Age | Commit message (Collapse) | Author |
|
* 'T4651' of https://github.com/nicolas-fort/vyos-1x:
Firewall: T4651: Change proposed cli from ip-length to packet-length
Firewall: T4651: Add options to match packet size on firewall rules.
|
|
|
|
nat: T538: Add static NAT one-to-one
|
|
policy-route: T4655: Remove default_action from template
|
|
T4665: Keepalived: Allow same VRID on interface
|
|
macvlan: T4663: Fix update mode for pethX interface
|
|
Fix the issue when configured pseudo-ethernet interface cannot
change self mode
|
|
Remove `default_action` from template "nftables-policy" as XML
policy route does not use it
Set default action 'accept' for policy route, as default action
'drop' must be used only for firewall and not related to the
policy route
|
|
Using the same VRID on an interface is allowed as long as
the address family is different (VRRPv2 vs VRRPv3)
|
|
|
|
This extends the implementation of commit 0cc7e0a49094 ("firewall: T4655: Fix
default action 'drop' for the firewall") in a way that we can now also use the
XML <defaultValue> node under "firewall name" and "firewall ipv6-name". This
is a much cleaner approach which also adds the default value automatically to
the CLIs completion helper ("?").
|
|
The CLI command was a duplicate of the "show dns forwarding" command and did
not follow or re-trigger the commadn to watch it. It produced 1:1 the same
output as "show dns forwarding".
|
|
|
|
|
|
opmode: T4657: fixed opmode with return type hints
|
|
firewall: T4655: Fix default action 'drop' for the firewall
|
|
nat: T4367: Move nat rules from /tmp to /run/nftables_nat.conf
|
|
console: T4646: Fixed USB console issues
|
|
This commit excludes `return` from `typing.get_type_hints()` output,
which allows generate argparse arguments for function properly.
|
|
* fixed the `systemctl restart` command that used a value from config instead
converted to `ttyUSBX`
* moved systemd units from `/etc/` to `/run/`
|
|
Commit 31169fa8a763e ("vyos.ifconfig: T3619: only set offloading options if
supported by NIC") added the new implementation which handles NIC offloading.
Unfortunately every single implementation was copied from "gro" which resulted
in a change to gro for each offloading option - thus options like lro, sg, tso
had no effect at all.
It all comes down to copy/paste errors ... one way or another.
|
|
For some reason after firewall rewriting we are having default
action 'accept' for 1.4 and default action 'drop' for 1.3
Fix this issue, set default action 'drop'
|
|
Move nftables nat configuration from /tmp to /run
As we have for other services like firewall, conntrack
Don't remove the config file '/run/nftables_nat.conf' after commit
|
|
rpki: T4654: Fix RPKI cache description
|
|
Fix wrong descriptions for the RPKI server
It was mentioned about the NTP server
|
|
|
|
|
|
|
|
|
|
graphql: T4640: add schema defs and resolver support for op-mode errors
|
|
opennhrp: T1070: Fixed creating IPSEC tunnel to Hub
|
|
is set
Adds a sysctl parameter to ignore the default router obtained from router
advertisements when pppoe no-default-route is set.
|
|
|
|
This reverts commit fa91f567b7b5f009aaaed569b3f5e5db4b638d39.
|
|
This reverts commit c2fc87c02dd556dd1569ff2fd81c9e2485a80459.
|
|
Section.interface()
Commit cfde4b49 ("ifconfig: T2223: add vlan switch for Section.interfaces()")
added the functionality of the local get_interfaces() function to the base
class so all other parts in the system can query for interface names of a given
type including or excluding their vlan sub-interfaces.
|
|
nat66: T4631: Add port and protocol to nat66 conf
|
|
nat: nat66: T4650: Rewrite op-mode nat translation
|
|
smoketest: T4643: Delete vpn sstp from config as we have HTTP
|
|
Rewrite op-moe "show nat|nat66 translation" to vyos.opmode format
Ability to get machine-readable format "raw"
|
|
Fixed creating IPSEC tunnel to Hub. Added continues of execution
generator functions.
|
|
|
|
HTTP and sstp cannot work together and in the test config
1.4-rolling-202106290839 we didnot have configurable port for
such services
So we shoud delete sstp from this smoketest config test
In fact it is never working at all 'smoketest/configs/pki-misc'
It commits without errors before but in the real life we get 3
services (https openconnect sstp) that bound the same port
|
|
|
|
ipsec: T4594: Rewrite op-mode 'show vpn ipsec sa' to the new format
|
|
|
|
Sometimes we are only interested in the parent interfaces without any VLAN
subinterfaces. Extend the API with a vlan argument that defaults to True to
keep the current behavior in place.
|
|
|
|
|
|
|