summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-06-08arp: T4397: bugfix on address iteration - ARP is IPv4 onlyChristian Poessinger
2022-06-08Merge pull request #1340 from sever-sever/T3083Christian Poessinger
event-handler: T3083: Add simple event-handler
2022-06-08event-handler: Change tagNode event-handler to nodeViacheslav Hletenko
Before: set service event-handler Foo After: set service event-handler event Foo
2022-06-07event-handler: T3083: Extended event-handler featureszsdc
* Added the ability to filter by a syslog identifier * Added the ability to pass arguments to a script * Added the ability to pass preconfigured environment variables to a script * A message that triggered a script is now passed in the `message` variable and can be used in a script * Replaced `call()` to `run()`, since stdout are not need to be printed
2022-06-07firewall: T970: domain-group should not starts with numericViacheslav Hletenko
Edit regex to check firewall-group
2022-06-07event-handler: T3083: Add arguments and environment options XMLViacheslav Hletenko
2022-06-07event-handler: T3083: Move system to service event-handlerViacheslav Hletenko
Move 'system event-handler' to 'service event-handler'
2022-06-07event-handler: T3083: Optimized event-handlerViacheslav Hletenko
2022-06-06event-handler: T3083: Optimized event-handlerzsdc
* Removed dynamic generating for systemd unit * Optimized configuration file deleting process * Added exceptions handlers to event-handler script to protect service from most obvious potential troubles * Improved logging * Moved pattern compilation outside a messages loop to avoid extra operations * Added signal handlers for proper systemd integration
2022-06-06event-handler: T3083: Add simple event-handlerViacheslav Hletenko
Event-handler allows executing a custom script when in logs it detects configured "pattern" A simple implemenation set system event-handler first pattern '.*ssh2.*' set system event-handler first script '/config/scripts/hello.sh'
2022-06-06Merge pull request #1347 from dmbaturin/T4446Viacheslav Hletenko
T4446: use a unified neighbor display script
2022-06-06T4446: use format strings instead of old-fasionhed format methodDaniil Baturin
2022-06-05Merge pull request #1350 from nicolas-fort/T4387-WLB-smoketestChristian Poessinger
T4387: add more firewall checks for WLB smoketests.
2022-06-05T4387: add more firewall checks for WLB smoketests.Nicolas Fort
2022-06-05Merge pull request #1346 from sever-sever/T4387-currViacheslav Hletenko
smoketest: T4387: Add test for load-balancing wan
2022-06-05Merge pull request #2 from sarthurdev/T970Viacheslav Hletenko
firewall: T970: Maintain a domain state to fallback if resolution fails
2022-06-05firewall: T970: Maintain a domain state to fallback if resolution failssarthurdev
2022-06-04Merge pull request #1348 from nicolas-fort/T3976-T4449-nexthopChristian Poessinger
Policy: T3976-T4449-nexthop: add - match ipv6 nexthop type -
2022-06-04Policy: T3976-T4449-nexthop: add - match ipv6 nexthop type - as available ↵Nicolas Fort
for ipv4
2022-06-02T4446: use a unified neighbor display scriptDaniil Baturin
2022-06-02smoketest: T4387: Add test for load-balancing wanViacheslav Hletenko
Create 2 network namespaces which allow us to emulate 2 ISP with different static addresses Check routing table 201 for the first ISP and table 202 for the second ISP. Each table must contain default route (cherry picked from commit 6b75cbb0575ca95806e969f5d7f219c0cbeea334)
2022-06-02Merge pull request #1345 from sever-sever/T4222Christian Poessinger
sla: T4222: Add OWAMP and TWAMP for service sla
2022-06-02sla: T4222: Add OWAMP and TWAMP for service slaViacheslav Hletenko
OWAMP is a command line client application and a policy daemon used to determine one way latencies between hosts. OWAMP session control uses traditional client-server communication between a control-client and a server, TWAMP (two-way active measurement protocol) Add configuration and operation modes set service sla owamp-server set service sla twamp-server run force owping 192.0.2.120 run force twping 192.0.2.190
2022-05-31Merge pull request #1344 from sarthurdev/pki_updateChristian Poessinger
pki: T3642: Update conf scripts using changed PKI objects
2022-05-31pki: T3642: Update conf scripts using changed PKI objectssarthurdev
2022-05-31smoketest: policy: T3976: add migratable config snippetChristian Poessinger
2022-05-31policy: T3976: fix SyntaxError: invalid non-printable characterChristian Poessinger
2022-05-31policy: T3976: bump version 2 -> 3Christian Poessinger
2022-05-31IPv6: T3976: add prefix-list and access-list option from ipv6 route-mapfett0
2022-05-31Merge pull request #1343 from sarthurdev/pki_importChristian Poessinger
pki: T3642: Add ability to import files into PKi configuration
2022-05-31pki: T3642: Enable `generate pki openvpn ...` to install into configsarthurdev
2022-05-30pki: T3642: Add ability to import files into PKi configurationsarthurdev
2022-05-30eigrp: T2773: bugfix Makefile - temporary code removalChristian Poessinger
2022-05-30Merge pull request #1342 from nicolas-fort/T4450Christian Poessinger
Policy: T4450: Expand options for ip|ipv6 address match.
