summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-10-31nat: T5681: fix CLI versionChristian Breunig
Fix commit 51abbc0f1b2 ("T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher (valid for interfaces and groups) in firewal, nat and nat66") that added a migrator but did not bump the version number.
2023-10-31T5558: smoketest: fix nat definitions on dialup-router-medium-vpn #2Christian Breunig
This extends commit 6248b2ae1 ("T5558: smoketest: fix nat definitions on dialup-router-medium-vpn") that missed out eth1 interface.
2023-10-31Merge pull request #2413 from c-po/t5668-vxlanChristian Breunig
vxlan: T5668: add CLI knob to enable ARP/ND suppression
2023-10-30Merge pull request #2417 from c-po/vxlan-t5699Christian Breunig
vxlan: T5699: migrate "external" CLI know to "parameters external"
2023-10-30vxlan: T5699: migrate "external" CLI know to "parameters external"Christian Breunig
As we have a bunch of options under "paramteres" already and "external" is clearly one of them it should be migrated under that node as well.
2023-10-30vxlan: T5668: add CLI knob to enable ARP/ND suppressionChristian Breunig
In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions [1] that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host. In Linux, the above is implemented in the bridge driver using a per-port option called "neigh_suppress" that was added in kernel version 4.15. [1] https://www.rfc-editor.org/rfc/rfc7432#section-10
2023-10-29Merge pull request #2414 from nicolas-fort/T5558-fix-natChristian Breunig
T5558: smoketest: fix nat definitions on dialup-router-medium-vpn.
2023-10-29T5558: smoketest: fix nat definitions on dialup-router-medium-vpn.Nicolas Fort
2023-10-29Merge pull request #2408 from nicolas-fort/T5513-show-fwallChristian Breunig
T5513: firewall: update op-mode command show firewall.
2023-10-29op-mode: T5661: add "monitor ssh dynamic-protection" command to follow the ↵Christian Breunig
logfile
2023-10-29op-mode: T5661: remove call to sudo in ssh.py and move it to XML definitionChristian Breunig
Try to have as few calls to sudo in the op-mode scripts as possible. The XML definitions can deal with it.
2023-10-29op-mode: T5661: use common journalctl syntax for sshguardChristian Breunig
This makes the code more easy to maintain in the future if everyone uses the same structure when calling journalctl.
2023-10-26Merge pull request #2369 from JeffWDH/currentDaniil Baturin
T5661: Add show show ssh dynamic-protection attacker and show log ssh…
2023-10-26T5513: T5564: update op-mode command show firewall. Counter available for ↵Nicolas Fort
default actions and extend references for firewall groups
2023-10-25Merge pull request #2406 from nicolas-fort/T5681Christian Breunig
T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher
2023-10-25Merge pull request #2405 from sever-sever/T5683Christian Breunig
T5683: Fix reverse-proxy PKI filenames mismatch
2023-10-25T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher ↵Nicolas Fort
(valid for interfaces and groups) in firewal, nat and nat66.
