summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2022-01-14Merge pull request #1167 from sarthurdev/firewallChristian Poessinger
firewall: T4178: Use lowercase for TCP flags and add an validator
2022-01-14firewall: T4178: Use lowercase for TCP flags and add an validatorsarthurdev
2022-01-13vrrp: T4182: Check if VRRP configured in op modeViacheslav
There is a situation when service keepalived is active but there a no any "vrrp" configuration. In that case "show vrrp" hangs up because it expect data from keepalived daemon which can't get Check if "vrrp" exists in configuration and only then check if pid is active
2022-01-13strip-private: T4177: Fix for hiding private data token/url/bucketViacheslav
Add URL, token and bucket hidind data when is used function "strip-private"
2022-01-13monitoring: T3872: Add just required interfaces for ethtoolViacheslav
Telegraf ethtool input filter expected ethX interfaces and not other interfaces like vlans/tunnels/dummy Add "interface_include" option to telegraf template.
2022-01-13monitoring: T3872: Rewrite input filter custom_scriptViacheslav
Rewrite and improve the custom input filter telegraf script "show_interfaces_input_filter.py" to more readable and clear format Fix bug when it failed with configured tunnel "tunX" interfaces
2022-01-12firewall: T4160: Fix support for inverse matchessarthurdev
2022-01-11migrator: interfaces: T4171: bugfix ConfigTreeErrorChristian Poessinger
2022-01-11Merge pull request #1160 from bjw-s/T4174Christian Poessinger
firewall: validators: T4174: Correct upper port range boundary
2022-01-11Merge pull request #1159 from sarthurdev/firewallChristian Poessinger
policy: T2199: Update op-mode syntax to `route6`
2022-01-11firewall: validators: T4174: Correct upper port range boundaryBᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs
2022-01-11policy: T2199: Update op-mode syntax to `route6`sarthurdev
2022-01-11Merge pull request #1158 from sarthurdev/firewallChristian Poessinger
firewall: policy: T4131: T4144: T4159: T4164: Fix reported firewall issues, policy-route refactor
2022-01-11policy: T2199: Refactor policy route script for better error handlingsarthurdev
* Migrates all policy route references from `ipv6-route` to `route6` * Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6`
2022-01-11migrator: interfaces: T4171: bugfix ConfigTreeErrorChristian Poessinger
Migrating 1.2.8 -> 1.4-rolling-202201110811 vyos-router[970]: Waiting for NICs to settle down: settled in 0sec.. vyos-router[1085]: Started watchfrr. vyos-router[970]: Mounting VyOS Config...done. vyos-router[970]: Starting VyOS router: migrate vyos-router[1490]: Traceback (most recent call last): vyos-router[1490]: File "/opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6", line 112, in <module> vyos-router[1490]: for if_type in config.list_nodes(['interfaces']): vyos-router[1490]: File "/usr/lib/python3/dist-packages/vyos/configtree.py", line 236, in list_nodes vyos-router[1490]: raise ConfigTreeError("Path [{}] doesn't exist".format(path_str)) vyos-router[1490]: vyos.configtree.ConfigTreeError: Path [b'interfaces'] doesn't exist vyos-router[1455]: Migration script error: /opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6: Command '['/opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6', '/opt/vyatta/etc/config/config.boot']' returned non-zero exit status 1.. vyos-router[970]: configure. vyos-config[979]: Configuration success
2022-01-11firewall: T4159: Add warning when an empty group is applied to a rulesarthurdev
2022-01-11firewall: policy: T2199: Reload policy route script if `firewall group` node ↵sarthurdev
is changed
2022-01-11firewall: op-mode: T4131: Display `show firewall group` reference and member ↵sarthurdev
items sorted and one per line
2022-01-11validators: T4144: Add error messages to the majority of IP validatorssarthurdev
2022-01-11firewall: policy: T4159: T4164: Fix empty firewall groups, create separate ↵sarthurdev
file for group definitions.
