summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2022-09-16ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peerViacheslav Hletenko
Migration and Change boolean nodes "enable/disable" to disable-xxxx, enable-xxxx and just xxx for VPN IPsec configurations - IKE changes: - replace 'ipsec ike-group <tag> mobike disable' => 'ipsec ike-group <tag> disable-mobike' - replace 'ipsec ike-group <tag> ikev2-reauth yes|no' => 'ipsec ike-group <tag> ikev2-reauth' - ESP changes: - replace 'ipsec esp-group <tag> compression enable' => 'ipsec esp-group <tag> compression' - PEER changes: - replace: 'peer <tag> id xxx' => 'peer <tag> local-id xxx' - replace: 'peer <tag> force-encapsulation enable' => 'peer <tag> force-udp-encapsulation' - add option: 'peer <tag> remote-address x.x.x.x' Add 'peer <name> remote-address <name>' via migration script
2022-08-08nat66: T4598: add file nat-exclue.xml.i, which is invoked by nat66.xml.in ↵Nicolas Fort
and nat-rule.xml.i
2022-08-05nat66: T4598: Add exclude options in nat66Nicolas Fort
2022-08-04Merge https://github.com/Cheeze-It/vyos-1x into currentChristian Poessinger
* https://github.com/Cheeze-It/vyos-1x: bgp: T4257: Changing BGP "local-as" to "system-as"
2022-08-04Merge pull request #1457 from sever-sever/T4586Christian Poessinger
nat66: T4586: Add SNAT destination prefix and DNAT address
2022-08-03Merge pull request #1369 from nicolas-fort/T4480Daniil Baturin
T4480: webproxy: Add safe-ports and ssl-safe-ports for acl squid config
2022-08-03nat66: T4586: Add SNAT destination prefix and DNAT addressViacheslav Hletenko
Ability to configure SNAT destination prefix and DNAT source address Add option "!" - not address/prefix for NAT66
2022-08-01mtu: T4572: Add DHCP-option MTU to get values from DHCP-serverViacheslav Hletenko
Ability to get MTU from DHCP-server and don't touch it per any interface change if interface 'dhcp-options mtu' is configured
2022-07-30bgp: T4257: Changing BGP "local-as" to "system-as"Cheeze_It
bgp: T4257: Changing BGP "local-as" to "system-as" This change is to change the global BGP name for the node "local-as" to "system-as" This is needed so that there's less ambiguity with the local-as feature per neighbor. bgp: T4257: Changing BGP "local-as" to "system-as" bgp: T4257: Changing BGP "local-as" to "system-as" This change is to change the global BGP name for the node "local-as" to "system-as" This is needed so that there's less ambiguity with the local-as feature per neighbor.
2022-07-29Merge pull request #1403 from sever-sever/T4518Christian Poessinger
lb-wan: T4518: Add XML for conf mode load-balancing wan
2022-07-25fastnetmon: T4556: Allow configure white_list_path and populate with ↵Adrian Almenar
hosts/networks that should be ignored.
2022-07-24graphql: T3993: disable introspection unless set in CLIJohn Estabrook
2022-07-24graphql: T3993: add interface-definition for gqlJohn Estabrook
2022-07-23route-map: T4542: match prefix-len Kernel noticegoodNETnick
2022-07-22Merge pull request #1421 from vfreex/radvd-prefix-specific-optionsChristian Poessinger
T4550: router-advert: Add deprecate-prefix & decrement-lifetimes options
2022-07-21fastnetmon: T4553: reduce ban-time lower limit to 1 secondChristian Poessinger
2022-07-21fastnetmon: T4555: add IPv6 supportChristian Poessinger
2022-07-21fastnetmon: T4553: band-time - zero value is prohibitedChristian Poessinger
2022-07-21T4550: router-advert: Add deprecate-prefix & decrement-lifetimes optionsYuxiang Zhu
DeprecatePrefix and DecrementLifetimes options in radvd is useful in a DHCPv6-PD environment to accommodate prefix changes from ISP's delegating router. Though there is currently no integration between the DHCP PD client (wide-dhcpv6-client) and radvd, it could be a good start point to have the 2 options configurable by the user. https://phabricator.vyos.net/T4550 - deprecate-prefix: Upon shutdown, deprecate the prefix. This is useful in a DHCPv6 PD environment: When ISP re-assigns a new prefix, deprecate the old prefix that was advertised. - decrement-lifetimes: Decrement the values of the preferred and valid lifetimes for the prefix over time. This is also useful in a DHCPv6 PD environment to keep the advertised prefix's lifetimes in sync with the prefix from delegating router.
