summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2023-10-02T5165: Migrate policy local-route rule x destination to addressViacheslav Hletenko
Migrate policy local-route <destination|source> to node address replace 'policy local-route{v6} rule <tag> destination|source <x.x.x.x>' => 'policy local-route{v6} rule <tag> destination|source address <x.x.x.x>' (cherry picked from commit 9f7a5f79200782f7849cab72f55a39dedf45f214)
2023-09-28mdns: T5615: Allow controlling IP version to use for mDNS repeaterIndrajit Raychaudhuri
This commit adds a new configuration option to the mDNS repeater service to allow controlling which IP version to use for mDNS repeater. Additionally, publishing AAAA record over IPv4 and A record over IPv6 is disabled as suggested. See: - https://github.com/lathiat/avahi/issues/117#issuecomment-1651475104 - https://bugzilla.redhat.com/show_bug.cgi?id=669627#c2 (cherry picked from commit e66f7075ee12ae3107d29efaf683442c3535e8b9)
2023-09-28Merge pull request #2319 from vyos/mergify/bp/sagitta/pr-2313Christian Breunig
T5165: Add option protocol for policy local-route (backport #2313)
2023-09-28firewall: T5614: Add support for matching on conntrack helpersarthurdev
(cherry picked from commit 81dee963a9ca3224ddbd54767a36efae5851a001)
2023-09-28T5165: Add option protocol for policy local-routeViacheslav Hletenko
Add option `protocol` for policy local-route set policy local-route rule 100 destination '192.0.2.12' set policy local-route rule 100 protocol 'tcp' set policy local-route rule 100 set table '100' (cherry picked from commit 96b8b38a3c17aa08fa964eef9141cf89f1c1d442)
2023-09-22Merge pull request #2291 from vyos/mergify/bp/sagitta/pr-2284Christian Breunig
bgp: T5596: add new features from FRR 9 (backport #2284)
2023-09-21T5602: Reverse-proxy add option backup for backend serverViacheslav Hletenko
A `backup` server can be defined to take over in the case of all other backends failing set load-balancing reverse-proxy backend <tag> server <tag> address '192.0.2.3' set load-balancing reverse-proxy backend <tag> server <tag> port '8883' set load-balancing reverse-proxy backend <tag> server <tag> backup (cherry picked from commit cb297aea56da91144c53be1f396b64a26a8e5b04)
2023-09-19bgp: T5596: add new features from FRR 9Christian Breunig
* Add BGP Software Version capability (draft-abraitis-bgp-version-capability) set protocols bgp neighbor 192.0.2.1 capability software-version * Add BGP neighbor path-attribute treat-as-withdraw command set protocols bgp neighbor 192.0.2.1 path-attribute treat-as-withdraw (cherry picked from commit d285355716708a46767c18661976906812da8a3c)
2023-09-19isis: T5597: add new features from FRR 9Christian Breunig
* Add support for IS-IS advertise-high-metrics set protocols isis advertise-high-metrics * Add support for IS-IS advertise-passive-only set protocols isis advertise-passive-only (cherry picked from commit f7d35c15256ea74ab32c9b978a5c6fdbd659a7a0)
2023-09-15T5586: Disable by default SNMP for Keeplived VRRP serviceViacheslav Hletenko
AgentX does not work stable. From time to time we see the system service crashing/degrading if something is wrong with SNMP from util net-snmp. We should disable it by default and enable it only if configured. set high-availability vrrp snmp (cherry picked from commit 47875457cd8b176f7f23a3141175d745aeb14d8a)
2023-09-14Merge pull request #2212 from sever-sever/T5480-sagDaniil Baturin
T5480: Ability to disable SNMP for keepalived service VRRP
2023-09-13T5576: Add BGP remove-private-as all optionViacheslav Hletenko
Add the ability to use the option all for remove-private-as. Remove private ASNs in outbound updates. all - Apply to all AS numbers set protocols bgp neighbor <tag> address-family ipv4-unicast remove-private-as all (cherry picked from commit d72024b11e127cc11931cfaee4d07944dceb1ea9)
2023-09-10T5567: Increase allowed range for maximum-object-size to 1000000 KB for the ↵Alain Lamar
webproxy service (cherry picked from commit 4401c6920fed08050832a00041021137e9efae54)
2023-09-09vxlan: T3700: support VLAN tunnel mapping of VLAN aware bridgesChristian Breunig
FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a VNI is configured against a container VXLAN interface which is referred to as a 'Single VXLAN device (SVD)'. Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI. Sample configuration of SVD with VLAN to VNI mappings is shown below. set interfaces bridge br0 member interface vxlan0 set interfaces vxlan vxlan0 external set interfaces vxlan vxlan0 source-interface 'dum0' set interfaces vxlan vxlan0 vlan-to-vni 10 vni '10010' set interfaces vxlan vxlan0 vlan-to-vni 11 vni '10011' set interfaces vxlan vxlan0 vlan-to-vni 30 vni '10030' set interfaces vxlan vxlan0 vlan-to-vni 31 vni '10031' (cherry picked from commit 7f6624f5a6f8bd1749b54103ea5ec9f010adf778)
2023-09-06T5480: Ability to disable SNMP for keepalived service VRRPViacheslav Hletenko
By default we enable `--snmp` for keepalived unit service Add ability to disable it set high-availability vrrp disable-snmp (cherry picked from commit 5ae730a52de2f284e45cd433bb0cf66c8508f2f7)
2023-09-03fix: sys-module auto-tab completionAnthony Rabbito
Signed-off-by: Anthony Rabbito <hello@anthonyrabbito.com>
