Age | Commit message (Collapse) | Author |
|
* Removed `/var/log/auth.log` and `/var/log/messages` from
`/etc/logrotate.d/rsyslog`, because they conflict with VyOS-controlled
items what leads to service error.
* Removed generation config file for `/var/log/messages` from
`system-syslog.py` - this should be done from `syslom logs` now.
* Generate each logfile from `system syslog file` to a dedicated
logrotate config file.
* Fixed logrotate config file names in
`/etc/rsyslog.d/vyos-rsyslog.conf`.
* Added default logrotate settins for `/var/log/messages`
|
|
|
|
It should be possible to send the gathered data via a VRF bound interface to
the collector. This is somehow related to T3981 but it's the opposite side of
the netflow process.
set system flow-accounting vrf <name>
|
|
|
|
|
|
Instead of hardcoding the default behavior inside the Jinaj2 template, all
defaults are required to be specified inside teh XML definition. This is
required to automatically render the appropriate CLI tab completion commands.
|
|
ipsec: T1856: Ability to set SA life bytes and packets
|
|
set vpn ipsec site-to-site peer 192.0.2.14 connection-type none
|
|
set vpn ipsec esp-group grp-ESP life-bytes '100000'
set vpn ipsec esp-group grp-ESP life-packets '2000000'
|
|
* t4203-dhcp:
smoketest: dhcp: T4203: move testcase to base class
static: T4203: obey interface dhcp default route distance
interface: T4203: prevent DHCP client restart if not necessary
|
|
vpn: T4254: Add cisco_flexvpn and install_virtual_ip_on options
|
|
Commit 05aa22dc ("protocols: static: T3680: do not delete DHCP received routes")
added a bug whenever a static route is modified - the DHCP interface will
always end up with metric 210 - if there was a default route over a DHCP
interface.
|
|
Ability to set Cisco FlexVPN vendor ID payload:
charon.cisco_flexvpn
charon.install_virtual_ip_on
swanctl.connections.<conn>.vips = x.x.x.x, z.z.z.z
set vpn ipsec options flexvpn
set vpn ipsec options virtual-ip
set vpn ipsec options interface tunX
set vpn ipsec site-to-site peer x.x.x.x virtual-address x.x.x.x
|
|
|
|
Local-address should be checked/executed only if it exists in the
openvpn configuration, dictionary, jinja2 template
|
|
dhcp: T3600: Fix DHCP static table dhcp-interface route
|
|
Input filter for firewall allows to get bytes/counters from
nftables in format, required for InfluxDB2
|
|
Static table dhcp-interface route required table in template
Without table this route will be placed to table 'main' by default
|
|
monitoring: T3872: Fix template input plugin for running services
|
|
|
|
Add required capability for input scripts which collect
statistics of running services
|
|
|
|
upnpd: T3420: Support UPNP protocol
|
|
Telegraf inputs iptables plugin incompatible with nftables
As it tries to get statistics from "iptables -L -n -v"
which doesnt display required data in 1.4 as we don't use
iptables anymore
|
|
Disable distribution-specified extra version suffix is included
during initial protocol handshake
SSH-2.0-OpenSSH_8.4p1 Debian-5 => SSH-2.0-OpenSSH_8.4p1
|
|
DHCP: T4196: fix client-prefix-length parameter
|
|
|
|
Example syslog: [FWNAME-default-D] ...
* Also clean-up firewall default-action
|
|
firewall: T3560: Add support for MAC address groups
|
|
|
|
|
|
This chain was missing from the XML/Python rewrite thus all traffic fell through to the `notrack` rule.
|
|
firewall: T4178: T3873: tcp flags syntax refactor, intra-zone-filtering fix
|
|
|
|
NTP-server with option "allow-clients address x.x.x.x" should
accept requests only from clients addresses which declared in
configuration if this option exists
Add "restrict default ignore" to fix it, in another case it
responce to any address
|
|
Telegraf ethtool input filter expected ethX interfaces and not
other interfaces like vlans/tunnels/dummy
Add "interface_include" option to telegraf template.
|
|
* Migrates all policy route references from `ipv6-route` to `route6`
* Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6`
|
|
file for group definitions.
|
|
In order to have a consistent looking CLI we should rename this CLI node.
There is:
* access-list and access-list6 (policy)
* prefix-list and prefix-list6 (policy)
* route and route6 (static routes)
|
|
|
|
|
|
|
|
vrrp: T1972: Ability to set IP address on not vrrp interface
|
|
keepalived: T4150: Fix template option conntrack_sync_group
|
|
Add missed 'holding-time' option for shortcut-target address
|
|
Ability to set virtual_address on not vrrp-listen interface
Add ability don't track primary vrrp interface "exclude-vrrp-interface"
Add ability to set tracking (state UP/Down) on desired interfaces
For example eth0 is used for vrrp and we want to track another eth1
interface that not belong to any vrrp-group
|
|
conntrack_sync_group option not under 'vrrp' section but part of
high-avalability dictionary
|
|
|
|
|
|
|