summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2022-06-07event-handler: T3083: Add arguments and environment options XMLViacheslav Hletenko
2022-06-07event-handler: T3083: Move system to service event-handlerViacheslav Hletenko
Move 'system event-handler' to 'service event-handler'
2022-06-06event-handler: T3083: Add simple event-handlerViacheslav Hletenko
Event-handler allows executing a custom script when in logs it detects configured "pattern" A simple implemenation set system event-handler first pattern '.*ssh2.*' set system event-handler first script '/config/scripts/hello.sh'
2022-06-04Policy: T3976-T4449-nexthop: add - match ipv6 nexthop type - as available ↵Nicolas Fort
for ipv4
2022-06-02sla: T4222: Add OWAMP and TWAMP for service slaViacheslav Hletenko
OWAMP is a command line client application and a policy daemon used to determine one way latencies between hosts. OWAMP session control uses traditional client-server communication between a control-client and a server, TWAMP (two-way active measurement protocol) Add configuration and operation modes set service sla owamp-server set service sla twamp-server run force owping 192.0.2.120 run force twping 192.0.2.190
2022-05-31pki: T3642: Update conf scripts using changed PKI objectssarthurdev
2022-05-31policy: T3976: bump version 2 -> 3Christian Poessinger
2022-05-31IPv6: T3976: add prefix-list and access-list option from ipv6 route-mapfett0
2022-05-29Policy: T4450: Expand options for ip|ipv6 address match. Now support ↵Nicolas Fort
prefix-len on both matches. Also change help properties of route-source node.
2022-05-29xml: reword static routing completion helpChristian Poessinger
2022-05-29eigrp: T2472: add missing <multi/> specifier when redistributing protocolsChristian Poessinger
2022-05-29eigrp: T2472: add "local-as" CLI node to specify ASN like under BGPChristian Poessinger
2022-05-29eigrp: T2472: add basic template rendering and FRR communicationChristian Poessinger
2022-05-29rip: T4448: remove default version for RIPChristian Poessinger
Commit f9e38622 ("rip: T4448: add support to set protocol version on an interface level") also added the versionspecified on a per interface level. the RIp version carried a default value of 2 which makes RIPv1 and RIPv2 no longer working which is dthe default for FRR. Remove the default "2" from the RIP version specifier to make this behavior work again.
2022-05-29eigrp: vrf: T2773: prepare XML definitions for VRF instanceChristian Poessinger
2022-05-29eigrp: T2473: add XML definitionssever-sever
2022-05-29Merge branch 'T4449' of https://github.com/nicolas-fort/vyos-1x into currentChristian Poessinger
* 'T4449' of https://github.com/nicolas-fort/vyos-1x: Policy: T4449: Extend matching options for route-map ip nexthop
2022-05-28rip: T4448: add support to set protocol version on an interface levelChristian Poessinger
2022-05-28xml: rip: T4448: rename include files to match schemaChristian Poessinger
2022-05-28firewall: T970: Add firewall group domain-groupViacheslav Hletenko
Domain group allows to filter addresses by domain main Resolved addresses as elements are stored to named "nft set" that used in the nftables rules Also added a dynamic "resolver" systemd daemon vyos-domain-group-resolve.service which starts python script for the domain-group addresses resolving by timeout 300 sec set firewall group domain-group DOMAINS address 'example.com' set firewall group domain-group DOMAINS address 'example.org' set firewall name FOO rule 10 action 'drop' set firewall name FOO rule 10 source group domain-group 'DOMAINS' set interfaces ethernet eth0 firewall local name 'FOO' nft list table ip filter table ip filter { set DOMAINS { type ipv4_addr flags interval elements = { 192.0.2.1, 192.0.2.85, 203.0.113.55, 203.0.113.58 } } chain NAME_FOO { ip saddr @DOMAINS counter packets 0 bytes 0 drop comment "FOO-10" counter packets 0 bytes 0 return comment "FOO default-action accept" } }
2022-05-28Policy: T4449: Extend matching options for route-map ip nexthopNicolas Fort
2022-05-28rip: T4448: add support for explicit version selectionChristian Poessinger
2022-05-27Firewall: T3907: Revert migration script 6-to-7 and add new 7-to-8Nicolas Fort
2022-05-27dhcp6: pd: T4447: bugfix sla-id limits (must be greater then 128Christian Poessinger
The sla-id parameter of DHCPv6 prefix delegations is limited to 128. While this is enough to use all /64 subnets of a /57 prefix, with a /56 prefix that is no longer sufficient. Increased sla-id length tp 64535 so one could delegate an entire /48.
