summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-01-06Merge pull request #1139 from sarthurdev/firewallChristian Poessinger
firewall: zone-policy: T4133: Prevent firewall from trying to clean-up zone-policy chains
2022-01-06vrrp: T4141: bugfix missing {% if %} clause when adding sync-groupsChristian Poessinger
2022-01-05config: T3785: drop restriction to ascii in decodeJohn Estabrook
Following the update to vyos1x-config, commit 64263617, UTF-8 characters are supported within the config file, hence in the output of showConfig.
2022-01-05firewall: zone-policy: T4133: Prevent firewall from trying to clean-up ↵sarthurdev
zone-policy chains * Prevent firewall names from using the reserved VZONE prefix
2022-01-05Merge pull request #1138 from sever-sever/T4142John Estabrook
op-mode: T4142: Fix for show input ifbX interfaces
2022-01-05op-mode: T4142: Fix for show input ifbX interfacesViacheslav
Ability to see interface type "input" ifbX from op-mode
2022-01-05Merge pull request #1137 from sarthurdev/currentChristian Poessinger
keepalived: T4109: Update configd-include.json to reflect filename change
2022-01-05keepalived: T4109: Update configd-include.json to reflect filename changesarthurdev
2022-01-05Merge pull request #1136 from sarthurdev/firewallChristian Poessinger
zone-policy: T4135: Raise error when using an invalid "from" zone.
2022-01-05zone-policy: T4135: Raise error when using an invalid "from" zone.sarthurdev
2022-01-05Merge pull request #1135 from sarthurdev/currentChristian Poessinger
smoketest: shim: Optimise speed of `lsof` command
2022-01-05Merge pull request #1134 from sarthurdev/firewallChristian Poessinger
firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and zone-policy
2022-01-05smoketest: shim: Optimise speed of `lsof` commandsarthurdev
2022-01-05firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and ↵sarthurdev
zone-policy
2022-01-04Merge pull request #1131 from sever-sever/T4132Christian Poessinger
firewall: T4132: Fix for op-mode show firewall group
2022-01-04Merge pull request #1132 from sever-sever/T4134Christian Poessinger
firewall: T4134: Fix completion help for protocols
2022-01-04Merge pull request #1121 from sever-sever/T4109Christian Poessinger
keepalived: T4109: Add high-availability virtual-server
2022-01-04firewall: T4134: Fix completion help for protocolsViacheslav
2022-01-04firewall: T4132: Fix for op-mode show firewall groupViacheslav
After firewall rewriting there is impossible to show a specific firewall group, this commit fixes it. Add tagNode and completion help for op-mode firewall group
2022-01-04keepalived: T4109: Add high-availability virtual-serverViacheslav
Add new feature, high-availability virtual-server Change XML, python and templates Move vrrp to root node 'high-availability' as all logic are handler by root node 'high-availability'
2022-01-04Merge pull request #1130 from sarthurdev/firewallChristian Poessinger
firewall: T4130: Fix firewall state-policy errors
2022-01-04firewall: T4130: Add state-policy test to firewall smoketestsarthurdev
2022-01-04firewall: T4130: Fix firewall state-policy errorssarthurdev
Also fixes: * Issue with multiple state-policy rules being created on firewall updates * Prevents interface rules being inserted before state-policy
2022-01-03keepalived: T4128: add missing keepalived.service fileChristian Poessinger
2022-01-03keepalived: T4128: add systemd option Type=simpleChristian Poessinger
Without this option systemd startup will hit a timeout and the kill keepalived again.
2022-01-03test: vyos.validate: also test interface identifier in is_ipv6_link_local()Christian Poessinger
2022-01-03Merge pull request #1018 from sever-sever/T3872Christian Poessinger
monitoring: T3872: Add a new feature service monitoring
2022-01-03monitoring: T3872: Add a new feature service monitoring telegrafViacheslav
2022-01-03Merge pull request #1124 from sever-sever/T4110Christian Poessinger
listen-address: T4110: Ability to set IPv6 link-local addresses
2022-01-03listen-address: T4110: Ability to set IPv6 link-local addressesViacheslav
Some services allows to set link-local IPv6 addresses as listen-address. Allow it and add a validator 'ipv6-link-local' and extend listen-address.xml.i to this validator
2022-01-01nat: T2199: rename iptables -> nftables variable prefixChristian Poessinger
2021-12-31Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into currentChristian Poessinger
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python
2021-12-31smoketest: ipsec: T4126: verify configured priorityChristian Poessinger
2021-12-31smoketest: ipsec: make use of setUpClass()Christian Poessinger
2021-12-31Merge pull request #1129 from sever-sever/T4126Christian Poessinger
ipsec: T4126: Ability to set priorities for installed policy
2021-12-31ipsec: T4126: Ability to set priorities for installed policyViacheslav
Add priority for policy based IPSec VPN tunnels If 2 tunnels have the same pair of local and remote traffic selectors (prefixes) it allows to set more preforable install policy from required peer The lowest priority is more preforable
2021-12-31firewall: xml: T4100: increase maximum number of rules to 999999Christian Poessinger
2021-12-31snmp: T4124: remove snmp.py from vyos-configdChristian Poessinger
Commit 566f7f24 ("snmp: T4124: migrate to get_config_dict()") changed the internal structure to support vyos-configd. When using SNMPv3 we need to alter the running config by replacing the plaintext-password with an encrypted one, this is not allowed with vyos-configd.
2021-12-30smoketest: snmp: T4124: locally connect to SNMP service and retrieve dataChristian Poessinger
2021-12-30snmp: T4124: migrate to get_config_dict()Christian Poessinger
2021-12-30Merge pull request #1128 from zdc/T4121-sagittaKim
dhclient: T4121: Fixed resolv.conf generation at early boot stage
2021-12-30dhclient: T4121: Fixed resolv.conf generation at early boot stagezsdc
In case if a CLI configuration is not available, dhclient cannot add nameservers to a `resolv.conf` file, because `vyos-hostsd` requires that an interface be listed in the `set system name-server` option. This commit introduces two changes: * `vyos-hostsd` service will not be started before Cloud-Init fetch all remote data. This is required because all meta-data should be available for Cloud-Init before any of VyOS-related services start since it is used for configuration generation. * the `vyos-hostsd-client` in the `dhclient-script` will be used only if the `vyos-hostsd` is running. In other words - if VyOS services already started, dhclient changes `resolv.conf` using `vyos-hostsd`; in other cases - does this directly. These changes should protect us from problems with DHCP during system boot if DHCP is required by third-party utils.
2021-12-29Merge pull request #1126 from justsecure/currentChristian Poessinger
webproxy: T4116: Ability to listen on IPv6 addresses
2021-12-29configd: T4086: use 'copy' on mutable global var default_config_dataJohn Estabrook
2021-12-29webproxy: T4116: Ability to listen on IPv6 addressesAndreas
IPv6 addresses on webproxy/SQUID where not added correctly. They need to be added in brackets. Modified squid.conf.tmpl to bracketize the address
2021-12-29Improve IPsec help stringsDaniil Baturin
2021-12-29More consise consistent help strings for listen-address commandsDaniil Baturin
2021-12-29Improve tunnel interface help stringsDaniil Baturin
2021-12-28Merge pull request #1123 from sever-sever/T4111Christian Poessinger
ipsec: T4111: Fix for swanctl configuration IPV6 peers
2021-12-28ipsec: T4111: Fix for swanctl configuration IPV6 peersViacheslav
Peer name must not contain dots and colons, otherwise swanct can't generate correct configuration for swanctl.conf This is used in connection names and child SA names Add filter 'dot_colon_to_dash' which replace dots and colons