Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-01-17 | firewall: policy: T4178: Migrate and refactor tcp flags | sarthurdev | |
* Add support for ECN and CWR flags | |||
2022-01-14 | firewall: T4178: Use lowercase for TCP flags and add an validator | sarthurdev | |
2022-01-12 | firewall: T4160: Fix support for inverse matches | sarthurdev | |
2022-01-11 | migrator: interfaces: T4171: bugfix ConfigTreeError | Christian Poessinger | |
2022-01-11 | Merge pull request #1160 from bjw-s/T4174 | Christian Poessinger | |
firewall: validators: T4174: Correct upper port range boundary | |||
2022-01-11 | Merge pull request #1159 from sarthurdev/firewall | Christian Poessinger | |
policy: T2199: Update op-mode syntax to `route6` | |||
2022-01-11 | firewall: validators: T4174: Correct upper port range boundary | Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs | |
2022-01-11 | policy: T2199: Update op-mode syntax to `route6` | sarthurdev | |
2022-01-11 | Merge pull request #1157 from nicolas-fort/T4162 | Christian Poessinger | |
vpn: T4162: Correct helper description for ikev2-reauth | |||
2022-01-11 | Merge pull request #1158 from sarthurdev/firewall | Christian Poessinger | |
firewall: policy: T4131: T4144: T4159: T4164: Fix reported firewall issues, policy-route refactor | |||
2022-01-11 | policy: T2199: Refactor policy route script for better error handling | sarthurdev | |
* Migrates all policy route references from `ipv6-route` to `route6` * Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6` | |||
2022-01-11 | ike-group: T4162: Correct helper description for ikev2-reauth | Nicolas Fort | |
2022-01-11 | migrator: interfaces: T4171: bugfix ConfigTreeError | Christian Poessinger | |
Migrating 1.2.8 -> 1.4-rolling-202201110811 vyos-router[970]: Waiting for NICs to settle down: settled in 0sec.. vyos-router[1085]: Started watchfrr. vyos-router[970]: Mounting VyOS Config...done. vyos-router[970]: Starting VyOS router: migrate vyos-router[1490]: Traceback (most recent call last): vyos-router[1490]: File "/opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6", line 112, in <module> vyos-router[1490]: for if_type in config.list_nodes(['interfaces']): vyos-router[1490]: File "/usr/lib/python3/dist-packages/vyos/configtree.py", line 236, in list_nodes vyos-router[1490]: raise ConfigTreeError("Path [{}] doesn't exist".format(path_str)) vyos-router[1490]: vyos.configtree.ConfigTreeError: Path [b'interfaces'] doesn't exist vyos-router[1455]: Migration script error: /opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6: Command '['/opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6', '/opt/vyatta/etc/config/config.boot']' returned non-zero exit status 1.. vyos-router[970]: configure. vyos-config[979]: Configuration success | |||
2022-01-11 | firewall: T4159: Add warning when an empty group is applied to a rule | sarthurdev | |
2022-01-11 | firewall: policy: T2199: Reload policy route script if `firewall group` node ↵ | sarthurdev | |
is changed | |||
2022-01-11 | firewall: op-mode: T4131: Display `show firewall group` reference and member ↵ | sarthurdev | |
items sorted and one per line | |||
2022-01-11 | firewall: T2199: Add ipv6-range support to IPv6 address group | sarthurdev | |
2022-01-11 | validators: T4144: Add error messages to the majority of IP validators | sarthurdev | |
2022-01-11 | firewall: policy: T4159: T4164: Fix empty firewall groups, create separate ↵ | sarthurdev | |
file for group definitions. | |||
2022-01-11 | remote: T3950: Gracefully handle chained exceptions | erkin | |
2022-01-11 | policy: T4170: rename "policy ipv6-route" -> "policy route6" | Christian Poessinger | |
In order to have a consistent looking CLI we should rename this CLI node. There is: * access-list and access-list6 (policy) * prefix-list and prefix-list6 (policy) * route and route6 (static routes) | |||
2022-01-11 | policy: T2199: add missing rule constraints | Christian Poessinger | |
2022-01-11 | Merge pull request #1153 from jestabro/frr_debug | Christian Poessinger | |
frr: T4166: move log debug setting to init function for vyos-configd | |||
2022-01-11 | Merge pull request #1154 from imathew/current | Christian Poessinger | |
containers: T2216: bugfix host networking on image upgrade | |||
2022-01-11 | containers: T2216: bugfix host networking on image upgrade | Mathew Inkson | |
