summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2022-09-16T4699: Firewall: Add jump action in firewall rulestNicolas Fort
2022-09-15bgp: T4696: add support for "bestpath peer-type multipath-relax"Christian Poessinger
Add new VyOS CLI command: set protocols bgp parameters bestpath peer-type multipath-relax This command specifies that BGP decision process should consider paths from all peers for multipath computation. If this option is enabled, paths learned from any of eBGP, iBGP, or confederation neighbors will be multipath if they are otherwise considered equal cost. [1] [1]: http://docs.frrouting.org/en/stable-8.3/bgp.html#clicmd-bgp-bestpath-peer-type-multipath-relax
2022-09-15Merge branch 'T4689' of https://github.com/jack9603301/vyos-1x into currentChristian Poessinger
* 'T4689' of https://github.com/jack9603301/vyos-1x: rfs: T4689: Support RFS(Receive Flow Steering)
2022-09-15rfs: T4689: Support RFS(Receive Flow Steering)jack9603301
2022-09-15conntrack: T4691: lower "tcp max-retrans" upper limitChristian Poessinger
Kernel 5.15.y and newer only support an upper boundary of 255. vyos@vyos:~$ sudo sysctl -w net.netfilter.nf_conntrack_tcp_max_retrans=255 net.netfilter.nf_conntrack_tcp_max_retrans = 255 vyos@vyos:~$ sudo sysctl -w net.netfilter.nf_conntrack_tcp_max_retrans=256 sysctl: setting key "net.netfilter.nf_conntrack_tcp_max_retrans": Invalid argument
2022-09-14keymap: T4695: Add Spain 'es' and Japan 'jp106' keymapsViacheslav Hletenko
Add Spain (es) and Japan (jp106) keymaps set system option keyboard-layout es|jp106
2022-09-14Merge pull request #1534 from sarthurdev/firewall_interfacesChristian Poessinger
firewall: zone-policy: T2199: T4605: Refactor firewall, migrate zone-policy
2022-09-13zone-policy: T2199: Migrate zone-policy to firewall nodesarthurdev
2022-09-13firewall: T2199: Refactor firewall + zone-policy, move interfaces under ↵sarthurdev
firewall node * Refactor firewall and zone-policy rule creation and cleanup * Migrate interface firewall values to `firewall interfaces <name> <direction> name/ipv6-name <name>` * Remove `firewall-interface.py` conf script
2022-09-12Revert "rfs: T4689: Support RFS(Receive Flow Steering)"Christian Poessinger
This reverts commit 53355271a2864d844daca89a064c21e514e10adb.
2022-09-12rfs: T4689: Support RFS(Receive Flow Steering)jack9603301
2022-09-10policy: T4685: fix non-existent inbound-interface on commitinitramfs
The local-policy and local-policy6 nodes were missing their priority property causing an ordering issue between the creation of dynamic interfaces (like VLAN/Bonding) and referencing said interface in PBR rules. Add a priority value to order local-policy(6) to be after all interface definitions.
2022-09-07T1024: Firewall and Policy route: add option to match dscp value, both on ↵Nicolas Fort
firewall and in policy route
2022-09-06T4670: policy route: extend matching criteria for policy route and route6. ↵Nicolas Fort
Matching criteria added: ttl/hoplimit and packet-length
2022-09-03firewall: T4651: re-implement packet-length CLI option to use <multi/>Christian Poessinger
2022-09-03firewall: T3568: improve default-action help stringChristian Poessinger
2022-09-03firewall: T3568: add XML include block for eq,gt,lt optionsChristian Poessinger
2022-09-02Merge branch 'T4651' of https://github.com/nicolas-fort/vyos-1x into firewallChristian Poessinger
* 'T4651' of https://github.com/nicolas-fort/vyos-1x: Firewall: T4651: Change proposed cli from ip-length to packet-length Firewall: T4651: Add options to match packet size on firewall rules.
2022-09-01Firewall: T4651: Change proposed cli from ip-length to packet-lengthNicolas Fort
2022-08-31nat: T538: Move nat configs to /run directoryViacheslav Hletenko
2022-08-30firewall: T4655: implement XML defaultValue for name and ipv6-nameChristian Poessinger
This extends the implementation of commit 0cc7e0a49094 ("firewall: T4655: Fix default action 'drop' for the firewall") in a way that we can now also use the XML <defaultValue> node under "firewall name" and "firewall ipv6-name". This is a much cleaner approach which also adds the default value automatically to the CLIs completion helper ("?").
