Age | Commit message (Collapse) | Author |
|
1. Added in script update webproxy blacklists generation of all DBs
2. Fixed: if the blacklist category does not have generated db,
the template generates an empty dest category
in squidGuard.conf and a Warning message.
3. Added template generation for local's categories
in the rule section.
4. Changed syntax in the generation dest section for blacklist's
categories
5. Fixed generation dest local sections in squidGuard.conf
6. Fixed bug in syntax. The word 'allow' changed to the word 'any'
in acl squidGuard.conf
7. Backported all changes from 1.4 to 1.3 which were made in T3810
8. Fixed webproxy smoketest
|
|
This is a backport of https://github.com/vyos/vyos-1x/pull/1656.
Note I also changed `ip-down.script.tmpl` to not wait for `systemctl
stop dhcp6c@$iface.service`, because that command is slow and pppd will
kill the ip-down script if it times out.
I didn't see `ip-down.script.tmpl` or its equivalent in the 1.4 branch.
Not sure if there is another mechanism to handle that functionality or
it is missed.
|
|
ddclient: T4743: Add option for IPv6 Dynamic DNS
|
|
conntrack-sync: T4730: Fix listen-address jinja2 template
|
|
Fix correct format for prometheus listen-address when we use
IPv6 address, we must use square 'brackets'
http://[2001:db8::11e]:9273
|
|
Listen address has option 'multi'
As result we have an incorrect template value for listen-address
- conntrack-sync listen-address '192.0.2.11' in template
It looks like "IPv4_address ['192.0.2.11']" in the conntrackd.conf
but the correct string expected without brackets
Fix it
|
|
Allow to set IPv6 address for Dynamic DNS
set service dns dynamic interface eth2 ipv6-enable
|
|
Adds a sysctl parameter to ignore the default router obtained from
router advertisements when pppoe default-route is set to 'none'.
|
|
ocserv: openconnect: T4614: add support for split-dns (equuleus)
|
|
Add protocol23format for rsyslog protocol UDP
Add ability to use IPv6 addresses (bracketize_ipv6) for
protocol TCP and UDP, when protocol is configured explicity
|
|
set vpn openconnect network-settings split-dns <domain>
(cherry picked from commit e41685a2f56cca0a53b4f8c084f61a85cf561c80)
|
|
(cherry picked from commit 0943ac00412b0049b7a20a54e27e7b8025726598)
|
|
(cherry picked from commit 258e6873b60531fe70d868d2e53ce2f921fe7f13)
|
|
snmp: T2763: Add protocol TCP for service SNMP
|
|
Ability to listen TCP port for service SNMP
set service snmp protocol tcp
|
|
Delete extra space for template uacctd.conf.tmpl
Update smoketest to replace '.' with '-'
|
|
Fix for IPv6 netflow_plugin name
When we use IPv6 uacctd.conf doesnt expect coluns in the plugin
name. Replace coluns to dash. Place IPv6 address into [] brackets
|
|
accel-ppp: T4373: T4507: Add options multiplier for shaper
|
|
ntp: T4456: support listening on specified interface (equuleus)
|
|
dns: T4509: Add dns64-prefix option (equuleus)
|
|
rfc6147: DNS Extensions for Network Address Translation
from IPv6 Clients to IPv4 Servers
set service dns forwarding dns64-prefix 2001:db8:aabb::/96
(cherry picked from commit 2bdf4798570222b57af2de2f0b443529abdc3feb)
|
|
Add rate-limit options: attribute, muptiplier and vendor
set service ipoe-server auth radius rate-limit attribute 'Mikrotik-Rate-Limit'
set service ipoe-server auth radius rate-limit enable
set service ipoe-server auth radius rate-limit multiplier '0.001'
set service ipoe-server auth radius rate-limit vendor 'Miktorik'
|
|
Multiplier option is required by some vendors for correct shaping
For RADIUS based rate-limits
edit service pppoe-server
set authentication radius rate-limit multiplier '0.001'
|
|
(cherry picked from commit b1db3de80b8b5f4e2dcbc6d687d342986345c4b2)
|
|
When clients only use DHCP for interface addressing we can not bind NTPd to
an address - as it will fail if the address changes. This commit adds support
to bind ntpd to a given interface in addition to a given address.
