summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2024-05-29ISIS: T6332: Fix isis not working only ipv6fett0
2024-05-28T6406: rename cpus to cpuNicolas Vollmar
2024-05-28T6406: add container cpu limit optionNicolas Vollmar
2024-05-24load-balancing haproxy: T6391: fix typo in timeout help (#3513)Gregor Michels
Co-authored-by: Gregor Michels <hirnpfirsich@brainpeach.de>
2024-05-23Merge pull request #3399 from 0xThiebaut/suricataChristian Breunig
suricata: T751: Initial support for suricata
2024-05-23suricata: T751: remove implicit default dictionaryChristian Breunig
2024-05-23suricata: T751: move CLI from "service ids suricata" -> "service suricata"Christian Breunig
2024-05-23Merge pull request #3487 from Embezzle/T6370Christian Breunig
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses
2024-05-22nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel ↵Christian Breunig
>=5.0 random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454
2024-05-21reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responsesAlex W
2024-05-21T6375: Fix/Update NAT loggingl0crian1
Fixed broken logging for "show log nat" Added the following commands: show log nat source show log nat source rule <ruleNum> show log nat destination nat show log nat destination nat rule <ruleNum> show log nat static show log nat static rule <ruleNum>
2024-05-18T5169: Allow to set CGNAT multiple internal poolsViacheslav Hletenko
Allow to set multiple CGNAT internal pools ``` set nat cgnat pool internal int-01 range '100.64.0.0/28' set nat cgnat pool internal int-01 range '100.64.222.11-100.64.222.14' ```
2024-05-17T6358: Add config option for host process namespaceNicolas Vollmar
2024-05-16Merge pull request #3450 from HollyGurza/T5756Christian Breunig
T5756: L2TP RADIUS backup and weight settings
2024-05-15T5756: L2TP RADIUS backup and weight settingskhramshinr
2024-05-14T3420: Remove service upnpViacheslav Hletenko
Remove `service upnp` as it never worked as expected, nft rules do not integrated and custom patches do not seem like a suitable solution for now. Security: UPnP has been historically associated with security risks due to its automatic and potentially unauthenticated nature. UPnP devices might be vulnerable to unauthorized access or exploitation.
2024-05-13T6251: Extend table number limits for policy route-map set tablekhramshinr
2024-05-12Merge pull request #3447 from c-po/evpn-uplink-t6306Daniil Baturin
ethernet: T6306: add support for EVPN MH uplink/core tracking
2024-05-12suricata: T751: Initial support for suricataMaxime THIEBAUT
2024-05-11ethernet: T6306: add support for EVPN MH uplink/core trackingChristian Breunig
When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE. A link can be setup for uplink tracking via the following configuration: set interfaces ethernet eth0 evpn uplink
2024-05-10Merge pull request #3410 from fett0/T6303Christian Breunig
Bond: T6303: add system mac address on interfaces bond
2024-05-10bond: T6303: add system mac address on bondfett0
2024-05-09Merge pull request #3436 from natali-rs1985/T4393-currentChristian Breunig
sstp: T4393: Add support to configure host-name (SNI)
2024-05-09sstp: T4393: Add support to configure host-name (SNI)Nataliia Solomko
2024-05-09T6323: openvpn: Correction of auto-completion description of "mfa totp digits"srividya0208
2024-05-07T6305: accept ipoe interfaces on firewall rulesetNicolas Fort
2024-05-01Merge pull request #3392 from c-po/bgp-evpn-T6189Christian Breunig
bgp: T6189: L3VPN connectivity is broken after re-enabling VRF
2024-05-01vrf: T6189: render FRR L3VNI configuration when creating VRF instanceChristian Breunig
When adding and removing VRF instances on the fly it was noticed that the vni statement under the VRF instance in FRR vanishes. This was caused by a race condition which was previously designed to fix another bug. The wierd design of a Python helper below the VRF tree to only generate the VNI configuration nodes is now gone and all is rendered in the proper place.
2024-05-01Merge pull request #3364 from natali-rs1985/T6234-currentDaniil Baturin
pppoe-server: T6234: PPPoE-server pado-delay refactoring
2024-05-01T6287: Config-sync add the ability to configure API portViacheslav Hletenko
Add the ability to configure the API port if the API on the secondary server works on a non-default port. The primary node will connect to configured port for config-sync ``` set service config-sync secondary address '192.0.2.11' set service config-sync secondary port '8443' ```
2024-04-30T6169: DNS forwarding should allow underscore for srv recordViacheslav Hletenko
This srv recors looks valid: ``` set service dns forwarding authoritative-domain _tcp.db.mongors1.example.com records srv _mongodb entry 0 hostname 'mongors1.example.com' ``` But FQDN validator cannot validate it correctly, use regex to fix
2024-04-30Merge pull request #3374 from aapostoliuk/T6273Christian Breunig
T6273: Allowed the use of "-" and "_" in PPPoE access-concentrator name
2024-04-30T6273: Allowed the use of "-" and "_" in PPPoE access-concentrator nameaapostoliuk
Allowed the use of "-" and "_" in PPPoE access-concentrator name
2024-04-29openconnect: T4982: Support defining minimum TLS version in openconnect VPNAlex W
2024-04-25pppoe-server: T6234: PPPoE-server pado-delay refactoringNataliia Solomko
2024-04-25T6258: Add sysctl base-reachable-time for IPv6Viacheslav Hletenko
Add abiilty to change `base_reachable_time_ms` option /proc/sys/net/ipv6/neigh/{ifname}/base_reachable_time_ms
2024-04-23Merge pull request #3342 from fsdrw08/currentChristian Breunig
T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy config
2024-04-23T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy ↵Windom WU
config
2024-04-22Merge pull request #3339 from andre-luiz-dos-santos/patch-1Christian Breunig
xml: T5738: fix typo in radius-additions.xml.i
2024-04-22xml: T5738: fix typo in radius-additions.xml.iAndré Luiz dos Santos
2024-04-22Merge pull request #3337 from Embezzle/T6237Christian Breunig
T6237: IPSec remote access VPN: ability to set EAP ID of clients
2024-04-21T6237: IPSec remote access VPN: ability to set EAP ID of clientsAlex W
2024-04-21Merge pull request #3338 from nvollmar/haproxy-http-checkChristian Breunig
T6246: improve haproxy http check configuration
2024-04-21T6246: improve haproxy http check configurationNicolas Vollmar
2024-04-20gre: T6252: allow tunnel MTU to exceed 8024 bytesfett0
2024-04-17T6246: adds basic haproxy http-check configurationNicolas Vollmar
2024-04-16Merge pull request #3313 from sever-sever/T5722Daniil Baturin
T5722: Failover route add option onlink
2024-04-15T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify ↵Alex W
server certificates
2024-04-15T5722: Failover route add option onlinkViacheslav Hletenko
onlink pretend that the nexthop is directly attached to this link, even if it does not match any interface prefix. Useful when gateway not in the same interface network set interfaces ethernet eth0 vif 10 address '10.20.30.1/32' set protocols static route 10.20.30.0/32 interface eth0.10 set protocols failover route 192.0.2.11/32 next-hop 10.20.30.0 onlink ``` vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 metric 1 proto failover Error: Nexthop has invalid gateway. [edit] vyos@r4# [edit] vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 onlink metric 1 proto failover [edit] vyos@r4# ```
2024-04-15T5535: firewall: migrate command <set system ip disable-directed-broadcast> ↵Nicolas Fort
to firewall global-optinos
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-19 05:57:11 +0000