summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2022-07-09ip: T4517: drop forwarding from CLI "system ip ↵Christian Poessinger
disable-directed-broadcast-forwarding"
2022-07-09ip: T4517: add option to enable directed broadcast forwardingYuxiang Zhu
Directed broadcast is described in rfc1812#section-5.3.5.2 and rfc2644. By default Linux kernel doesn't forward directed broadcast packets unless both of `/proc/sys/net/ipv4/conf/all/bc_forwarding` and `/proc/sys/net/ipv4/conf/$iface/bc_forwarding` are set to 1.
2022-07-09conntrack: T4145: Add show conntrack table ipv4Viacheslav Hletenko
After firewall rewriting, we lost the ability to show conntrack table as it used old code Rewrite and add it to XML/Python
2022-07-08Merge pull request #1401 from sever-sever/T4411Christian Poessinger
monitoring: T4411: Migrate influxdb options to influxdb node
2022-07-07Merge pull request #1397 from sever-sever/T4503Christian Poessinger
op-mode: T4503: Prevent restart service if commit in progress
2022-07-07monitoring: T4411: Migrate influxdb options to influxdb nodeViacheslav Hletenko
As we have specific configuration for each plugin: set service monitoring telegraf xxx - azure-data-explorer - prometheus-client - splunk We should to move configuration that related to influxdb under influxdb node Replace: set service monitoring telegraf - authentication xxx - bucket xxx - port xxx - url To: set service monitoring telegraf influxdb xxx
2022-07-07op-mode: T4503: Prevent restart service if commit in progressViacheslav Hletenko
Prevent op-mode scripts from restarting services if commit in progress
2022-07-07dns: T4509: improve 6to4 error messageChristian Poessinger
2022-07-07syslog: T4500: Remove max-size from rsyslog leaving rotation to logrotatesarthurdev
After discussion with @zsdc this was decided the better long term fix * Removes hourly logrotate cron in favour of systemd timer override
2022-07-06firewall: T4500: Fix logrotate size to match rsyslog default valuesarthurdev
2022-07-05firewall: T2199: Fix migration when `icmpv6 type` is an integersarthurdev
2022-07-05Merge pull request #1389 from sever-sever/T4509Christian Poessinger
dns: T4509: Add dns64-prefix option
2022-07-05op-mode: bgp: T4494: re-use available building blocks for BGP resetsChristian Poessinger
2022-07-05op-mode: bgp: T4494: add "reset bgp" op-mode treeChristian Poessinger
2022-07-05dns: T4509: Add dns64-prefix optionViacheslav Hletenko
rfc6147: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers set service dns forwarding dns64-prefix 2001:db8:aabb::/96
2022-07-04ntp: T4456: call verify_vrf() before individual interface validationChristian Poessinger
It makes no sense to test against a VRF that might not exist at all.
2022-07-04dhclient: T2393: fix "Failed to parse boolean value, ignoring: SIGKILL"Christian Poessinger
Commit 19789463 ("dhclient: T2393: introduce 20 seconds stop timeout - required for smoketesting on Qemu") assigned a string to a boolean field. This has been fixed.
2022-07-04ntp: T4456: support listening on specified interfaceChristian Poessinger
When clients only use DHCP for interface addressing we can not bind NTPd to an address - as it will fail if the address changes. This commit adds support to bind ntpd to a given interface in addition to a given address. set system ntp interface <name>
2022-07-04Merge pull request #1382 from sever-sever/T4378Viacheslav Hletenko
dns: T4378: Allow wildcard A AAAA record with option all
2022-07-04event-handler: T4508: Fixed environment variableszsdc
Fixed usage of environment variables - made an individual environment variable for an event a true copy, instead of a reference to a single environ dictionary. Also, reorganized imports according to PEP8.
