| Age | Commit message (Collapse) | Author |
|---|
|
(cherry picked from commit 564c75c511c2cfd23404a500340a53441c694ffd)
|
|
(cherry picked from commit ed642ff5e958c6ef43dee5ef684fb5ccf85ad8cf)
|
|
(cherry picked from commit b86f1d702e3b67774d3a2eec1f9fa83108711798)
|
|
The SNMPv3 TSM is very complex and I know 0 users of it. Also this is untested
and I know no way how it could be tested. Instead of carrying on dead and
unused code we should favour a drop of it using a proper config migration
script.
(cherry picked from commit 556b528ef9cc1eca9d142ebe1f8f88cd02d536da)
|
|
As of the SNMP specification an SNMP engine ID should be unique per device.
To not make it more complicated for users - only use the global SNMP engine ID.
(cherry picked from commit d523111279b3a9a5266b442db5f04049a31685f7)
|
|
There was a bug when refactoring this with commits 5848a4d ("dhcp-server:
T1707: remove DHCP static-mappings from address pool") and 1182b44
("dhcp-server: T1707: bugfix on subsequent DHCP exclude addresses") that when
a static address assignemnt was using the last IP address from the specified
range.
This triggered the following error:
"DHCP range stop address x must be greater or equal to the range start
address y!"
(cherry picked from commit 735d73e162634d598aa6b8ee13197aa231eefedb)
|
|
Previously when static-mappings have been created the address was still within
the DHCP pool resulting in log entries as follows:
dhcpd: Dynamic and static leases present for 192.0.2.51
dhcpd: Remove host declaration DMZ_PC2 or remove 192.0.2.51
dhcpd: from the dynamic address pool for DMZ
|
|
|
|
Moved the code for splicing a DHCP range into its dedicated function as this
will later be required again. Having subsequent DHCP exclude addresses
e.g. 192.0.2.70 and 192.0.2.71 did not work as the previous algorithm
created a range whose start address was after the end address.
|
|
|
|
(cherry picked from commit 6a6634b02d73cc93cd7368cf2290940b57fae9c7)
|
|
(cherry picked from commit 87df87e3983e120ad171ae9dc2966309fc14fcd8)
|
|
(cherry picked from commit b04a9791226f7953cfa740804ec0d43745605f49)
|
|
|
|
|
|
|
|
Implementation by Daniil Baturin and John Estabrook.
|
|
[wireguard] T1428: correct handling of the fwmark option
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Conflicts:
debian/control
|
|
Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default
allows access only from RFC 1918 private IP addresses. Due to the aggressive
nature of the internet these days, it is highly recommended to not open up the
recursor for the entire internet. Questions from IP addresses not listed here
are ignored and do not get an answer.
https://docs.powerdns.com/recursor/settings.html#allow-from
Imagine an ISP network with non RFC1918 IP adresses - they can't make
use of PowerDNS recursor.
As of now VyOS hat allow-from set to 0.0.0.0/0 and ::/0 which created an open
resolver. If there is no allow-from statement a config-migrator will add
the appropriate nodes to the configuration, resulting in:
service {
dns {
forwarding {
allow-from 0.0.0.0/0
allow-from ::/0
cache-size 0
ignore-hosts-file
listen-address 192.0.2.1
}
}
}
(cherry picked from commit dc0f641956d002fa8588ef8d1213791cf36e92f2)
|
|
(cherry picked from commit 3945b2259aaa64eb9f4d61334126235f2d641293)
|
|
- added a validator for checking if the address is any cidr noted address
(cherry picked from commit 2ee0eff1bd04ef02b0769341eee22543f8011b68)
|
|
configuration line
In the past we used the PowerDNS cofniguration option forward-zones and
forward-zones-recurse, but only the latter one sets the recursion bit in
the DNS query.
Thus all recursions have been moved to this config statement.
(cherry picked from commit 5886dd27cbc65f8cda04752bbd39a960b0887523)
|
|
when a non-unique subnet is found.
|
|
|
|
script.
|
|
|
|
from DHCP.
|
|
|
|
|
|
|
|
return_effective_values output.
|
|
[pdns-recursor] T1469 - replace forward-zones with forward-zones-recurse
|
|
of CLI mode.
|
|
|
|
forward-zones-recurse behaves identically to dnsmasq server option
in legacy vyos 1.1.8, while forward-zones option disallow recursive
name resolving, which leads to dns lookup failure
|
|
... to have the same pattern as the DHCPDv6 lease file
(cherry picked from commit adaa9b78e2fb0c7da58ca6c09934b3e3cff44795)
|
|
A wrong lease file caused the show command to fail:
vyos@vyos:~$ show dhcpv6 server leases
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 81, in <module>
leases = get_leases(lease_file, state='active')
File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 44, in get_leases
leases = IscDhcpLeases(lease_file).get()
File "/usr/lib/python3/dist-packages/isc_dhcp_leases/iscdhcpleases.py", line 110, in get
with open(self.filename) as lease_file:
FileNotFoundError: [Errno 2] No such file or directory: '/config/dhcpdv6.leases'
(cherry picked from commit 3b9bfe322fd4a7d652b25b28cbcd4825fee0ea4b)
|
|
(cherry picked from commit 690ae8bf526b6d45997bedf5e856f858ad251658)
|
|
[ firewall options interface wg01 ]
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/firewall_options.py", line 139, in <module>
apply(c)
File "/usr/libexec/vyos/conf_mode/firewall_options.py", line 97, in apply
if tcp['new_chain4']:
TypeError: 'NoneType' object is not subscriptable
delete [ firewall options ] failed
delete [ firewall ] failed
Commit failed
(cherry picked from commit efb1a1c88f436a3704c4ca6e15b65aeded4b9654)
|