2022-07-21fastnetmon: T4553: Allow to configure ban_time instead of 1900s default valueAdrian Almenar
2022-07-20T4480:webproxy: Add safe-ports and ssl-safe-ports for acel squid config -- ↵Nicolas Fort
Fix conflicts
2022-07-20route-map: T4542: match prefix-len BGP noticegoodNETnick
2022-07-18macsec: T4537: allow 32-byte keys for gcm-aes-256Christian Poessinger
2022-07-15monitoring: T4411: add monitoring-version.xml.i to component-versionsJohn Estabrook
When adding a new component version file, one must also include the file in xml-component-version.xml.in
2022-07-10bond: T4522: add ability to specify mii monitor interval via CLIChristian Poessinger
Linux Kernel supports to specify the MII link monitoring frequency in milliseconds. This determines how often the link state of each slave is inspected for link failures. A value of zero disables MII link monitoring. A value of 100 is a good starting point. The default value is 100. set interfaces bonding bond0 mii-mon-interval <n>
2022-07-09ip: T4517: drop forwarding from CLI "system ip ↵Christian Poessinger
disable-directed-broadcast-forwarding"
2022-07-09ip: T4517: add option to enable directed broadcast forwardingYuxiang Zhu
Directed broadcast is described in rfc1812#section-5.3.5.2 and rfc2644. By default Linux kernel doesn't forward directed broadcast packets unless both of `/proc/sys/net/ipv4/conf/all/bc_forwarding` and `/proc/sys/net/ipv4/conf/$iface/bc_forwarding` are set to 1.
2022-07-08lb-wan: T4518: Add XML for conf mode load-balancing wanViacheslav Hletenko
Add XML for configuration mode "load-balancing wan" for the future rewriting this to Python Remove node from Makefile as Python code is not yet completed
2022-07-07monitoring: T4411: Migrate influxdb options to influxdb nodeViacheslav Hletenko
As we have specific configuration for each plugin: set service monitoring telegraf xxx - azure-data-explorer - prometheus-client - splunk We should to move configuration that related to influxdb under influxdb node Replace: set service monitoring telegraf - authentication xxx - bucket xxx - port xxx - url To: set service monitoring telegraf influxdb xxx
2022-07-07syslog: T4500: Remove max-size from rsyslog leaving rotation to logrotatesarthurdev
After discussion with @zsdc this was decided the better long term fix * Removes hourly logrotate cron in favour of systemd timer override
2022-07-05zone-policy: T4512: Add support for `enable-default-log`sarthurdev
2022-07-05Merge pull request #1389 from sever-sever/T4509Christian Poessinger
dns: T4509: Add dns64-prefix option
2022-07-05dns: T4509: Add dns64-prefix optionViacheslav Hletenko
rfc6147: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers set service dns forwarding dns64-prefix 2001:db8:aabb::/96
2022-07-04Merge pull request #1386 from sarthurdev/geoip_negateChristian Poessinger
firewall: T4299: Add ability to inverse match country-codes
2022-07-04firewall: T4299: Add ability to inverse match country codessarthurdev
2022-07-04ntp: T4456: support listening on specified interfaceChristian Poessinger
When clients only use DHCP for interface addressing we can not bind NTPd to an address - as it will fail if the address changes. This commit adds support to bind ntpd to a given interface in addition to a given address. set system ntp interface <name>
2022-07-04xml: include: interface - fix help stringChristian Poessinger
2022-07-04Merge pull request #1382 from sever-sever/T4378Viacheslav Hletenko
dns: T4378: Allow wildcard A AAAA record with option all
2022-07-04dns: T4378: Allow wildcard A AAAA record with option anyViacheslav Hletenko
Ability to set wildcard record for authoritative-domain set authoritative-domain example.com records a any address 192.0.2.11 cat /run/powerdns/zone.example.com.conf * 300 A 192.0.2.11
2022-07-02ipoe: T4507: Add option rate-limit for RADIUS authenticationViacheslav Hletenko
Add rate-limit options: attribute, muptiplier and vendor set service ipoe-server auth radius rate-limit attribute 'Mikrotik-Rate-Limit' set service ipoe-server auth radius rate-limit enable set service ipoe-server auth radius rate-limit multiplier '0.001' set service ipoe-server auth radius rate-limit vendor 'Miktorik'
2022-07-01Merge pull request #1380 from sarthurdev/ovpn-multi-caChristian Poessinger
openvpn: T4485: Accept multiple tls ca-certificate values
2022-07-01xml: update interface help stringsChristian Poessinger
2022-07-01xml: vti: T2455: state that VTI is now of type XFRMChristian Poessinger
2022-07-01vti: T2455: add IPv6 address supportChristian Poessinger
2022-07-01xml: include: add missing prefix in include file commentChristian Poessinger
2022-06-29router-advert: T4477: support RDNSS lifetime optionChristian Poessinger
set service router-advert interface eth0 name-server-lifetime <value>
2022-06-29xml: streamline interface definition filenames, drop _Christian Poessinger
Some files that described the CLI used underscores to split CLI levels, some others did not. This commit removes all underscores from the filename and only makes use of a hyphen.
2022-06-29bridge: add option to enable/disable IGMP/MLD snoopingYuxiang Zhu
This PR adds an config option to enable/disable IGMP/MLD snooping. ``` set interfaces bridge brN igmp snooping ```
2022-06-29openvpn: T4485: Accept multiple `tls ca-certificate` valuessarthurdev
2022-06-28mpls: T4489: Set priority 400 for MPLS after tunnelViacheslav Hletenko
Fix worng behavior with priority with using tunnel interfaces MPLS configuration must be applied after tunnel interfaces as we use an addition sysctl option 'net.mpls.conf.tun0.input = 1' which doesn't exist without tunnel interface Change priority: 299 protocols/mpls 380 interfaces/tunnel To: 380 interfaces/tunnel 400 protocols/mpls