Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-01-10 | conntrack: T3579: prepare for "conntrack timeout custom rule" CLI commands | Christian Poessinger | |
2022-01-10 | Merge pull request #1152 from sarthurdev/firewall_validators | Christian Poessinger | |
firewall: validators: T4148: Improve validators and firewall validator usage | |||
2022-01-10 | conntrack: T3579: migrate "conntrack ignore" tree to vyos-1x and nftables | Christian Poessinger | |
2022-01-10 | validators: Stricter checking on port-range validator | sarthurdev | |
2022-01-10 | validators: T4148: Add text output when validators fail | sarthurdev | |
2022-01-10 | firewall: validators: T2199: Improve port validation | sarthurdev | |
2022-01-10 | firewall: 4149: Fix verify steps being bypassed when base node is removed | sarthurdev | |
2022-01-05 | firewall: zone-policy: T4133: Prevent firewall from trying to clean-up ↵ | sarthurdev | |
zone-policy chains * Prevent firewall names from using the reserved VZONE prefix | |||
2022-01-05 | Merge pull request #1136 from sarthurdev/firewall | Christian Poessinger | |
zone-policy: T4135: Raise error when using an invalid "from" zone. | |||
2022-01-05 | zone-policy: T4135: Raise error when using an invalid "from" zone. | sarthurdev | |
2022-01-05 | Merge pull request #1134 from sarthurdev/firewall | Christian Poessinger | |
firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and zone-policy | |||
2022-01-05 | firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and ↵ | sarthurdev | |
zone-policy | |||
2022-01-04 | Merge pull request #1121 from sever-sever/T4109 | Christian Poessinger | |
keepalived: T4109: Add high-availability virtual-server | |||
2022-01-04 | keepalived: T4109: Add high-availability virtual-server | Viacheslav | |
Add new feature, high-availability virtual-server Change XML, python and templates Move vrrp to root node 'high-availability' as all logic are handler by root node 'high-availability' | |||
2022-01-04 | Merge pull request #1130 from sarthurdev/firewall | Christian Poessinger | |
firewall: T4130: Fix firewall state-policy errors | |||
2022-01-04 | firewall: T4130: Fix firewall state-policy errors | sarthurdev | |
Also fixes: * Issue with multiple state-policy rules being created on firewall updates * Prevents interface rules being inserted before state-policy | |||
2022-01-03 | keepalived: T4128: add missing keepalived.service file | Christian Poessinger | |
2022-01-03 | keepalived: T4128: add systemd option Type=simple | Christian Poessinger | |
Without this option systemd startup will hit a timeout and the kill keepalived again. | |||
2022-01-03 | test: vyos.validate: also test interface identifier in is_ipv6_link_local() | Christian Poessinger | |
2022-01-03 | Merge pull request #1018 from sever-sever/T3872 | Christian Poessinger | |
monitoring: T3872: Add a new feature service monitoring | |||
2022-01-03 | monitoring: T3872: Add a new feature service monitoring telegraf | Viacheslav | |
2022-01-03 | Merge pull request #1124 from sever-sever/T4110 | Christian Poessinger | |
listen-address: T4110: Ability to set IPv6 link-local addresses | |||
2022-01-03 | listen-address: T4110: Ability to set IPv6 link-local addresses | Viacheslav | |
Some services allows to set link-local IPv6 addresses as listen-address. Allow it and add a validator 'ipv6-link-local' and extend listen-address.xml.i to this validator | |||
2022-01-01 | nat: T2199: rename iptables -> nftables variable prefix | Christian Poessinger | |
2021-12-31 | Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into current | Christian Poessinger | |
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python | |||
2021-12-30 | snmp: T4124: migrate to get_config_dict() | Christian Poessinger | |
2021-12-30 | Merge pull request #1128 from zdc/T4121-sagitta | Kim | |
dhclient: T4121: Fixed resolv.conf generation at early boot stage | |||
2021-12-30 | dhclient: T4121: Fixed resolv.conf generation at early boot stage | zsdc | |