2022-05-26sstp: T4444. Port number changing supportgoodNETnick
2022-05-25configtest: T4382: missing 'ipv4-options' in 'interfaces openvpn'John Estabrook
As a result of the firewall/5-to-6 migration script, 'firewall options interface vtun0 adjust-mss' is moved to: 'interfaces openvpn vtun0 ip adjust-mss 1380' however, interfaces-openvpn.xml.in is missing the include file ipv4-options.xml.i. Add missing include file.
2022-05-25Merge pull request #1088 from zdc/T4020-sagittaDaniil Baturin
FRR: T4020: Added CLI options for FRR daemons
2022-05-21xml: flow-accounting: T4437: fix node helpChristian Poessinger
2022-05-21xml: nhrp: fix CLI descriptionChristian Poessinger
2022-05-20Merge pull request #1317 from sever-sever/T4418Christian Poessinger
monitoring: T4418: Add output plugin azure-data-explorer
2022-05-20monitoring: T4418: Add output plugin azure-data-explorerViacheslav Hletenko
Add output telegraf Plugin Azure Data Explorer set service monitoring telegraf azure-data-explorer authentication client-id 'x' set service monitoring telegraf azure-data-explorer authentication client-secret 'x' set service monitoring telegraf azure-data-explorer authentication tenant-id 'x' set service monitoring telegraf azure-data-explorer database 'x' set service monitoring telegraf azure-data-explorer group-metrics 'single-table' set service monitoring telegraf azure-data-explorer url 'http://localhost.loc'
2022-05-19ipsec: T2816: add completion help for IP addresses to local-address nodeChristian Poessinger
2022-05-16Merge pull request #1290 from sever-sever/T4373Christian Poessinger
ppppoe-server: T4373: Add option multiplier for correct shaping
2022-05-16pppoe-server: T4373: Add option multiplier for correct shapingViacheslav Hletenko
Multiplier option is required by some vendors for correct shaping For RADIUS based rate-limits edit service pppoe-server set authentication radius rate-limit multiplier '0.001'
2022-05-13sshguard: T4408: rename whitelist-address -> allow-fromChristian Poessinger
We do not only allow individual host addresses but also prefixes.
2022-05-13Merge pull request #1320 from sever-sever/T4408Christian Poessinger
sshguard: T4408: Add service ssh dynamic-protection
2022-05-12sshguard: T4408: Add service ssh dynamic-protectionViacheslav Hletenko
Sshguard protects hosts from brute-force attacks Can inspect logs and block "bad" addresses by threshold Auto-generate rules for nftables When service stopped all generated rules are deleted nft "type filter hook input priority filter - 10" set service ssh dynamic-protection set service ssh dynamic-protection block-time 120 set service ssh dynamic-protection detect-time 1800 set service ssh dynamic-protection threshold 30 set service ssh dynamic-protection whitelist-address 192.0.2.1
2022-05-12vrrp: T4417: bugfix service startup priorityChristian Poessinger
2022-05-12policy: T4424: Fix incorrect format for IPv6 prefixesViacheslav Hletenko
2022-05-11Firewall: T3907: add log-level options in firewallNicolas Fort
2022-05-09Merge pull request #1279 from nicolas-fort/T990Christian Poessinger
Firewall: T990: Add snat and dnat connection status on firewall
2022-05-08container: T4353: fix conf-mode script nameChristian Poessinger
2022-05-08policy: evpn: T3739: support "set evpn gateway-ip"Christian Poessinger
2022-05-07vrf: T4419: support to disable IP forwarding within a given VRFChristian Poessinger
2022-05-06ocserv: T4231: XML OTP support must not be added globally - only for openconnectChristian Poessinger
2022-05-05Merge pull request #1312 from sever-sever/T4410Christian Poessinger
monitoring: T4410: Add telegraf output Plugin http for Splunk
2022-05-05policy: T4414: add support for route-map "as-path prepend last-as x"Christian Poessinger
2022-05-05monitoring: T4410: Add telegraf output Plugin http for SplunkViacheslav Hletenko
Ability to send HTTP output to Splunk via telegraf set service monitoring telegraf splunk authentication insecure set service monitoring telegraf splunk authentication token 'xxx' set service monitoring telegraf splunk url 'https://x.x.x.x'
2022-05-03monitoring: T4315: Add telegraf output plugin prometheus-clientViacheslav Hletenko
Add output Plugin "prometheus-client" for telegraf: set service monitoring telegraf prometheus-client
2022-05-01container: T4353: fix Jinja2 linting errorsChristian Poessinger