Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-06-09 | Merge pull request #1327 from sever-sever/T970 | Christian Poessinger | |
firewall: T970: Add firewall group domain-group | |||
2022-06-05 | T4387: add more firewall checks for WLB smoketests. | Nicolas Fort | |
2022-06-05 | Merge pull request #1346 from sever-sever/T4387-curr | Viacheslav Hletenko | |
smoketest: T4387: Add test for load-balancing wan | |||
2022-06-04 | Policy: T3976-T4449-nexthop: add - match ipv6 nexthop type - as available ↵ | Nicolas Fort | |
for ipv4 | |||
2022-06-02 | smoketest: T4387: Add test for load-balancing wan | Viacheslav Hletenko | |
Create 2 network namespaces which allow us to emulate 2 ISP with different static addresses Check routing table 201 for the first ISP and table 202 for the second ISP. Each table must contain default route (cherry picked from commit 6b75cbb0575ca95806e969f5d7f219c0cbeea334) | |||
2022-05-31 | Merge pull request #1344 from sarthurdev/pki_update | Christian Poessinger | |
pki: T3642: Update conf scripts using changed PKI objects | |||
2022-05-31 | pki: T3642: Update conf scripts using changed PKI objects | sarthurdev | |
2022-05-31 | smoketest: policy: T3976: add migratable config snippet | Christian Poessinger | |
2022-05-31 | IPv6: T3976: add prefix-list and access-list option from ipv6 route-map | fett0 | |
2022-05-29 | Policy: T4450: Expand options for ip|ipv6 address match. Now support ↵ | Nicolas Fort | |
prefix-len on both matches. Also change help properties of route-source node. | |||
2022-05-29 | rip: T4448: remove default version for RIP | Christian Poessinger | |
Commit f9e38622 ("rip: T4448: add support to set protocol version on an interface level") also added the versionspecified on a per interface level. the RIp version carried a default value of 2 which makes RIPv1 and RIPv2 no longer working which is dthe default for FRR. Remove the default "2" from the RIP version specifier to make this behavior work again. | |||
2022-05-29 | Merge branch 'T4449' of https://github.com/nicolas-fort/vyos-1x into current | Christian Poessinger | |
* 'T4449' of https://github.com/nicolas-fort/vyos-1x: Policy: T4449: Extend matching options for route-map ip nexthop | |||
2022-05-28 | rip: T4448: add support to set protocol version on an interface level | Christian Poessinger | |
2022-05-28 | firewall: T970: Add firewall group domain-group | Viacheslav Hletenko | |
Domain group allows to filter addresses by domain main Resolved addresses as elements are stored to named "nft set" that used in the nftables rules Also added a dynamic "resolver" systemd daemon vyos-domain-group-resolve.service which starts python script for the domain-group addresses resolving by timeout 300 sec set firewall group domain-group DOMAINS address 'example.com' set firewall group domain-group DOMAINS address 'example.org' set firewall name FOO rule 10 action 'drop' set firewall name FOO rule 10 source group domain-group 'DOMAINS' set interfaces ethernet eth0 firewall local name 'FOO' nft list table ip filter table ip filter { set DOMAINS { type ipv4_addr flags interval elements = { 192.0.2.1, 192.0.2.85, 203.0.113.55, 203.0.113.58 } } chain NAME_FOO { ip saddr @DOMAINS counter packets 0 bytes 0 drop comment "FOO-10" counter packets 0 bytes 0 return comment "FOO default-action accept" } } | |||
2022-05-28 | Policy: T4449: Extend matching options for route-map ip nexthop | Nicolas Fort | |
2022-05-28 | smoketest: rip: T4448: improve class startup time | Christian Poessinger | |
2022-05-28 | rip: T4448: add support for explicit version selection | Christian Poessinger | |
2022-05-25 | configtest: T4382: no migration to 'bgp local-as' under vrf | John Estabrook | |
The migration script bgp/0-to-1 did not address 'protocols bgp ASN' -> 'protocols bgp local-as ASN' under a vrf. Move to configs.no-load for review on extending/adding a migration script. | |||
2022-05-25 | configtest: T4382: missing block in migration script vrf/0-to-1 | John Estabrook | |
The config vrf-basic reveals a missing block in the migration script vrf/0-to-1, moving 'next-hop-vrf' to 'vrf'. As this only exists in Sagitta, modify script 0-to-1. Also, fix the 'system nt' typo seen in vrf-ospf. | |||
2022-05-25 | configtest: T4382: inconsistent ipsec component version | John Estabrook | |
The pki-ipsec sagitta-era config contains 'vpn ipsec ipsec-interfaces interface eth0' with ipsec component version ipsec@6, however, this construction is successfully moved by migration script ipsec/5-to-6. Consequently, this must have been an error in translation of the config file. Note that this is unrelated to the corrected error regarding an empty 'ipsec-interfaces' node. Move config to configs.no-load for review. | |||
