Age | Commit message (Collapse) | Author |
|
This is a combined backport for all accumulated changes done to the firewall
subsystem on the current branch.
|
|
The old script isn't doing much, in fact, it's much less informative
than actual dmidecode
(cherry picked from commit 7f0a363c9034a3b1600efab7c30bf7ab06381816)
|
|
T5919: firewall: fix <show firewall ipv6 ..> command (backport #2799)
|
|
(cherry picked from commit 089280f82349cd7b77649eb71729be1e73714b52)
|
|
(cherry picked from commit 62f10e0ec8075634e1515d6cecc822d87053bccb)
|
|
(cherry picked from commit 7a2b70bd73c8579a885348b93b8addfb20fb006c)
|
|
* show log certbot
* monitor log certbot
* renew certbot
(cherry picked from commit 9d02d32319f9328df618910a038ef580588e13c8)
|
|
We've always had a command to display discrete IPv6 routes/prefixes within the
global VRF. This commit also adds support for a discrete VRF.
vyos@vyos:~$ show ipv6 route vrf <name>
Possible completions:
<Enter> Execute the current command
<h:h:h:h:h:h:h:h> Show IPv6 routes of given address or prefix
<h:h:h:h:h:h:h:h/x>
(cherry picked from commit 119d94bdb05d0c88bfc452d903e64000b278c43e)
|
|
op-mode: T5884: correct "generate wireguard" help string (backport)
|
|
(cherry picked from commit 51bb6d0487c5a0918276f142f41ea5bca7b380fc)
|
|
(cherry picked from commit e2c9ffd8bc2d6119b78ec166fe5b90764fb38563)
|
|
vyos@vyos:~$ restart router-advert
(cherry picked from commit 9d15c7d3fb21648a52b9c06bdc0a5055f8099119)
|
|
VyOS CLI command
set service ndp-proxy interface eth0 prefix 2001:db8::/64 mode 'static'
Will generate the following NDP proxy configuration
$ cat /run/ndppd/ndppd.conf
# autogenerated by service_ndp-proxy.py
# This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route
route-ttl 30000
# This sets up a listener, that will listen for any Neighbor Solicitation
# messages, and respond to them according to a set of rules
proxy eth0 {
# Turn on or off the router flag for Neighbor Advertisements
router no
# Control how long to wait for a Neighbor Advertisment message before invalidating the entry (milliseconds)
timeout 500
# Control how long a valid or invalid entry remains in the cache (milliseconds)
ttl 30000
# This is a rule that the target address is to match against. If no netmask
# is provided, /128 is assumed. You may have several rule sections, and the
# addresses may or may not overlap.
rule 2001:db8::/64 {
static
}
}
(cherry picked from commit 4d721a58020971d00ab854c37b68e88359999f9c)
|
|
(cherry picked from commit bb578a1cab177e8cee6e4d02144d21387ba13a93)
|
|
(cherry picked from commit 9ffa3e82d951756696367578dd5e82ef0f690065)
|
|
This commit adds the whole set of system image tools written from the scratch in
Python that allows performing all the operations on images:
* check information
* perform installation and deletion
* versions management
Also, it contains a new service that will update the GRUB menu and keep tracking
its version in the future.
WARNING: The commit contains non-reversible changes. Because of boot menu
changes, it will not be possible to manage images from older VyOS versions after
an update.
(cherry picked from commit 8f94262e8fa2477700c50303ea6e2c6ddad72adb)
|
|
VyOS CLI
set protocols segment-routing srv6 locator bar prefix '2001:b::/64'
set protocols segment-routing srv6 locator foo behavior-usid
set protocols segment-routing srv6 locator foo prefix '2001:a::/64'
Will generate in FRR
segment-routing
srv6
locators
locator bar
prefix 2001:b::/64 block-len 40 node-len 24 func-bits 16
exit
!
locator foo
prefix 2001:a::/64 block-len 40 node-len 24 func-bits 16
behavior usid
exit
!
exit
!
exit
!
exit
(cherry picked from commit ca301cdd4746187f96ff84e411fda6a84e33f237)
|
|
set protocols bgp sid vpn per-vrf export '99'
set protocols bgp srv6 locator 'foo'
set protocols bgp system-as '100'
Will generate in FRR config
router bgp 100
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
no bgp network import-check
!
segment-routing srv6
locator foo
exit
sid vpn per-vrf export 99
exit
(cherry picked from commit af46fe54e56cf85d13b62ee771bec3d80f225ac5)
|
|
Apply baseline defaults for `.gitattributes` and `.vscode/settings.json`
for improved developer experience.
