Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-09-13 | zone-policy: T2199: Migrate zone-policy to firewall node | sarthurdev | |
2022-09-13 | firewall: T2199: Refactor firewall + zone-policy, move interfaces under ↵ | sarthurdev | |
firewall node * Refactor firewall and zone-policy rule creation and cleanup * Migrate interface firewall values to `firewall interfaces <name> <direction> name/ipv6-name <name>` * Remove `firewall-interface.py` conf script | |||
2022-09-07 | T1024: Firewall and Policy route: add option to match dscp value, both on ↵ | Nicolas Fort | |
firewall and in policy route | |||
2022-09-06 | T4670: policy route: extend matching criteria for policy route and route6. ↵ | Nicolas Fort | |
Matching criteria added: ttl/hoplimit and packet-length | |||
2022-09-03 | firewall: T4651: re-implement packet-length CLI option to use <multi/> | Christian Poessinger | |
2022-09-03 | firewall: T3568: improve default-action help string | Christian Poessinger | |
2022-09-03 | firewall: T3568: add XML include block for eq,gt,lt options | Christian Poessinger | |
2022-09-02 | Merge branch 'T4651' of https://github.com/nicolas-fort/vyos-1x into firewall | Christian Poessinger | |
* 'T4651' of https://github.com/nicolas-fort/vyos-1x: Firewall: T4651: Change proposed cli from ip-length to packet-length Firewall: T4651: Add options to match packet size on firewall rules. | |||
2022-09-01 | Firewall: T4651: Change proposed cli from ip-length to packet-length | Nicolas Fort | |
2022-08-31 | nat: T538: Move nat configs to /run directory | Viacheslav Hletenko | |
2022-08-30 | firewall: T4655: implement XML defaultValue for name and ipv6-name | Christian Poessinger | |
This extends the implementation of commit 0cc7e0a49094 ("firewall: T4655: Fix default action 'drop' for the firewall") in a way that we can now also use the XML <defaultValue> node under "firewall name" and "firewall ipv6-name". This is a much cleaner approach which also adds the default value automatically to the CLIs completion helper ("?"). | |||
2022-08-30 | firewall: T3568: cleanup XML help node - remove information passed via valueHelp | Christian Poessinger | |
2022-08-30 | firewall: T3568: rename XML building blocks to match CLI node name | Christian Poessinger | |
2022-08-29 | rpki: T4654: Fix RPKI cache description | Viacheslav Hletenko | |
Fix wrong descriptions for the RPKI server It was mentioned about the NTP server | |||
2022-08-27 | Firewall: T4651: Add options to match packet size on firewall rules. | Nicolas Fort | |
2022-08-26 | Merge pull request #1482 from sever-sever/T4631 | Christian Poessinger | |
nat66: T4631: Add port and protocol to nat66 conf | |||
2022-08-25 | proxy: T4642: allow https proxy transports | Christian Poessinger | |
2022-08-25 | telegraf: T3872: re-use existing XML building blocks | Christian Poessinger | |
2022-08-25 | telegraf: T4617: add VRF support | Christian Poessinger | |
2022-08-25 | Merge pull request #1478 from sever-sever/T4622 | Christian Poessinger | |
firewall: T4622: Add TCP MSS option | |||
2022-08-24 | proxy: T4642: bugfix regex, add hyphen to allow list | Christian Poessinger | |
2022-08-24 | Policy: T4641: allow only ipv4 prefixes on prefix-list | Nicolas Fort | |
2022-08-20 | nat66: T4631: Add port and protocol to nat66 | Viacheslav Hletenko | |
Ability to configure src/dst/translation port and protocol for SNAT and DNAT IPv6 | |||
2022-08-19 | Merge pull request #1476 from sever-sever/T4620 | Christian Poessinger | |
UPnP: T4211: T4620 Fix upnp template | |||
2022-08-19 | UPnP: T4611: Rule must be as prefix instead of an address | Viacheslav Hletenko | |
From the doc miniupnpd IP/mask format must be nnn.nnn.nnn.nnn/nn Comment out invalid option "anchor" | |||
2022-08-18 | firewall: T4622: Add TCP MSS option | Viacheslav Hletenko | |
Ability to drop|accept packets based on TCP MSS size set firewall name <tag> rule <tag> tcp mss '501-1460' | |||
2022-08-17 | nat: T538: Add static NAT one-to-one | Viacheslav Hletenko | |
Ability to set static NAT (one-to-one) in one rule set nat static rule 10 destination address '203.0.113.0/24' set nat static rule 10 inbound-interface 'eth0' set nat static rule 10 translation address '192.0.2.0/24' It will be enough for PREROUTING and POSTROUTING rules Use a separate table 'vyos_static_nat' as SRC/DST rules and STATIC rules can have the same rule number | |||
