summaryrefslogtreecommitdiff
path: root/src/conf_mode
AgeCommit message (Collapse)Author
2024-09-30Merge pull request #4024 from nicolas-fort/T6687Daniil Baturin
T6687: add fqdn support to nat rules.
2024-09-24syslog: T6719: fix the behavior of "syslog global preserve-fqdn"Nicolas Vollmar
2024-09-24Merge pull request #4086 from natali-rs1985/T6675-currentChristian Breunig
bridge: T6675: VXLAN Interface configuration lost due to improper bridge detachment
2024-09-21T6630: ntp: rename ptp-transport to ptp and use defaultValue for portChristian Breunig
2024-09-21T6630: ntp: add chrony "ntp over ptp" transportLucas Christian
2024-09-20bridge: T6675: VXLAN Interface configuration lost due to improper bridge ↵Nataliia Solomko
detachment
2024-09-19Merge pull request #4061 from c-po/syslog-T5367Daniil Baturin
syslog: T5367: add format option to include timezone in message
2024-09-16T6687: add fqdn support to nat rules.Nicolas Fort
2024-09-15bond: T6709: add EAPoL supportChristian Breunig
2024-09-14ethernet: T6709: move EAPoL support to common frameworkChristian Breunig
Instead of having EAPoL (Extensible Authentication Protocol over Local Area Network) support only available for ethernet interfaces, move this to common ground at vyos.ifconfig.interface making it available for all sorts of interfaces by simply including the XML portion #include <include/interface/eapol.xml.i>
2024-09-12syslog: T5367: add format option to include timezone in messageChristian Breunig
Add CLI option to include the systems timezone in the syslog message sent to a collector. This can be enabled using: set system syslog host <hostname> format include-timezone
2024-09-12Merge pull request #4047 from natali-rs1985/T6676-currentChristian Breunig
policy: T6676: Invalid route-map caused bgpd to crash
2024-09-12Merge pull request #4046 from nvollmar/T6703Christian Breunig
T6703: Adds option to configure AMD pstate driver
2024-09-12Merge pull request #4021 from natali-rs1985/T6652-currentDaniil Baturin
openfabric: T6652: Add support for OpenFabric protocol
2024-09-12Merge pull request #4032 from dvlogic/Allow_Container_DNS_DisableChristian Breunig
T6701: Added ability to disable the container DNS plugin
2024-09-11policy: T6676: Invalid route-map caused bgpd to crashNataliia Solomko
2024-09-11T6703: fix unrelated lint issuesNicolas Vollmar
2024-09-11T6703: Adds option to configure AMD pstate driverNicolas Vollmar
2024-09-11T6294: Service dns forwarding add the ability to configure ZonetoCachekhramshinr
2024-09-11container: T6701: add support to disable container network DNS supportDave Vogel
Add ability to set the container network with a disable-dns setting to disable the DNS plugin that is on be default. set container network <network> no-name-server
2024-09-04openfabric: T6652: Add support for OpenFabric protocolNataliia Solomko
OpenFabric is a routing protocol providing link-state routing with efficient flooding for topologies like spine-leaf networks. FRR implements OpenFabric in a daemon called fabricd
2024-09-02T6679: add destination groupsNicolas Vollmar
2024-08-21T6672: Fix system option ssh-client source-interfaceViacheslav Hletenko
Fix for system option ssh-client source-interface For the `verify_source_interface` the key `ifname` if required
2024-08-20Merge pull request #3975 from lucasec/t6183Christian Breunig
T6183: interfaces openvpn: suppport specifying IP protocol version
2024-08-15T6649: Accel-ppp separate vlan-mon from listen interfacesNataliia Solomko
2024-08-13T6183: interfaces openvpn: suppport specifying IP protocol versionLucas Christian
2024-08-12suricata: T6624: Fix for service suricata address-groups cannot be used in ↵Nataliia Solomko
each other
2024-08-12configverify: T6642: verify_interface_exists requires config_dict argJohn Estabrook
The function verify_interface_exists requires a reference to the ambient config_dict rather than creating an instance. As access is required to the 'interfaces' path, provide as attribute of class ConfigDict, so as not to confuse path searches of script-specific config_dict instances.
