summaryrefslogtreecommitdiff
path: root/src/validators
AgeCommit message (Collapse)Author
2022-09-03firewall: T4651: re-implement packet-length CLI option to use <multi/>Christian Poessinger
2022-09-01Firewall: T4651: Change proposed cli from ip-length to packet-lengthNicolas Fort
2022-08-27Firewall: T4651: Add options to match packet size on firewall rules.Nicolas Fort
2022-08-03validators: T4586: Add IPv6 exclude validators for address/prefixViacheslav Hletenko
Add IPV6 exclude validators: - ipv6-address-exclude - ipv6-prefix-exclude Will use in nat66 source/destination
2022-05-05policy: T4414: add support for route-map "as-path prepend last-as x"Christian Poessinger
2022-04-30firewall: T1230: fix validator for service alias names (e.g. ssmtp)Christian Poessinger
2022-03-12Firewall: T4286: Correct ipv6-range validatorNicolas Fort
2022-01-18firewall: T3560: Add support for MAC address groupssarthurdev
2022-01-17firewall: T2199: Fix `port-range` validator to accept service namessarthurdev
2022-01-17firewall: policy: T4178: Migrate and refactor tcp flagssarthurdev
* Add support for ECN and CWR flags
2022-01-14firewall: T4178: Use lowercase for TCP flags and add an validatorsarthurdev
2022-01-12firewall: T4160: Fix support for inverse matchessarthurdev
2022-01-11firewall: validators: T4174: Correct upper port range boundaryBᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs
2022-01-11validators: T4144: Add error messages to the majority of IP validatorssarthurdev
2022-01-10validators: Stricter checking on port-range validatorsarthurdev
2022-01-10validators: T4148: Add text output when validators failsarthurdev
2022-01-10firewall: validators: T2199: Improve port validationsarthurdev
2022-01-03Merge pull request #1124 from sever-sever/T4110Christian Poessinger
listen-address: T4110: Ability to set IPv6 link-local addresses
2022-01-03listen-address: T4110: Ability to set IPv6 link-local addressesViacheslav
Some services allows to set link-local IPv6 addresses as listen-address. Allow it and add a validator 'ipv6-link-local' and extend listen-address.xml.i to this validator
2021-12-31Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into currentChristian Poessinger
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python
2021-12-12validator: T4036: validate if multicast address is single (no netmask)Christian Poessinger
2021-12-07T3006: add a range validatorDaniil Baturin
2021-12-06firewall: T2199: Migrate firewall to XML/Pythonsarthurdev
2021-12-06validators: T4053: Fix exit code for scriptViacheslav
2021-12-06validators: T4052: Fix for warn message in the validator scriptViacheslav
Validator expects variable "script" for the Warning message But it gets undeclared "path"
2021-12-04bgp: T4042: bugfix route-distinguisher value rangeChristian Poessinger
2021-12-04validators: T4042: rename bgp-route-target -> bgp-rd-rtChristian Poessinger
2021-10-12validators: T3868: Allow asterisk symbol in bgp-large-community-listViacheslav
2021-09-18validator: T2417: bugfix on Python3 f'ormat stringsChristian Poessinger
Commit 3639a5610b590a ("validator: T2417: try to make the code clearer") introduced Python3 f'ormatted strings but missed the "f" keyword.
2021-08-31ssh: T3789: add custom validator for base64 encoded CLI dataChristian Poessinger
SSH keys used for remote login are supplied as base64 encoded data on the CLI. The key is not validated, thus an invalid copy/pasted key will render the login useless. This commit adds a custom and re-usable validator which check if the data is properly base64 encoded.
2021-08-24bgp: T3759: "l2vpn evpn" and ipv4/ipv6 safi route-targets differChristian Poessinger
The "l2vpn evpn" address-family route-target command only accepts a single route-target value consisting of (A.B.C.D:MN|EF:OPQR|GHJK:MN). The "ipv4-unicast or ipv6-unicast" address-family route-target command for VPNs support multiple, whitespace separated route-target values. This commit adds a new custom validator named "bgp-route-target" with a --single and a --multi option to pass one or more route-target values.
2021-08-24policy: T2425: rename validator large-community-list -> bgp-large-community-listChristian Poessinger
... as we will get another bgp route-target validator soon.
2021-08-18policy: T2425: import exact Perl match criteria for large-community-listChristian Poessinger
2021-08-17policy: T2425: add missing validator for large-community-listsChristian Poessinger
without the validators FRR commit errors would happen.
2021-07-17VRF: T3655: proper connection tracking for VRFszsdc
Currently, all VRFs share the same connection tracking table, which can lead to problems: - traffic leaks to a wrong VRF - improper NAT rules handling when multiple VRFs contain the same IP networks - stateful firewall rules issues The commit implements connection tracking zones support. Each VRF utilizes its own zone, so connections will never mix up. It also adds some restrictions to VRF names and assigned table numbers, because of nftables and conntrack requirements: - VRF name should always start from a letter (interfaces that start from numbers are not supported in nftables rules) - table number must be in the 100-65535 range because conntrack supports only 65535 zones
2021-06-13wwan: T3620: rename "wirelessmodem wlm" interfaces to new wwan interface treeChristian Poessinger
2021-05-25firewall: T3568: add XML definitions for firewallViacheslav Hletenko
Add XML for configuration mode firewall. Used for future rewriting it to Python style.
2021-05-20sysctl: T3565: initial implementation in XML and PythonChristian Poessinger
migrate from old vyatta-cfg-system / Perl implementation.
2021-05-14conntrack: T3535: migrate codebase from vyatta-conntrack-syncChristian Poessinger
2021-04-27container: T2216: Add binding for ports and volumessever-sever
2021-03-21validate: T3418: interface-name should also allow all local present interfacesChristian Poessinger
The regex only validated interfaces according to the VyOS naming scheme, but third party interfacs that are legit (e.g. exists within the kernel) failed to validate. The validator now also supports any kind of local interfaces attached to the OS kernel.
2021-03-17ipv6: eui64: T3413: add custom validatorChristian Poessinger
VyOS 1.2 (crux) rejected prefixes other then of site /64. [ interfaces ethernet eth0 ipv6 address eui64 2006:ab00:abe1::2/127 ] Error: Prefix lenght is 127. It must be 64. Same should be done on VyOS 1.3 and newer
2021-02-28validators: fqdn: T3370: support "private" or "local" domain namesChristian Poessinger
2021-02-24validators: interface-name script must also support VLAN interfacesChristian Poessinger
2021-02-18validator: T3326: add missing interfaces (e.g. ppp and l2tpv3)Christian Poessinger
2021-02-05xml: add new common "interface-name" validatorChristian Poessinger
2021-01-22dhcpv6: T3240: support per-interface client DUIDsBrandon Stepler
2021-01-16bridge: T3137: Improved verification logicjack9603301
2020-12-20Revert "dhcpv6: T3134: add missing duid support"Christian Poessinger
This reverts commit 9541355433e202fade4692851bffa33ba9d48f44.
2020-12-20dhcpv6: T3134: add missing duid supportChristian Poessinger