Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
Policy: T4450: Expand options for ip|ipv6 address match.
|
|
prefix-len on both matches. Also change help properties of route-source node.
|
|
|
|
|
|
|
|
|
|
|
|
Commit f9e38622 ("rip: T4448: add support to set protocol version on an
interface level") also added the versionspecified on a per interface level.
the RIp version carried a default value of 2 which makes RIPv1 and RIPv2 no
longer working which is dthe default for FRR. Remove the default "2" from the
RIP version specifier to make this behavior work again.
|
|
* eigrp:
eigrp: T2472: disable protocol by default
eigrp: T2472: add initial python helper
eigrp: vrf: T2773: prepare XML definitions for VRF instance
eigrp: T2473: add XML definitions
|
|
|
|
|
|
|
|
|
|
* 'T4449' of https://github.com/nicolas-fort/vyos-1x:
Policy: T4449: Extend matching options for route-map ip nexthop
|
|
|
|
|
|
Domain group allows to filter addresses by domain main
Resolved addresses as elements are stored to named "nft set"
that used in the nftables rules
Also added a dynamic "resolver" systemd daemon
vyos-domain-group-resolve.service which starts python script
for the domain-group addresses resolving by timeout 300 sec
set firewall group domain-group DOMAINS address 'example.com'
set firewall group domain-group DOMAINS address 'example.org'
set firewall name FOO rule 10 action 'drop'
set firewall name FOO rule 10 source group domain-group 'DOMAINS'
set interfaces ethernet eth0 firewall local name 'FOO'
nft list table ip filter
table ip filter {
set DOMAINS {
type ipv4_addr
flags interval
elements = { 192.0.2.1, 192.0.2.85,
203.0.113.55, 203.0.113.58 }
}
chain NAME_FOO {
ip saddr @DOMAINS counter packets 0 bytes 0 drop comment "FOO-10"
counter packets 0 bytes 0 return comment "FOO default-action accept"
}
}
|
|
|
|
|
|
|
|
|
|
The sla-id parameter of DHCPv6 prefix delegations is limited to 128. While this
is enough to use all /64 subnets of a /57 prefix, with a /56 prefix that is no
longer sufficient.
Increased sla-id length tp 64535 so one could delegate an entire /48.
|
|
|
|
|
|
http-api: T4442: Add action reset
|
|
Add action 'reset' (op-mode) for HTTP-API
http://localhost/reset
curl --unix-socket /run/api.sock -X POST -Fkey=mykey \
-Fdata='{"op": "reset", "path": ["ip", "bgp", "192.0.2.14"]}' \
http://localhost/reset
|
|
configtest: T4382: errors exposed by revision of load-config
|
|
The migration script bgp/0-to-1 did not address
'protocols bgp ASN' -> 'protocols bgp local-as ASN'
under a vrf. Move to configs.no-load for review on extending/adding a
migration script.
|
|
The config vrf-basic reveals a missing block in the migration script
vrf/0-to-1, moving 'next-hop-vrf' to 'vrf'. As this only exists in
Sagitta, modify script 0-to-1. Also, fix the 'system nt' typo seen in
vrf-ospf.
|
|
As a result of the firewall/5-to-6 migration script,
'firewall options interface vtun0 adjust-mss'
is moved to:
'interfaces openvpn vtun0 ip adjust-mss 1380'
however, interfaces-openvpn.xml.in is missing the include file
ipv4-options.xml.i. Add missing include file.
|
|
The pki-ipsec sagitta-era config contains
'vpn ipsec ipsec-interfaces interface eth0'
with ipsec component version ipsec@6, however, this construction is
successfully moved by migration script ipsec/5-to-6. Consequently, this
must have been an error in translation of the config file. Note that
this is unrelated to the corrected error regarding an empty
'ipsec-interfaces' node. Move config to configs.no-load for review.
|
|
bgp_small_as contains set commands such as:
'protocols static route 10.0.0.0/8 MY-NAS distance 254'
which would appear to have no meaning, in any VyOS version.
Move to config.no-load for analysis.
|
|
The component version in bgp-dmvpn-spoke is nat@5, however, 4-to-5
removes the boolean argument. It is confirmed that the migration script
works correctly, hence, it must be a typo in translation; remove
argument 'enable'.
|
|
The config file isis-small has system@20, but 'user level' which was
migrated in system/16-to-17; remove the line in the config, as there is
no problem with the migration script in question.
|
|
This is a typo in vrf-ospf: 'system nt' on the line before 'system ntp'.
|
|
The configs bgp_bfd_communities and bgp_big_as_cloud reveal a
counterexample to the independence of component migration scripts:
quagga migration scripts must precede those of bgp; explicitly reorder
from lexical order.
|
|
Migration of bgp-azure-ipsec-gateway and bgp_dmvpn_hub reveals that
migration script ipsec/5-to-6 leaves the empty node 'ipsec-interfaces'
after moving the interface; fix the migration script, as it is not yet
in 1.3.
|
|
ocserv: T4420: show configured 2FA OTP key
|
|
FRR: T4020: Added CLI options for FRR daemons
|
|
syntax
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|