2022-07-04dns: T4378: Allow wildcard A AAAA record with option anyViacheslav Hletenko
Ability to set wildcard record for authoritative-domain set authoritative-domain example.com records a any address 192.0.2.11 cat /run/powerdns/zone.example.com.conf * 300 A 192.0.2.11
2022-07-02ipoe: T4507: Add option rate-limit for RADIUS authenticationViacheslav Hletenko
Add rate-limit options: attribute, muptiplier and vendor set service ipoe-server auth radius rate-limit attribute 'Mikrotik-Rate-Limit' set service ipoe-server auth radius rate-limit enable set service ipoe-server auth radius rate-limit multiplier '0.001' set service ipoe-server auth radius rate-limit vendor 'Miktorik'
2022-07-01Revert "op-mode: T4429: Ability to detect external IP address"Daniil Baturin
2022-07-01event-handler: T4501: Fix for syslog-identifierViacheslav Hletenko
In dictionary we get "syslog-identifier" with dash But we try to parse option with underscore "syslog_identifier" Fix it
2022-07-01bgp: T4490: use common vyos.base.Warning() wrapperChristian Poessinger
2022-07-01Merge branch 'T4490' of https://github.com/sever-sever/vyos-1x into currentChristian Poessinger
* 'T4490' of https://github.com/sever-sever/vyos-1x: bgp: T4490: Add informational message for peer withour AFI
2022-07-01Merge pull request #1380 from sarthurdev/ovpn-multi-caChristian Poessinger
openvpn: T4485: Accept multiple tls ca-certificate values
2022-06-29router-advert: T4477: support RDNSS lifetime optionChristian Poessinger
set service router-advert interface eth0 name-server-lifetime <value>
2022-06-29openvpn: T4485: Update PKI migrator to handle full CA chain migrationsarthurdev
* Also determines and maps to correct CA for migrated CRL
2022-06-29openvpn: T4485: Accept multiple `tls ca-certificate` valuessarthurdev
2022-06-28Merge pull request #1376 from sever-sever/T4473Christian Poessinger
containers: T4473: Fix create container with not exist network
2022-06-28containers: T4486: Fix path for removing containersViacheslav Hletenko
Fix correct path for removing containers and container networks Reduce timoute from 10 (default) to 3 seconds for stopping containers
2022-06-28containers: T4473: Fix create container with not exist networkViacheslav Hletenko
Fix for setting container without or wrong network decalaration
2022-06-28bgp: T4490: Add informational message for peer withour AFIViacheslav Hletenko
As we don't use addresss-family ipv4-unicast by default we should to send informational message about AFI for peer is required
2022-06-25firewall: T4484: Fix op-mode summary for address groups with ranges.sarthurdev
2022-06-25Merge pull request #1360 from sever-sever/T1375Christian Poessinger
op-mode: T1375: Allow to clear dhcp-server lease
2022-06-25Merge pull request #1362 from sarthurdev/T4435Christian Poessinger
firewall: T4435: Verify parent config applied successfully
2022-06-16dhclient: T2393: introduce 20 seconds stop timeout - required for ↵Christian Poessinger
smoketesting on Qemu
2022-06-16op-mode: T1375: Allow to clear dhcp-server leaseViacheslav Hletenko
Allow to reset dhcp-leases per ip Parse file '/config/dhcpd.leases' find match section 'lease x.x.x.x {}' And remove this section clear dhcp-server lease 192.0.2.21
2022-06-15firewall: T4435: Verify parent config applied successfullysarthurdev
2022-06-14firewall: T970: Use set prefix to domain groupssarthurdev
2022-06-14firewall: T4147: Use named sets for firewall groupssarthurdev
* Refactor nftables clean-up code * Adds policy route test for using firewall groups
2022-06-11firewall: T4299: Add support for GeoIP filteringsarthurdev
2022-06-10Merge pull request #1356 from sarthurdev/nested_groupsChristian Poessinger
firewall: T478: Add support for nesting groups
2022-06-10firewall: T478: Add support for nesting groupssarthurdev
2022-06-10Merge pull request #1326 from sever-sever/T4429Christian Poessinger
op-mode: T4429: Ability to detect external IP address
2022-06-10Revert "dmvpn: nhrp: T4434: secret length can not exceed 8 characters"Christian Poessinger
This reverts commit 6f818ee9033ee3abeedbed73eb44331dc27e7408.
2022-06-10firewall: T970: Fix for Regex for domain and check empty groupViacheslav Hletenko
It can be more then 5 symbols in top-level-domain address for example '.photography' and '.accountants' Firewall group can be added without address: * set firewall group domain-group DOMAIN Check if 'address' exists in group_config
2022-06-09sstp: T4444: merge of defaultValue already done in get_accel_dict()Christian Poessinger
2022-06-09Merge branch 'sstp_port' of https://github.com/goodNETnick/vyos-1x into currentChristian Poessinger
* 'sstp_port' of https://github.com/goodNETnick/vyos-1x: sstp: T4444. Port number changing support