The `.gitattrbutes` settings are based on:
Git documentation (https://git-scm.com/docs/gitattributes#_effects)
GitHub documentation (https://docs.github.com/en/get-started/getting-started-with-git/configuring-git-to-handle-line-endings)
Community templates (https://github.com/gitattributes/gitattributes)
Since editor-agnostic line-ending specific settings are applied to
`.gitattributes`, they can be removed from `.vscode/settings.json`.
The global VSCode defaults have also been removed to avoid duplication.
(cherry picked from commit c30002208d392177cb1ffc1a5c714f7ad6d573b6)
|
|
The initial version always enabled Google authenticator (2FA/MFA) support by
hardcoding the PAM module for sshd and login.
This change only enables the PAM module on demand if any use has 2FA/MFA
configured. Enabling the module is done system wide via pam-auth-update by
using a predefined template.
Can be tested using:
set system login user vyos authentication plaintext-password vyos
set system login user vyos authentication otp key 'QY735IG5HDHBFHS5W7Y2A4EM274SMT3O'
See https://docs.vyos.io/en/latest/configuration/system/login.html for additional
details.
(cherry picked from commit e134dc4171b051d0f98c7151ef32a347bc4f87e2)
|
|
(cherry picked from commit 21ad36aa8789b28311fa04f8add14388057a67ad)
|
|
(cherry picked from commit 57761a370d2217eeb79827e8c20384f6de649c66)
|
|
In a service provider network a service provider typically supports multiple
bridge domains with overlapping vlans. One bridge domain per customer. Vlans in
each bridge domain are mapped to globally unique VXLAN VNI ranges assigned to
each customer.
Without the ability of VNI filtering, we can not provide VXLAN tunnels
with multiple tenants all requiring e.g. VLAN 10.
To Test:
set interfaces vxlan vxlan987 parameters external
set interfaces vxlan vxlan987 source-interface eth0
set interfaces vxlan vxlan987 parameters vni-filter
set interfaces vxlan vxlan987 vlan-to-vni 50 vni 10050
set interfaces vxlan vxlan987 vlan-to-vni 51 vni 10051
set interfaces vxlan vxlan987 vlan-to-vni 52 vni 10052
set interfaces vxlan vxlan987 vlan-to-vni 53 vni 10053
set interfaces vxlan vxlan987 vlan-to-vni 54 vni 10054
set interfaces vxlan vxlan987 vlan-to-vni 60 vni 10060
set interfaces vxlan vxlan987 vlan-to-vni 69 vni 10069
set interfaces bridge br0 member interface vxlan987
Add new op-mode command: show bridge vni
Interface VNI
----------- -----------
vxlan987 10050-10054
vxlan987 10060
vxlan987 10069
(cherry picked from commit 35f6033d21053fa420e837f157cd9377a4ccd26a)
|
|
T4072: firewall: backport bridge firewall to sagitta
|
|
By default show VRF, MAC, MTU for `show interfaces`
The original `show interfaces` moved to `show interfacces summary`
(cherry picked from commit 056885c02b8671279808c226a759de6c5356f578)
|
|
|
|
pim(6): T5733: add missing FRR related features (backport #2476)
|
|
Add op-mode "show interfaces summary"
Add MAC, VRF and MTU options:
vyos@r4# run show interfaces summary
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address MAC VRF MTU S/L Description
----------- ----------------- ----------------- ------- ----- ----- -------------
dum0 203.0.113.1/32 96:44:ad:c5:a1:a5 default 1500 u/u