2022-08-16 | upnp: T4613: Verify listen key in dictionary | Viacheslav Hletenko | |
There is no check if 'listen' is exist in the dictionary, fix it Fix odd ValueHelp format | |||
2022-08-15 | ocserv: openconnect: T4614: add support for split-dns | Christian Poessinger | |
set vpn openconnect network-settings split-dns <domain> | |||
2022-08-10 | l2tp: T4603: Add RADIUS nas-ip-address option | Viacheslav Hletenko | |
Add l2tp authentication radius nas-ip-address option which will be sent in NAS-IP-Address Radius attribute | |||
2022-08-08 | nat66: T4598: add file nat-exclue.xml.i, which is invoked by nat66.xml.in ↵ | Nicolas Fort | |
and nat-rule.xml.i | |||
2022-08-05 | nat66: T4598: Add exclude options in nat66 | Nicolas Fort | |
2022-08-04 | Merge https://github.com/Cheeze-It/vyos-1x into current | Christian Poessinger | |
* https://github.com/Cheeze-It/vyos-1x: bgp: T4257: Changing BGP "local-as" to "system-as" | |||
2022-08-04 | Merge pull request #1457 from sever-sever/T4586 | Christian Poessinger | |
nat66: T4586: Add SNAT destination prefix and DNAT address | |||
2022-08-03 | Merge pull request #1369 from nicolas-fort/T4480 | Daniil Baturin | |
T4480: webproxy: Add safe-ports and ssl-safe-ports for acl squid config | |||
2022-08-03 | nat66: T4586: Add SNAT destination prefix and DNAT address | Viacheslav Hletenko | |
Ability to configure SNAT destination prefix and DNAT source address Add option "!" - not address/prefix for NAT66 | |||
2022-08-01 | mtu: T4572: Add DHCP-option MTU to get values from DHCP-server | Viacheslav Hletenko | |
Ability to get MTU from DHCP-server and don't touch it per any interface change if interface 'dhcp-options mtu' is configured | |||
2022-07-30 | bgp: T4257: Changing BGP "local-as" to "system-as" | Cheeze_It | |
bgp: T4257: Changing BGP "local-as" to "system-as" This change is to change the global BGP name for the node "local-as" to "system-as" This is needed so that there's less ambiguity with the local-as feature per neighbor. bgp: T4257: Changing BGP "local-as" to "system-as" bgp: T4257: Changing BGP "local-as" to "system-as" This change is to change the global BGP name for the node "local-as" to "system-as" This is needed so that there's less ambiguity with the local-as feature per neighbor. | |||
2022-07-29 | Merge pull request #1403 from sever-sever/T4518 | Christian Poessinger | |
lb-wan: T4518: Add XML for conf mode load-balancing wan | |||
2022-07-25 | fastnetmon: T4556: Allow configure white_list_path and populate with ↵ | Adrian Almenar | |
hosts/networks that should be ignored. | |||
2022-07-24 | graphql: T3993: disable introspection unless set in CLI | John Estabrook | |
2022-07-24 | graphql: T3993: add interface-definition for gql | John Estabrook | |
2022-07-23 | route-map: T4542: match prefix-len Kernel notice | goodNETnick | |
2022-07-22 | Merge pull request #1421 from vfreex/radvd-prefix-specific-options | Christian Poessinger | |
T4550: router-advert: Add deprecate-prefix & decrement-lifetimes options | |||
2022-07-21 | fastnetmon: T4553: reduce ban-time lower limit to 1 second | Christian Poessinger | |
2022-07-21 | fastnetmon: T4555: add IPv6 support | Christian Poessinger | |
2022-07-21 | fastnetmon: T4553: band-time - zero value is prohibited | Christian Poessinger | |
2022-07-21 | T4550: router-advert: Add deprecate-prefix & decrement-lifetimes options | Yuxiang Zhu | |
DeprecatePrefix and DecrementLifetimes options in radvd is useful in a DHCPv6-PD environment to accommodate prefix changes from ISP's delegating router. Though there is currently no integration between the DHCP PD client (wide-dhcpv6-client) and radvd, it could be a good start point to have the 2 options configurable by the user. https://phabricator.vyos.net/T4550 - deprecate-prefix: Upon shutdown, deprecate the prefix. This is useful in a DHCPv6 PD environment: When ISP re-assigns a new prefix, deprecate the old prefix that was advertised. - decrement-lifetimes: Decrement the values of the preferred and valid lifetimes for the prefix over time. This is also useful in a DHCPv6 PD environment to keep the advertised prefix's lifetimes in sync with the prefix from delegating router. | |||
2022-07-21 | fastnetmon: T4553: Allow to configure ban_time instead of 1900s default value | Adrian Almenar | |
2022-07-20 | T4480:webproxy: Add safe-ports and ssl-safe-ports for acel squid config -- ↵ | Nicolas Fort | |
Fix conflicts |