Age | Commit message (Collapse) | Author | |
---|---|---|---|
2023-09-06 | firewall: T3509: Split IPv4 and IPv6 reverse path filtering like on interfaces | sarthurdev | |
2023-09-03 | fix: sys-module auto-tab completion | Anthony Rabbito | |
Signed-off-by: Anthony Rabbito <hello@anthonyrabbito.com> | |||
2023-09-03 | feat(T5544): Allow CAP_SYS_MODULE to be set on containers | Anthony Rabbito | |
Signed-off-by: Anthony Rabbito <hello@anthonyrabbito.com> | |||
2023-09-01 | container: T4353: capitalize ascii -> ASCII | Christian Breunig | |
2023-08-31 | Merge pull request #2189 from sever-sever/T5531 | Christian Breunig | |
T5531: Containers add label option | |||
2023-08-31 | T5531: Containers add label option | Viacheslav Hletenko | |
Ability to set labels for container set container name c1 allow-host-networks set container name c1 image 'busybox' set container name c1 label mypods value 'My label for containers' | |||
2023-08-31 | eapol: T4782: Support multiple CA chains | sarthurdev | |
2023-08-25 | interface: T3509: Add per-interface IPv6 source validation | sarthurdev | |
2023-08-23 | Merge pull request #2139 from dmbaturin/T5449-mss-probing | Christian Breunig | |
system-ip: T5449: add TCP MSS probing options | |||
2023-08-23 | Merge pull request #2159 from c-po/t5491-wifi | Christian Breunig | |
wifi: T5491: allow white-/blacklisting station MAC addresses for security | |||
2023-08-23 | Merge pull request #2160 from sever-sever/T5448 | Christian Breunig | |
T5448: Add configuration host-name for zabbix-agent | |||
2023-08-23 | Merge pull request #2161 from sever-sever/T5463 | Christian Breunig | |
T5463: Container allow publish listen-addresses | |||
2023-08-23 | bgp: T3759: add l3vpn "import vrf default" completion helper | Christian Breunig | |
2023-08-23 | Merge pull request #2142 from nicolas-fort/T5450 | Christian Breunig | |
T5450: allow inverted matcher for interface and interface-group | |||
2023-08-23 | T5463: Container allow publish listen-addresses | Viacheslav Hletenko | |
Ability to publish multiple IP/IPv6 addresses for container set container name c1 port web destination '80' set container name c1 port web listen-address '192.0.2.1' set container name c1 port web listen-address '2001:db8:1111::1' set container name c1 port web source '8080' --publish 192.0.2.1:8080:80/tcp --publish [2001:db8:1111::1]:8080:80/tcp | |||
2023-08-23 | T5450: update smoketest and interface definition in order to work with new ↵ | Nicolas Fort | |
firewall cli | |||
2023-08-23 | T5448: Add configuration host-name for zabbix-agent | Viacheslav Hletenko | |
Ability to configure host-name for zabbix-agent set service monitoring zabbix-agent host-name 'r-vyos' | |||
2023-08-23 | Merge pull request #2156 from giga1699/T5447 | Christian Breunig | |
T5447: Initial support for MACsec static keys | |||
2023-08-20 | T5447: Implement maintainer feedback | Giga Murphy | |
2023-08-20 | wifi: T5491: allow white-/blacklisting station MAC addresses for security | Christian Breunig | |
Station MAC address-based authentication means: * 'allow' accept all clients except the one on the deny list * 'deny' accept only clients listed on the accept list New CLI commands: * set interfaces wireless wlan0 security station-address mode <accept|deny> * set interfaces wireless wlan0 security station-address accept mac <mac> * set interfaces wireless wlan0 security station-address deny mac <mac> | |||
2023-08-19 | bgp: T5466: rename type on CLI per-nexhop -> per-nexthop for l3vpn MPLS labels | Christian Breunig | |
This fixes a CLI typo added in commit 77ef9f800 ("T5466: L3VPN label allocation mode"). | |||
2023-08-18 | login: T5490: allow . (dot) in user home-directory path | Christian Breunig | |
his extends commit b9655365b ("login: T5490: add stricter validation for home-directory path") by adding a dot to the REGEX allow list. This was previously allowed and covered in out smoketests which failed. | |||
2023-08-18 | T5447: Initial support for MACsec static keys | Giga Murphy | |
2023-08-17 | Merge pull request #2130 from aapostoliuk/T5409-sagitta | Christian Breunig | |
wireguard: T5409: Added 'set interfaces wireguard wgX threaded' | |||
2023-08-17 | wireless: T5409: add per-client-thread CLI option | Christian Breunig | |
