Age | Commit message (Collapse) | Author |
|
There are cloud environments available where the maximum supported ethernet
MTU is e.g. 1450 bytes, thus we clamp this to the adapters maximum MTU value
or 1500 bytes - whatever is lower.
|
|
T6199: remove unused Python imports from migration scripts
|
|
|
|
T6188: add description to show firewall
|
|
For readability in console sessions, moved the description column to only be shown in the detail view.
Changed wrapping in the detail view for description to 65 characters to prevent full line wrapping in console sessions.
|
|
|
|
The option "passive-interface default" was set even if it was not present in
the previous version we are migrating from. Fix migration script to handle this
with a conditional path.
|
|
T6199: drop unused Python imports from graphql source
|
|
|
|
bgp: T5943: BGP Peer-group members must be all internal or all external
|
|
T6068: dhcp-server: add command <set service dhcp-server high-availability mode>
|
|
|
|
|
|
mode> so user can define what type of ha use: active-active or active-passive
|
|
found using "git ls-files *.py | xargs pylint | grep W0611"
|
|
* Use interface_exists() outside of verify()
* Use verify_interface_exists() in verify() to drop common error message
|
|
configverify: T6198: add common helper for PKI certificate validation
|
|
The next evolutional step after adding get_config_dict(..., with_pki=True) is
to add a common verification function for the recurring task of validating SSL
certificate existance in e.g. EAPoL, OpenConnect, SSTP or HTTPS.
|
|
T6192: allow binding SSH to multiple VRF instances
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Currently VyOS only supports binding a service to one individual VRF. It might
become handy to have the services (initially it will be VRF, NTP and SNMP) be
bound to multiple VRFs.
Changed VRF from leafNode to multi leafNode with defaultValue: default - which
is the name of the default VRF.
|
|
|
|
- modified: src/op_mode/firewall.py
Changed behavior of "show firewall" for specific rule to only show rule and not also default-action
|
|
- Added show firewall <sections> detail paths
modified: src/op_mode/firewall.py
- Added Description as a header to normal "show firewall" commands
- Added 'detail' view which shows the output in a list key-pair format
Description column was added for these commands and their subsections:
show firewall statistics
show firewall groups
show firewall <family>
Detail view was added for these commands:
show firewall bridge forward filter detail
show firewall bridge forward filter rule <rule#> detail
show firewall bridge name <chain> detail
show firewall bridge name <chain> rule <rule#> detail
show firewall ipv4 forward filter detail
show firewall ipv4 forward filter rule <rule#> detail
show firewall ipv4 input filter detail
show firewall ipv4 input filter rule <rule#> detail
show firewall ipv4 output filter detail
show firewall ipv4 output filter rule <rule#> detail
show firewall ipv4 name <chain> detail
show firewall ipv4 name <chain> rule <rule#> detail
show firewall ipv6 forward filter detail
show firewall ipv6 forward filter rule <rule#> detail
show firewall ipv6 input filter detail
show firewall ipv6 input filter rule <rule#> detail
show firewall ipv6 output filter detail
show firewall ipv6 output filter rule <rule#> detail
show firewall ipv6 name <chain> detail
show firewall ipv6 name <chain> rule <rule#> detail
show firewall group detail
show firewall group <group> detail
|
|
system: T6193: invalid warning "is not a DHCP interface but uses DHCP name-server option"
|
|
dhcpv6-client: T2590: fix vyos-hostsd update for nameserver and search domains
|
|
T6178: Check that certificate exists during reverse-proxy commit
|
|
After migrating from ISC DHCLIENT for IPv6 to wide-dhcp-client the logic which
was present to update /etc/resolv.conf with the DHCP specified nameservers and
also the search domain list was no longer present.
This commit adds a per interface rendered script to inform vyos-hostsd about
the received IPv6 nameservers and search domains.
|
|
name-server option"
This fixes an invalid warning when using a DHCP VLAN interface to retrieve the
system nameserver to be used. VLAN CLI config is not properly expanded
leading to a false warning:
[ system name-server eth1.10 ]
WARNING: "eth1.10" is not a DHCP interface but uses DHCP name-server option!
|
|
|
|
T6185: simplify marshalling of section and config data for config-sync
|
|
dhcp-server: T4718: Listen-address is not commit if the ip address is on the interface with vrf
|
|
|
|
bgp: T6106: Valid commit error for route-reflector-client option defined in peer-group
|
|
|
|
peer-group
changed exception condition
Improved route_reflector_client test
|
|
Package path/section data in single command containing a tree (dict) of
section paths and the accompanying config data. This drops the call to
get_config_dict and the need for a list of commands in request.
|
|
dhcp: T6174: Add TACACS/Radius users to _kea group
|
|
Also raise op-mode error when unable to fetch data from Kea socket
|
|
openvpn: T6159: Openvpn Server Op-cmd adds heading "OpenVPN status on vtunx" for every client connection
|
|
ipsec: T5606: T5871: Use multi node for CA certificates
|
|
T5872: ipsec remote access VPN: support dhcp-interface.
|
|
This changes behaviour from fetching CA chain in PKI, to the user manually setting CA certificates.
Prevents unwanted parent CAs existing in PKI from being auto-included as may not be desired/intended.
|