Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-02-13 | T5928: Change firewall priority to 319 | Viacheslav Hletenko | |
Change the firewall priority to 319, after interface ethernet configuration For example if we use VLANs and the vlan interface must be created before we can use it in the firewall/flowtable The current priority ``` 199 firewall 300 interfaces/dummy 300 interfaces/loopback 300 interfaces/virtual-ethernet 310 interfaces/bridge 310 interfaces/input 318 interfaces/ethernet ... ``` | |||
2024-02-13 | Merge pull request #2988 from c-po/pki-rpki-t6034 | Christian Breunig | |
rpki: T6034: move file based SSH keys for authentication to PKI subsystem | |||
2024-02-13 | dhcpv6-server: T5993: Add subnet `interface` node, link subnet to locally ↵ | sarthurdev | |
connected interfaces Prior dhcpd behaviour implicitly handled requests for locally connected subnets. Kea requires an explicit link between subnets and an interface. | |||
2024-02-11 | Merge pull request #2980 from c-po/srv6-T5849 | Daniil Baturin | |
srv6: T5849: add segment support to "protocols static route6" | |||
2024-02-11 | rpki: T6034: move SSH authentication keys to PKI subsystem | Christian Breunig | |
2024-02-11 | pki: T6034: add OpenSSH key support | Christian Breunig | |
set pki openssh rpki private key ... set pki openssh rpki public key ... set pki openssh rpki public type 'ssh-rsa' | |||
2024-02-11 | bgp: T6032: add EVPN MAC-VRF Site-of-Origin support | Christian Breunig | |
In some EVPN deployments it is useful to associate a logical VTEP's Layer 2 domain (MAC-VRF) with a Site-of-Origin "site" identifier. This provides a BGP topology-independent means of marking and import-filtering EVPN routes originated from a particular L2 domain. One situation where this is valuable is when deploying EVPN using anycast VTEPs set protocols bgp address-family l2vpn-evpn mac-vrf soo | |||
2024-02-11 | srv6: T5849: add segment support to "protocols static route6" | Christian Breunig | |
* set protocols static route6 <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z' * set protocols static route6 <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z' | |||
2024-02-10 | bgp: T6010: support setting multiple values for neighbor path-attribute | Christian Breunig | |
2024-02-10 | Merge pull request #2983 from c-po/rpki-t6004 | Christian Breunig | |
rpki: T6004: add missing startup priority | |||
2024-02-10 | rpki: T6004: add missing startup priority | Christian Breunig | |
2024-02-10 | xml: T5738: improve PKI building blocks for CLI | Christian Breunig | |
2024-02-08 | Merge pull request #2955 from c-po/rpki-T6023 | Christian Breunig | |
rpki: T6023: add support for CLI knobs expire-interval and retry-interval | |||
2024-02-08 | Merge pull request #2968 from natali-rs1985/T5685-current | Daniil Baturin | |
T5685: Keepalived VRRP prefix is not necessary for the virtual address | |||
2024-02-08 | T5685: Keepalived VRRP prefix is not necessary for the virtual address | Nataliia Solomko | |
2024-02-08 | Merge pull request #2950 from aapostoliuk/T5960-circinus | Daniil Baturin | |
T5960: Rewritten authentication node in PPTP to a single view | |||
2024-02-07 | Merge pull request #2957 from c-po/bgp-T6024 | Christian Breunig | |
bgp: T6024: add additional missing FRR features | |||
2024-02-07 | xml: T302: replace references to Quagga with FRRouting | Christian Breunig | |
2024-02-07 | bgp: T6024: add additional missing FRR features | Christian Breunig | |
* set protocols bgp parameters labeled-unicast <explicit-null | ipv4-explicit-null | ipv6-explicit-null> * set protocols bgp parameters allow-martian-nexthop * set protocols bgp parameters no-hard-administrative-reset" | |||
2024-02-07 | rpki: T6023: add support for CLI knobs expire-interval and retry-interval | Christian Breunig | |
2024-02-07 | T5960: Rewritten authentication node in PPTP to a single view | aapostoliuk | |
Rewritten authentication node in accel-ppp services to a single view. In particular - PPTP authentication. | |||
2024-02-06 | Merge pull request #2936 from c-po/rpki-T6011 | Daniil Baturin | |
rpki: T6011: known-hosts-file is no longer supported by FRR | |||