2024-08-08qos: T6638: require interface state existence in verify conditionalJohn Estabrook
2024-08-05sysctl: T3204: restore sysctl setttings overwritten by tunedChristian Breunig
2024-08-05Merge branch 'current' into feature/T4694/gre-match-fieldsChristian Breunig
2024-08-05Merge pull request #3920 from fett0/T6555Christian Breunig
OPENVPN: T6555: add server-bridge options in mode server
2024-08-05Merge pull request #3939 from c-po/unused-importsChristian Breunig
T5873: T6619: remove unused imports
2024-08-04firewall: T4694: Adding GRE flags & fields matches to firewall rulesAndrew Topp
* Only matching flags and fields used by modern RFC2890 "extended GRE" - this is backwards-compatible, but does not match all possible flags. * There are no nftables helpers for the GRE key field, which is critical to match individual tunnel sessions (more detail in the forum post) * nft expression syntax is not flexible enough for multiple field matches in a single rule and the key offset changes depending on flags. * Thus, clumsy compromise in requiring an explicit match on the "checksum" flag if a key is present, so we know where key will be. In most cases, nobody uses the checksum, but assuming it to be off or automatically adding a "not checksum" match unless told otherwise would be confusing * The automatic "flags key" check when specifying a key doesn't have similar validation, I added it first and it makes sense. I would still like to find a workaround to the "checksum" offset problem. * If we could add 2 rules from 1 config definition, we could match both cases with appropriate offsets, but this would break existing FW generation logic, logging, etc. * Added a "test_gre_match" smoketest
2024-08-04Merge pull request #3901 from nicolas-fort/T4072-extend-bridge-fwallChristian Breunig
T4072: firewall extend bridge firewall
2024-08-04ipsec: T5873: remove unused importsChristian Breunig
2024-08-04multicast: T6619: remove unused importsChristian Breunig
2024-08-02Merge pull request #3933 from jestabro/add-missing-standard-funcDaniil Baturin
T6632: add missing standard functions to config scripts
2024-08-02Merge pull request #3932 from jestabro/check-kmod-under-configdDaniil Baturin
T6629: call check_kmod within a standard config function
2024-08-02T6619: Remove the remaining uses of per-protocol FRR configs (#3916)Roman Khramshin
2024-08-02OPENVPN: T6555: fix name to bridgefett0
2024-08-02T6632: add missing standard functions to config scriptsJohn Estabrook
2024-08-02OPENVPN: T6555: fix name to bridgefett0
2024-08-02T6629: call check_kmod within a standard config functionJohn Estabrook
Move the remaining calls to check_kmod within a standard function, with placement determined by the needs of the config script.
2024-08-02Merge pull request #3927 from jestabro/nat64-check-kmodDaniil Baturin
nat64: T6627: call check_kmod within standard config function
2024-08-02nat64: T6627: call check_kmod within standard config functionJohn Estabrook
Functions called from config scripts outside of the standard functions get_config/verify/generate/apply will not be called when run under configd. Move as appropriate for the general config script structure and the specific script requirements.
2024-08-02T4072: change same helpers in xml definitions; add notrack action for ↵Nicolas Fort
prerouting chain; re introduce <set vrf> in policy; change global options for passing traffic to IPvX firewall; update smoketest
2024-08-01Merge pull request #3923 from c-po/console-T3334Christian Breunig
console: T3334: remove unused directories imported from vyos.defaults
2024-08-01T4072: firewall: improve error handling when firewall configuration is ↵Nicolas Fort
wrong. Use nft -c option to check temporary file, and use output provided by nftables to parse the error if possible, or print it as it is if it's an unknown error
2024-08-01Merge pull request #3221 from lucasec/t5873Christian Breunig
T5873: ipsec remote access VPN: support VTI interfaces.