Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-01-31 | firewall: T2199: Fix errors when referencing an empty chain | sarthurdev | |
2022-01-30 | policy: T4213: Fix duplicate commands from multiple rules with single table | sarthurdev | |
2022-01-29 | firewall: T4216: Add support for negated firewall groups | sarthurdev | |
2022-01-29 | firewall: T4218: Adds a prefix to all user defined chains | sarthurdev | |
2022-01-29 | Merge pull request #1195 from hensur/current-ipv6-local-route | Christian Poessinger | |
policy: T4151: bugfix multiple commits and smoketest | |||
2022-01-30 | Merge pull request #789 from jack9603301/T3420 | Daniil Baturin | |
upnpd: T3420: Support UPNP protocol | |||
2022-01-28 | policy: T4151: remove all previous rules on edit | Henning Surmeier | |
2022-01-27 | Merge pull request #1194 from sarthurdev/T4213 | Christian Poessinger | |
policy: T4213: Fix rule creation/deletion for IPv6 policy routes | |||
2022-01-27 | policy: T4213: Fix rule creation/deletion for IPv6 policy routes | sarthurdev | |
2022-01-25 | policy: T4194: Add prefix-list duplication checks | Viacheslav Hletenko | |
Prefix-list should not be duplicatied as FRR doesn't accept it One option when it can be duplicated when it uses "le" or "ge" | |||
2022-01-22 | Merge pull request #1184 from sarthurdev/firewall_icmp | Christian Poessinger | |
firewall: T4130: T4186: ICMP/v6 updates, ipv6 state policy check fix | |||
2022-01-21 | firewall: T2199: Verify correct ICMP protocol for ipv4/ipv6 | sarthurdev | |
2022-01-21 | firewall: T4130: Use correct table to check for state policy rule | sarthurdev | |
2022-01-21 | policy: T4151: Bugfix policy ipv6-local-route | Henning Surmeier | |
2022-01-20 | Merge pull request #1144 from hensur/current-ipv6-local-route | Christian Poessinger | |
policy: T4151: Add policy ipv6-local-route | |||
2022-01-18 | firewall: T2199: Raise ConfigError if deleted node is used in zone-policy | sarthurdev | |
2022-01-18 | firewall: policy: T1292: Clean up any rules required to delete a chain | sarthurdev | |
2022-01-17 | Merge pull request #1174 from sarthurdev/firewall | Christian Poessinger | |
firewall: T4178: T3873: tcp flags syntax refactor, intra-zone-filtering fix | |||
2022-01-17 | firewall: policy: T4178: Migrate and refactor tcp flags | sarthurdev | |
* Add support for ECN and CWR flags | |||
2022-01-14 | Merge pull request #1167 from sarthurdev/firewall | Christian Poessinger | |
firewall: T4178: Use lowercase for TCP flags and add an validator | |||
2022-01-14 | firewall: T4178: Use lowercase for TCP flags and add an validator | sarthurdev | |
2022-01-14 | policy: T4151: Add policy ipv6-local-route | Henning Surmeier | |
Adds support for `ip -6 rule` policy based routing. Also, extends the existing ipv4 implemenation with a `destination` key, which is translated as `ip rule add to x.x.x.x/x` rules. https://phabricator.vyos.net/T4151 | |||
2022-01-13 | monitoring: T3872: Add just required interfaces for ethtool | Viacheslav | |
Telegraf ethtool input filter expected ethX interfaces and not other interfaces like vlans/tunnels/dummy Add "interface_include" option to telegraf template. | |||
2022-01-11 | policy: T2199: Refactor policy route script for better error handling | sarthurdev | |
* Migrates all policy route references from `ipv6-route` to `route6` * Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6` | |||
2022-01-11 | firewall: T4159: Add warning when an empty group is applied to a rule | sarthurdev | |
2022-01-11 | firewall: policy: T2199: Reload policy route script if `firewall group` node ↵ | sarthurdev | |
is changed | |||
2022-01-11 | firewall: policy: T4159: T4164: Fix empty firewall groups, create separate ↵ | sarthurdev | |
file for group definitions. | |||
2022-01-11 | policy: T4170: rename "policy ipv6-route" -> "policy route6" | Christian Poessinger | |
In order to have a consistent looking CLI we should rename this CLI node. There is: * access-list and access-list6 (policy) * prefix-list and prefix-list6 (policy) * route and route6 (static routes) | |||
