summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2023-07-19sshguard: T5354: Add service ssh dynamic-protectionViacheslav Hletenko
Sshguard protects hosts from brute-force attacks It can inspect logs and block "bad" addresses by threshold Auto-generates own tables and rules for nftables, so they are not intercept with VyOS firewall rules. When service stops, all generated tables are deleted. set service ssh dynamic-protection set service ssh dynamic-protection allow-from '192.0.2.1' set service ssh dynamic-protection block-time '120' set service ssh dynamic-protection detect-time '1800' set service ssh dynamic-protection threshold '30'
2023-05-04cloud-init: T5190: Added Cloud-init pre-configuratorzsdc
Added a new service that starts before Cloud-init, waits for all network interfaces initialization, and if requested by config, checks which interfaces can get configuration via DHCP server and creates a corresponding Cloud-init network configuration. This protects from two situations: * when Cloud-init tries to get meta-data via eth0 (default and fallback variant for any data source which depends on network), but the real network is connected to another interface * when Cloud-init starts simultaneously with udev and initializes the first interface to get meta-data before it is renamed to eth0 by udev
2023-02-04T4975: always sync() filesystem after commitChristian Breunig
(cherry picked from commit 29a44a73c638cb22839aa32986de367231b6efe9)
2022-12-31Debian: T578: add skopeo dependency on vyos-1x-smoketestChristian Poessinger
Dependency is required for the test Docker OCI image used within the smoketest framework
2022-12-30container: T578: backport podman from 1.4 development branchChristian Poessinger
2022-11-15backport: T4815: Fix various name server config issuesYuxiang Zhu
This is a backport of https://github.com/vyos/vyos-1x/pull/1656. Note I also changed `ip-down.script.tmpl` to not wait for `systemctl stop dhcp6c@$iface.service`, because that command is slow and pppd will kill the ip-down script if it times out. I didn't see `ip-down.script.tmpl` or its equivalent in the 1.4 branch. Not sure if there is another mechanism to handle that functionality or it is missed.
2022-08-16Debian: T4584: remove version number from hostap package requirementChristian Poessinger
(cherry picked from commit 681bdf2946d1d10f3b432f70452a8d018b7a98ae)
2022-04-03wwan: T4324: cronjob is setup via interfaces-wwan.py - drop dedicated cron fileChristian Poessinger
(cherry picked from commit 5faeacd1111a83e5859b98ccc4193cb6017cdba8)
2022-03-05conntrackd: T4259: fix daemon configuration pathChristian Poessinger
(cherry picked from commit aa8080d316dbeb4d26bf67f6d67efeda43b2bc07)
2022-03-05conntrackd: T4259: prevent startup of multiple daemon instancesChristian Poessinger
(cherry picked from commit 2c94c3ec72a559de405b29b4399250db3085717e)
2022-02-08monitoring: T3872: Add new feature service monitoring telegrafViacheslav Hletenko
2022-02-08monitoring: T3872: Add required telegraf version >=1.20Viacheslav Hletenko
2021-12-09conntrack: T3535: add keepalived notifications for node transitionsChristian Poessinger
(cherry picked from commit d7f0cbdc102a1186cec80d0ebf29b8f4ef415435)
2021-11-18wwan: T3795: periodically check if WWAN connection needs a reconnectChristian Poessinger
2021-11-07http api: T3412: use FastAPI as web framework; support application/jsonJohn Estabrook
