1b2 ("T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher (valid for interfaces and groups) in firewal, nat and nat66") that added a migrator but did not bump the version number. | |||
2023-10-31 | T5558: smoketest: fix nat definitions on dialup-router-medium-vpn #2 | Christian Breunig | |
This extends commit 6248b2ae1 ("T5558: smoketest: fix nat definitions on dialup-router-medium-vpn") that missed out eth1 interface. | |||
2023-10-31 | Merge pull request #2413 from c-po/t5668-vxlan | Christian Breunig | |
vxlan: T5668: add CLI knob to enable ARP/ND suppression | |||
2023-10-30 | Merge pull request #2417 from c-po/vxlan-t5699 | Christian Breunig | |
vxlan: T5699: migrate "external" CLI know to "parameters external" | |||
2023-10-30 | vxlan: T5699: migrate "external" CLI know to "parameters external" | Christian Breunig | |
As we have a bunch of options under "paramteres" already and "external" is clearly one of them it should be migrated under that node as well. | |||
2023-10-30 | vxlan: T5668: add CLI knob to enable ARP/ND suppression | Christian Breunig | |
In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions [1] that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host. In Linux, the above is implemented in the bridge driver using a per-port option called "neigh_suppress" that was added in kernel version 4.15. [1] https://www.rfc-editor.org/rfc/rfc7432#section-10 | |||
2023-10-29 | Merge pull request #2414 from nicolas-fort/T5558-fix-nat | Christian Breunig | |
T5558: smoketest: fix nat definitions on dialup-router-medium-vpn. | |||
2023-10-29 | T5558: smoketest: fix nat definitions on dialup-router-medium-vpn. | Nicolas Fort | |
2023-10-29 | Merge pull request #2408 from nicolas-fort/T5513-show-fwall | Christian Breunig | |
T5513: firewall: update op-mode command show firewall. | |||
2023-10-29 | op-mode: T5661: add "monitor ssh dynamic-protection" command to follow the ↵ | Christian Breunig | |
logfile | |||
2023-10-29 | op-mode: T5661: remove call to sudo in ssh.py and move it to XML definition | Christian Breunig | |
Try to have as few calls to sudo in the op-mode scripts as possible. The XML definitions can deal with it. | |||
2023-10-29 | op-mode: T5661: use common journalctl syntax for sshguard | Christian Breunig | |
This makes the code more easy to maintain in the future if everyone uses the same structure when calling journalctl. | |||
2023-10-26 | Merge pull request #2369 from JeffWDH/current | Daniil Baturin | |
T5661: Add show show ssh dynamic-protection attacker and show log ssh… | |||
2023-10-26 | T5513: T5564: update op-mode command show firewall. Counter available for ↵ | Nicolas Fort | |
default actions and extend references for firewall groups | |||
2023-10-25 | Merge pull request #2406 from nicolas-fort/T5681 | Christian Breunig | |
T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher | |||
2023-10-25 | Merge pull request #2405 from sever-sever/T5683 | Christian Breunig | |
T5683: Fix reverse-proxy PKI filenames mismatch | |||
2023-10-25 | T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher ↵ | Nicolas Fort | |
(valid for interfaces and groups) in firewal, nat and nat66. | |||
2023-10-25 | T5683: Fix reverse-proxy PKI filenames mismatch | Viacheslav Hletenko | |
The current named for certificates are hardcoded in generated config to: - ca.pem - cert.pem.key - cert.pem It cause a generated config certificates and certificates itself are different (test-cert-1.pem and ca.pem) bind :::8080 v4v6 ssl crt /run/haproxy/test-cert-1.pem /run/haproxy/ca.pem It is a bug of initial impelemtation. Fix required correct names from PKI certificates | |||
2023-10-24 | Merge pull request #2355 from nicolas-fort/T5643 | Christian Breunig | |
T5643: nat: add interface-groups to nat. Use same cli structure for i… | |||
2023-10-23 | Merge pull request #2395 from yzguy/yzguy/T5676 | Christian Breunig | |
T5675: Use addr_prefix instead of addr in NAT66 source rule prefix parsing | |||
2023-10-23 | Merge pull request #2396 from yzguy/yzguy/T5677 | Christian Breunig | |
T5677: show lldp neighbors shows empty platform if descr not in lldpctl output | |||
2023-10-23 | T5677: lldp shows empty platform if descr not in lldpctl output | Adam Smith | |
