Age | Commit message (Collapse) | Author | |
---|---|---|---|
2023-08-23 | T5448: Add configuration host-name for zabbix-agent | Viacheslav Hletenko | |
Ability to configure host-name for zabbix-agent set service monitoring zabbix-agent host-name 'r-vyos' | |||
2023-08-23 | Merge pull request #2156 from giga1699/T5447 | Christian Breunig | |
T5447: Initial support for MACsec static keys | |||
2023-08-20 | T5447: Implement maintainer feedback | Giga Murphy | |
2023-08-20 | wifi: T5491: allow white-/blacklisting station MAC addresses for security | Christian Breunig | |
Station MAC address-based authentication means: * 'allow' accept all clients except the one on the deny list * 'deny' accept only clients listed on the accept list New CLI commands: * set interfaces wireless wlan0 security station-address mode <accept|deny> * set interfaces wireless wlan0 security station-address accept mac <mac> * set interfaces wireless wlan0 security station-address deny mac <mac> | |||
2023-08-19 | bgp: T5466: rename type on CLI per-nexhop -> per-nexthop for l3vpn MPLS labels | Christian Breunig | |
This fixes a CLI typo added in commit 77ef9f800 ("T5466: L3VPN label allocation mode"). | |||
2023-08-18 | login: T5490: allow . (dot) in user home-directory path | Christian Breunig | |
his extends commit b9655365b ("login: T5490: add stricter validation for home-directory path") by adding a dot to the REGEX allow list. This was previously allowed and covered in out smoketests which failed. | |||
2023-08-18 | T5447: Initial support for MACsec static keys | Giga Murphy | |
2023-08-17 | Merge pull request #2130 from aapostoliuk/T5409-sagitta | Christian Breunig | |
wireguard: T5409: Added 'set interfaces wireguard wgX threaded' | |||
2023-08-17 | wireless: T5409: add per-client-thread CLI option | Christian Breunig | |
Provides a per-device control to enable/disable the threaded mode for all the napi instances of the given network device, without the need for a device up/down. | |||
2023-08-17 | wireguard: T5409: rename threaded CLI not to per-client-thread | Christian Breunig | |
Using threaded as CLI node is a very deep term used by kernel threads. To make this more understandable to users, rename the node to per-client-thread. It's also not necessary to test if any one peer is configured and probing if the option is set. There is a base test which requires at least one peer to be configured. | |||
2023-08-17 | login: T5490: add stricter validation for home-directory path | Christian Breunig | |
2023-08-17 | radius: T5490: add stricter validation for key | Christian Breunig | |
2023-08-17 | system-ip: T5449: add TCP MSS probing options | Daniil Baturin | |
2023-08-16 | T5466: L3VPN label allocation mode | fett0 | |
2023-08-16 | wireguard: T1843: add peer description CLI option | Christian Breunig | |
2023-08-11 | ipv6: T5464: add support for per-interface dad (duplicate address detection) ↵ | Christian Breunig | |
setting | |||
2023-08-11 | ipv6: T5464: use proper XML default for DAD transmits | Christian Breunig | |
This is only a cosmetic change so that the default value is properly retrieved from the defaultValue XML node. | |||
2023-08-11 | Merge pull request #2016 from nicolas-fort/T5160 | Christian Breunig | |
T5160: Firewall refactor | |||
2023-08-11 | T5460: remove config-trap from firewall | Nicolas Fort | |
2023-08-11 | T5160: firewall refactor: fix regexep for connection-status. Create new file ↵ | Nicolas Fort | |
with common matcher for ipv4 and ipv6, and use include on all chains for all this comman matchers | |||
2023-08-11 | T5160: firewall refactor: change default value for <default-action> from ↵ | Nicolas Fort | |
<drop> to <accept> if default-action is not specified in base chains | |||
2023-08-11 | T5160: firewall refactor: move <set firewall ipv6 ipv6-name ...> to <set ↵ | Nicolas Fort | |
firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip. | |||
2023-08-11 | T5160: firewall refactor: change firewall ip to firewall ipv4 | Nicolas Fort | |
2023-08-11 | T5160: firewall refactor: new cli structure. Update only all xml | Nicolas Fort | |
2023-08-11 | T5448: Move zabbix-agent to node monitoring | Viacheslav Hletenko | |
Move 'service zabbix-agent' => 'service monitoring zabbix-agent' | |||
2023-08-10 | Merge pull request #2140 from sever-sever/T5448 | Daniil Baturin | |
T5448: Add service zabbix-agent | |||