Replace the Flask micro-framework with FastAPI, in order to support extensions to the API and OpenAPI 3.* generation. This change will remain backwards compatible with previous versions. Notably, the multipart forms version of requests remain supported; in addition application/json requests are now natively supported. (cherry picked from commit 0125fff200efe3259aa25953e7505f69679261f8)
2021-10-10lcd: T2564: add support for hd44780 displaysChristian Poessinger
(cherry picked from commit 4218a5bcb1093108e25d4e07fa07050b4f79d3d5)
2021-08-12login: T3746: inform users about pending rebootsChristian Poessinger
(cherry picked from commit 7e52a7079afb522d1456833023ad58fa8b05e880)
2021-07-13T3663: python3-inotify should be a runtime dependencyJohn Estabrook
2021-07-13T3663: prerequisites for inotify-based watching implementations.Daniil Baturin
2021-06-22Debian: add missing dependency on bridge-utilsChristian Poessinger
2021-06-21Debian: add missing dependencies on iproute2, sudo, sed and vyatta-bashChristian Poessinger
2021-06-13Debian: T3611: add libqmi-utils as new dependency for WWANChristian Poessinger
(cherry picked from commit beac82b2d0d4bad182718cc8159f79150c5a71ae)
2021-06-13wwan: T3620: rename "wirelessmodem wlm" interfaces to new wwan interface treeChristian Poessinger
(cherry picked from commit c2a1c071e7d0a9ca754d7f5016eed7db188b3d1a)
2021-06-06Debian: add missing dependency on vyatta-cfgChristian Poessinger
(cherry picked from commit fd9032fb7bfc86d4e8901e348bc0afdc83e07413)
2021-05-23op-mode: storage: T3572: add S.M.A.R.T. status supportChristian Poessinger
vyos@vyos:~$ show hardware storage nvme Node SN Model Namespace Usage Format FW Rev ---------------- -------------------- ---------------------------------------- --------- -------------------------- ---------------- -------- /dev/nvme0n1 S437Nxxxxxxxxx SAMSUNG MZQLB960HAJR-00007 1 25.17 GB / 960.20 GB 512 B + 0 B EDA5202Q /dev/nvme1n1 S437Nxxxxxxxxx SAMSUNG MZQLB960HAJR-00007 1 38.36 GB / 960.20 GB 512 B + 0 B EDA5202Q vyos@vyos:~$ show hardware storage smart nvme0n1 === START OF INFORMATION SECTION === Model Number: SAMSUNG MZQLB960HAJR-00007 Serial Number: S437Nxxxxxxxxx ...
2021-04-25wireguard: T1802: generate QR code for clients on CLIChristian Poessinger
generate wireguard mobile-config wg0 server wg.vyos.net address 1.2.2.2/24 WireGuard client configuration for interface: wg0 [Interface] PrivateKey = AEXrZ4b3xFVLg1lql3hy/93+d43q3+3vPdSMUGI6/Fo= Address = 1.2.2.2/24 [Peer] PublicKey = h1HkYlSuHdJN6Qv4Hz4bBzjGg5WUty+U1L7DJsZy1iE= Endpoint = wg.vyos.net:41751 AllowedIPs = 0.0.0.0/0, ::/0 The servers public key and port are automatically extracter from the running config. (cherry picked from commit 92d62740a1dd84d27ed3006cdc8d2560673f6bca)
2021-04-04T3457: output the "monitor log" command in a colorful wayChristian Poessinger
Add a new CLI command "monitor log colored" to run the log file monitoring through grc (https://github.com/garabik/grc). (cherry picked from commit 6330708f7ad50e56b16e1c7bc671eaddcd758bdb)
2021-04-03Debian: T2108: add minisign dependencyChristian Poessinger
(cherry picked from commit 52323dcd620ef1b6d716787c9c4729b9ae9ee7e0)
2021-03-22Merge pull request #782 from erkin/equuleusJohn Estabrook
T3284: Merge Paramiko-based remote.py implementation
2021-03-22T3284: Merge Paramiko-based remote.py implementationerkin
2021-03-14xdp: T2666: remove entire XDP code for 1.3 LTS imageChristian Poessinger
This is an extension to commit 801c5235 ("xdp: T2666: disable this highly experimental feature in 1.3 LTS") by dropping all XDP references in the equuleus codebase.