The bug was partially fixed with this commit: https://github.com/vyos/vyos-1x/commit/358f0b481d8620cad4954e3fe418054b9a8c3ecd The earlier commit introduced a startup retry (up to 10 times) to allow the OS to settle before the container is started. However, it only applies if host networking is NOT used. This change applies the same for containers where host networking is employed. Since the retry portion of the code (written in the earlier commit) is now referenced twice, it has been moved to its own function. | |||
2022-01-10 | frr: T4166: move log debug setting to init function for vyos-configd | John Estabrook | |
frr.py debugging is set True if the file '/tmp/vyos.frr.debug' exists; this check needs to be called within an init function, as frr.py will have already been loaded by vyos-configd before the /tmp/*.debug files are created by vyos-router, or by call to 'touch'. | |||
2022-01-10 | nat: T2199: dry-run newly generated config before install | Christian Poessinger | |
Before installing a new conntrack policy into the OS Kernel, the new policy should be verified by nftables if it can be loaded at all or if it will fail to load. There is no need to load a "bad" configuration if we can pre-test it. | |||
2022-01-10 | conntrack: T3579: dry-run newly generated config before install | Christian Poessinger | |
Before installing a new conntrack policy into the OS Kernel, the new policy should be verified by nftables if it can be loaded at all or if it will fail to load. There is no need to load a "bad" configuration if we can pre-test it. | |||
2022-01-10 | conntrack: T3579: prepare for "conntrack timeout custom rule" CLI commands | Christian Poessinger | |
2022-01-10 | Merge pull request #1152 from sarthurdev/firewall_validators | Christian Poessinger | |
firewall: validators: T4148: Improve validators and firewall validator usage | |||
2022-01-10 | conntrack: T3579: make the timeout tree re-usable as XML include | Christian Poessinger | |
2022-01-10 | conntrack: T3579: use "notrack" over "return" in nft statements | Christian Poessinger | |
2022-01-10 | conntrack: T3579: migrate "conntrack ignore" tree to vyos-1x and nftables | Christian Poessinger | |
2022-01-10 | validators: Stricter checking on port-range validator | sarthurdev | |
2022-01-10 | validators: T4148: Add text output when validators fail | sarthurdev | |
2022-01-10 | firewall: validators: T2199: Improve port validation | sarthurdev | |
2022-01-10 | Merge pull request #1151 from sarthurdev/firewall | Christian Poessinger | |
firewall: policy: T4149: T4155: Fix incorrect table variable, fix handling of deleted base firewall node | |||
2022-01-10 | Merge pull request #1150 from nicolas-fort/T4161 | Christian Poessinger | |
policy: T4161: Set correct description for local-preference | |||
2022-01-10 | firewall: 4149: Fix verify steps being bypassed when base node is removed | sarthurdev | |
2022-01-10 | policy: T4161: Set correct description for local-preference | Nicolas Fort | |
2022-01-10 | Merge pull request #1149 from tacerus/pip | Daniil Baturin | |
T4157: Add `jinja2` to pip test requirements | |||
2022-01-09 | policy: T4155: Fix using incorrect table variable | sarthurdev | |
2022-01-09 | T4157: Add jinja2 to test-requirements.txt | Georg | |
Signed-off-by: Georg <georg@lysergic.dev> | |||
2022-01-09 | Merge pull request #1143 from sever-sever/T1972 | Christian Poessinger | |
vrrp: T1972: Ability to set IP address on not vrrp interface | |||
2022-01-09 | Merge pull request #1142 from sever-sever/T4150 | Christian Poessinger | |
keepalived: T4150: Fix template option conntrack_sync_group | |||
2022-01-09 | Merge pull request #1145 from sever-sever/T4152 | Christian Poessinger | |
nhrp: T4152: Fix template holding-time for nhrp | |||
2022-01-09 | nhrp: T4152: Fix template holding-time for nhrp | Viacheslav | |
Add missed 'holding-time' option for shortcut-target address | |||
2022-01-09 | vrrp: T1972: Ability to set IP address on not vrrp interface | Viacheslav | |
Ability to set virtual_address on not vrrp-listen interface Add ability don't track primary vrrp interface "exclude-vrrp-interface" Add ability to set tracking (state UP/Down) on desired interfaces For example eth0 is used for vrrp and we want to track another eth1 interface that not belong to any vrrp-group | |||
2022-01-08 | keepalived: T4150: Fix template option conntrack_sync_group | Viacheslav | |
conntrack_sync_group option not under 'vrrp' section but part of high-avalability dictionary | |||
2022-01-07 | xml: nat: use generic bulding block for rule description | Christian Poessinger | |