2023-08-09 | openvpn: T5271: add peer certificate fingerprint option | Daniil Baturin | |
2023-08-09 | T5448: Add service zabbix-agent version 2 | Viacheslav Hletenko | |
Add service zabbix-agent set service zabbix-agent directory '/config/zabbix/' set service zabbix-agent limits buffer-flush-interval '8' set service zabbix-agent limits buffer-size '120' set service zabbix-agent log debug-level 'warning' set service zabbix-agent log size '1' set service zabbix-agent server '192.0.2.5' set service zabbix-agent server-active 192.0.2.5 port '10051' set service zabbix-agent server-active 2001:db8::123 | |||
2023-08-08 | Merge pull request #2119 from nicolas-fort/T5014-dnat | Christian Breunig | |
T5014: nat: add source and destination nat options for configuring lo… | |||
2023-08-07 | T5446: BGP: change <bgp paramater bestpath med> from node to leafNode, in ↵ | Nicolas Fort | |
order to avoid empty value and problems when removing such parameters | |||
2023-08-07 | wireguard: T5409: Added 'set interfaces wireguard wgX threaded' | aapostoliuk | |
Added 'set interfaces wireguard wgX threaded' command. Process traffic from each peer in a dedicated thread. | |||
2023-08-06 | dyndns: T5445: add possibility to specify update interval (timeout) | Christian Breunig | |
set service dns dynamic timeout <60-3600> | |||
2023-08-02 | dhcp: T5414: improve bootfile-name constraintx | Christian Breunig | |
Extend list of allowed characters for the bootfile-option. | |||
2023-08-02 | Merge pull request #2122 from aapostoliuk/T5413 | Christian Breunig | |
wireguard: T5413: Blocked adding the peer with the router's public key | |||
2023-08-02 | wireguard: T5413: Blocked adding the peer with the router's public key | aapostoliuk | |
Disabeled adding the peer with the same public key as the router has. Added smoketest | |||
2023-08-01 | Merge pull request #2113 from jvoss/container_priority | Christian Breunig | |
container: T5407: increase priority before protocol static | |||
2023-08-01 | T5374: Add system option time-format 12 or 24 hours | Viacheslav Hletenko | |
Ability to set locate time format 12|24-hour set system option time-format 12-hour|24-hour $ date Tue Aug 1 12:33:45 PM EEST 2023 $ date Tue 1 Aug 12:34:09 EEST 2023 | |||
2023-07-31 | Merge branch 'current' into T5014-dnat | Nicolás Fort | |
2023-07-31 | T5014: fix conflicts. Add code for redirection, which is causing conflicts. ↵ | Nicolas Fort | |
Change code for new syntax | |||
2023-07-31 | T5014: nat: add source and destination nat options for configuring load ↵ | Nicolas Fort | |
balance within a single rule. | |||
2023-07-31 | dhcpv6-pd: T5387: add support for no-release flag | 1vivy | |
When no-release is specified, dhcp6c client will not release allocated address or prefix on client exit. vyos.ifconfig: dhcpv6: T5387: re-use options_file for no release flag [WIP] * Todo: render Jinja2 template and fill it vyos.ifconfig: dhcpv6: T5387: finish options_file and no release flag in cli vyos.ifconfig: dhcpv6: T5387: fix missing/wrong end tag vyos.ifconfig: dhcpv6: T5387: fix options, no var for -n dhcpv6-client: T5387: fix missing / from filepaths | |||
2023-07-27 | Merge pull request #2105 from sever-sever/T5368 | Daniil Baturin | |
T5368: service ids ddos-protection add support sflow mode | |||
2023-07-27 | openvpn: T4974: move CLI node "enable-dco" -> "offload dco" to match other ↵ | Christian Breunig | |
inetfaces Keep a common CLI structure by re-using the already established offload node from ethernet. | |||
2023-07-26 | container: T5407: increase priority before protocol static | Jonathan Voss | |
2023-07-26 | Merge pull request #2078 from nicolas-fort/T5154 | Viacheslav Hletenko | |
T5154: NTP: allow maximum of one ipv4 and one ipv6 address on paramet… | |||
2023-07-25 | T5154: NTP: allow maximum of one ipv4 and one ipv6 address on parameter ↵ | Nicolas Fort | |
<listen-address>. Also allow only one single value <interface>. | |||
2023-07-22 | Merge pull request #2100 from nicolas-fort/T4889 | Christian Breunig | |
T4889: NAT Redirect: adddestination nat redirection (to local host) feature. | |||
2023-07-22 | Merge pull request #2107 from fett0/T4974 | Christian Breunig | |
T4974:add/fixed enable ovpn-dco by default | |||
2023-07-21 | T4974:add/fixed enable ovpn-dco by default | fett0 | |
2023-07-21 | ospf: T5377: add "capability opaque" support | Christian Breunig | |