Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-06-10 | T6442: CGNAT add log for address allocation | Viacheslav Hletenko | |
Add the configuration command to log current CGNAT allocation set nat cgnat log-allocation | |||
2024-06-10 | T6219: align with system sysctl and limit parameters to supported | Nicolas Vollmar | |
2024-06-10 | container: T6219: Add support for container sysctl / kernel parameters | Ben Pilgrim | |
2024-06-07 | reverse-proxy: T6454: Set default value of http for haproxy mode | Alex W | |
2024-06-06 | Merge pull request #3589 from natali-rs1985/T6423-current | John Estabrook | |
xml: T6423: enforce priority on nodes having an owner | |||
2024-06-06 | xml: T6423: enforce priority on nodes having an owner | Nataliia Solomko | |
2024-06-06 | Merge pull request #3578 from nicolas-fort/raw-hook | Daniil Baturin | |
T3900: Add support for raw tables in firewall | |||
2024-06-04 | T3900: T6394: extend functionalities in firewall; move netfilter sysctl ↵ | Nicolas Fort | |
timeout parameters defined in conntrack to firewall global-opton section. | |||
2024-06-03 | reverse-proxy: T6434: Support additional healthcheck options (#3574) | Alex W | |
2024-05-31 | Merge pull request #3557 from haimgel/T6422/allow-multiple-ns-records | Christian Breunig | |
dns: T6422: allow multiple redundant NS records | |||
2024-05-31 | T5307: QoS - traffic-class-map services (#3492) | Roman Khramshin | |
added new syntax to work with class match filters in QoS policy | |||
2024-05-30 | conntrack: T6396: correction to helper message for custom timeout rule | Giggum | |
2024-05-30 | Merge pull request #3531 from Embezzle/T6409 | Christian Breunig | |
reverse-proxy: T6409: Remove unused backend parameters | |||
2024-05-30 | Merge pull request #3510 from HollyGurza/T4576 | Daniil Baturin | |
T4576: Accel-ppp logging level configuration | |||
2024-05-30 | dns: T6422: allow multiple redundant NS records | Haim Gelfenbeyn | |
NS is unlike CNAME or PTR, multiple NS records are perfectly valid and is a common use case: multiple redundant DNS servers is a common configuration and should be supported. | |||
2024-05-30 | hostname: T6421: enforce explicit CLI priority for host-name and domain-name | Christian Breunig | |
To prevent any possible races in the future the host-name and domain-name nodes should be set with explicit priorities! | |||
2024-05-29 | ISIS: T6332: Fix isis not working only ipv6 | fett0 | |
2024-05-28 | T6406: rename cpus to cpu | Nicolas Vollmar | |
2024-05-28 | T6406: add container cpu limit option | Nicolas Vollmar | |
2024-05-27 | reverse-proxy: T6409: Remove unused backend parameters | Alex W | |
2024-05-27 | T4576: Accel-ppp logging level configuration | khramshinr | |
add ability to change logging level config for: * VPN L2TP * VPN PPTP * VPN SSTP * IPoE Server * PPPoE Serve | |||
2024-05-24 | load-balancing haproxy: T6391: fix typo in timeout help (#3513) | Gregor Michels | |
Co-authored-by: Gregor Michels <hirnpfirsich@brainpeach.de> | |||
2024-05-23 | Merge pull request #3399 from 0xThiebaut/suricata | Christian Breunig | |
suricata: T751: Initial support for suricata | |||
2024-05-23 | suricata: T751: remove implicit default dictionary | Christian Breunig | |
2024-05-23 | suricata: T751: move CLI from "service ids suricata" -> "service suricata" | Christian Breunig | |
2024-05-23 | Merge pull request #3487 from Embezzle/T6370 | Christian Breunig | |
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses | |||
2024-05-22 | nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel ↵ | Christian Breunig | |
>=5.0 random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454 | |||
2024-05-21 | reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses | Alex W | |
2024-05-21 | T6375: Fix/Update NAT logging | l0crian1 | |
Fixed broken logging for "show log nat" Added the following commands: show log nat source show log nat source rule <ruleNum> show log nat destination nat show log nat destination nat rule <ruleNum> show log nat static show log nat static rule <ruleNum> | |||