2024-02-03 | rpki: T6011: known-hosts-file is no longer supported by FRR | Christian Breunig | |
2024-02-03 | ipsec: T5998: add replay-windows setting | Christian Breunig | |
The replay_window for child SA will always be 32 (hence enabled). Add a CLI node to explicitly change this. * set vpn ipsec site-to-site peer <name> replay-window <0-2040> | |||
2024-02-02 | Merge pull request #2748 from MattKobayashi/t5848 | Christian Breunig | |
qos: T5848: Add triple-isolate option to CAKE policy config | |||
2024-02-02 | qos: T5848: improve flow-isolation help strings | Christian Breunig | |
2024-02-02 | Merge pull request #2889 from sarthurdev/kea-hooks | Christian Breunig | |
dhcpv6: T3771: Installation of routes for delegated prefixes, add excluded-prefix to PD | |||
2024-02-02 | Merge pull request #2927 from ishioni/T5955 | Christian Breunig | |
container: T5955: add uid/gid settings | |||
2024-02-02 | container: T5955: allow setting uid/gid | Piotr Maksymiuk | |
2024-02-02 | Merge pull request #2891 from aapostoliuk/T5971-circinus | Viacheslav Hletenko | |
T5971: Rewritten ppp options in accel-ppp services | |||
2024-02-01 | upnp: T5989: add ipv4-prefix as a valid option for UPnP ACLs | Chris Buechler | |
2024-02-01 | Merge pull request #2756 from nicolas-fort/T4839 | Christian Breunig | |
T4839: firewall: Add dynamic address group in firewall configuration | |||
2024-02-01 | Merge pull request #2860 from indrajitr/ddclient-update-20240119 | Christian Breunig | |
ddclient: T5966: Adjust dynamic dns config address subpath | |||
2024-02-01 | Merge pull request #2903 from HollyGurza/T5687 | Christian Breunig | |
dns forwarding: T5687: Implement ECS settings for PowerDNS recursor | |||
2024-02-01 | dns forwarding: T5687: add missing constraints on ecs-add-for CLI node | Christian Breunig | |
Completion help suggests only IPv4 and IPv6 prefixes are supported, thus add a proper constraint enforcing this. | |||
2024-02-01 | Merge pull request #2914 from aapostoliuk/T5930-circinus | Christian Breunig | |
bgp: T5930: Denied using rt vpn 'export/import' with 'both' together | |||
2024-02-01 | bgp: T5930: Denied using rt vpn 'export/import' with 'both' together | aapostoliuk | |
Denied using command 'route-target vpn export/import' with 'both' together in bgp configuration. | |||
2024-02-01 | Merge pull request #2887 from nicolas-fort/T5977 | Christian Breunig | |
T5977: firewall: remove ipsec options in output chain rule definition… | |||
2024-01-31 | dns forwarding: T5687: Implement ECS settings for PowerDNS recursor | khramshinr | |
Fix option descriptions | |||
2024-01-30 | reverse-proxy: T5999: Allow root for exact match in backend rule URL | cleopold73 | |
2024-01-30 | dns forwarding: T5687: Implement ECS settings for PowerDNS recursor | khramshinr | |
2024-01-29 | T5971: Rewritten ppp options in accel-ppp services | aapostoliuk | |
Rewritten 'ppp-options' to the same view in all accel-ppp services. Adding IPv6 support to PPTP. | |||
2024-01-25 | T4839: firewall: Add dynamic address group in firewall configuration, and ↵ | Nicolas Fort | |
appropiate commands to populate such groups using source and destination address of the packet. | |||
2024-01-24 | dhcp: T3316: Change help text on `listen-interface` to be generic | sarthurdev | |
2024-01-24 | dhcpv6: T3316: Add support for excluded-prefix in prefix delegation | sarthurdev | |
2024-01-24 | dhcpv6: T3771: Allow installation of routes for delegated prefixes | sarthurdev | |
2024-01-23 | T5977: firewall: remove ipsec options in output chain rule definitions, ↵ | Nicolas Fort | |
since it's not supported. | |||
2024-01-23 | T5979: add configurable kernel boot option 'disable-mitigations' | Christian Breunig | |
2024-01-23 | bfd: T5967: add minimum-ttl option | Christian Breunig | |
* set protocols bfd peer <x.x.x.x> minimum-ttl <1-254> * set protocols bfd profile <name> minimum-ttl <1-254> | |||
2024-01-22 | sflow: T5968: add VRF support | Christian Breunig | |
Add support to run hsflowd in a dedicated (e.g. management) VRF. Command will be "set system sflow vrf <name>" like with any other service |