Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-06-03 | Merge pull request #3572 from talmakion/bugfix/T6403 | Daniil Baturin | |
nat64: T6403: validate source prefix for RFC compliance | |||
2024-06-03 | bfd: T6440: BFD peer length typo | Hannes Tamme | |
2024-06-03 | reverse-proxy: T6434: Support additional healthcheck options (#3574) | Alex W | |
2024-06-01 | nat64: T6403: validate source prefix for RFC compliance | Andrew Topp | |
Simplest fix is to comply with RFC6052. The code change is just masking out the relevant bits and ensuring they're zeroed. | |||
2024-05-31 | tunnel: T6157: fixing GRE tunnel uniqueness checks | Andrew Topp | |
Unset params would mistakenly match when None and trigger a validation error even when used params were unique. Updated check to ensure unique source-addresses if not None, and that (source-interfaces, source-addresses) are unique together appropriately. | |||
2024-05-31 | Merge pull request #3557 from haimgel/T6422/allow-multiple-ns-records | Christian Breunig | |
dns: T6422: allow multiple redundant NS records | |||
2024-05-31 | T5307: QoS - traffic-class-map services (#3492) | Roman Khramshin | |
added new syntax to work with class match filters in QoS policy | |||
2024-05-30 | T6422: Smoke test for NS record configration in authoritative DNS, typo & ↵ | Haim Gelfenbeyn | |
style fixes | |||
2024-05-30 | dns: T6422: allow multiple redundant NS records | Haim Gelfenbeyn | |
NS is unlike CNAME or PTR, multiple NS records are perfectly valid and is a common use case: multiple redundant DNS servers is a common configuration and should be supported. | |||
2024-05-30 | Merge pull request #3546 from c-po/haproxy | Christian Breunig | |
reverse-proxy: T6419: build full CA chain when verifying backend server | |||
2024-05-29 | container: T6406: fix NameError: name 'vyos' is not defined | Christian Breunig | |
Commit 74910564f ("T6406: rename cpus to cpu") did not import the function from the Python module. | |||
2024-05-29 | reverse-proxy: T6419: build full CA chain for frontend SSL certificate | Christian Breunig | |
2024-05-29 | reverse-proxy: T6419: build full CA chain when verifying backend server | Christian Breunig | |
2024-05-29 | reverse-proxy: T5231: remove frontend ca-certificate code path | Christian Breunig | |
The code path to handle the ca certificate used for the frontend service is removed, as there is no way on the XLI to define the CA certificate used for the frontend service. | |||
2024-05-29 | openvpn: T6374: only check TLS role for s2s if TLS is configured | Daniil Baturin | |
2024-05-29 | Merge pull request #3534 from sever-sever/T6411 | Daniil Baturin | |
T6411: CGNAT fix sequences for external address ranges | |||
2024-05-28 | Merge pull request #3528 from dmbaturin/T6374-openvpn-s2s-tls-validation | Christian Breunig | |
openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS | |||
2024-05-28 | T6411: CGNAT fix sequences for external address ranges | Viacheslav Hletenko | |
Fix the bug where address external alocation was not rely on sequences of the external IP addresses (if set) | |||
2024-05-28 | T6406: rename cpus to cpu | Nicolas Vollmar | |
2024-05-28 | T6406: add container cpu limit option | Nicolas Vollmar | |
2024-05-27 | openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS | Daniil Baturin | |
2024-05-26 | reverse-proxy: T6402: Fix invalid checks in validation script | Alex W | |
2024-05-23 | Merge pull request #3399 from 0xThiebaut/suricata | Christian Breunig | |
suricata: T751: Initial support for suricata | |||
2024-05-23 | suricata: T751: use key_mangling in get_config_dict() | Christian Breunig | |
2024-05-23 | suricata: T751: remove implicit default dictionary | Christian Breunig | |
2024-05-23 | suricata: T751: move CLI from "service ids suricata" -> "service suricata" | Christian Breunig | |
