summaryrefslogtreecommitdiff
path: root/data/templates
AgeCommit message (Collapse)Author
2022-01-05firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and ↵sarthurdev
zone-policy
2022-01-04Merge pull request #1130 from sarthurdev/firewallChristian Poessinger
firewall: T4130: Fix firewall state-policy errors
2022-01-04firewall: T4130: Fix firewall state-policy errorssarthurdev
Also fixes: * Issue with multiple state-policy rules being created on firewall updates * Prevents interface rules being inserted before state-policy
2022-01-03Merge pull request #1018 from sever-sever/T3872Christian Poessinger
monitoring: T3872: Add a new feature service monitoring
2022-01-03monitoring: T3872: Add a new feature service monitoring telegrafViacheslav
2021-12-31Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into currentChristian Poessinger
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python
2021-12-31ipsec: T4126: Ability to set priorities for installed policyViacheslav
Add priority for policy based IPSec VPN tunnels If 2 tunnels have the same pair of local and remote traffic selectors (prefixes) it allows to set more preforable install policy from required peer The lowest priority is more preforable
2021-12-30snmp: T4124: migrate to get_config_dict()Christian Poessinger
2021-12-29webproxy: T4116: Ability to listen on IPv6 addressesAndreas
IPv6 addresses on webproxy/SQUID where not added correctly. They need to be added in brackets. Modified squid.conf.tmpl to bracketize the address
2021-12-28ipsec: T4111: Fix for swanctl configuration IPV6 peersViacheslav
Peer name must not contain dots and colons, otherwise swanct can't generate correct configuration for swanctl.conf This is used in connection names and child SA names Add filter 'dot_colon_to_dash' which replace dots and colons
2021-12-27Merge pull request #1116 from sever-sever/T4039Christian Poessinger
syslog: T4039: Add protocol23format logging for UDP
2021-12-27syslog: T4039: Add protocol23format logging for UDPViacheslav
Add protocol23format for rsyslog protocol UDP Add ability to use IPv6 addresses (bracketize_ipv6) for protocol TCP and UDP, when protocol is configured explicity
2021-12-26ospfv3: T4107: add support for "default-information originate"Christian Poessinger
2021-12-26ospfv3: T4108: add support for auto-cost parameterChristian Poessinger
2021-12-26ospfv3: T4102: nssa area support both no-summary and default-originateChristian Poessinger
2021-12-26flow-accounting: T4097: move configuration file to /runChristian Poessinger
2021-12-26http: api: T4055: add VRF supportChristian Poessinger
2021-12-25Merge branch 't4097-flow-accounting' into currentChristian Poessinger
* t4097-flow-accounting: flow-accounting: T4106: support specification of capture packet length flow-accounting: T4105: drop "sflow agent-address auto" flow-accounting: T4099: rename "netflow source-ip" to source-address flow-accounting: T4097: move to get_config_dict()
2021-12-25flow-accounting: T4106: support specification of capture packet lengthChristian Poessinger
2021-12-25flow-accounting: T4099: rename "netflow source-ip" to source-addressChristian Poessinger
sFlow uses the source-address CLI node and netflow uses source-ip this is just confusing and should be synced to the common source-address CLI node.
2021-12-25flow-accounting: T4097: move to get_config_dict()Christian Poessinger
2021-12-25Merge pull request #1115 from sever-sever/T4081Christian Poessinger
keepalived: T4081: Fix health-checking when syn-group is used
2021-12-25ospfv3: T4102: add support for NSSA area-typeChristian Poessinger
2021-12-21keepalived: T4081: Fix health-checking when syn-group is usedViacheslav
If health-check scripts are used in vrrp group and vrrp group is membmer of sync-group, then health-check scripts should be part of the section "vrrp_sync_group". In other case the health-scripts won't work anymore.
2021-12-17Merge pull request #1103 from zdc/T3774-sagittaChristian Poessinger
logs: T3774: Added CLI options to control atop logs rotation
2021-12-17logs: T3774: Optimization for logrotate configszsdc
* Added proper handling of default values from CLI. * Replaced rsyslog restart postrotate action to native `rsyslog-rotate` script. * Removed unnecessary checks for `None` instead `dict` - with default values the situation becomes impossible. * Fixed default value from 10 to 1 in the rsyslog CLI.
2021-12-13logs: T3774: Added new CLI itemzsdc
Added the ability to control the `/var/log/messages` rotation. Renamed the option `maxsize` to `max-size`.
