Age | Commit message (Collapse) | Author |
|
firewall: T4435: Verify parent config applied successfully
|
|
smoketesting on Qemu
|
|
|
|
|
|
* Refactor nftables clean-up code
* Adds policy route test for using firewall groups
|
|
|
|
firewall: T478: Add support for nesting groups
|
|
|
|
op-mode: T4429: Ability to detect external IP address
|
|
This reverts commit 6f818ee9033ee3abeedbed73eb44331dc27e7408.
|
|
It can be more then 5 symbols in top-level-domain address
for example '.photography' and '.accountants'
Firewall group can be added without address:
* set firewall group domain-group DOMAIN
Check if 'address' exists in group_config
|
|
|
|
* 'sstp_port' of https://github.com/goodNETnick/vyos-1x:
sstp: T4444. Port number changing support
|
|
firewall: T970: Add firewall group domain-group
|
|
|
|
event-handler: T3083: Add simple event-handler
|
|
Before:
set service event-handler Foo
After:
set service event-handler event Foo
|
|
* Added the ability to filter by a syslog identifier
* Added the ability to pass arguments to a script
* Added the ability to pass preconfigured environment variables to a script
* A message that triggered a script is now passed in the `message` variable and
can be used in a script
* Replaced `call()` to `run()`, since stdout are not need to be printed
|
|
Move 'system event-handler' to 'service event-handler'
|
|
* Removed dynamic generating for systemd unit
* Optimized configuration file deleting process
* Added exceptions handlers to event-handler script to protect service
from most obvious potential troubles
* Improved logging
* Moved pattern compilation outside a messages loop to avoid extra operations
* Added signal handlers for proper systemd integration
|
|
Event-handler allows executing a custom script when in logs it
detects configured "pattern"
A simple implemenation
set system event-handler first pattern '.*ssh2.*'
set system event-handler first script '/config/scripts/hello.sh'
|
|
|
|
|
|
|
|
OWAMP is a command line client application and a policy daemon used
to determine one way latencies between hosts.
OWAMP session control uses traditional client-server communication
between a control-client and a server,
TWAMP (two-way active measurement protocol)
Add configuration and operation modes
set service sla owamp-server
set service sla twamp-server
run force owping 192.0.2.120
run force twping 192.0.2.190
|
|
pki: T3642: Update conf scripts using changed PKI objects
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Commit f9e38622 ("rip: T4448: add support to set protocol version on an
interface level") also added the versionspecified on a per interface level.
the RIp version carried a default value of 2 which makes RIPv1 and RIPv2 no
longer working which is dthe default for FRR. Remove the default "2" from the
RIP version specifier to make this behavior work again.
|
|
|
|
|
|
|
|
Domain group allows to filter addresses by domain main
Resolved addresses as elements are stored to named "nft set"
that used in the nftables rules
Also added a dynamic "resolver" systemd daemon
vyos-domain-group-resolve.service which starts python script
for the domain-group addresses resolving by timeout 300 sec
set firewall group domain-group DOMAINS address 'example.com'
set firewall group domain-group DOMAINS address 'example.org'
set firewall name FOO rule 10 action 'drop'
set firewall name FOO rule 10 source group domain-group 'DOMAINS'
set interfaces ethernet eth0 firewall local name 'FOO'
nft list table ip filter
table ip filter {
set DOMAINS {
type ipv4_addr
flags interval
elements = { 192.0.2.1, 192.0.2.85,
203.0.113.55, 203.0.113.58 }
}
chain NAME_FOO {
ip saddr @DOMAINS counter packets 0 bytes 0 drop comment "FOO-10"
counter packets 0 bytes 0 return comment "FOO default-action accept"
}
}
|
|
|
|
http-api: T4442: Add action reset
|
|
Add action 'reset' (op-mode) for HTTP-API
http://localhost/reset
curl --unix-socket /run/api.sock -X POST -Fkey=mykey \
-Fdata='{"op": "reset", "path": ["ip", "bgp", "192.0.2.14"]}' \
http://localhost/reset
|
|
The config vrf-basic reveals a missing block in the migration script
vrf/0-to-1, moving 'next-hop-vrf' to 'vrf'. As this only exists in
Sagitta, modify script 0-to-1. Also, fix the 'system nt' typo seen in
vrf-ospf.
|
|
Migration of bgp-azure-ipsec-gateway and bgp_dmvpn_hub reveals that
migration script ipsec/5-to-6 leaves the empty node 'ipsec-interfaces'
after moving the interface; fix the migration script, as it is not yet
in 1.3.
|
|
ocserv: T4420: show configured 2FA OTP key
|
|
FRR: T4020: Added CLI options for FRR daemons
|
|
|
|
|
|
|
|
monitoring: T4418: Add output plugin azure-data-explorer
|
|
Add output telegraf Plugin Azure Data Explorer
set service monitoring telegraf azure-data-explorer authentication client-id 'x'
set service monitoring telegraf azure-data-explorer authentication client-secret 'x'
set service monitoring telegraf azure-data-explorer authentication tenant-id 'x'
set service monitoring telegraf azure-data-explorer database 'x'
set service monitoring telegraf azure-data-explorer group-metrics 'single-table'
set service monitoring telegraf azure-data-explorer url 'http://localhost.loc'
|
|
|