2022-01-11 | containers: T2216: bugfix host networking on image upgrade | Mathew Inkson | |
The bug was partially fixed with this commit: https://github.com/vyos/vyos-1x/commit/358f0b481d8620cad4954e3fe418054b9a8c3ecd The earlier commit introduced a startup retry (up to 10 times) to allow the OS to settle before the container is started. However, it only applies if host networking is NOT used. This change applies the same for containers where host networking is employed. Since the retry portion of the code (written in the earlier commit) is now referenced twice, it has been moved to its own function. | |||
2022-01-10 | nat: T2199: dry-run newly generated config before install | Christian Poessinger | |
Before installing a new conntrack policy into the OS Kernel, the new policy should be verified by nftables if it can be loaded at all or if it will fail to load. There is no need to load a "bad" configuration if we can pre-test it. | |||
2022-01-10 | conntrack: T3579: dry-run newly generated config before install | Christian Poessinger | |
Before installing a new conntrack policy into the OS Kernel, the new policy should be verified by nftables if it can be loaded at all or if it will fail to load. There is no need to load a "bad" configuration if we can pre-test it. | |||
2022-01-10 | conntrack: T3579: prepare for "conntrack timeout custom rule" CLI commands | Christian Poessinger | |
2022-01-10 | conntrack: T3579: migrate "conntrack ignore" tree to vyos-1x and nftables | Christian Poessinger | |
2022-01-10 | firewall: 4149: Fix verify steps being bypassed when base node is removed | sarthurdev | |
2022-01-05 | firewall: zone-policy: T4133: Prevent firewall from trying to clean-up ↵ | sarthurdev | |
zone-policy chains * Prevent firewall names from using the reserved VZONE prefix | |||
2022-01-05 | Merge pull request #1136 from sarthurdev/firewall | Christian Poessinger | |
zone-policy: T4135: Raise error when using an invalid "from" zone. | |||
2022-01-05 | zone-policy: T4135: Raise error when using an invalid "from" zone. | sarthurdev | |
2022-01-05 | Merge pull request #1134 from sarthurdev/firewall | Christian Poessinger | |
firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and zone-policy | |||
2022-01-05 | firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and ↵ | sarthurdev | |
zone-policy | |||
2022-01-04 | Merge pull request #1121 from sever-sever/T4109 | Christian Poessinger | |
keepalived: T4109: Add high-availability virtual-server | |||
2022-01-04 | keepalived: T4109: Add high-availability virtual-server | Viacheslav | |
Add new feature, high-availability virtual-server Change XML, python and templates Move vrrp to root node 'high-availability' as all logic are handler by root node 'high-availability' | |||
2022-01-04 | Merge pull request #1130 from sarthurdev/firewall | Christian Poessinger | |
firewall: T4130: Fix firewall state-policy errors | |||
2022-01-04 | firewall: T4130: Fix firewall state-policy errors | sarthurdev | |
Also fixes: * Issue with multiple state-policy rules being created on firewall updates * Prevents interface rules being inserted before state-policy | |||
2022-01-03 | Merge pull request #1018 from sever-sever/T3872 | Christian Poessinger | |
monitoring: T3872: Add a new feature service monitoring | |||
2022-01-03 | monitoring: T3872: Add a new feature service monitoring telegraf | Viacheslav | |
2022-01-01 | nat: T2199: rename iptables -> nftables variable prefix | Christian Poessinger | |
2021-12-31 | Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into current | Christian Poessinger | |
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python | |||
2021-12-30 | snmp: T4124: migrate to get_config_dict() | Christian Poessinger | |
2021-12-29 | configd: T4086: use 'copy' on mutable global var default_config_data | John Estabrook | |
2021-12-27 | snmp: T4093: add missing verify() step for required group per snmp v3 user | Christian Poessinger | |