set system ntp interface <name>
(cherry picked from commit 6732df1edd632b56d3d02970939f51d05d4262e9)
|
|
ipoe: T2580: Add pools and gateway options
|
|
Add action 'reset' (op-mode) for HTTP-API
http://localhost/reset
curl --unix-socket /run/api.sock -X POST -Fkey=mykey \
-Fdata='{"op": "reset", "path": ["ip", "bgp", "192.0.2.14"]}' \
http://localhost/reset
|
|
Add new feature to allow to use named pools
Can be used also with Radius attribute 'Framed-Pool'
set service ipoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1'
set service ipoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
|
|
monitoring: T4315: Add telegraf output plugin prometheus-client
|
|
Add output Plugin "prometheus-client" for telegraf
set service monitoring telegraf prometheus-client xxx
|
|
|
|
|
|
Shared network name should not be handled by tag node mangling
I.e. should not replace underscores with dashed
set service dhcp-server shared-network-name NET_01
shared-network NET_01 {
authoritative;
...
on commit {
set shared-networkname = "NET_01";
}
}
(cherry picked from commit b75b351b7dd2ec87407f98668468b1fc146428bf)
|
|
(cherry picked from commit a6c936997611de85dc73152297679d0b53095713)
|
|
To reproduce:
set protocols isis interface eth1
set protocols isis net '49.0001.1921.6800.1002.00'
Now enable SPF:
set protocols isis spf-delay-ietf holddown '20'
set protocols isis spf-delay-ietf init-delay '31'
set protocols isis spf-delay-ietf long-delay '30'
set protocols isis spf-delay-ietf short-delay '32'
set protocols isis spf-delay-ietf time-to-learn '44'
This will only render the FRR config line: spf-delay-ietf init-delay 31 which
is incomplete:
frr-reload output: 2 2022-04-03 12:35:24,764 ERROR: vtysh failed to process new configuration: vtysh (mark file) exited with status 4:
frr-reload output: 3 b'line 15: % Command incomplete: spf-delay-ietf init-delay 31\n\n'
|
|
(cherry picked from commit 5fc9ef9e31eb566a601f8a150c69b183a4331564)
|
|
openvpn: T3686: Fix for check local-address in script and tmpl
|
|
Ability to set virtual_address on not vrrp-listen interface
Add ability don't track primary vrrp interface "exclude-vrrp-interface"
Add ability to set tracking (state UP/Down) on desired interfaces
For example eth0 is used for vrrp and we want to track another eth1
interface that not belong to any vrrp-group
set high-avail vrrp group WAN interface 'eth0'
set high-avail vrrp group WAN virtual-address 192.0.2.222/24 interface 'eth2'
set high-avail vrrp group WAN track exclude-vrrp-interface
set high-avail vrrp group WAN track interface 'eth1'
|
|
Local-address should be checked/executed only if it exists in the
openvpn configuration, dictionary, jinja2 template
(cherry picked from commit 230ac0a202acd7ae9ad9bccb9e777ee5a0e0b7b7)
|
|
|
|
|
|
NTP-server with option "allow-clients address x.x.x.x" should
accept requests only from clients addresses which declared in
configuration if this option exists
Add "restrict default ignore" to fix it, in another case it
responce to any address
(cherry picked from commit 40f0e78dd94691d54ffd4d2e270ed071e2d2513a)
|
|
(cherry picked from commit 0a91c5de32b52235f4c9c12a6ec34c017011c3df)
|
|
keepalived: T4081: Fix health-checking when syn-group is used
|
|
|
|
If health-check scripts are used in vrrp group and vrrp group
is member of sync-group, then health-check scripts should be
part of the section "vrrp_sync_group". In another case the
health-scripts won't work anymore.
|
|
(cherry picked from commit 4aaf0ba69139d84f89e5c3feee6edd845af8d1e5)
|
|
|
|
(cherry picked from commit 0e3c35e6517f5cfebb4206c735a2ea976a7fd383)
|
|
(cherry picked from commit 955f260ce682d64d27b3b11e618b1ae0176e4b91)
|