Age | Commit message (Collapse) | Author |
|
firewall: zone-policy: T4133: Prevent firewall from trying to clean-up zone-policy chains
|
|
|
|
Following the update to vyos1x-config, commit 64263617, UTF-8 characters
are supported within the config file, hence in the output of showConfig.
|
|
zone-policy chains
* Prevent firewall names from using the reserved VZONE prefix
|
|
op-mode: T4142: Fix for show input ifbX interfaces
|
|
Ability to see interface type "input" ifbX from op-mode
|
|
keepalived: T4109: Update configd-include.json to reflect filename change
|
|
|
|
zone-policy: T4135: Raise error when using an invalid "from" zone.
|
|
|
|
smoketest: shim: Optimise speed of `lsof` command
|
|
firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and zone-policy
|
|
|
|
zone-policy
|
|
firewall: T4132: Fix for op-mode show firewall group
|
|
firewall: T4134: Fix completion help for protocols
|
|
keepalived: T4109: Add high-availability virtual-server
|
|
|
|
After firewall rewriting there is impossible to show a specific
firewall group, this commit fixes it. Add tagNode and completion
help for op-mode firewall group
|
|
Add new feature, high-availability virtual-server
Change XML, python and templates
Move vrrp to root node 'high-availability' as all logic are
handler by root node 'high-availability'
|
|
firewall: T4130: Fix firewall state-policy errors
|
|
|
|
Also fixes:
* Issue with multiple state-policy rules being created on firewall updates
* Prevents interface rules being inserted before state-policy
|
|
|
|
Without this option systemd startup will hit a timeout and the kill keepalived
again.
|
|
|
|
monitoring: T3872: Add a new feature service monitoring
|
|
|
|
listen-address: T4110: Ability to set IPv6 link-local addresses
|
|
Some services allows to set link-local IPv6 addresses as
listen-address. Allow it and add a validator 'ipv6-link-local'
and extend listen-address.xml.i to this validator
|
|
|
|
* 'firewall' of https://github.com/sarthurdev/vyos-1x:
zone_policy: T3873: Implement intra-zone-filtering
policy: T2199: Migrate policy route op-mode to XML/Python
policy: T2199: Migrate policy route to XML/Python
zone-policy: T2199: Migrate zone-policy op-mode to XML/Python
zone-policy: T2199: Migrate zone-policy to XML/Python
firewall: T2199: Migrate firewall op-mode to XML/Python
firewall: T2199: Migrate firewall to XML/Python
|
|
|
|
|
|
ipsec: T4126: Ability to set priorities for installed policy
|
|
Add priority for policy based IPSec VPN tunnels
If 2 tunnels have the same pair of local and remote traffic
selectors (prefixes) it allows to set more preforable install
policy from required peer
The lowest priority is more preforable
|
|
|
|
Commit 566f7f24 ("snmp: T4124: migrate to get_config_dict()") changed the
internal structure to support vyos-configd. When using SNMPv3 we need to
alter the running config by replacing the plaintext-password with an encrypted
one, this is not allowed with vyos-configd.
|
|
|
|
|
|
dhclient: T4121: Fixed resolv.conf generation at early boot stage
|
|
In case if a CLI configuration is not available, dhclient cannot add
nameservers to a `resolv.conf` file, because `vyos-hostsd` requires that
an interface be listed in the `set system name-server` option.
This commit introduces two changes:
* `vyos-hostsd` service will not be started before Cloud-Init fetch all
remote data. This is required because all meta-data should be available
for Cloud-Init before any of VyOS-related services start since it is
used for configuration generation.
* the `vyos-hostsd-client` in the `dhclient-script` will be used only if
the `vyos-hostsd` is running. In other words - if VyOS services already
started, dhclient changes `resolv.conf` using `vyos-hostsd`; in other
cases - does this directly.
These changes should protect us from problems with DHCP during system
boot if DHCP is required by third-party utils.
|
|
webproxy: T4116: Ability to listen on IPv6 addresses
|
|
|
|
IPv6 addresses on webproxy/SQUID where not added correctly.
They need to be added in brackets.
Modified squid.conf.tmpl to bracketize the address
|
|
|
|
|
|
|
|
ipsec: T4111: Fix for swanctl configuration IPV6 peers
|
|
Peer name must not contain dots and colons, otherwise
swanct can't generate correct configuration for swanctl.conf
This is used in connection names and child SA names
Add filter 'dot_colon_to_dash' which replace dots and colons
|