summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-09-04T5496: Change src and|or destination wildcard for any, which still makes it ↵Nicolas Fort
easy to read, and we get uniform output for both families, and will look the same when working with inet family in the future. Fix output of geo-ip matchers. Fix output for default-action rules: display N/A for counters in base chains, since they are not available.Change from N/A to N/D for empty groups, and for groups which found no reference in config
2023-09-04Merge pull request #2201 from dmbaturin/T671-show-dmiChristian Breunig
T671: call dmidecode directly in "show hardware dmi"
2023-09-04T671: call dmidecode directly in "show hardware dmi"Daniil Baturin
The old script isn't doing much, in fact, it's much less informative than actual dmidecode
2023-09-04T2958: Refactor DHCP-server systemd unit and leaseViacheslav Hletenko
Render isc-dhcp-server systemd unit from configuration
2023-09-04nat: T1877: Fix typo in nat ConfigErrorsarthurdev
2023-09-04conntrack: T4309: Add `conntrack ignore` smoketestsarthurdev
2023-09-04conntrack: T4309: T4903: Refactor `system conntrack ignore` rule generation, ↵sarthurdev
add IPv6 support and firewall groups
2023-09-04Merge pull request #2192 from sever-sever/T5533vyos/1.5dev0zdc
T5533: Fix VRRP IPv6 group enters in FAULT state
2023-09-04T5533: Fix VRRP IPv6 group enters in FAULT stateViacheslav Hletenko
Checks if an IPv6 address on a specific network interface is in the tentative state. IPv6 tentative addresses are not fully configured and are undergoing Duplicate Address Detection (DAD) to ensure they are unique on the network. inet6 2001:db8::3/125 scope global tentative It tentative state the group enters in FAULT state. Fix it
2023-09-04Merge pull request #2197 from anthr76/cap-sys-moduleChristian Breunig
feat(T5544): Allow CAP_SYS_MODULE to be set on containers
2023-09-03fix: sys-module auto-tab completionAnthony Rabbito
Signed-off-by: Anthony Rabbito <hello@anthonyrabbito.com>
2023-09-03feat(T5544): Allow CAP_SYS_MODULE to be set on containersAnthony Rabbito
Signed-off-by: Anthony Rabbito <hello@anthonyrabbito.com>
2023-09-03netns: T5241: improve get_interface_namespace() robustnessChristian Breunig
2023-09-03netns: T5241: use common interface_exists() helperChristian Breunig
2023-09-03netns: T5241: provide is_netns_interface utility helperChristian Breunig
2023-09-03Merge branch 'T5241-control-edition' of ↵Christian Breunig
https://github.com/sever-sever/vyos-1x into netns * 'T5241-control-edition' of https://github.com/sever-sever/vyos-1x: T5241: Support netns for veth and dummy interfaces
2023-09-03T5543: IGMP: fix source address handling in static joinsYuxiang Zhu
The following command expects to join source-specific multicast group 239.1.2.3 on interface eth0, where the source address is 192.0.2.1. set protocols igmp interface eth0 join 239.1.2.3 source 192.0.2.1 This command should generate FRR config: interface eth0 ip igmp ip igmp join 239.1.2.3 192.0.2.1 exit However, there is a bug in the Jinja template where `if ifaces[iface].gr_join[group]` is mostly evaluated as `false` because `iface` is a loop variable from another loop.
2023-09-03ipoe: T5542: fix Jinja2 template and add missing dhcp relay configNiklas Polte
2023-09-03wireless: T5540: fix smoketests after adjusting VHT channel widthChristian Breunig
Commit 6896aabb6 ("wireless: T5540: fix VHT capability settings for 802.11ac" changed how the VHT channel-sidth is configured in hostapd - but smoketests did not get adjusted.
2023-09-03wireless: T5540: use elif in Jinja2 template for VHT channel widthChristian Breunig
2023-09-02wireless: T5540: fix VHT capability settings for 802.11acalainlamar
2023-09-01container: T4353: capitalize ascii -> ASCIIChristian Breunig
2023-09-01Merge pull request #2193 from sever-sever/T5536Christian Breunig
T5536: Fix show dhcp client leases
2023-09-01T2546: re-add "monitor command" op-mode command with a new "diff" option as wellChristian Breunig
2023-09-01T5536: Fix show dhcp client leasesViacheslav Hletenko
Fix helpers was moved to vyos.utils package Fix empty new address from the lease file causes OSError: illegal IP address string passed to inet_pton
2023-08-31Merge pull request #2189 from sever-sever/T5531Christian Breunig
T5531: Containers add label option
2023-08-31Merge pull request #2190 from sarthurdev/T4782Christian Breunig
eapol: T4782: Support multiple CA chains
2023-08-31T5531: Containers add label optionViacheslav Hletenko
Ability to set labels for container set container name c1 allow-host-networks set container name c1 image 'busybox' set container name c1 label mypods value 'My label for containers'
2023-08-30T5496: add fqdn and geo-ip matchers in op-mode command <show firewall statics>Nicolas Fort
2023-08-31eapol: T4782: Support multiple CA chainssarthurdev
2023-08-30Merge pull request #2186 from nicolas-fort/T5496Christian Breunig
T5496: firewall: fix op-mode command show firewall
2023-08-29T5496: firewall op-mode: add fix for source and destination when not ↵Nicolas Fort
specified (correct ::/0 for ipv6). Also, add columns for inbound and outbound interfaces
2023-08-29T5496: firewall op-mode: add fix for firewall statics. Include groups ↵Nicolas Fort
correct reference in source/destination column
2023-08-29Debian: T5521: remove unused tacacs UNIX groupChristian Breunig
2023-08-29T5496: firewall op-mode: fix show command for group member and referencesNicolas Fort
2023-08-29Debian: T5521: use bash over dash for postinstall scriptChristian Breunig
2023-08-28Debian: T5521: use --no-create-home for TACACS usersChristian Breunig
2023-08-28Debian: T5521: place AAA users in users group (besides aaa group)Christian Breunig
2023-08-28Debian: T5521: both RADIUS and TACACS users belong to aaa group, add group firstChristian Breunig
2023-08-28Merge pull request #2180 from vfreex/fix-call-hangsChristian Breunig
T5519: Fix `vyos.utils.process.call` hangs
2023-08-28T5519: Fix `vyos.utils.process.call` hangsYuxiang Zhu
See https://vyos.dev/T5519 for more information.
2023-08-27Merge pull request #2176 from sarthurdev/T5080Christian Breunig
firewall: T5080: Disable conntrack unless required by rules
2023-08-27Merge pull request #2178 from sarthurdev/labelsChristian Breunig
github: Labeler needs to run on `pull_request_target`
2023-08-27github: Labeler needs to run on `pull_request_target`sarthurdev
Ref: https://github.com/actions/labeler#permissions
2023-08-27Merge pull request #2175 from sarthurdev/labelsChristian Breunig
github: Set permissions for label workflow
2023-08-27github: Set permissions for label workflowsarthurdev
2023-08-27Merge pull request #2174 from sarthurdev/T5018_fixChristian Breunig
qos: T5018: Fix dependents only being set for QoS interfaces
2023-08-27qos: T5018: Fix dependents only being set for QoS interfacessarthurdev
2023-08-26firewall: T5080: Disable conntrack unless required by rulessarthurdev
2023-08-26Merge pull request #2163 from sarthurdev/firewall_rpfilterChristian Breunig
firewall: T3509: Add support for IPv6 reverse path filtering