2023-09-03feat(T5544): Allow CAP_SYS_MODULE to be set on containersAnthony Rabbito
Signed-off-by: Anthony Rabbito <hello@anthonyrabbito.com>
2023-09-01container: T4353: capitalize ascii -> ASCIIChristian Breunig
2023-08-31Merge pull request #2189 from sever-sever/T5531Christian Breunig
T5531: Containers add label option
2023-08-31T5531: Containers add label optionViacheslav Hletenko
Ability to set labels for container set container name c1 allow-host-networks set container name c1 image 'busybox' set container name c1 label mypods value 'My label for containers'
2023-08-31eapol: T4782: Support multiple CA chainssarthurdev
2023-08-25interface: T3509: Add per-interface IPv6 source validationsarthurdev
2023-08-23Merge pull request #2139 from dmbaturin/T5449-mss-probingChristian Breunig
system-ip: T5449: add TCP MSS probing options
2023-08-23Merge pull request #2159 from c-po/t5491-wifiChristian Breunig
wifi: T5491: allow white-/blacklisting station MAC addresses for security
2023-08-23Merge pull request #2160 from sever-sever/T5448Christian Breunig
T5448: Add configuration host-name for zabbix-agent
2023-08-23Merge pull request #2161 from sever-sever/T5463Christian Breunig
T5463: Container allow publish listen-addresses
2023-08-23bgp: T3759: add l3vpn "import vrf default" completion helperChristian Breunig
2023-08-23Merge pull request #2142 from nicolas-fort/T5450Christian Breunig
T5450: allow inverted matcher for interface and interface-group
2023-08-23T5463: Container allow publish listen-addressesViacheslav Hletenko
Ability to publish multiple IP/IPv6 addresses for container set container name c1 port web destination '80' set container name c1 port web listen-address '192.0.2.1' set container name c1 port web listen-address '2001:db8:1111::1' set container name c1 port web source '8080' --publish 192.0.2.1:8080:80/tcp --publish [2001:db8:1111::1]:8080:80/tcp
2023-08-23T5450: update smoketest and interface definition in order to work with new ↵Nicolas Fort
firewall cli
2023-08-23T5448: Add configuration host-name for zabbix-agentViacheslav Hletenko
Ability to configure host-name for zabbix-agent set service monitoring zabbix-agent host-name 'r-vyos'
2023-08-23Merge pull request #2156 from giga1699/T5447Christian Breunig
T5447: Initial support for MACsec static keys
2023-08-20T5447: Implement maintainer feedbackGiga Murphy
2023-08-20wifi: T5491: allow white-/blacklisting station MAC addresses for securityChristian Breunig
Station MAC address-based authentication means: * 'allow' accept all clients except the one on the deny list * 'deny' accept only clients listed on the accept list New CLI commands: * set interfaces wireless wlan0 security station-address mode <accept|deny> * set interfaces wireless wlan0 security station-address accept mac <mac> * set interfaces wireless wlan0 security station-address deny mac <mac>
2023-08-19bgp: T5466: rename type on CLI per-nexhop -> per-nexthop for l3vpn MPLS labelsChristian Breunig
This fixes a CLI typo added in commit 77ef9f800 ("T5466: L3VPN label allocation mode").
2023-08-18login: T5490: allow . (dot) in user home-directory pathChristian Breunig
his extends commit b9655365b ("login: T5490: add stricter validation for home-directory path") by adding a dot to the REGEX allow list. This was previously allowed and covered in out smoketests which failed.
2023-08-18T5447: Initial support for MACsec static keysGiga Murphy
2023-08-17Merge pull request #2130 from aapostoliuk/T5409-sagittaChristian Breunig
wireguard: T5409: Added 'set interfaces wireguard wgX threaded'
2023-08-17wireless: T5409: add per-client-thread CLI optionChristian Breunig
Provides a per-device control to enable/disable the threaded mode for all the napi instances of the given network device, without the need for a device up/down.
2023-08-17wireguard: T5409: rename threaded CLI not to per-client-threadChristian Breunig
Using threaded as CLI node is a very deep term used by kernel threads. To make this more understandable to users, rename the node to per-client-thread. It's also not necessary to test if any one peer is configured and probing if the option is set. There is a base test which requires at least one peer to be configured.
2023-08-17login: T5490: add stricter validation for home-directory pathChristian Breunig
2023-08-17radius: T5490: add stricter validation for keyChristian Breunig
2023-08-17system-ip: T5449: add TCP MSS probing optionsDaniil Baturin
2023-08-16 T5466: L3VPN label allocation modefett0
2023-08-16wireguard: T1843: add peer description CLI optionChristian Breunig
2023-08-11ipv6: T5464: add support for per-interface dad (duplicate address detection) ↵Christian Breunig
setting
2023-08-11ipv6: T5464: use proper XML default for DAD transmitsChristian Breunig
This is only a cosmetic change so that the default value is properly retrieved from the defaultValue XML node.
2023-08-11Merge pull request #2016 from nicolas-fort/T5160Christian Breunig
T5160: Firewall refactor
2023-08-11T5460: remove config-trap from firewallNicolas Fort
2023-08-11T5160: firewall refactor: fix regexep for connection-status. Create new file ↵Nicolas Fort
with common matcher for ipv4 and ipv6, and use include on all chains for all this comman matchers