2022-08-30firewall: T3568: cleanup XML help node - remove information passed via valueHelpChristian Poessinger
2022-08-30firewall: T3568: rename XML building blocks to match CLI node nameChristian Poessinger
2022-08-29rpki: T4654: Fix RPKI cache descriptionViacheslav Hletenko
Fix wrong descriptions for the RPKI server It was mentioned about the NTP server
2022-08-27Firewall: T4651: Add options to match packet size on firewall rules.Nicolas Fort
2022-08-26Merge pull request #1482 from sever-sever/T4631Christian Poessinger
nat66: T4631: Add port and protocol to nat66 conf
2022-08-25proxy: T4642: allow https proxy transportsChristian Poessinger
2022-08-25telegraf: T3872: re-use existing XML building blocksChristian Poessinger
2022-08-25telegraf: T4617: add VRF supportChristian Poessinger
2022-08-25Merge pull request #1478 from sever-sever/T4622Christian Poessinger
firewall: T4622: Add TCP MSS option
2022-08-24proxy: T4642: bugfix regex, add hyphen to allow listChristian Poessinger
2022-08-24Policy: T4641: allow only ipv4 prefixes on prefix-listNicolas Fort
2022-08-20nat66: T4631: Add port and protocol to nat66Viacheslav Hletenko
Ability to configure src/dst/translation port and protocol for SNAT and DNAT IPv6
2022-08-19Merge pull request #1476 from sever-sever/T4620Christian Poessinger
UPnP: T4211: T4620 Fix upnp template
2022-08-19UPnP: T4611: Rule must be as prefix instead of an addressViacheslav Hletenko
From the doc miniupnpd IP/mask format must be nnn.nnn.nnn.nnn/nn Comment out invalid option "anchor"
2022-08-18firewall: T4622: Add TCP MSS optionViacheslav Hletenko
Ability to drop|accept packets based on TCP MSS size set firewall name <tag> rule <tag> tcp mss '501-1460'
2022-08-17nat: T538: Add static NAT one-to-oneViacheslav Hletenko
Ability to set static NAT (one-to-one) in one rule set nat static rule 10 destination address '203.0.113.0/24' set nat static rule 10 inbound-interface 'eth0' set nat static rule 10 translation address '192.0.2.0/24' It will be enough for PREROUTING and POSTROUTING rules Use a separate table 'vyos_static_nat' as SRC/DST rules and STATIC rules can have the same rule number
2022-08-16upnp: T4613: Verify listen key in dictionaryViacheslav Hletenko
There is no check if 'listen' is exist in the dictionary, fix it Fix odd ValueHelp format
2022-08-15ocserv: openconnect: T4614: add support for split-dnsChristian Poessinger
set vpn openconnect network-settings split-dns <domain>
2022-08-10l2tp: T4603: Add RADIUS nas-ip-address optionViacheslav Hletenko
Add l2tp authentication radius nas-ip-address option which will be sent in NAS-IP-Address Radius attribute
2022-08-08nat66: T4598: add file nat-exclue.xml.i, which is invoked by nat66.xml.in ↵Nicolas Fort
and nat-rule.xml.i
2022-08-05nat66: T4598: Add exclude options in nat66Nicolas Fort
2022-08-04Merge https://github.com/Cheeze-It/vyos-1x into currentChristian Poessinger
* https://github.com/Cheeze-It/vyos-1x: bgp: T4257: Changing BGP "local-as" to "system-as"
2022-08-04Merge pull request #1457 from sever-sever/T4586Christian Poessinger
nat66: T4586: Add SNAT destination prefix and DNAT address
2022-08-03Merge pull request #1369 from nicolas-fort/T4480Daniil Baturin
T4480: webproxy: Add safe-ports and ssl-safe-ports for acl squid config
2022-08-03nat66: T4586: Add SNAT destination prefix and DNAT addressViacheslav Hletenko
Ability to configure SNAT destination prefix and DNAT source address Add option "!" - not address/prefix for NAT66
2022-08-01mtu: T4572: Add DHCP-option MTU to get values from DHCP-serverViacheslav Hletenko
Ability to get MTU from DHCP-server and don't touch it per any interface change if interface 'dhcp-options mtu' is configured
2022-07-30bgp: T4257: Changing BGP "local-as" to "system-as"Cheeze_It
bgp: T4257: Changing BGP "local-as" to "system-as" This change is to change the global BGP name for the node "local-as" to "system-as" This is needed so that there's less ambiguity with the local-as feature per neighbor. bgp: T4257: Changing BGP "local-as" to "system-as" bgp: T4257: Changing BGP "local-as" to "system-as" This change is to change the global BGP name for the node "local-as" to "system-as" This is needed so that there's less ambiguity with the local-as feature per neighbor.
2022-07-29Merge pull request #1403 from sever-sever/T4518Christian Poessinger
lb-wan: T4518: Add XML for conf mode load-balancing wan
2022-07-25fastnetmon: T4556: Allow configure white_list_path and populate with ↵Adrian Almenar
hosts/networks that should be ignored.
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-25 04:28:20 +0000