2022-05-29Policy: T4450: Expand options for ip|ipv6 address match. Now support ↵Nicolas Fort
prefix-len on both matches. Also change help properties of route-source node.
2022-05-29xml: reword static routing completion helpChristian Poessinger
2022-05-29eigrp: T2472: add missing <multi/> specifier when redistributing protocolsChristian Poessinger
2022-05-29vyos.frr: T2472: add wigrpd supportChristian Poessinger
2022-05-29eigrp: T2472: add "local-as" CLI node to specify ASN like under BGPChristian Poessinger
2022-05-29eigrp: T2472: add basic template rendering and FRR communicationChristian Poessinger
2022-05-29rip: T4448: remove default version for RIPChristian Poessinger
Commit f9e38622 ("rip: T4448: add support to set protocol version on an interface level") also added the versionspecified on a per interface level. the RIp version carried a default value of 2 which makes RIPv1 and RIPv2 no longer working which is dthe default for FRR. Remove the default "2" from the RIP version specifier to make this behavior work again.
2022-05-29Merge branch 'eigrp' into currentChristian Poessinger
* eigrp: eigrp: T2472: disable protocol by default eigrp: T2472: add initial python helper eigrp: vrf: T2773: prepare XML definitions for VRF instance eigrp: T2473: add XML definitions
2022-05-29eigrp: T2472: disable protocol by defaultChristian Poessinger
2022-05-29eigrp: T2472: add initial python helperChristian Poessinger
2022-05-29eigrp: vrf: T2773: prepare XML definitions for VRF instanceChristian Poessinger
2022-05-29eigrp: T2473: add XML definitionssever-sever
2022-05-29Merge branch 'T4449' of https://github.com/nicolas-fort/vyos-1x into currentChristian Poessinger
* 'T4449' of https://github.com/nicolas-fort/vyos-1x: Policy: T4449: Extend matching options for route-map ip nexthop
2022-05-28rip: T4448: add support to set protocol version on an interface levelChristian Poessinger
2022-05-28xml: rip: T4448: rename include files to match schemaChristian Poessinger
2022-05-28firewall: T970: Add firewall group domain-groupViacheslav Hletenko
Domain group allows to filter addresses by domain main Resolved addresses as elements are stored to named "nft set" that used in the nftables rules Also added a dynamic "resolver" systemd daemon vyos-domain-group-resolve.service which starts python script for the domain-group addresses resolving by timeout 300 sec set firewall group domain-group DOMAINS address 'example.com' set firewall group domain-group DOMAINS address 'example.org' set firewall name FOO rule 10 action 'drop' set firewall name FOO rule 10 source group domain-group 'DOMAINS' set interfaces ethernet eth0 firewall local name 'FOO' nft list table ip filter table ip filter { set DOMAINS { type ipv4_addr flags interval elements = { 192.0.2.1, 192.0.2.85, 203.0.113.55, 203.0.113.58 } } chain NAME_FOO { ip saddr @DOMAINS counter packets 0 bytes 0 drop comment "FOO-10" counter packets 0 bytes 0 return comment "FOO default-action accept" } }