Age | Commit message (Collapse) | Author |
|
Allows preferred lifetime for prefix advertisements to equal the
configured valid lifetime as per RFC 4861.
|
|
bgp: T4257: Changing BGP "local-as" to "system-as"
This change is to change the global BGP name for the node "local-as" to "system-as"
This is needed so that there's less ambiguity with the local-as feature per neighbor.
bgp: T4257: Changing BGP "local-as" to "system-as"
bgp: T4257: Changing BGP "local-as" to "system-as"
This change is to change the global BGP name for the node "local-as" to "system-as"
This is needed so that there's less ambiguity with the local-as feature per neighbor.
|
|
|
|
lb-wan: T4518: Add XML for conf mode load-balancing wan
|
|
vxlan: T4570: Verify MTU for remote address if source not defined
|
|
Signed-off-by: Date Huang <tjjh89017@hotmail.com>
|
|
In some cases `source_address` can be not defined in the conf
So we should to check list of `remote` vxlanX addresses
If remote address is IPv6 - add overhead +20 bytes to default
overhead 50. I.e. +70 bytes for IPv6
|
|
|
|
|
|
hosts/networks that should be ignored.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Commit 6cffe2aa82 ("bgp: T4490: Add informational message for peer withour AFI")
only checked if an address-family is configured under the neighbor statement.
This is not enough as the AFI can also be specified via a peer-group.
Add a new verify_afi() helper that checks both the neighbor and the assigned
peer-group.
|
|
|
|
|
|
It makes no sense to enslave an interface to a bond or a bridge device if it is
bound to a given VRF. If VRFs should be used - the encapuslating/master
interface should be part of the VRF.
Error out if the member interface is part of a VRF.
|
|
VRF names: "add, all, broadcast, default, delete, dev, get, inet,
mtu, link, type, vrf" are reserved and cannot be used for vrf name
|
|
When is_member() is inspecting the bridge/Bond member interfaces it must work
with the real interface (e.g. eth1) under the "ethernet" node and not work on
the "member interface eth1" CLI tree, that makes no sense at all.
|
|
disable-directed-broadcast-forwarding"
|
|
Directed broadcast is described in rfc1812#section-5.3.5.2 and rfc2644.
By default Linux kernel doesn't forward directed broadcast
packets unless both of `/proc/sys/net/ipv4/conf/all/bc_forwarding`
and `/proc/sys/net/ipv4/conf/$iface/bc_forwarding` are set to 1.
|
|
Add XML for configuration mode "load-balancing wan" for the future
rewriting this to Python
Remove node from Makefile as Python code is not yet completed
|
|
As we have specific configuration for each plugin:
set service monitoring telegraf xxx
- azure-data-explorer
- prometheus-client
- splunk
We should to move configuration that related to influxdb under
influxdb node
Replace:
set service monitoring telegraf
- authentication xxx
- bucket xxx
- port xxx
- url
To:
set service monitoring telegraf influxdb xxx
|
|
|
|
After discussion with @zsdc this was decided the better long term fix
* Removes hourly logrotate cron in favour of systemd timer override
|
|
dns: T4509: Add dns64-prefix option
|
|
rfc6147: DNS Extensions for Network Address Translation
from IPv6 Clients to IPv4 Servers
set service dns forwarding dns64-prefix 2001:db8:aabb::/96
|
|
It makes no sense to test against a VRF that might not exist at all.
|
|
When clients only use DHCP for interface addressing we can not bind NTPd to
an address - as it will fail if the address changes. This commit adds support
to bind ntpd to a given interface in addition to a given address.
set system ntp interface <name>
|
|
dns: T4378: Allow wildcard A AAAA record with option all
|
|
Ability to set wildcard record for authoritative-domain
set authoritative-domain example.com records a any address 192.0.2.11
cat /run/powerdns/zone.example.com.conf
* 300 A 192.0.2.11
|
|
Add rate-limit options: attribute, muptiplier and vendor
set service ipoe-server auth radius rate-limit attribute 'Mikrotik-Rate-Limit'
set service ipoe-server auth radius rate-limit enable
set service ipoe-server auth radius rate-limit multiplier '0.001'
set service ipoe-server auth radius rate-limit vendor 'Miktorik'
|
|
|
|
* 'T4490' of https://github.com/sever-sever/vyos-1x:
bgp: T4490: Add informational message for peer withour AFI
|
|
openvpn: T4485: Accept multiple tls ca-certificate values
|
|
set service router-advert interface eth0 name-server-lifetime <value>
|
|
|
|
containers: T4473: Fix create container with not exist network
|
|
Fix correct path for removing containers and container networks
Reduce timoute from 10 (default) to 3 seconds for stopping
containers
|
|
Fix for setting container without or wrong network decalaration
|
|
As we don't use addresss-family ipv4-unicast by default we
should to send informational message about AFI for peer is required
|
|
|
|
|
|
* Refactor nftables clean-up code
* Adds policy route test for using firewall groups
|
|
|
|
firewall: T478: Add support for nesting groups
|
|
|