Age | Commit message (Collapse) | Author |
|
(cherry picked from commit 690ae8bf526b6d45997bedf5e856f858ad251658)
|
|
[ firewall options interface wg01 ]
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/firewall_options.py", line 139, in <module>
apply(c)
File "/usr/libexec/vyos/conf_mode/firewall_options.py", line 97, in apply
if tcp['new_chain4']:
TypeError: 'NoneType' object is not subscriptable
delete [ firewall options ] failed
delete [ firewall ] failed
Commit failed
(cherry picked from commit efb1a1c88f436a3704c4ca6e15b65aeded4b9654)
|
|
|
|
Conflicts:
src/conf_mode/host_name.py
|
|
|
|
- rsyslog appears now to be started via systemd automatically,
checking for the pid to avoid restart race condition between systemd
vyos conf script
|
|
|
|
|
|
|
|
|
|
Conflicts:
src/tests/test_host_name.py
|
|
Conflicts:
src/conf_mode/host_name.py
|
|
|
|
(cherry picked from commit 31ad6b67e3bc22bc340ba5b4f95cf3dd548e31b9)
|
|
* clamp MSS IPv4
set firewall options interface pppoe0 adjust-mss '1452'
* clamp MSS IPv6
set firewall options interface pppoe0 adjust-mss6 '1452'
* disable entire rule
set firewall options interface pppoe0 disable
Output
------
$ sudo iptables-save -t mangle
# Generated by iptables-save v1.4.21 on Sun Apr 21 12:56:25 2019
*mangle
:PREROUTING ACCEPT [1217:439885]
:INPUT ACCEPT [290:52459]
:FORWARD ACCEPT [920:375774]
:OUTPUT ACCEPT [301:100053]
:POSTROUTING ACCEPT [1221:475827]
:VYOS_FW_OPTIONS - [0:0]
-A FORWARD -j VYOS_FW_OPTIONS
-A VYOS_FW_OPTIONS -o pppoe0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452
COMMIT
Completed on Sun Apr 21 12:56:25 2019
|
|
|
|
WPAD url could be configured by CLI but the generated config was not
understood by ISC dhcp - caused by infalid if {} statement resulting in
a missing option wpad-url block.
(cherry picked from commit bfa9d55e9f1c3a091cff2fc214f2587d9b049cdb)
|
|
Same cause as with commit c6988bb4110541478dad74d0b892fd4643ed530a
(cherry picked from commit 40c342f3a84a75acc9f41c83cb735e966da7c47e)
|
|
Add support for relaying a DHCPv6 packet to multiple servers on one upstream
interface.
(cherry picked from commit d5b113923aaa776f89749c820d6283b593e80c3a)
|
|
When generation the configuration for multiple upstream interfaces a whitespace
was missing in the generated configuration:
OPTIONS="-6 -l 2001:db8::ffff%eth1 -u 2001:db8:1:ffff%eth2-u 2001:db8:2:ffff%eth3"
^---
This caused an error when starting up the DHCPv6 relay service
(cherry picked from commit c6988bb4110541478dad74d0b892fd4643ed530a)
|
|
parameter in /etc/resolv.conf"
This reverts commit 1a384ed21f1777faaef653f9d1e3d9c05542fdc8.
|
|
/etc/resolv.conf
|
|
using fully-qualified domain name
|
|
(cherry picked from commit 0fefe3c3b9250ad2ba841287a94036119728c708)
|
|
|
|
disable' to disable single peers
Conflicts:
debian/changelog
|
|
|
|
in unicast mode (patch by Johan Fredin).
|
|
(cherry picked from commit f0084de554d71d0f011c7fd2c6009f1864bd9d77)
|
|
(cherry picked from commit 583975299c625d6049be6561d70e4cadc9976242)
|
|
(cherry picked from commit fbfe43b5ae7692e6ee6ce6d5517efdb2cdf8f022)
|
|
(cherry picked from commit 3a1e484c69c883af03f355f0349ef218212207e1)
|
|
tftp-hpa which is the TFTP daemon used by VyOS does not support
listening on multiple IP adresses. With this limitation we will start
one TFTP daemon instance per configured listen-address via systemd.
(cherry picked from commit 735a24d58ddf55294241ce8160471fe9be062498)
|
|
When deleting or changing "service dns dynamic" the cache file of ddclient
is not removed, leading to abandoned host names which might be already gone.
(cherry picked from commit ec604ef88e2845bcd75070f6dff325ccc50873aa)
|
|
(cherry picked from commit ad011db299196a2e5defa7d8030be149d71d53ee)
|
|
|
|
(cherry picked from commit cc3f6088783373bd56cd821599bdc12ba123125b)
|
|
WHen building up the SNMP v2 community ro/rw access all hosts from
a INET version could access even when the community was locked to one
INET family.
Example #1:
set service snmp community bar network 172.16.0.0/12
Allowed access only to IPv4 network 172.16.0.0/12 but it allowed acces from
IPv6 ::/0.
Example #2:
set service snmp community baz network 2001:db8::/64
Limited IPv6 access to 2001:db8::/64 but IPv4 was open to 0.0.0.0/0
(cherry picked from commit cc07c4727bdffb4c220ce28ab9f697b01fe4afb7)
|
|
|
|
This reverts commit 632893abf5c7bf935d866462a107ed1eef1747b3.
|
|
|
|
The name-server option under "service dns-forwarding" was never mandatory so
users never needed to specify an upstream server. With the recent switch to
PowerDNS recursor in VyOS 1.2.0 we will act as a full DNS recursor when
there is no upstream DNS server configured.
|
|
|
|
|
|
subnet-parameters were not added to the resulting configuration.
|
|
|
|
|
|
This reverts commit 51f61991092a163f680e4ec8f122e73f4074ddf9.
It's not how it's done, those templates are generated by a script in
vyatta-cfg-firewall.
If we are planning a firewall overhaul in 1.3.x, there's no reason to
transplant the old approach to new code.
|
|
|
|
|