summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2024-02-13T5928: Change firewall priority to 319Viacheslav Hletenko
Change the firewall priority to 319, after interface ethernet configuration For example if we use VLANs and the vlan interface must be created before we can use it in the firewall/flowtable The current priority ``` 199 firewall 300 interfaces/dummy 300 interfaces/loopback 300 interfaces/virtual-ethernet 310 interfaces/bridge 310 interfaces/input 318 interfaces/ethernet ... ```
2024-02-13Merge pull request #2988 from c-po/pki-rpki-t6034Christian Breunig
rpki: T6034: move file based SSH keys for authentication to PKI subsystem
2024-02-13dhcpv6-server: T5993: Add subnet `interface` node, link subnet to locally ↵sarthurdev
connected interfaces Prior dhcpd behaviour implicitly handled requests for locally connected subnets. Kea requires an explicit link between subnets and an interface.
2024-02-11Merge pull request #2980 from c-po/srv6-T5849Daniil Baturin
srv6: T5849: add segment support to "protocols static route6"
2024-02-11rpki: T6034: move SSH authentication keys to PKI subsystemChristian Breunig
2024-02-11pki: T6034: add OpenSSH key supportChristian Breunig
set pki openssh rpki private key ... set pki openssh rpki public key ... set pki openssh rpki public type 'ssh-rsa'
2024-02-11bgp: T6032: add EVPN MAC-VRF Site-of-Origin supportChristian Breunig
In some EVPN deployments it is useful to associate a logical VTEP's Layer 2 domain (MAC-VRF) with a Site-of-Origin "site" identifier. This provides a BGP topology-independent means of marking and import-filtering EVPN routes originated from a particular L2 domain. One situation where this is valuable is when deploying EVPN using anycast VTEPs set protocols bgp address-family l2vpn-evpn mac-vrf soo
2024-02-11srv6: T5849: add segment support to "protocols static route6"Christian Breunig
* set protocols static route6 <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z' * set protocols static route6 <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z'
2024-02-10bgp: T6010: support setting multiple values for neighbor path-attributeChristian Breunig
2024-02-10Merge pull request #2983 from c-po/rpki-t6004Christian Breunig
rpki: T6004: add missing startup priority
2024-02-10rpki: T6004: add missing startup priorityChristian Breunig
2024-02-10xml: T5738: improve PKI building blocks for CLIChristian Breunig
2024-02-08Merge pull request #2955 from c-po/rpki-T6023Christian Breunig
rpki: T6023: add support for CLI knobs expire-interval and retry-interval
2024-02-08Merge pull request #2968 from natali-rs1985/T5685-currentDaniil Baturin
T5685: Keepalived VRRP prefix is not necessary for the virtual address
2024-02-08T5685: Keepalived VRRP prefix is not necessary for the virtual addressNataliia Solomko
2024-02-08Merge pull request #2950 from aapostoliuk/T5960-circinusDaniil Baturin
T5960: Rewritten authentication node in PPTP to a single view
2024-02-07Merge pull request #2957 from c-po/bgp-T6024Christian Breunig
bgp: T6024: add additional missing FRR features
2024-02-07xml: T302: replace references to Quagga with FRRoutingChristian Breunig
2024-02-07bgp: T6024: add additional missing FRR featuresChristian Breunig
* set protocols bgp parameters labeled-unicast <explicit-null | ipv4-explicit-null | ipv6-explicit-null> * set protocols bgp parameters allow-martian-nexthop * set protocols bgp parameters no-hard-administrative-reset"
2024-02-07rpki: T6023: add support for CLI knobs expire-interval and retry-intervalChristian Breunig
2024-02-07T5960: Rewritten authentication node in PPTP to a single viewaapostoliuk
Rewritten authentication node in accel-ppp services to a single view. In particular - PPTP authentication.
