summaryrefslogtreecommitdiff
path: root/src/conf_mode
AgeCommit message (Collapse)Author
2022-08-01macsec: T3368: check key length for gcm-aes-128/gcm-aes-256Christian Poessinger
2022-08-01router-advert: T4582: fix preferred cannot equal valid lifetimeinitramfs
Allows preferred lifetime for prefix advertisements to equal the configured valid lifetime as per RFC 4861.
2022-07-30bridge: T4579: cleanup interface dict (remove empty keys)Christian Poessinger
2022-07-29Merge pull request #1403 from sever-sever/T4518Christian Poessinger
lb-wan: T4518: Add XML for conf mode load-balancing wan
2022-07-29Merge pull request #1440 from sever-sever/T4570Christian Poessinger
vxlan: T4570: Verify MTU for remote address if source not defined
2022-07-29T4577: wwan: fix incorrect return value unpackingDate Huang
Signed-off-by: Date Huang <tjjh89017@hotmail.com>
2022-07-28vxlan: T4570: Verify MTU for remote address if source not definedViacheslav Hletenko
In some cases `source_address` can be not defined in the conf So we should to check list of `remote` vxlanX addresses If remote address is IPv6 - add overhead +20 bytes to default overhead 50. I.e. +70 bytes for IPv6
2022-07-26T4571: add sflow vrf to sflow agent address IP validationDavid
2022-07-25bgp: T4560: neighbor/peer-group local-as option is only allowed for eBGPChristian Poessinger
2022-07-25fastnetmon: T4556: Allow configure white_list_path and populate with ↵Adrian Almenar
hosts/networks that should be ignored.
2022-07-24graphql: T3993: disable introspection unless set in CLIJohn Estabrook
2022-07-24graphql: T3993: add interface-definition for gqlJohn Estabrook
2022-07-21fastnetmon: T2659: move configuration files to /runChristian Poessinger
2022-07-21fastnetmon: T4555: add IPv6 supportChristian Poessinger
2022-07-21fastnetmon: T4553: add processing of XML defaultValue definitionsChristian Poessinger
2022-07-18macsec: T4537: support online ciper and source-interface re-configurationChristian Poessinger
2022-07-18bgp: T4490: check peer-group for AFI/SAFI before issuing warningChristian Poessinger
Commit 6cffe2aa82 ("bgp: T4490: Add informational message for peer withour AFI") only checked if an address-family is configured under the neighbor statement. This is not enough as the AFI can also be specified via a peer-group. Add a new verify_afi() helper that checks both the neighbor and the assigned peer-group.
2022-07-17login: T4536: add all accounts to frr groupChristian Poessinger
2022-07-15interfaces: T4525: interfaces can not be member of a bridge/bond and a VRFChristian Poessinger
2022-07-15bond: bridge: T4534: error out if member interface is assigned to a VRF instanceChristian Poessinger
It makes no sense to enslave an interface to a bond or a bridge device if it is bound to a given VRF. If VRFs should be used - the encapuslating/master interface should be part of the VRF. Error out if the member interface is part of a VRF.
2022-07-12vrf: T4527: Prevent to create VRF with reserved namesViacheslav Hletenko
VRF names: "add, all, broadcast, default, delete, dev, get, inet, mtu, link, type, vrf" are reserved and cannot be used for vrf name
2022-07-10vyos.configdict(): T4228: is_member() must use the "real" hardware interfaceChristian Poessinger
When is_member() is inspecting the bridge/Bond member interfaces it must work with the real interface (e.g. eth1) under the "ethernet" node and not work on the "member interface eth1" CLI tree, that makes no sense at all.
2022-07-09ip: T4517: drop forwarding from CLI "system ip ↵Christian Poessinger
disable-directed-broadcast-forwarding"
2022-07-09ip: T4517: add option to enable directed broadcast forwardingYuxiang Zhu
Directed broadcast is described in rfc1812#section-5.3.5.2 and rfc2644. By default Linux kernel doesn't forward directed broadcast packets unless both of `/proc/sys/net/ipv4/conf/all/bc_forwarding` and `/proc/sys/net/ipv4/conf/$iface/bc_forwarding` are set to 1.
