Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-09-16 | T6687: add fqdn support to nat rules. | Nicolas Fort | |
2024-08-02 | T6629: call check_kmod within a standard config function | John Estabrook | |
Move the remaining calls to check_kmod within a standard function, with placement determined by the needs of the config script. | |||
2024-05-22 | nat: T6365: use interface_exists() over netifaces.interfaces() | Christian Breunig | |
2024-05-22 | nat: T6365: use string startswith() over [0] index access | Christian Breunig | |
2024-05-22 | nat: T6365: remove warnings for negated interface selections by name | Ryazanov Alexander Mihailovich | |
2024-04-03 | T6199: drop unused Python imports | Christian Breunig | |
found using "git ls-files *.py | xargs pylint | grep W0611" | |||
2024-04-01 | nat: T2199: always use full nft command name (e.g. --file over -f) | Christian Breunig | |
2024-03-05 | T6075: firewall and NAT: check if interface-group exists when using them in ↵ | Nicolas Fort | |
firewall|nat rules. | |||
2024-02-01 | Merge pull request #2756 from nicolas-fort/T4839 | Christian Breunig | |
T4839: firewall: Add dynamic address group in firewall configuration | |||
2024-01-25 | T4839: firewall: Add dynamic address group in firewall configuration, and ↵ | Nicolas Fort | |
appropiate commands to populate such groups using source and destination address of the packet. | |||
2024-01-04 | T5159: nat: add option to map network and ports. Feature used for large ↵ | Nicolás Fort | |
deployments in cgnat. (#2694) | |||
2023-12-29 | nat: T5681: relax wording on non existing interface Warning message | Christian Breunig | |
Remove the word "error" from a Warning only message to not irritate the user. | |||
2023-10-25 | T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher ↵ | Nicolas Fort | |
(valid for interfaces and groups) in firewal, nat and nat66. | |||
2023-10-11 | T5643: nat: add interface-groups to nat. Use same cli structure for ↵ | Nicolas Fort | |
interface-name|interface-group as in firewall. | |||
2023-09-16 | nat: Remove deprecated kernel check | sarthurdev | |
/usr/libexec/vyos/conf_mode/nat.py:21: DeprecationWarning: The distutils package is deprecated and slated for removal in Python 3.12. Use setuptools or check PEP 632 for potential alternatives from distutils.version import LooseVersion | |||
2023-09-16 | conntrack: T5571: Refactor conntrack to be independent conf script from ↵ | sarthurdev | |
firewall, nat, nat66 | |||
2023-09-13 | T5561: nat: defining inbound|outbound interface should not be mandatory ↵ | Nicolas Fort | |
while configuring dNAT|sNAT rule | |||
2023-09-04 | nat: T1877: Fix typo in nat ConfigError | sarthurdev | |
2023-08-23 | T5472: nat redirect: allow redirection without defining redirected port | Nicolas Fort | |
2023-08-09 | Merge pull request #2136 from jestabro/with-defaults | Christian Breunig | |
T5319: remove workarounds for incorrect defaults in config-mode scripts | |||
2023-08-08 | Merge pull request #2119 from nicolas-fort/T5014-dnat | Christian Breunig | |
T5014: nat: add source and destination nat options for configuring lo… | |||
2023-08-07 | T5319: remove workarounds for defaults in nat.py | John Estabrook | |
2023-08-06 | T5195: move helpers from vyos.validate to vyos.utils package | Christian Breunig | |
2023-07-31 | Merge branch 'current' into T5014-dnat | Nicolás Fort | |
2023-07-31 | T5014: fix conflicts. Add code for redirection, which is causing conflicts. ↵ | Nicolas Fort | |
Change code for new syntax | |||
2023-07-31 | T5014: nat: add source and destination nat options for configuring load ↵ | Nicolas Fort | |
balance within a single rule. | |||
2023-07-19 | T4899: NAT Redirect: adddestination nat redirection (to local host) feature. | Nicolas Fort | |
2023-07-15 | T5195: vyos.util -> vyos.utils package refactoring part #2 | Christian Breunig | |
2023-07-14 | T5195: vyos.util -> vyos.utils package refactoring (#2093) | Christian Breunig | |
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io | |||