2021-12-13http-api: T4071: allow API to bind to unix domain socketJohn Estabrook
2021-12-12bgp: T3967: add support for conditional advertisementChristian Poessinger
The BGP conditional advertisement feature uses the non-exist-map or the exist-map and the advertise-map keywords of the neighbor advertise-map command in order to track routes by the route prefix. non-exist-map ============= * If a route prefix is not present in the output of non-exist-map command, then advertise the route specified by the advertise-map command. * If a route prefix is present in the output of non-exist-map command, then do not advertise the route specified by the addvertise-map command. exist-map ========= * If a route prefix is present in the output of exist-map command, then advertise the route specified by the advertise-map command. * If a route prefix is not present in the output of exist-map command, then do not advertise the route specified by the advertise-map command. This feature is useful when some prefixes are advertised to one of its peers only if the information from the other peer is not present (due to failure in peering session or partial reachability etc). The conditional BGP announcements are sent in addition to the normal announcements that a BGP router sends to its peer. CLI nodes can be found under: * set protocols bgp neighbor <ip> address-family <afi> conditional-advertisement * set protocols bgp peer-group <p> address-family <afi> conditional-advertisement
2021-12-12bgp: T4069: add "parameters suppress-fib-pending" CLI optionChristian Poessinger
This command is applicable at the global level and at an individual bgp level. If applied at the global level all bgp instances will wait for fib installation before announcing routes and there is no way to turn it off for a particular BGP vrf.
2021-12-12bgp: T4069: add "parameters shutdown" CLI optionChristian Poessinger
Administrative shutdown of all peers of a bgp instance. Drop all BGP peers, but preserve their configurations. The peers are notified in accordance with RFC 8203 by sending a NOTIFICATION message with error code Cease and subcode Administrative Shutdown prior to terminating connections. This global shutdown is independent of the neighbor shutdown, meaning that individually shut down peers will not be affected by lifting it.
2021-12-12bgp: T4069: add "parameters reject-as-sets" CLI optionChristian Poessinger
This command enables rejection of incoming and outgoing routes having AS_SET or AS_CONFED_SET type.
2021-12-12bgp: T4069: add "parameters minimum-holdtime <n>" CLI optionChristian Poessinger
This command allows user to prevent session establishment with BGP peers with lower holdtime less than configured minimum holdtime. When this command is not set, minimum holdtime does not work.
2021-12-12bgp: T4069: add "parameters fast-convergence" CLI optionChristian Poessinger
Whenever BGP peer address becomes unreachable we must bring down the BGP session immediately. Currently only single-hop EBGP sessions are brought down immediately. IBGP and multi-hop EBGP sessions wait for hold-timer expiry to bring down the sessions. This new configuration option helps user to teardown BGP sessions immediately whenever peer becomes unreachable. This configuration is available at the bgp level. When enabled, configuration is applied to all the neighbors configured in that bgp instance.
2021-12-12bgp: T3967: add "parameters conditional-advertisement timer <n>" optionChristian Poessinger
Set the period to rerun the conditional advertisement scanner process. The default is 60 seconds.
2021-12-09ospf(v3): T4058: add support for BFD profilesChristian Poessinger
2021-12-09isis: T4058: add support for BFD profilesChristian Poessinger
2021-12-09bgp: T4058: add support for BFD profilesChristian Poessinger
2021-12-09Merge pull request #1024 from lucasec/dns-authoritativeChristian Poessinger
T562: Config syntax for defining DNS forward authoritative zones
2021-12-07logs: T3774: Added CLI options to control atop logs rotationzsdc
Added CLI options to generate logrotate configuration file for atop logs
2021-12-08Merge pull request #1100 from DmitriyEshenko/sg-1x-03122021-02Daniil Baturin
pppoe-server: T3006: Add range to regex generator
2021-12-07pppoe-server: T3006: Add range to regex generatorDmitriyEshenko
2021-12-07VRRP: T4033: VRRP script_security parameter removedgoodNETnick
2021-12-06zone_policy: T3873: Implement intra-zone-filteringsarthurdev
2021-12-06policy: T2199: Migrate policy route to XML/Pythonsarthurdev
2021-12-06zone-policy: T2199: Migrate zone-policy to XML/Pythonsarthurdev
2021-12-06firewall: T2199: Migrate firewall to XML/Pythonsarthurdev
2021-12-06https: T4055: add vrf supportChristian Poessinger
2021-12-06bfd: T4054: bugfix missing profile assignment to peerChristian Poessinger
2021-12-06mpls: ldp: T3753: add proper indention to Jinja2 templateChristian Poessinger