eth0 192.168.122.14/24 52:54:00:f1:fd:77 default 1500 u/u WAN
eth1 192.0.2.1/24 52:54:00:04:33:2b foo 1500 u/u LAN-eth1
eth2 - 52:54:00:40:2e:af default 1504 u/u LAN-eth2
eth3 - 52:54:00:09:a4:b4 default 1500 A/D
(cherry picked from commit dc3906f04fbfe8014531e092a77c1c8c2d10dfe0)
|
|
vyos@vyos:~$ show vrf vni
VRF VNI VxLAN IF L3-SVI State Rmac
blue 2000 None None Down None
green 3000 None None Down None
red 1000 None None Down None
vyos@vyos:~$ show vrf blue vni
VRF VNI VxLAN IF L3-SVI State Rmac
blue 2000 None None Down None
(cherry picked from commit 2fb763ffbc5c5babe552ec97c06570c54ea4aad8)
|
|
(cherry picked from commit 403d2ffd6e46cb082b1d16ddf515e1784bee968c)
# Conflicts:
# data/templates/frr/pim6d.frr.j2
# interface-definitions/protocols-pim6.xml.in
# smoketest/scripts/cli/test_protocols_pim6.py
# src/conf_mode/protocols_pim6.py
|
|
(cherry picked from commit dd13213ae94f071bc30cc17f5fabef02fbf95939)
|
|
IGMP and PIM are two different but related things.
FRR has both combined in pimd. As we use get_config_dict() and FRR reload it
is better to have both centrally stored under the same CLI node (as FRR does,
too) to just "fire and forget" the commit to the daemon.
"set protocols igmp interface eth1" -> "set protocols pim interface eth1 igmp"
(cherry picked from commit bc83fb097719f5c4c803808572f690fbc367b9e5)
|
|
Migrate CLI configuration retrival to common get_config_dict(). In addition
add new functionality to VyOS that is PIM related and already available in FRR.
(cherry picked from commit 9abc02edcc237760f1f8aa1b3f08d7f4d18f866c)
# Conflicts:
# python/vyos/frr.py
# src/op_mode/restart_frr.py
|
|
mtr: T5658: Add VRF support for mtr (+ op_mode wrapper) (backport #2435)
|
|
op-mode: bgp: T5698: add "es-vrf" and "next-hops" CLI commands (backport)
|
|
(cherry picked from commit c0de93d37354ec89f44dde7f1b5a4c8af550a019)
|
|
(cherry picked from commit 709c578e123bcf258eba1d15842b63eb63413523)
|
|
(cherry picked from commit 07ecc0c33fb32878cac25ec84f2f3a977588f0dd)
|
|
|
|
The following ones are available now:
- restart mdns repeater
- show log mdns repeater
- monitor log mdns repeater
(cherry picked from commit ace8a25552fa7f2b2369a385ed8933feb66f355b)
|
|
show bgp l2vpn evpn es-vrf
show bgp l2vpn evpn next-hops
(cherry picked from commit f4b1df3c84072624060e13a6099d2032e0a4ee47)
|
|
(cherry picked from commit 43288b57d8dc79a12a9bedd6386d81c85bd00149)
|
|
|
|
logfile
(cherry picked from commit 78e00bf4099bfac2164ef2075acce8169c40c9c3)
|
|
Try to have as few calls to sudo in the op-mode scripts as possible. The XML
definitions can deal with it.
(cherry picked from commit 428dee29d36cc3629990ec41afef887821886834)
|
|
This makes the code more easy to maintain in the future if everyone uses the
same structure when calling journalctl.
(cherry picked from commit e1b4e972b40941acec76c97e714767214cefe426)
|
|
|
|
|
|
(cherry picked from commit ed29faeea1354dc2bec544c63e55c1c666e0d900)
|
|
'generate tech-support archive' moved to vyos-1x.
Output of 'show tech-support report' command is added to archive.
The default location of the archive is moved to '/tmp'.
The script is rewritten to Python.
(cherry picked from commit 65911b17340a7894aba973113d83ab43964bbf99)
|