2023-10-22 | T5675: use addr_prefix instead of addr in NAT66 rule | Adam Smith | |
2023-10-22 | Merge pull request #2391 from sever-sever/T5299 | Viacheslav Hletenko | |
T5299: Add missed option ceiling for QoS shaper | |||
2023-10-22 | Merge pull request #2386 from c-po/vxlan-t5671 | Christian Breunig | |
vxlan: T5671: change port to IANA assigned default port | |||
2023-10-22 | vxlan: T5671: warn about changed default port number | Christian Breunig | |
2023-10-22 | T5299: Add missed option ceiling for QoS shaper | Viacheslav Hletenko | |
Add missed option `ceil` for QoS class 'trafficshaper' | |||
2023-10-22 | Merge pull request #2390 from dmbaturin/T5672-remove-node.def-converter | Viacheslav Hletenko | |
scripts: T5672: remove the conf mode node.def importer | |||
2023-10-21 | smoketest: T2897: add basic cluster config | Christian Breunig | |
2023-10-21 | T5661: Add show show ssh dynamic-protection attacker and show log ssh ↵ | JeffWDH | |
dynamic-protection | |||
2023-10-21 | scripts: T5672: remove the conf mode node.def importer | Daniil Baturin | |
2023-10-21 | Merge pull request #2385 from fett0/T5667 | Christian Breunig | |
T5667: BGP label-unicast enable ecmp | |||
2023-10-20 | Merge pull request #2384 from srividya0208/T5642-1 | Christian Breunig | |
T5642: op-cmd: correction of generated file name | |||
2023-10-20 | vxlan: T5671: change port to IANA assigned default port | Christian Breunig | |
Currently VyOS VXLAN implementation uses the Linux assigned port 8472 that predates the IANA assignment. As Most other vendors use the IANA assigned port, follow this guideline and use the new default port 4789. Existing configuration not defining an explicit port number will be migrated to the old default port number of 8472, keeping existing configurations work! | |||
2023-10-20 | T5667: BGP label-uniscat enable ecmp | fett0 | |
2023-10-20 | T5642: op-cmd: correction of generated file name | srividya0208 | |
2023-10-19 | Merge pull request #2378 from c-po/bridge-t5670 | Christian Breunig | |
bridge: T5670: add missing constraint on "member interface" node | |||
2023-10-19 | Merge pull request #2362 from nicolas-fort/T5541 | Christian Breunig | |
T5541: firewall zone: re add firewall zone-base firewall | |||
2023-10-19 | Merge pull request #2377 from dmbaturin/T2897-no-cluster | Christian Breunig | |
cluster: T2897: add a migration script for converting cluster to VRRP | |||
2023-10-19 | Merge pull request #2344 from nicolas-fort/T5637 | Christian Breunig | |
T5637: add new rule at the end of base chains for default-actions and log capabilities | |||
2023-10-19 | vyos.configdict: T5670: move from str to list when calling conf.exists() | Christian Breunig | |
We have had a mix of both string and list arguments to conf.exists(), stremaline this to only make use of list calls. | |||
2023-10-19 | bridge: T5670: add missing constraint on "member interface" node | Christian Breunig | |
One could specify a bridge member of VXLAN1 interface, but it is not possible to create a VXLAN interface with the name of VXLAN1 - prohibited by VXLAN interface name validator. Add missing interface-name validator code | |||
2023-10-19 | cluster: T2897: add a migration script for converting cluster to VRRP | Daniil Baturin | |
2023-10-18 | Merge pull request #2373 from c-po/t4913-wifi-op-mode | Christian Breunig | |
T4913: migrate wireless scripts to new op-mode style | |||
2023-10-18 | Merge pull request #2374 from zdc/T5232-circinus | Christian Breunig | |
pmacct: T5232: Fixed socket parameters for trigger-packets | |||
2023-10-18 | pmacct: T5232: Fixed socket parameters for trigger-packets | zsdc | |
This fixes sending packets to uacctd using a socket. | |||
2023-10-17 | T4913: migrate wireless scripts to new op-mode style | Christian Breunig | |
2023-10-17 | Merge pull request #2371 from jestabro/bug-config-dep | John Estabrook | |
configdep: T5662: fix incorrect inspect.stack index of calling script | |||
2023-10-17 | configdep: T5662: fix incorrect inspect.stack index of calling script | John Estabrook | |
2023-10-17 | T5541: remove migration script from zone-based firewall to new cli. Syntax ↵ | Nicolas Fort | |
remains the same, so no migration is needed regarding this feature |