| Age | Commit message (Collapse) | Author |
|---|
|
Conflicts:
src/conf_mode/host_name.py
|
|
* clamp MSS IPv4
set firewall options interface pppoe0 adjust-mss '1452'
* clamp MSS IPv6
set firewall options interface pppoe0 adjust-mss6 '1452'
* disable entire rule
set firewall options interface pppoe0 disable
Output
------
$ sudo iptables-save -t mangle
# Generated by iptables-save v1.4.21 on Sun Apr 21 12:56:25 2019
*mangle
:PREROUTING ACCEPT [1217:439885]
:INPUT ACCEPT [290:52459]
:FORWARD ACCEPT [920:375774]
:OUTPUT ACCEPT [301:100053]
:POSTROUTING ACCEPT [1221:475827]
:VYOS_FW_OPTIONS - [0:0]
-A FORWARD -j VYOS_FW_OPTIONS
-A VYOS_FW_OPTIONS -o pppoe0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452
COMMIT
Completed on Sun Apr 21 12:56:25 2019
|
|
Add support for relaying a DHCPv6 packet to multiple servers on one upstream
interface.
(cherry picked from commit d5b113923aaa776f89749c820d6283b593e80c3a)
|
|
using fully-qualified domain name
|
|
(cherry picked from commit 0fefe3c3b9250ad2ba841287a94036119728c708)
|
|
disable' to disable single peers
Conflicts:
debian/changelog
|
|
|
|
Conflicts:
debian/changelog
|
|
(cherry picked from commit 31b1b2cb8873f62f8054c87953cd8bd59b59add1)
|
|
The name-server option under "service dns-forwarding" was never mandatory so
users never needed to specify an upstream server. With the recent switch to
PowerDNS recursor in VyOS 1.2.0 we will act as a full DNS recursor when
there is no upstream DNS server configured.
(cherry picked from commit 3c563b3ae8397da33a03c0429c17b97eb9625c5f)
|
|
This reverts commit 51f61991092a163f680e4ec8f122e73f4074ddf9.
It's not how it's done, those templates are generated by a script in
vyatta-cfg-firewall.
If we are planning a firewall overhaul in 1.3.x, there's no reason to
transplant the old approach to new code.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
change to 'mode local|radius'
|
|
|
|
Increase NTP config version from 0 to 1. For more information see [1].
ntpd: Warning: the "dynamic" keyword has been obsoleted and will
be removed in the next release
[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553976
|
|
|
|
- ipv6 DNS, ippv6pool, ipv6 PD, ipv6 inf IDs
- snmp subagent and master mode
- connlimits configurable
- more ppp options configurable (mppe, lcp-echo intervals, mtu, mru etc.)
- radius extended options (for HA etc.)
|
|
|
|
|
|
|
|
Previous to this commit, setting a Wireguard interface description would
result in a validation error similar to the following:
```
brooks@border# set interfaces wireguard wg0 description "Tunnel"
[edit]
brooks@border# set interfaces wireguard wg0 description "Tunnel tunnel
tunnel"
interface description is too long (limit 100 characters)
Value validation failed
Set failed
[edit]
```
This commit makes the regex less restrictive up to 100 characters.
|
|
Examples:
=========
CFG commands:
vyos@vyos# set protocols igmp-proxy disable-quickleave
vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.16.35.0/24'
vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.31.0.0/24'
vyos@vyos# set protocols igmp-proxy interface eth0 role 'upstream'
vyos@vyos# set protocols igmp-proxy interface eth1 role 'downstream'
vyos@vyos# show protocols
igmp-proxy {
disable-quickleave
interface eth0 {
alt-subnet 172.16.35.0/24
alt-subnet 172.31.0.0/24
role upstream
}
interface eth1 {
role downstream
}
}
OP mode commands:
-----------------
vyos@vyos:~$ show ip multicast interface
Interface BytesIn PktsIn BytesOut PktsOut Local
eth0 0.0b 0 0.0b 0 xxx.xxx.xxx.65
eth1 0.0b 0 0.0b 0 xxx.xxx.xx.201
vyos@vyos:~$ show ip multicast mfc
Group Origin Pkts Bytes Wrong In Out
xxx.x.xx.1 xxx.xx.0.1 10 9.81KB 0 eth0 eth1
xxx.x.xx.2 xxx.xx.0.1 --
|
|
|
|
|
|
- removed ip-host from tree, iproute2 will detect faulty addresses and return exit 1
|
|
|
|
* dhcp-relay:
dhcpv6-relay: added missing verify() step for listen and upstream interfaces
T913: DHCP relay service XML/Python rewrite for IPv6
T913: DHCP relay service XML/Python rewrite for IPv4
vyos-1x now depends on isc-dhcp-relay
dns-forwarding: fix XML interface indenting
|
|
Add option to specify multiple listening ports
Clean up template generation layout
|
|
|
|
|
|
|
|
|
|
|
|
Bring VRRP configuration in line with keepalived config documentation.
|
|
This was the upper limit in VyOS 1.1.8 and must not be changed to keep
configs compatible.
|
|
|
|
|
|
|
|
|
|
- regex added to check endpoint as pattern IP:port
- T793: preparation for the use preshared key
|
|
|
|
|
|
|
|
Whole broadcast relay service can be temporary disabled via
set service broadcast-relay disable
Individual instances of the broadcast relay service can be disabled
set service broadcast-relay id <n> disable
|
|
|