2022-05-25 | configtest: T4382: bgp_small_as has a nonsensical entry | John Estabrook | |
bgp_small_as contains set commands such as: 'protocols static route 10.0.0.0/8 MY-NAS distance 254' which would appear to have no meaning, in any VyOS version. Move to config.no-load for analysis. | |||
2022-05-25 | configtest: T4382: 'nat ... log' takes no 'enable' argument | John Estabrook | |
The component version in bgp-dmvpn-spoke is nat@5, however, 4-to-5 removes the boolean argument. It is confirmed that the migration script works correctly, hence, it must be a typo in translation; remove argument 'enable'. | |||
2022-05-25 | configtest: T4382: system@20 cannot have 'user level' (16-to-17) | John Estabrook | |
The config file isis-small has system@20, but 'user level' which was migrated in system/16-to-17; remove the line in the config, as there is no problem with the migration script in question. | |||
2022-05-25 | configtest: T4382: remove typo | John Estabrook | |
This is a typo in vrf-ospf: 'system nt' on the line before 'system ntp'. | |||
2022-05-25 | Merge pull request #1088 from zdc/T4020-sagitta | Daniil Baturin | |
FRR: T4020: Added CLI options for FRR daemons | |||
2022-05-21 | smoketest: flow-accounting: T4437: adjust smoketest to new generated config ↵ | Christian Poessinger | |
syntax | |||
2022-05-13 | smoketest: add sshguard allow-from case | Christian Poessinger | |
2022-05-12 | sshguard: T4408: Add service ssh dynamic-protection | Viacheslav Hletenko | |
Sshguard protects hosts from brute-force attacks Can inspect logs and block "bad" addresses by threshold Auto-generate rules for nftables When service stopped all generated rules are deleted nft "type filter hook input priority filter - 10" set service ssh dynamic-protection set service ssh dynamic-protection block-time 120 set service ssh dynamic-protection detect-time 1800 set service ssh dynamic-protection threshold 30 set service ssh dynamic-protection whitelist-address 192.0.2.1 | |||
2022-05-09 | Merge pull request #1279 from nicolas-fort/T990 | Christian Poessinger | |
Firewall: T990: Add snat and dnat connection status on firewall | |||
2022-05-08 | smoketest: policy-route: use setUpClass() | Christian Poessinger | |
2022-05-08 | policy: evpn: T3739: support "set evpn gateway-ip" | Christian Poessinger | |
2022-05-07 | vrf: T4419: support to disable IP forwarding within a given VRF | Christian Poessinger | |
2022-05-06 | bgp: T4385: verify() peer-group in interface based neighbors | Christian Poessinger | |
2022-05-05 | smoketest: do not auto-load big firewall config on smoketest | Christian Poessinger | |
This takes a very long time, but keep the config for manual runs | |||
2022-05-05 | policy: T4414: add support for route-map "as-path prepend last-as x" | Christian Poessinger | |
2022-04-30 | smoketest: import large firewall config from T1230 | Christian Poessinger | |
2022-04-29 | smoketest: add basic QoS configuration | Christian Poessinger | |
2022-04-28 | arp: T4397: change CLI syntax to support interface and VRF bound ARP entries | Christian Poessinger | |
* set protocols static arp interface eth0 address 192.0.2.1 mac 01:23:45:67:89:01 | |||
2022-04-26 | smoketest: http: add decorator to suppress warnings locally | John Estabrook | |
2022-04-26 | smoketest: ethernet: bugfix - NameError: name 'af' is not defined | Christian Poessinger | |
2022-04-25 | smoketest: config: T4397: add ARP entries for a second interface | Christian Poessinger | |
2022-04-25 | smoketest: config: T4397: add some static ARP entries | Christian Poessinger | |
2022-04-25 | smoketest: arp: add initial testcase for static ARP entries | Christian Poessinger | |
2022-04-25 | smoketest: ethernet: verify addresses are deleted from interface after test | Christian Poessinger | |
2022-04-25 | smoketest: openconnect: use setUpClass() over setUp() | Christian Poessinger | |
2022-04-25 | smoketest: dhcpv6-server: use setUpClass() over setUp() | Christian Poessinger | |
2022-04-25 | smoketest: pki: use setUpClass() over setUp() | Christian Poessinger | |
2022-04-25 | smoketest: migrate pppoe, and wireguard to setUpClass() scheme | Christian Poessinger | |
2022-04-25 | smoketest: bugfix on proper inheritance levels for classmethod | Christian Poessinger | |
2022-04-23 | Firewall: T990: Modifications for new connection-status cli | Nicolas Fort | |