2022-07-08lb-wan: T4518: Add XML for conf mode load-balancing wanViacheslav Hletenko
Add XML for configuration mode "load-balancing wan" for the future rewriting this to Python Remove node from Makefile as Python code is not yet completed
2022-07-07monitoring: T4411: Migrate influxdb options to influxdb nodeViacheslav Hletenko
As we have specific configuration for each plugin: set service monitoring telegraf xxx - azure-data-explorer - prometheus-client - splunk We should to move configuration that related to influxdb under influxdb node Replace: set service monitoring telegraf - authentication xxx - bucket xxx - port xxx - url To: set service monitoring telegraf influxdb xxx
2022-07-07dns: T4509: improve 6to4 error messageChristian Poessinger
2022-07-07syslog: T4500: Remove max-size from rsyslog leaving rotation to logrotatesarthurdev
After discussion with @zsdc this was decided the better long term fix * Removes hourly logrotate cron in favour of systemd timer override
2022-07-05Merge pull request #1389 from sever-sever/T4509Christian Poessinger
dns: T4509: Add dns64-prefix option
2022-07-05dns: T4509: Add dns64-prefix optionViacheslav Hletenko
rfc6147: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers set service dns forwarding dns64-prefix 2001:db8:aabb::/96
2022-07-04ntp: T4456: call verify_vrf() before individual interface validationChristian Poessinger
It makes no sense to test against a VRF that might not exist at all.
2022-07-04ntp: T4456: support listening on specified interfaceChristian Poessinger
When clients only use DHCP for interface addressing we can not bind NTPd to an address - as it will fail if the address changes. This commit adds support to bind ntpd to a given interface in addition to a given address. set system ntp interface <name>
2022-07-04Merge pull request #1382 from sever-sever/T4378Viacheslav Hletenko
dns: T4378: Allow wildcard A AAAA record with option all
2022-07-04dns: T4378: Allow wildcard A AAAA record with option anyViacheslav Hletenko
Ability to set wildcard record for authoritative-domain set authoritative-domain example.com records a any address 192.0.2.11 cat /run/powerdns/zone.example.com.conf * 300 A 192.0.2.11
2022-07-02ipoe: T4507: Add option rate-limit for RADIUS authenticationViacheslav Hletenko
Add rate-limit options: attribute, muptiplier and vendor set service ipoe-server auth radius rate-limit attribute 'Mikrotik-Rate-Limit' set service ipoe-server auth radius rate-limit enable set service ipoe-server auth radius rate-limit multiplier '0.001' set service ipoe-server auth radius rate-limit vendor 'Miktorik'
2022-07-01bgp: T4490: use common vyos.base.Warning() wrapperChristian Poessinger
2022-07-01Merge branch 'T4490' of https://github.com/sever-sever/vyos-1x into currentChristian Poessinger
* 'T4490' of https://github.com/sever-sever/vyos-1x: bgp: T4490: Add informational message for peer withour AFI
2022-07-01Merge pull request #1380 from sarthurdev/ovpn-multi-caChristian Poessinger
openvpn: T4485: Accept multiple tls ca-certificate values
2022-06-29router-advert: T4477: support RDNSS lifetime optionChristian Poessinger
set service router-advert interface eth0 name-server-lifetime <value>
2022-06-29openvpn: T4485: Accept multiple `tls ca-certificate` valuessarthurdev
2022-06-28Merge pull request #1376 from sever-sever/T4473Christian Poessinger
containers: T4473: Fix create container with not exist network
2022-06-28containers: T4486: Fix path for removing containersViacheslav Hletenko
Fix correct path for removing containers and container networks Reduce timoute from 10 (default) to 3 seconds for stopping containers
2022-06-28containers: T4473: Fix create container with not exist networkViacheslav Hletenko
Fix for setting container without or wrong network decalaration
2022-06-28bgp: T4490: Add informational message for peer withour AFIViacheslav Hletenko
As we don't use addresss-family ipv4-unicast by default we should to send informational message about AFI for peer is required
2022-06-15firewall: T4435: Verify parent config applied successfullysarthurdev
2022-06-14firewall: T970: Use set prefix to domain groupssarthurdev
2022-06-14firewall: T4147: Use named sets for firewall groupssarthurdev
* Refactor nftables clean-up code * Adds policy route test for using firewall groups
2022-06-11firewall: T4299: Add support for GeoIP filteringsarthurdev
2022-06-10Merge pull request #1356 from sarthurdev/nested_groupsChristian Poessinger
firewall: T478: Add support for nesting groups
2022-06-10firewall: T478: Add support for nesting groupssarthurdev