2021-01-10Merge branch 'current' of github.com:vyos/vyos-1x into equuleusChristian Poessinger
* 'current' of github.com:vyos/vyos-1x: op-mode: T3178: add "monitor protocols <bgp|ospf|ospfv3|rib|rip|ripng>" commands op-mode: T3178: add remaining "show ipv6 ospfv3 database" commands from vyatta-op-quagga op-mode: T3178: migrate most of the OSPFv3 parts to re-includable snippets xml: op-mode: add preprocessor support as known from configuration mode Debian: vyos-1x depends on python3-spinx for "make docs" ospf: T3198: Fix show information for database tag nodes login: radius: T3192: remove debug print() xml: convert tab to space in "system login"
2021-01-10Debian: vyos-1x depends on python3-spinx for "make docs"Christian Poessinger
2021-01-08Merge branch 'current' of github.com:vyos/vyos-1x into equuleusChristian Poessinger
* 'current' of github.com:vyos/vyos-1x: (30 commits) smoketest: dummy: fix indent smoketest: bridge: bond: enable ip subsystem tests smoketest: interfaces: dhcpv6pd final fix smoketest: ethernet: fix link-speed loop test Debian: add build-dependency on python3-jinja2 smoketest: ethernet: verify() speed/duplex must both be auto or discrete smoketest: interfaces: report skipped tests smoketest: ethernet: bugfixes for dhcpc6 and unknown interfaces Debian: add python3-psutil build dependency smoketest: ethernet: check for error on non existing interface vyos.configverify: provide generic helper to check for interface existence smoketest: interfaces: fix dhcpv6 pd testcase when using multiple interfaces login: radius: T3192: migrate to get_config_dict() ssh: T2635: harden Jinja2 template and daemon startup ssh: T2635: change sshd_config path to /run/sshd login: radius: T3192: support IPv6 server(s) and source-address xml: include: provide generic include for disable node xml: radius: T3192: split individual nodes to discrete includes bgp: T2174: verify() existence of route-map and prefix-list smoketest: interfaces: test dhcpv6 pd sla-id auto increment ...
2021-01-07Debian: add build-dependency on python3-jinja2Christian Poessinger
2021-01-07Debian: add python3-psutil build dependencyChristian Poessinger
vyos.util depends partially on python3-psutil, and some smoketests executed via "make test" include vyos.util, thus ensure the package is available.
2021-01-04Update debian version.Daniil Baturin
2020-12-28webproxy: T563: use new bash blacklist updaterChristian Poessinger
2020-12-28webproxy: T563: squidguard: support default rulesetChristian Poessinger
2020-12-28webproxy: T563: op-mode: initial command supportChristian Poessinger
2020-12-28webproxy: T563: migrate from old Perl code to XML and get_config_dict()Christian Poessinger
Basic proxy functionality is working but the squidguard smoketest still fails as this is yet not implemented.
2020-12-28ddns: T757: add missing dependencyChristian Poessinger
2020-12-19xdp: T2666: switch to example code provided by xdp-tutorialChristian Poessinger
2020-12-17Debian: xdp: T2666: add build dependenciesChristian Poessinger
2020-12-17xdp: T2666: initial XDP (generic mode) forwarding supportChristian Poessinger
The CLI command 'set interfaces ethernet <interface> offload-options xdp" enables the XDP generic mode on the given interface. vyos@vyos:~$ show interfaces ethernet eth1 eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 xdpgeneric/id:151 qdisc mq state DOWN group default qlen 1000 link/ether 00:50:56:bf:ef:aa brd ff:ff:ff:ff:ff:ff inet6 fe80::250:56ff:febf:efaa/64 scope link tentative valid_lft forever preferred_lft forever Description: fooa XDP code is thankfully copied from [1], thank you for this nice tutorial. NOTE: this is an experimental feature which might break your forwarding/filtering. [1]: https://medium.com/swlh/building-a-xdp-express-data-path-based-peering-router-20db4995da66
2020-12-14netplug: T3130: use Debian upstream versionChristian Poessinger
2020-11-23Debian: move wireguard-modules dependency to vyos-buildChristian Poessinger
The dependency on the WireGuard modules actually depend on the runnning Kernel. While already working on 5.9 support which has a buildin version of WireGuard, this also eases ARM development.
2020-11-14options: keyboard: T3038: use proper XML <defaultValue> over hardcoded ↵Christian Poessinger
Python value We should not use hardcoded Python values whenever possible. vyos.xml provides an abstraction of the XML CLI definitions providing default values from the CLI specified via the <defaultValue> node. This increases consistency among all XML/Python wrappers. Additional small fixes in this commit (besides the bad practice incorporating unrelated changes into the same commit) contain: - Keyboard layout shout be explicitly set for /dev/console - Added missing Debian dependency on console-data - When looking for a key in a dict, we do not need to specify dict.keys()
2020-11-06system: T3048: add dynamic performance tuning daemonChristian Poessinger
Add new CLI command "set system options performance <latency | throughput>"
2020-11-01test: vyos.validate: add unittestsChristian Poessinger