2023-10-25T5683: Fix reverse-proxy PKI filenames mismatchViacheslav Hletenko
The current named for certificates are hardcoded in generated config to: - ca.pem - cert.pem.key - cert.pem It cause a generated config certificates and certificates itself are different (test-cert-1.pem and ca.pem) bind :::8080 v4v6 ssl crt /run/haproxy/test-cert-1.pem /run/haproxy/ca.pem It is a bug of initial impelemtation. Fix required correct names from PKI certificates
2023-10-24Merge pull request #2355 from nicolas-fort/T5643Christian Breunig
T5643: nat: add interface-groups to nat. Use same cli structure for i…
2023-10-23Merge pull request #2395 from yzguy/yzguy/T5676Christian Breunig
T5675: Use addr_prefix instead of addr in NAT66 source rule prefix parsing
2023-10-23Merge pull request #2396 from yzguy/yzguy/T5677Christian Breunig
T5677: show lldp neighbors shows empty platform if descr not in lldpctl output
2023-10-23T5677: lldp shows empty platform if descr not in lldpctl outputAdam Smith
2023-10-22T5675: use addr_prefix instead of addr in NAT66 ruleAdam Smith
2023-10-22Merge pull request #2391 from sever-sever/T5299Viacheslav Hletenko
T5299: Add missed option ceiling for QoS shaper
2023-10-22Merge pull request #2386 from c-po/vxlan-t5671Christian Breunig
vxlan: T5671: change port to IANA assigned default port
2023-10-22vxlan: T5671: warn about changed default port numberChristian Breunig
2023-10-22T5299: Add missed option ceiling for QoS shaperViacheslav Hletenko
Add missed option `ceil` for QoS class 'trafficshaper'
2023-10-22Merge pull request #2390 from dmbaturin/T5672-remove-node.def-converterViacheslav Hletenko
scripts: T5672: remove the conf mode node.def importer
2023-10-21smoketest: T2897: add basic cluster configChristian Breunig
2023-10-21T5661: Add show show ssh dynamic-protection attacker and show log ssh ↵JeffWDH
dynamic-protection
2023-10-21scripts: T5672: remove the conf mode node.def importerDaniil Baturin
2023-10-21Merge pull request #2385 from fett0/T5667Christian Breunig
T5667: BGP label-unicast enable ecmp
2023-10-20Merge pull request #2384 from srividya0208/T5642-1Christian Breunig
T5642: op-cmd: correction of generated file name
2023-10-20vxlan: T5671: change port to IANA assigned default portChristian Breunig
Currently VyOS VXLAN implementation uses the Linux assigned port 8472 that predates the IANA assignment. As Most other vendors use the IANA assigned port, follow this guideline and use the new default port 4789. Existing configuration not defining an explicit port number will be migrated to the old default port number of 8472, keeping existing configurations work!
2023-10-20T5667: BGP label-uniscat enable ecmpfett0
2023-10-20T5642: op-cmd: correction of generated file namesrividya0208
2023-10-19Merge pull request #2378 from c-po/bridge-t5670Christian Breunig
bridge: T5670: add missing constraint on "member interface" node
2023-10-19Merge pull request #2362 from nicolas-fort/T5541Christian Breunig
T5541: firewall zone: re add firewall zone-base firewall
2023-10-19Merge pull request #2377 from dmbaturin/T2897-no-clusterChristian Breunig
cluster: T2897: add a migration script for converting cluster to VRRP
2023-10-19Merge pull request #2344 from nicolas-fort/T5637Christian Breunig
T5637: add new rule at the end of base chains for default-actions and log capabilities
2023-10-19vyos.configdict: T5670: move from str to list when calling conf.exists()Christian Breunig
We have had a mix of both string and list arguments to conf.exists(), stremaline this to only make use of list calls.
2023-10-19bridge: T5670: add missing constraint on "member interface" nodeChristian Breunig
One could specify a bridge member of VXLAN1 interface, but it is not possible to create a VXLAN interface with the name of VXLAN1 - prohibited by VXLAN interface name validator. Add missing interface-name validator code
2023-10-19cluster: T2897: add a migration script for converting cluster to VRRPDaniil Baturin
2023-10-18Merge pull request #2373 from c-po/t4913-wifi-op-modeChristian Breunig
T4913: migrate wireless scripts to new op-mode style
2023-10-18Merge pull request #2374 from zdc/T5232-circinusChristian Breunig
pmacct: T5232: Fixed socket parameters for trigger-packets
2023-10-18pmacct: T5232: Fixed socket parameters for trigger-packetszsdc
This fixes sending packets to uacctd using a socket.
2023-10-17T4913: migrate wireless scripts to new op-mode styleChristian Breunig
2023-10-17Merge pull request #2371 from jestabro/bug-config-depJohn Estabrook
configdep: T5662: fix incorrect inspect.stack index of calling script
2023-10-17configdep: T5662: fix incorrect inspect.stack index of calling scriptJohn Estabrook
2023-10-17T5541: remove migration script from zone-based firewall to new cli. Syntax ↵Nicolas Fort
remains the same, so no migration is needed regarding this feature