2024-02-06Merge pull request #2936 from c-po/rpki-T6011Daniil Baturin
rpki: T6011: known-hosts-file is no longer supported by FRR
2024-02-03rpki: T6011: known-hosts-file is no longer supported by FRRChristian Breunig
2024-02-03ipsec: T5998: add replay-windows settingChristian Breunig
The replay_window for child SA will always be 32 (hence enabled). Add a CLI node to explicitly change this. * set vpn ipsec site-to-site peer <name> replay-window <0-2040>
2024-02-02Merge pull request #2748 from MattKobayashi/t5848Christian Breunig
qos: T5848: Add triple-isolate option to CAKE policy config
2024-02-02qos: T5848: improve flow-isolation help stringsChristian Breunig
2024-02-02Merge pull request #2889 from sarthurdev/kea-hooksChristian Breunig
dhcpv6: T3771: Installation of routes for delegated prefixes, add excluded-prefix to PD
2024-02-02Merge pull request #2927 from ishioni/T5955Christian Breunig
container: T5955: add uid/gid settings
2024-02-02container: T5955: allow setting uid/gidPiotr Maksymiuk
2024-02-02Merge pull request #2891 from aapostoliuk/T5971-circinusViacheslav Hletenko
T5971: Rewritten ppp options in accel-ppp services
2024-02-01upnp: T5989: add ipv4-prefix as a valid option for UPnP ACLsChris Buechler
2024-02-01Merge pull request #2756 from nicolas-fort/T4839Christian Breunig
T4839: firewall: Add dynamic address group in firewall configuration
2024-02-01Merge pull request #2860 from indrajitr/ddclient-update-20240119Christian Breunig
ddclient: T5966: Adjust dynamic dns config address subpath
2024-02-01Merge pull request #2903 from HollyGurza/T5687Christian Breunig
dns forwarding: T5687: Implement ECS settings for PowerDNS recursor
2024-02-01dns forwarding: T5687: add missing constraints on ecs-add-for CLI nodeChristian Breunig
Completion help suggests only IPv4 and IPv6 prefixes are supported, thus add a proper constraint enforcing this.
2024-02-01Merge pull request #2914 from aapostoliuk/T5930-circinusChristian Breunig
bgp: T5930: Denied using rt vpn 'export/import' with 'both' together
2024-02-01bgp: T5930: Denied using rt vpn 'export/import' with 'both' togetheraapostoliuk
Denied using command 'route-target vpn export/import' with 'both' together in bgp configuration.
2024-02-01Merge pull request #2887 from nicolas-fort/T5977Christian Breunig
T5977: firewall: remove ipsec options in output chain rule definition…
2024-01-31dns forwarding: T5687: Implement ECS settings for PowerDNS recursorkhramshinr
Fix option descriptions
2024-01-30reverse-proxy: T5999: Allow root for exact match in backend rule URLcleopold73
2024-01-30dns forwarding: T5687: Implement ECS settings for PowerDNS recursorkhramshinr
2024-01-29T5971: Rewritten ppp options in accel-ppp servicesaapostoliuk
Rewritten 'ppp-options' to the same view in all accel-ppp services. Adding IPv6 support to PPTP.
2024-01-25T4839: firewall: Add dynamic address group in firewall configuration, and ↵Nicolas Fort
appropiate commands to populate such groups using source and destination address of the packet.
2024-01-24dhcp: T3316: Change help text on `listen-interface` to be genericsarthurdev
2024-01-24dhcpv6: T3316: Add support for excluded-prefix in prefix delegationsarthurdev
2024-01-24dhcpv6: T3771: Allow installation of routes for delegated prefixessarthurdev
2024-01-23T5977: firewall: remove ipsec options in output chain rule definitions, ↵Nicolas Fort
since it's not supported.
2024-01-23T5979: add configurable kernel boot option 'disable-mitigations'Christian Breunig
2024-01-23bfd: T5967: add minimum-ttl optionChristian Breunig
* set protocols bfd peer <x.x.x.x> minimum-ttl <1-254> * set protocols bfd profile <name> minimum-ttl <1-254>
2024-01-22sflow: T5968: add VRF supportChristian Breunig
Add support to run hsflowd in a dedicated (e.g. management) VRF. Command will be "set system sflow vrf <name>" like with any other service