2024-05-23 | Merge pull request #3487 from Embezzle/T6370 | Christian Breunig | |
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses | |||
2024-05-23 | Merge pull request #3505 from c-po/nat66-T6365 | Daniil Baturin | |
nat66: T6365: remove warnings for negated interface selections by name | |||
2024-05-23 | dhcpv6-server: T6381: fix typos in select ConfigError messages in VyOS ↵ | Ginko | |
current (#3508) | |||
2024-05-22 | nat66: T6365: remove warnings for negated interface selections by name | Christian Breunig | |
2024-05-22 | Merge pull request #3482 from alryaz/patch-1 | Christian Breunig | |
nat: T6365: remove warnings for negated interface selections by name | |||
2024-05-22 | nat: T6365: use interface_exists() over netifaces.interfaces() | Christian Breunig | |
2024-05-22 | nat: T6365: use string startswith() over [0] index access | Christian Breunig | |
2024-05-22 | nat: T6365: remove warnings for negated interface selections by name | Ryazanov Alexander Mihailovich | |
2024-05-21 | reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses | Alex W | |
2024-05-18 | T5169: Allow to set CGNAT multiple internal pools | Viacheslav Hletenko | |
Allow to set multiple CGNAT internal pools ``` set nat cgnat pool internal int-01 range '100.64.0.0/28' set nat cgnat pool internal int-01 range '100.64.222.11-100.64.222.14' ``` | |||
2024-05-18 | T6364: CGNAT drop hard limit that allows only one translation rule | Viacheslav Hletenko | |
As PoC for CGNAT had a hard limit of using only one translation rule for one internal pool. Drop this limit and extend the usage number of the rules. ``` set nat cgnat rule 100 source pool 'int-01' set nat cgnat rule 100 translation pool 'ext-01' set nat cgnat rule 120 source pool 'vyos-int-02' set nat cgnat rule 120 translation pool 'vyos-ext-02' ``` | |||
2024-05-17 | Merge pull request #3472 from nvollmar/T6358 | Christian Breunig | |
T6358: Container config option to enable host pid | |||
2024-05-17 | T6358: Add config option for host process namespace | Nicolas Vollmar | |
2024-05-17 | T6358: Remove duplicate host name handling | Nicolas Vollmar | |
2024-05-17 | Merge pull request #3464 from sever-sever/T6351 | Daniil Baturin | |
T6351: CGNAT add verification if the pool exists | |||
2024-05-16 | T6351: CGNAT add verification if the pool exists | Viacheslav Hletenko | |
Add verification if the external/internal pools are exists before we can use them in the source and translation rules | |||
2024-05-16 | T6347: CGNAT fix error if pool contain dashes in the name | Viacheslav Hletenko | |
2024-05-14 | T3420: Remove service upnp | Viacheslav Hletenko | |
Remove `service upnp` as it never worked as expected, nft rules do not integrated and custom patches do not seem like a suitable solution for now. Security: UPnP has been historically associated with security risks due to its automatic and potentially unauthenticated nature. UPnP devices might be vulnerable to unauthorized access or exploitation. | |||
2024-05-12 | Merge pull request #3447 from c-po/evpn-uplink-t6306 | Daniil Baturin | |
ethernet: T6306: add support for EVPN MH uplink/core tracking | |||
2024-05-12 | suricata: T751: Initial support for suricata | Maxime THIEBAUT | |
2024-05-11 | ethernet: T6306: add support for EVPN MH uplink/core tracking | Christian Breunig | |
When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE. A link can be setup for uplink tracking via the following configuration: set interfaces ethernet eth0 evpn uplink | |||
2024-05-10 | Merge pull request #3410 from fett0/T6303 | Christian Breunig | |
Bond: T6303: add system mac address on interfaces bond | |||
2024-05-10 | bond: T6303: system-mac is not allowed to be a multicast MAC address | Christian Breunig | |
2024-05-08 | bridge: T6317: add dependency call for wireless interfaces | Christian Breunig | |