| Age | Commit message (Collapse) | Author |
|---|
|
Sshguard protects hosts from brute-force attacks
It can inspect logs and block "bad" addresses by threshold
Auto-generates own tables and rules for nftables, so they are not
intercept with VyOS firewall rules.
When service stops, all generated tables are deleted.
set service ssh dynamic-protection
set service ssh dynamic-protection allow-from '192.0.2.1'
set service ssh dynamic-protection block-time '120'
set service ssh dynamic-protection detect-time '1800'
set service ssh dynamic-protection threshold '30'
|
|
Dependency is required for the test Docker OCI image used within the
smoketest framework
|
|
|
|
(cherry picked from commit 681bdf2946d1d10f3b432f70452a8d018b7a98ae)
|
|
|
|
Replace the Flask micro-framework with FastAPI, in order to support
extensions to the API and OpenAPI 3.* generation. This change will
remain backwards compatible with previous versions. Notably, the
multipart forms version of requests remain supported; in addition
application/json requests are now natively supported.
(cherry picked from commit 0125fff200efe3259aa25953e7505f69679261f8)
|
|
(cherry picked from commit 4218a5bcb1093108e25d4e07fa07050b4f79d3d5)
|
|
|
|
|
|
|
|
|
|
(cherry picked from commit beac82b2d0d4bad182718cc8159f79150c5a71ae)
|
|
(cherry picked from commit c2a1c071e7d0a9ca754d7f5016eed7db188b3d1a)
|
|
(cherry picked from commit fd9032fb7bfc86d4e8901e348bc0afdc83e07413)
|
|
vyos@vyos:~$ show hardware storage nvme
Node SN Model Namespace Usage Format FW Rev
---------------- -------------------- ---------------------------------------- --------- -------------------------- ---------------- --------
/dev/nvme0n1 S437Nxxxxxxxxx SAMSUNG MZQLB960HAJR-00007 1 25.17 GB / 960.20 GB 512 B + 0 B EDA5202Q
/dev/nvme1n1 S437Nxxxxxxxxx SAMSUNG MZQLB960HAJR-00007 1 38.36 GB / 960.20 GB 512 B + 0 B EDA5202Q
vyos@vyos:~$ show hardware storage smart nvme0n1
=== START OF INFORMATION SECTION ===
Model Number: SAMSUNG MZQLB960HAJR-00007
Serial Number: S437Nxxxxxxxxx
...
|
|
generate wireguard mobile-config wg0 server wg.vyos.net address 1.2.2.2/24
WireGuard client configuration for interface: wg0
[Interface]
PrivateKey = AEXrZ4b3xFVLg1lql3hy/93+d43q3+3vPdSMUGI6/Fo=
Address = 1.2.2.2/24
[Peer]
PublicKey = h1HkYlSuHdJN6Qv4Hz4bBzjGg5WUty+U1L7DJsZy1iE=
Endpoint = wg.vyos.net:41751
AllowedIPs = 0.0.0.0/0, ::/0
The servers public key and port are automatically extracter from the running
config.
(cherry picked from commit 92d62740a1dd84d27ed3006cdc8d2560673f6bca)
|
|
Add a new CLI command "monitor log colored" to run the log file monitoring
through grc (https://github.com/garabik/grc).
(cherry picked from commit 6330708f7ad50e56b16e1c7bc671eaddcd758bdb)
|
|
(cherry picked from commit 52323dcd620ef1b6d716787c9c4729b9ae9ee7e0)
|
|
|
|
|
|
|
|
vyos.util depends partially on python3-psutil, and some smoketests executed
via "make test" include vyos.util, thus ensure the package is available.
|
|
|
|
|
|
Basic proxy functionality is working but the squidguard smoketest still fails
as this is yet not implemented.
|
|
|
|
|
|
|
|
|
|
The dependency on the WireGuard modules actually depend on the runnning Kernel.
While already working on 5.9 support which has a buildin version of WireGuard,
this also eases ARM development.
|
|
Python value
We should not use hardcoded Python values whenever possible. vyos.xml provides
an abstraction of the XML CLI definitions providing default values from the CLI
specified via the <defaultValue> node.
This increases consistency among all XML/Python wrappers.
Additional small fixes in this commit (besides the bad practice incorporating
unrelated changes into the same commit) contain:
- Keyboard layout shout be explicitly set for /dev/console
- Added missing Debian dependency on console-data
- When looking for a key in a dict, we do not need to specify dict.keys()
|
|
Add new CLI command "set system options performance <latency | throughput>"
|
|
|
|
|
|
There is a shim which is compiled by GCC per target architecture.
|
|
This reverts commit bd076f694a763991a0b0d3a7bb0fa5d194d56d7c.
|
|
|
|
|
|
|
|
vyos-smoketest-integration (T2832)
* 'master' of github.com:vyos/vyos-smoketest: (153 commits)
pppoe-server: test some more values
lcd: adjust to cli changes
lcd: adapt test to new CLI design
pppoe-server: initial smoketest with local and radius auth
pppoe: validate dhcpv6 client will be started
wireless: validate hostapd/wpa_supplicant is running
pppoe: sync to new dhcpv6-pd cli
anyconnect: T2812: add basic testing
ethernet: check interface disable state
router-advert: check 'infinity' option in script logic
ssh: config file is now volatile (moved to /run)
ipv6: link-local: test address assignment on interfaces
router-advert: add initial test
mdns-repeater: add basic test
pseudo-ethernet: extend smoketests with VIFs
l2tpv3: add initial interface test
wireless: use library function for loading kernel modules
ethernet: test "ip" subtree of interface for e.g. ARP settings
pppoe: use assertEqual()
service: bcast-relay: add initial tests
...
|
|
|
|
|
|
|
|
|
|
It supports NDP protocol monitoring.
The submission supports the following features:
- Support the monitoring of specified port or all ports
- Supports monitoring of specific message types
- Support sending specific NDP message
|
|
ids: T2659: Implement fastnetmon support
|
|
|
|
This commit adds the python module vyos.frr that support reading and modifying the frr cofiguration.
Functions
get_configuration() :
Collects the configuration from FRR and returns it as a string
reload_configuration() :
uses frr-reload.py to activate a new configuration.
The configuration applied will overwrite the current configuration.
mark_configuration() :
Does syntax check/validation and add "end" tags to the configuration
The marked configuration will be returned as a string
A syntax fault will render an Exception
execute() :
Execute a command inside vtysh
configure() :
Executes a command in vtysh config mode
replace_section() / _replace_section() :
Adds the ability to replace a section of frr code
remove_section() :
Removes the specified configuration block from the config
For now this supports replacing complete config sub-blocks of configuration and selecting the daemon
to replace inside. This should work for most daemons, but static routing will still be an issue because
this is not a separate sub-config mode
|
|
Depends field of package vyos-smoketest: substitution variable ${shlibs:Depends}
used, but is not defined
|
|
default-doct
* 'T2588' of https://github.com/thomas-mangin/vyos-1x:
xml: T2588: code to extract defaults values from xml
|