2024-05-18 | T5169: Allow to set CGNAT multiple internal pools | Viacheslav Hletenko | |
Allow to set multiple CGNAT internal pools ``` set nat cgnat pool internal int-01 range '100.64.0.0/28' set nat cgnat pool internal int-01 range '100.64.222.11-100.64.222.14' ``` | |||
2024-05-17 | T6358: Add config option for host process namespace | Nicolas Vollmar | |
2024-05-16 | Merge pull request #3450 from HollyGurza/T5756 | Christian Breunig | |
T5756: L2TP RADIUS backup and weight settings | |||
2024-05-15 | T3900: add support for raw table in firewall. | Nicolas Fort | |
2024-05-15 | T5756: L2TP RADIUS backup and weight settings | khramshinr | |
2024-05-14 | T3420: Remove service upnp | Viacheslav Hletenko | |
Remove `service upnp` as it never worked as expected, nft rules do not integrated and custom patches do not seem like a suitable solution for now. Security: UPnP has been historically associated with security risks due to its automatic and potentially unauthenticated nature. UPnP devices might be vulnerable to unauthorized access or exploitation. | |||
2024-05-13 | T6251: Extend table number limits for policy route-map set table | khramshinr | |
2024-05-12 | Merge pull request #3447 from c-po/evpn-uplink-t6306 | Daniil Baturin | |
ethernet: T6306: add support for EVPN MH uplink/core tracking | |||
2024-05-12 | suricata: T751: Initial support for suricata | Maxime THIEBAUT | |
2024-05-11 | ethernet: T6306: add support for EVPN MH uplink/core tracking | Christian Breunig | |
When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE. A link can be setup for uplink tracking via the following configuration: set interfaces ethernet eth0 evpn uplink | |||
2024-05-10 | Merge pull request #3410 from fett0/T6303 | Christian Breunig | |
Bond: T6303: add system mac address on interfaces bond | |||
2024-05-10 | bond: T6303: add system mac address on bond | fett0 | |
2024-05-09 | Merge pull request #3436 from natali-rs1985/T4393-current | Christian Breunig | |
sstp: T4393: Add support to configure host-name (SNI) | |||
2024-05-09 | sstp: T4393: Add support to configure host-name (SNI) | Nataliia Solomko | |
2024-05-09 | T6323: openvpn: Correction of auto-completion description of "mfa totp digits" | srividya0208 | |
2024-05-07 | T6305: accept ipoe interfaces on firewall ruleset | Nicolas Fort | |
2024-05-01 | Merge pull request #3392 from c-po/bgp-evpn-T6189 | Christian Breunig | |
bgp: T6189: L3VPN connectivity is broken after re-enabling VRF | |||
2024-05-01 | vrf: T6189: render FRR L3VNI configuration when creating VRF instance | Christian Breunig | |
When adding and removing VRF instances on the fly it was noticed that the vni statement under the VRF instance in FRR vanishes. This was caused by a race condition which was previously designed to fix another bug. The wierd design of a Python helper below the VRF tree to only generate the VNI configuration nodes is now gone and all is rendered in the proper place. | |||
2024-05-01 | Merge pull request #3364 from natali-rs1985/T6234-current | Daniil Baturin | |
pppoe-server: T6234: PPPoE-server pado-delay refactoring | |||
2024-05-01 | T6287: Config-sync add the ability to configure API port | Viacheslav Hletenko | |
Add the ability to configure the API port if the API on the secondary server works on a non-default port. The primary node will connect to configured port for config-sync ``` set service config-sync secondary address '192.0.2.11' set service config-sync secondary port '8443' ``` | |||
2024-04-30 | T6169: DNS forwarding should allow underscore for srv record | Viacheslav Hletenko | |
This srv recors looks valid: ``` set service dns forwarding authoritative-domain _tcp.db.mongors1.example.com records srv _mongodb entry 0 hostname 'mongors1.example.com' ``` But FQDN validator cannot validate it correctly, use regex to fix |