summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-08-16Merge pull request #3989 from jestabro/write_file-errChristian Breunig
utils: T6658: fix write_file check in case of empty directory path
2024-08-16Merge pull request #3988 from nicolas-fort/T5794Christian Breunig
T5794: firewall: change firewall priority in oder to be loaded after all interfaces
2024-08-15utils: T6658: fix write_file check in case of empty directory pathJohn Estabrook
2024-08-15T5794: change firewall priority in oder to be loaded after all interfaces.nicolas
2024-08-15T6649: Accel-ppp separate vlan-mon from listen interfacesNataliia Solomko
2024-08-15Merge pull request #3982 from nicolas-fort/T6636Christian Breunig
T6636: firewall: fix firewall template in order print logs for default-action
2024-08-14Merge pull request #3980 from natali-rs1985/T6651-currentChristian Breunig
op_mode: T6651: Add a top level op mode word "execute"
2024-08-14Merge pull request #3981 from nicolas-fort/T6646Daniil Baturin
T6646: conntrack: in ignore rules, if protocols=all, do not append it to the rule
2024-08-14Merge pull request #3971 from jestabro/op-mode-cacheDaniil Baturin
xml: T6650: add initial op-mode cache support
2024-08-14T6636: firewall: fix firewall template in order to write logs for ↵Nicolas Fort
default-action in order to match same structure as in rules. This way op-mode command for showing firewall log prints logs for default-actions too
2024-08-14T6646: conntrack: in ignore rules, if protocols=all, do not append it to the ↵Nicolas Fort
rule
2024-08-14op_mode: T6651: Add a top level op mode word "execute"Nataliia Solomko
2024-08-13T6183: interfaces openvpn: suppport specifying IP protocol versionLucas Christian
2024-08-13T5743: HTTPS API ability to import PKI certificatesNataliia Solomko
2024-08-12Merge pull request #3958 from natali-rs1985/T6624-currentChristian Breunig
suricata: T6624: Make it possible for suricata address groups to reference each other
2024-08-12suricata: T6624: Fix for service suricata address-groups cannot be used in ↵Nataliia Solomko
each other
2024-08-12Merge pull request #3970 from lucasec/t6648Christian Breunig
T6648: dhcpv6-server: align stateless DHCPv6 options with stateful
2024-08-12T6648: dhcpv6-server: align stateless DHCPv6 options with statefulLucas Christian
2024-08-12Merge pull request #3937 from jestabro/env-set-alternativeChristian Breunig
configd: T6633: inject missing env vars for configfs utility
2024-08-12configd: T6633: inject missing env vars for configfs utilityJohn Estabrook
2024-08-12Merge pull request #3961 from jestabro/verify-interface-exists-configJohn Estabrook
configverify: T6642: verify_interface_exists requires config_dict arg
2024-08-12configverify: T6642: verify_interface_exists requires config_dict argJohn Estabrook
The function verify_interface_exists requires a reference to the ambient config_dict rather than creating an instance. As access is required to the 'interfaces' path, provide as attribute of class ConfigDict, so as not to confuse path searches of script-specific config_dict instances.
2024-08-12xml: T6650: add initial op-mode cache supportJohn Estabrook
2024-08-11Merge pull request #3965 from kumvijaya/currentChristian Breunig
T6637: add pr commenting back in un-used import check
2024-08-11Merge branch 'current' into currentVijayakumar A
2024-08-10Merge pull request #3964 from nicolas-fort/T6643Christian Breunig
T6643: firewall: fix ip address range parsing on firewall rules.
2024-08-10T6637: add pr commenting back in un-used import checkVijayakumar A
2024-08-09T6643: firewall: fix ip address range parsing on firewall rules.Nicolas Fort
2024-08-09Merge pull request #3960 from jestabro/verify-interface-state-existsDaniil Baturin
qos: T6638: require interface state existence in verify conditional
2024-08-08qos: T6638: require interface state existence in verify conditionalJohn Estabrook
2024-08-08Merge pull request #3955 from jestabro/configd-in-session-falseDaniil Baturin
configd: T6640: enforce in_session returns False under configd
2024-08-07configd: T6640: enforce in_session returns False under configdJohn Estabrook
The CStore in_session check is a false positive outside of a config session if a specific environment variable is set with an existing referent in unionfs. To allow extensions when running under configd and avoid confusion, enforce in_session returns False.
2024-08-06Merge pull request #3949 from kumvijaya/currentDaniil Baturin
T6637: py files filter added for unused import check
2024-08-06smoketest: T6614: add op-mode test for Kernel version (#3946)Christian Breunig
2024-08-06Merge pull request #3945 from c-po/T3204-sysctlChristian Breunig
sysctl: T3204: restore sysctl setttings overwritten by tuned
2024-08-06T6637: py files filter added for unused import checkVijayakumar A
2024-08-06T6634: README: Add image graphs of contributors (#3944)Viacheslav Hletenko
2024-08-05sysctl: T3204: restore sysctl setttings overwritten by tunedChristian Breunig
2024-08-05Merge pull request #3947 from c-po/openvpn-T6555Christian Breunig
smoketest: T6555: openvpn: NameError: name 'elf' is not defined
2024-08-05smoketest: T6555: openvpn: NameError: name 'elf' is not definedChristian Breunig
2024-08-05Merge pull request #3942 from c-po/bugfixesDaniil Baturin
T6560: T4694: T6555: multiple minor bugfixes for package build
2024-08-05smoketest: T6555: openvpn: SyntaxError: '(' was never closedChristian Breunig
2024-08-05firewall: T4694: fix GRE key include path in XMLChristian Breunig
2024-08-05GitHub: T6560: checkout pull request HEAD commit instead of merge commitChristian Breunig
2024-08-05Merge pull request #3637 from talmakion/feature/T4694/gre-match-fieldsChristian Breunig
firewall: T4694: Adding GRE flags & fields matches to firewall rules
2024-08-05Merge branch 'current' into feature/T4694/gre-match-fieldsChristian Breunig
2024-08-05Merge pull request #3920 from fett0/T6555Christian Breunig
OPENVPN: T6555: add server-bridge options in mode server
2024-08-05Merge pull request #3939 from c-po/unused-importsChristian Breunig
T5873: T6619: remove unused imports
2024-08-04firewall: T4694: Adding GRE flags & fields matches to firewall rulesAndrew Topp
* Only matching flags and fields used by modern RFC2890 "extended GRE" - this is backwards-compatible, but does not match all possible flags. * There are no nftables helpers for the GRE key field, which is critical to match individual tunnel sessions (more detail in the forum post) * nft expression syntax is not flexible enough for multiple field matches in a single rule and the key offset changes depending on flags. * Thus, clumsy compromise in requiring an explicit match on the "checksum" flag if a key is present, so we know where key will be. In most cases, nobody uses the checksum, but assuming it to be off or automatically adding a "not checksum" match unless told otherwise would be confusing * The automatic "flags key" check when specifying a key doesn't have similar validation, I added it first and it makes sense. I would still like to find a workaround to the "checksum" offset problem. * If we could add 2 rules from 1 config definition, we could match both cases with appropriate offsets, but this would break existing FW generation logic, logging, etc. * Added a "test_gre_match" smoketest
2024-08-04Merge pull request #3901 from nicolas-fort/T4072-extend-bridge-fwallChristian Breunig
T4072: firewall extend bridge firewall