summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-09-02Merge branch 'T4651' of https://github.com/nicolas-fort/vyos-1x into firewallChristian Poessinger
* 'T4651' of https://github.com/nicolas-fort/vyos-1x: Firewall: T4651: Change proposed cli from ip-length to packet-length Firewall: T4651: Add options to match packet size on firewall rules.
2022-09-01Firewall: T4651: Change proposed cli from ip-length to packet-lengthNicolas Fort
2022-09-01Merge pull request #1466 from sever-sever/T538Christian Poessinger
nat: T538: Add static NAT one-to-one
2022-09-01Merge pull request #1512 from sever-sever/T4655Christian Poessinger
policy-route: T4655: Remove default_action from template
2022-09-01Merge pull request #1513 from roedie/T4665Christian Poessinger
T4665: Keepalived: Allow same VRID on interface
2022-09-01Merge pull request #1514 from sever-sever/T4663Daniil Baturin
macvlan: T4663: Fix update mode for pethX interface
2022-09-01macvlan: T4663: Fix update mode for pethX interfaceViacheslav Hletenko
Fix the issue when configured pseudo-ethernet interface cannot change self mode
2022-09-01policy-route: T4655: Remove default_action from templateViacheslav Hletenko
Remove `default_action` from template "nftables-policy" as XML policy route does not use it Set default action 'accept' for policy route, as default action 'drop' must be used only for firewall and not related to the policy route
2022-09-01T4665: Keepalived: Allow same VRID on interfaceSander Klein
Using the same VRID on an interface is allowed as long as the address family is different (VRRPv2 vs VRRPv3)
2022-08-31nat: T538: Move nat configs to /run directoryViacheslav Hletenko
2022-08-30firewall: T4655: implement XML defaultValue for name and ipv6-nameChristian Poessinger
This extends the implementation of commit 0cc7e0a49094 ("firewall: T4655: Fix default action 'drop' for the firewall") in a way that we can now also use the XML <defaultValue> node under "firewall name" and "firewall ipv6-name". This is a much cleaner approach which also adds the default value automatically to the CLIs completion helper ("?").
2022-08-30dns: op-mode: T2488: drop invalid "monitor dns forwarding" commandChristian Poessinger
The CLI command was a duplicate of the "show dns forwarding" command and did not follow or re-trigger the commadn to watch it. It produced 1:1 the same output as "show dns forwarding".
2022-08-30firewall: T3568: cleanup XML help node - remove information passed via valueHelpChristian Poessinger
2022-08-30firewall: T3568: rename XML building blocks to match CLI node nameChristian Poessinger
2022-08-30Merge pull request #1509 from zdc/T4657-sagittaDaniil Baturin
opmode: T4657: fixed opmode with return type hints
2022-08-30Merge pull request #1506 from sever-sever/T4655Christian Poessinger
firewall: T4655: Fix default action 'drop' for the firewall
2022-08-30Merge pull request #1505 from sever-sever/T4367Christian Poessinger
nat: T4367: Move nat rules from /tmp to /run/nftables_nat.conf
2022-08-30Merge pull request #1508 from zdc/T4646-sagittaChristian Poessinger
console: T4646: Fixed USB console issues
2022-08-30opmode: T4657: fixed opmode with return type hintszsdc
This commit excludes `return` from `typing.get_type_hints()` output, which allows generate argparse arguments for function properly.
2022-08-30console: T4646: Fixed USB console issueszsdc
* fixed the `systemctl restart` command that used a value from config instead converted to `ttyUSBX` * moved systemd units from `/etc/` to `/run/`
2022-08-29ethernet: T4653: bugfix copy-paste when processing NIC offloadingChristian Poessinger
Commit 31169fa8a763e ("vyos.ifconfig: T3619: only set offloading options if supported by NIC") added the new implementation which handles NIC offloading. Unfortunately every single implementation was copied from "gro" which resulted in a change to gro for each offloading option - thus options like lro, sg, tso had no effect at all. It all comes down to copy/paste errors ... one way or another.