Provides a per-device control to enable/disable the threaded mode for all the napi instances of the given network device, without the need for a device up/down. | |||
2023-08-17 | wireguard: T5409: rename threaded CLI not to per-client-thread | Christian Breunig | |
Using threaded as CLI node is a very deep term used by kernel threads. To make this more understandable to users, rename the node to per-client-thread. It's also not necessary to test if any one peer is configured and probing if the option is set. There is a base test which requires at least one peer to be configured. | |||
2023-08-17 | login: T5490: add stricter validation for home-directory path | Christian Breunig | |
2023-08-17 | radius: T5490: add stricter validation for key | Christian Breunig | |
2023-08-17 | system-ip: T5449: add TCP MSS probing options | Daniil Baturin | |
2023-08-16 | T5466: L3VPN label allocation mode | fett0 | |
2023-08-16 | wireguard: T1843: add peer description CLI option | Christian Breunig | |
2023-08-11 | ipv6: T5464: add support for per-interface dad (duplicate address detection) ↵ | Christian Breunig | |
setting | |||
2023-08-11 | ipv6: T5464: use proper XML default for DAD transmits | Christian Breunig | |
This is only a cosmetic change so that the default value is properly retrieved from the defaultValue XML node. | |||
2023-08-11 | Merge pull request #2016 from nicolas-fort/T5160 | Christian Breunig | |
T5160: Firewall refactor | |||
2023-08-11 | T5460: remove config-trap from firewall | Nicolas Fort | |
2023-08-11 | T5160: firewall refactor: fix regexep for connection-status. Create new file ↵ | Nicolas Fort | |
with common matcher for ipv4 and ipv6, and use include on all chains for all this comman matchers | |||
2023-08-11 | T5160: firewall refactor: change default value for <default-action> from ↵ | Nicolas Fort | |
<drop> to <accept> if default-action is not specified in base chains | |||
2023-08-11 | T5160: firewall refactor: move <set firewall ipv6 ipv6-name ...> to <set ↵ | Nicolas Fort | |
firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip. | |||
2023-08-11 | T5160: firewall refactor: change firewall ip to firewall ipv4 | Nicolas Fort | |
2023-08-11 | T5160: firewall refactor: new cli structure. Update only all xml | Nicolas Fort | |
2023-08-11 | T5448: Move zabbix-agent to node monitoring | Viacheslav Hletenko | |
Move 'service zabbix-agent' => 'service monitoring zabbix-agent' | |||
2023-08-10 | Merge pull request #2140 from sever-sever/T5448 | Daniil Baturin | |
T5448: Add service zabbix-agent | |||
2023-08-09 | openvpn: T5271: add peer certificate fingerprint option | Daniil Baturin | |
2023-08-09 | T5448: Add service zabbix-agent version 2 | Viacheslav Hletenko | |
Add service zabbix-agent set service zabbix-agent directory '/config/zabbix/' set service zabbix-agent limits buffer-flush-interval '8' set service zabbix-agent limits buffer-size '120' set service zabbix-agent log debug-level 'warning' set service zabbix-agent log size '1' set service zabbix-agent server '192.0.2.5' set service zabbix-agent server-active 192.0.2.5 port '10051' set service zabbix-agent server-active 2001:db8::123 | |||
2023-08-08 | Merge pull request #2119 from nicolas-fort/T5014-dnat | Christian Breunig | |
T5014: nat: add source and destination nat options for configuring lo… | |||
2023-08-07 | T5446: BGP: change <bgp paramater bestpath med> from node to leafNode, in ↵ | Nicolas Fort | |
order to avoid empty value and problems when removing such parameters | |||
2023-08-07 | wireguard: T5409: Added 'set interfaces wireguard wgX threaded' | aapostoliuk | |
Added 'set interfaces wireguard wgX threaded' command. Process traffic from each peer in a dedicated thread. | |||
2023-08-06 | dyndns: T5445: add possibility to specify update interval (timeout) | Christian Breunig | |
set service dns dynamic timeout <60-3600> | |||
2023-08-02 | dhcp: T5414: improve bootfile-name constraintx | Christian Breunig | |
Extend list of allowed characters for the bootfile-option. | |||
2023-08-02 | Merge pull request #2122 from aapostoliuk/T5413 | Christian Breunig | |
wireguard: T5413: Blocked adding the peer with the router's public key |