Age | Commit message (Collapse) | Author |
|
firewall: T4178: Use lowercase for TCP flags and add an validator
|
|
|
|
There is a situation when service keepalived is active but
there a no any "vrrp" configuration. In that case "show vrrp"
hangs up because it expect data from keepalived daemon which
can't get
Check if "vrrp" exists in configuration and only then check if pid
is active
|
|
Add URL, token and bucket hidind data when is used function
"strip-private"
|
|
Telegraf ethtool input filter expected ethX interfaces and not
other interfaces like vlans/tunnels/dummy
Add "interface_include" option to telegraf template.
|
|
Rewrite and improve the custom input filter telegraf script
"show_interfaces_input_filter.py" to more readable and clear format
Fix bug when it failed with configured tunnel "tunX" interfaces
|
|
|
|
|
|
firewall: validators: T4174: Correct upper port range boundary
|
|
policy: T2199: Update op-mode syntax to `route6`
|
|
|
|
|
|
firewall: policy: T4131: T4144: T4159: T4164: Fix reported firewall issues, policy-route refactor
|
|
* Migrates all policy route references from `ipv6-route` to `route6`
* Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6`
|
|
Migrating 1.2.8 -> 1.4-rolling-202201110811
vyos-router[970]: Waiting for NICs to settle down: settled in 0sec..
vyos-router[1085]: Started watchfrr.
vyos-router[970]: Mounting VyOS Config...done.
vyos-router[970]: Starting VyOS router: migrate
vyos-router[1490]: Traceback (most recent call last):
vyos-router[1490]: File "/opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6", line 112, in <module>
vyos-router[1490]: for if_type in config.list_nodes(['interfaces']):
vyos-router[1490]: File "/usr/lib/python3/dist-packages/vyos/configtree.py", line 236, in list_nodes
vyos-router[1490]: raise ConfigTreeError("Path [{}] doesn't exist".format(path_str))
vyos-router[1490]: vyos.configtree.ConfigTreeError: Path [b'interfaces'] doesn't exist
vyos-router[1455]: Migration script error: /opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6: Command
'['/opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6', '/opt/vyatta/etc/config/config.boot']'
returned non-zero exit status 1..
vyos-router[970]: configure.
vyos-config[979]: Configuration success
|
|
|
|
is changed
|
|
items sorted and one per line
|
|
|
|
file for group definitions.
|
|
In order to have a consistent looking CLI we should rename this CLI node.
There is:
* access-list and access-list6 (policy)
* prefix-list and prefix-list6 (policy)
* route and route6 (static routes)
|
|
The bug was partially fixed with this commit:
https://github.com/vyos/vyos-1x/commit/358f0b481d8620cad4954e3fe418054b9a8c3ecd
The earlier commit introduced a startup retry (up to 10 times) to allow the OS
to settle before the container is started. However, it only applies if
host networking is NOT used. This change applies the same for containers
where host networking is employed.
Since the retry portion of the code (written in the earlier commit) is now
referenced twice, it has been moved to its own function.
|
|
Before installing a new conntrack policy into the OS Kernel, the new policy
should be verified by nftables if it can be loaded at all or if it will fail
to load. There is no need to load a "bad" configuration if we can pre-test it.
|
|
Before installing a new conntrack policy into the OS Kernel, the new policy
should be verified by nftables if it can be loaded at all or if it will fail
to load. There is no need to load a "bad" configuration if we can pre-test it.
|
|
|
|
firewall: validators: T4148: Improve validators and firewall validator usage
|
|
|
|
|
|
|
|
|
|
|
|
zone-policy chains
* Prevent firewall names from using the reserved VZONE prefix
|
|
zone-policy: T4135: Raise error when using an invalid "from" zone.
|
|
|
|
firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and zone-policy
|
|
zone-policy
|
|
keepalived: T4109: Add high-availability virtual-server
|
|
Add new feature, high-availability virtual-server
Change XML, python and templates
Move vrrp to root node 'high-availability' as all logic are
handler by root node 'high-availability'
|
|
firewall: T4130: Fix firewall state-policy errors
|
|
Also fixes:
* Issue with multiple state-policy rules being created on firewall updates
* Prevents interface rules being inserted before state-policy
|
|
|
|
Without this option systemd startup will hit a timeout and the kill keepalived
again.
|
|
|
|
monitoring: T3872: Add a new feature service monitoring
|
|
|
|
listen-address: T4110: Ability to set IPv6 link-local addresses
|
|
Some services allows to set link-local IPv6 addresses as
listen-address. Allow it and add a validator 'ipv6-link-local'
and extend listen-address.xml.i to this validator
|
|
|
|
* 'firewall' of https://github.com/sarthurdev/vyos-1x:
zone_policy: T3873: Implement intra-zone-filtering
policy: T2199: Migrate policy route op-mode to XML/Python
policy: T2199: Migrate policy route to XML/Python
zone-policy: T2199: Migrate zone-policy op-mode to XML/Python
zone-policy: T2199: Migrate zone-policy to XML/Python
firewall: T2199: Migrate firewall op-mode to XML/Python
firewall: T2199: Migrate firewall to XML/Python
|
|
|