Age | Commit message (Collapse) | Author |
|
The next evolutional step after adding get_config_dict(..., with_pki=True) is
to add a common verification function for the recurring task of validating SSL
certificate existance in e.g. EAPoL, OpenConnect, SSTP or HTTPS.
|
|
T6192: allow binding SSH to multiple VRF instances
|
|
firewall: nat: policy: vrf: nft call syntax and import cleanup
|
|
T6196: Fixed applying parameters for aggregation in BGP
|
|
Fixed using 'route-map', 'as-set' and 'summary-only' together in
aggregation in BGP
|
|
bgp: T6151: Allow configuration of disable-ebgp-connected-route-check
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Currently VyOS only supports binding a service to one individual VRF. It might
become handy to have the services (initially it will be VRF, NTP and SNMP) be
bound to multiple VRFs.
Changed VRF from leafNode to multi leafNode with defaultValue: default - which
is the name of the default VRF.
|
|
|
|
|
|
- modified: src/op_mode/firewall.py
Changed behavior of "show firewall" for specific rule to only show rule and not also default-action
|
|
- Added show firewall <sections> detail paths
modified: src/op_mode/firewall.py
- Added Description as a header to normal "show firewall" commands
- Added 'detail' view which shows the output in a list key-pair format
Description column was added for these commands and their subsections:
show firewall statistics
show firewall groups
show firewall <family>
Detail view was added for these commands:
show firewall bridge forward filter detail
show firewall bridge forward filter rule <rule#> detail
show firewall bridge name <chain> detail
show firewall bridge name <chain> rule <rule#> detail
show firewall ipv4 forward filter detail
show firewall ipv4 forward filter rule <rule#> detail
show firewall ipv4 input filter detail
show firewall ipv4 input filter rule <rule#> detail
show firewall ipv4 output filter detail
show firewall ipv4 output filter rule <rule#> detail
show firewall ipv4 name <chain> detail
show firewall ipv4 name <chain> rule <rule#> detail
show firewall ipv6 forward filter detail
show firewall ipv6 forward filter rule <rule#> detail
show firewall ipv6 input filter detail
show firewall ipv6 input filter rule <rule#> detail
show firewall ipv6 output filter detail
show firewall ipv6 output filter rule <rule#> detail
show firewall ipv6 name <chain> detail
show firewall ipv6 name <chain> rule <rule#> detail
show firewall group detail
show firewall group <group> detail
|
|
system: T6193: invalid warning "is not a DHCP interface but uses DHCP name-server option"
|
|
dhcpv6-client: T2590: fix vyos-hostsd update for nameserver and search domains
|
|
T6178: Check that certificate exists during reverse-proxy commit
|
|
After migrating from ISC DHCLIENT for IPv6 to wide-dhcp-client the logic which
was present to update /etc/resolv.conf with the DHCP specified nameservers and
also the search domain list was no longer present.
This commit adds a per interface rendered script to inform vyos-hostsd about
the received IPv6 nameservers and search domains.
|
|
name-server option"
This fixes an invalid warning when using a DHCP VLAN interface to retrieve the
system nameserver to be used. VLAN CLI config is not properly expanded
leading to a false warning:
[ system name-server eth1.10 ]
WARNING: "eth1.10" is not a DHCP interface but uses DHCP name-server option!
|
|
|
|
|
|
T6185: simplify marshalling of section and config data for config-sync
|
|
dhcp-server: T4718: Listen-address is not commit if the ip address is on the interface with vrf
|
|
accel-ppp: T6187: use correct CPU counts adjusted for SMT
|
|
|
|
|
|
bgp: T6106: Valid commit error for route-reflector-client option defined in peer-group
|
|
image-tools: T6186: simplify image annotations fixing regression
|
|
|
|
|
|
|
|
peer-group
changed exception condition
Improved route_reflector_client test
|
|
|
|
|
|
Package path/section data in single command containing a tree (dict) of
section paths and the accompanying config data. This drops the call to
get_config_dict and the need for a list of commands in request.
|
|
|
|
dhcp: T6174: Add TACACS/Radius users to _kea group
|
|
Also raise op-mode error when unable to fetch data from Kea socket
|
|
openvpn: T6159: Openvpn Server Op-cmd adds heading "OpenVPN status on vtunx" for every client connection
|
|
vyos.system.grub: T3664: add chroot argument to the GRUB install function
|
|
vyos.template: T3664: add an environment variable for template location
|
|
to allow unmodified code to be executed from anywhere,
even outside of VyOS installations
|
|
to faciliate running it outside of a VyOS installation
|
|
T5832: VRRP allow set interface for exluded-address
|
|
ipsec: T5606: T5871: Use multi node for CA certificates
|