2022-11-03 | nat: T1877: T970: Add firewall groups to NAT | sarthurdev | |
2022-10-25 | nat: T4706: Verify translation address or port exists | sarthurdev | |
2022-10-25 | nat: T4764: Remove tables on NAT deletion | sarthurdev | |
2022-09-21 | nat: T4605: Refactor static NAT to use python module for parsing rules | sarthurdev | |
* Rename table to vyos_nat * Add static NAT smoketest | |||
2022-09-21 | nat: T4605: Refactor NAT to use python module for parsing rules | sarthurdev | |
* Rename table to vyos_nat * Refactor tests to use `verify_nftables` format | |||
2022-08-31 | nat: T538: Move nat configs to /run directory | Viacheslav Hletenko | |
2022-08-29 | nat: T4367: Move nat rules from /tmp to /run/nftables_nat.conf | Viacheslav Hletenko | |
Move nftables nat configuration from /tmp to /run As we have for other services like firewall, conntrack Don't remove the config file '/run/nftables_nat.conf' after commit | |||
2022-08-17 | nat: T538: Add static NAT one-to-one | Viacheslav Hletenko | |
Ability to set static NAT (one-to-one) in one rule set nat static rule 10 destination address '203.0.113.0/24' set nat static rule 10 inbound-interface 'eth0' set nat static rule 10 translation address '192.0.2.0/24' It will be enough for PREROUTING and POSTROUTING rules Use a separate table 'vyos_static_nat' as SRC/DST rules and STATIC rules can have the same rule number | |||
2022-05-01 | firewall: T4353: fix Jinja2 linting errors | Christian Poessinger | |
2022-04-16 | vyos.base: use Warning() helper where applicable | Christian Poessinger | |
2022-04-10 | nat: T2199: bugfix dry-run newly generated config before install | Christian Poessinger | |
Commit bb76e8d7f1635 ("nat: T2199: dry-run newly generated config before install") added support to verify the generated nftables ruleset. Unfortunately if the verify failed - a Python exception was triggered: NameError: name 'nftables_ct_file' is not defined This was due to bad copy/pasting. | |||
2022-01-10 | nat: T2199: dry-run newly generated config before install | Christian Poessinger | |
Before installing a new conntrack policy into the OS Kernel, the new policy should be verified by nftables if it can be loaded at all or if it will fail to load. There is no need to load a "bad" configuration if we can pre-test it. | |||
2022-01-01 | nat: T2199: rename iptables -> nftables variable prefix | Christian Poessinger | |
2021-12-06 | firewall: T2199: Migrate firewall to XML/Python | sarthurdev | |
2021-08-18 | nat: T2198: remove superfluous else clause on missing outbound-interface | Christian Poessinger | |
2021-01-19 | nat: T2947: add many-many translation | Christian Poessinger | |
Support a 1:1 or 1:n prefix translation. The following configuration will NAT source addresses from the 10.2.0.0/16 range to an address from 192.0.2.0/29. For this feature to work a Linux Kernel 5.8 or higher is required! vyos@vyos# show nat source { rule 100 { outbound-interface eth1 source { address 10.2.0.0/16 } translation { address 192.0.2.0/29 } } } This results in the nftables configuration: chain POSTROUTING { type nat hook postrouting priority srcnat; policy accept; oifname "eth1" counter packets 0 bytes 0 snat ip prefix to ip saddr map { 10.2.0.0/16 : 192.0.2.0/29 } comment "SRC-NAT-100" } | |||
2021-01-11 | nat: T3206: unable to delete only rules but keep destination node | Christian Poessinger | |
2020-12-01 | nat: T3102: Check key in dictionary | DmitriyEshenko | |
2020-11-28 | nat: T3092: migrate to get_config_dict() | Christian Poessinger | |
The NAT system consists out of nested tag nodes which makes manual parsing very hard. This is a perfect candidate for migrating this to get_config_dict() as there is already a smoketest in place. In addition this should make it easier to add features like static nat/hairpin. | |||
2020-11-27 | vyos.template: T2720: always enable Jinja2 trim_blocks feature | Christian Poessinger | |
2020-10-01 | nat: T2948: fix validation of IP address range | Christian Poessinger | |