2022-01-11policy: T4170: rename "policy ipv6-route" -> "policy route6"Christian Poessinger
In order to have a consistent looking CLI we should rename this CLI node. There is: * access-list and access-list6 (policy) * prefix-list and prefix-list6 (policy) * route and route6 (static routes)
2022-01-11containers: T2216: bugfix host networking on image upgradeMathew Inkson
The bug was partially fixed with this commit: https://github.com/vyos/vyos-1x/commit/358f0b481d8620cad4954e3fe418054b9a8c3ecd The earlier commit introduced a startup retry (up to 10 times) to allow the OS to settle before the container is started. However, it only applies if host networking is NOT used. This change applies the same for containers where host networking is employed. Since the retry portion of the code (written in the earlier commit) is now referenced twice, it has been moved to its own function.
2022-01-10nat: T2199: dry-run newly generated config before installChristian Poessinger
Before installing a new conntrack policy into the OS Kernel, the new policy should be verified by nftables if it can be loaded at all or if it will fail to load. There is no need to load a "bad" configuration if we can pre-test it.
2022-01-10conntrack: T3579: dry-run newly generated config before installChristian Poessinger
Before installing a new conntrack policy into the OS Kernel, the new policy should be verified by nftables if it can be loaded at all or if it will fail to load. There is no need to load a "bad" configuration if we can pre-test it.
2022-01-10conntrack: T3579: prepare for "conntrack timeout custom rule" CLI commandsChristian Poessinger
2022-01-10Merge pull request #1152 from sarthurdev/firewall_validatorsChristian Poessinger
firewall: validators: T4148: Improve validators and firewall validator usage
2022-01-10conntrack: T3579: migrate "conntrack ignore" tree to vyos-1x and nftablesChristian Poessinger
2022-01-10validators: Stricter checking on port-range validatorsarthurdev
2022-01-10validators: T4148: Add text output when validators failsarthurdev
2022-01-10firewall: validators: T2199: Improve port validationsarthurdev
2022-01-10firewall: 4149: Fix verify steps being bypassed when base node is removedsarthurdev
2022-01-05firewall: zone-policy: T4133: Prevent firewall from trying to clean-up ↵sarthurdev
zone-policy chains * Prevent firewall names from using the reserved VZONE prefix
2022-01-05Merge pull request #1136 from sarthurdev/firewallChristian Poessinger
zone-policy: T4135: Raise error when using an invalid "from" zone.
2022-01-05zone-policy: T4135: Raise error when using an invalid "from" zone.sarthurdev
2022-01-05Merge pull request #1134 from sarthurdev/firewallChristian Poessinger
firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and zone-policy
2022-01-05firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and ↵sarthurdev
zone-policy
2022-01-04Merge pull request #1121 from sever-sever/T4109Christian Poessinger
keepalived: T4109: Add high-availability virtual-server
2022-01-04keepalived: T4109: Add high-availability virtual-serverViacheslav
Add new feature, high-availability virtual-server Change XML, python and templates Move vrrp to root node 'high-availability' as all logic are handler by root node 'high-availability'
2022-01-04Merge pull request #1130 from sarthurdev/firewallChristian Poessinger
firewall: T4130: Fix firewall state-policy errors
2022-01-04firewall: T4130: Fix firewall state-policy errorssarthurdev
Also fixes: * Issue with multiple state-policy rules being created on firewall updates * Prevents interface rules being inserted before state-policy
2022-01-03keepalived: T4128: add missing keepalived.service fileChristian Poessinger
2022-01-03keepalived: T4128: add systemd option Type=simpleChristian Poessinger
Without this option systemd startup will hit a timeout and the kill keepalived again.
2022-01-03test: vyos.validate: also test interface identifier in is_ipv6_link_local()Christian Poessinger
2022-01-03Merge pull request #1018 from sever-sever/T3872Christian Poessinger
monitoring: T3872: Add a new feature service monitoring
2022-01-03monitoring: T3872: Add a new feature service monitoring telegrafViacheslav
2022-01-03Merge pull request #1124 from sever-sever/T4110Christian Poessinger
listen-address: T4110: Ability to set IPv6 link-local addresses
2022-01-03listen-address: T4110: Ability to set IPv6 link-local addressesViacheslav
Some services allows to set link-local IPv6 addresses as listen-address. Allow it and add a validator 'ipv6-link-local' and extend listen-address.xml.i to this validator
2022-01-01nat: T2199: rename iptables -> nftables variable prefixChristian Poessinger
2021-12-31Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into currentChristian Poessinger
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python
2021-12-30snmp: T4124: migrate to get_config_dict()Christian Poessinger