2022-08-29firewall: T4655: Fix default action 'drop' for the firewallViacheslav Hletenko
For some reason after firewall rewriting we are having default action 'accept' for 1.4 and default action 'drop' for 1.3 Fix this issue, set default action 'drop'
2022-08-29nat: T4367: Move nat rules from /tmp to /run/nftables_nat.confViacheslav Hletenko
Move nftables nat configuration from /tmp to /run As we have for other services like firewall, conntrack Don't remove the config file '/run/nftables_nat.conf' after commit
2022-08-29Merge pull request #1503 from sever-sever/T4654Christian Poessinger
rpki: T4654: Fix RPKI cache description
2022-08-29rpki: T4654: Fix RPKI cache descriptionViacheslav Hletenko
Fix wrong descriptions for the RPKI server It was mentioned about the NTP server
2022-08-29smoketest: config: drop almost empty https service testChristian Poessinger
2022-08-28smoketest: T4652: upgrade PowerDNS recursor to 4.7 seriesChristian Poessinger
2022-08-28smoketest: T4643: bind sstp service to port 8443Christian Poessinger
2022-08-27Firewall: T4651: Add options to match packet size on firewall rules.Nicolas Fort
2022-08-27Merge pull request #1493 from jestabro/gql-op-mode-errorChristian Poessinger
graphql: T4640: add schema defs and resolver support for op-mode errors
2022-08-27Merge pull request #1500 from aapostoliuk/T1070-sagittaChristian Poessinger
opennhrp: T1070: Fixed creating IPSEC tunnel to Hub
2022-08-27pppoe: T4648: do not install IPv6 default route from RA is no-default-route ↵Christian Poessinger
is set Adds a sysctl parameter to ignore the default router obtained from router advertisements when pppoe no-default-route is set.
2022-08-27smoketest: T4643: create individual configs fot https service and sstp vpnChristian Poessinger
2022-08-27Revert "smoketest: T4643: Change openconnect default port"Christian Poessinger
This reverts commit fa91f567b7b5f009aaaed569b3f5e5db4b638d39.
2022-08-27Revert "smoketest: T4643: Delete vpn sstp from config as we have HTTP"Christian Poessinger
This reverts commit c2fc87c02dd556dd1569ff2fd81c9e2485a80459.
2022-08-27telegraf: T3872: replace local get_interfaces() function with ↵Christian Poessinger
Section.interface() Commit cfde4b49 ("ifconfig: T2223: add vlan switch for Section.interfaces()") added the functionality of the local get_interfaces() function to the base class so all other parts in the system can query for interface names of a given type including or excluding their vlan sub-interfaces.
2022-08-26Merge pull request #1482 from sever-sever/T4631Christian Poessinger
nat66: T4631: Add port and protocol to nat66 conf
2022-08-26Merge pull request #1501 from sever-sever/T4650Christian Poessinger
nat: nat66: T4650: Rewrite op-mode nat translation
2022-08-26Merge pull request #1499 from sever-sever/T4643-smoketestChristian Poessinger
smoketest: T4643: Delete vpn sstp from config as we have HTTP
2022-08-26nat: nat66: T4650: Rewrite op-mode nat translationViacheslav Hletenko
Rewrite op-moe "show nat|nat66 translation" to vyos.opmode format Ability to get machine-readable format "raw"
2022-08-26opennhrp: T1070: Fixed creating IPSEC tunnel to Hubaapostoliuk
Fixed creating IPSEC tunnel to Hub. Added continues of execution generator functions.
2022-08-26smoketest: T4631: Extend smoketes fot nat66 protocolViacheslav Hletenko
2022-08-26smoketest: T4643: Delete vpn sstp from config as we have HTTPViacheslav Hletenko
HTTP and sstp cannot work together and in the test config 1.4-rolling-202106290839 we didnot have configurable port for such services So we shoud delete sstp from this smoketest config test In fact it is never working at all 'smoketest/configs/pki-misc' It commits without errors before but in the real life we get 3 services (https openconnect sstp) that bound the same port
2022-08-25graphql: T4640: add schema defs and resolver support for op-mode errorsJohn Estabrook
2022-08-25Merge pull request #1458 from sever-sever/T4594Christian Poessinger
ipsec: T4594: Rewrite op-mode 'show vpn ipsec sa' to the new format
2022-08-25proxy: T4642: allow https proxy transportsChristian Poessinger
2022-08-25ifconfig: T2223: add vlan switch for Section.interfaces()Christian Poessinger
Sometimes we are only interested in the parent interfaces without any VLAN subinterfaces. Extend the API with a vlan argument that defaults to True to keep the current behavior in place.
2022-08-25ssh: T2185: use reload-or-restart on configuration changesChristian Poessinger
2022-08-25ntp: T2185: use reload-or-restart on configuration changesChristian Poessinger
2022-08-25telegraf: T3872: re-use existing XML building blocksChristian Poessinger