In case if a CLI configuration is not available, dhclient cannot add nameservers to a `resolv.conf` file, because `vyos-hostsd` requires that an interface be listed in the `set system name-server` option. This commit introduces two changes: * `vyos-hostsd` service will not be started before Cloud-Init fetch all remote data. This is required because all meta-data should be available for Cloud-Init before any of VyOS-related services start since it is used for configuration generation. * the `vyos-hostsd-client` in the `dhclient-script` will be used only if the `vyos-hostsd` is running. In other words - if VyOS services already started, dhclient changes `resolv.conf` using `vyos-hostsd`; in other cases - does this directly. These changes should protect us from problems with DHCP during system boot if DHCP is required by third-party utils. | |||
2021-12-29 | configd: T4086: use 'copy' on mutable global var default_config_data | John Estabrook | |
2021-12-27 | snmp: T4093: add missing verify() step for required group per snmp v3 user | Christian Poessinger | |
2021-12-27 | conntrack-sync: T4109: Change script name for vrrp | Viacheslav | |
The script vrrp.py was moved to high-availability.py As all logic are handle by root 'high-avalability' node | |||
2021-12-26 | ospfv3: T4107: add support for "default-information originate" | Christian Poessinger | |
2021-12-26 | ospfv3: T4108: add support for auto-cost parameter | Christian Poessinger | |
2021-12-26 | ospfv3: T4102: nssa area support both no-summary and default-originate | Christian Poessinger | |
2021-12-26 | flow-accounting: T4097: move configuration file to /run | Christian Poessinger | |
2021-12-26 | flow-accounting: T4097: bugfix removing service from CLI | Christian Poessinger | |
2021-12-26 | http: api: T4055: add VRF support | Christian Poessinger | |
2021-12-25 | https: T1443: remove duplicate CLI definition | Christian Poessinger | |
2021-12-25 | flow-accounting: T4106: support specification of capture packet length | Christian Poessinger | |
2021-12-25 | flow-accounting: T4105: drop "sflow agent-address auto" | Christian Poessinger | |
The implementation of the "auto" option to specify the sflow/netflow agent-address is very error prone. The current implementation will determine the IP address used for the "auto" value as follow: Get BGP router-id 1) If not found use OSPF router-id 2) If not found use OSPFv3 router-id 3) If not found use "the first IP address found on the system Well, what is the "first IP address found"? Also this changes if DHCP is in use. Also another disadvantage is when the BGP/OSPF/OSPFv3 router-id is changed, the agent-address is not updated upon the next reboot of the system. This task is about removing the "auto" keyword from the CLI at all and make it either entirely configurable by the user and hardcode the value in CLI, or not use this at all. If "auto" is specified we will query the system in the above order and set the proper router-id in the CLI. If none can be found the CLI node is removed. | |||
2021-12-25 | flow-accounting: T4099: rename "netflow source-ip" to source-address | Christian Poessinger | |
sFlow uses the source-address CLI node and netflow uses source-ip this is just confusing and should be synced to the common source-address CLI node. | |||
2021-12-25 | flow-accounting: T4097: move to get_config_dict() | Christian Poessinger | |
2021-12-25 | ospfv3: T4102: add support for NSSA area-type | Christian Poessinger | |
2021-12-23 | conntrack-sync: T3854: Add missed statistics for op-mode | Viacheslav | |
After rewriting conntrack-sync to XML/python part of op-mode parameters was missed Add "status" and "statistics" for conntrack-sync | |||
2021-12-21 | nat: T3435: Fix for op-mode concatenate str | Viacheslav | |
Can only concatenate str (not "int") to str | |||
2021-12-19 | vxlan: T3700: add support for Generic Protocol extension (VXLAN-GPE) | Christian Poessinger | |
2021-12-19 | T4084: dehardcode the post-login banner | Daniil Baturin | |
2021-12-17 | Merge pull request #1103 from zdc/T3774-sagitta | Christian Poessinger | |
logs: T3774: Added CLI options to control atop logs rotation | |||
2021-12-17 | logs: T3774: Optimization for logrotate configs | zsdc | |
* Added proper handling of default values from CLI. * Replaced rsyslog restart postrotate action to native `rsyslog-rotate` script. * Removed unnecessary checks for `None` instead `dict` - with default values the situation becomes impossible. * Fixed default value from 10 to 1 in the rsyslog CLI. | |||
2021-12-16 | Add restart ldp command | Devon Mar | |