summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
m---------docs/_include/vyos-1x0
-rw-r--r--docs/changelog/1.3.rst20
-rw-r--r--docs/changelog/1.4.rst25
-rw-r--r--docs/configuration/policy/examples.rst29
4 files changed, 70 insertions, 4 deletions
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x
-Subproject 3f91033927d80748b70e1ef58b2941643d1aca3
+Subproject e1d9982c7b463b173cc8c261f61a9447ace6289
diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst
index 48dc1319..30e1dc41 100644
--- a/docs/changelog/1.3.rst
+++ b/docs/changelog/1.3.rst
@@ -8,9 +8,28 @@
_ext/releasenotes.py
+2022-11-06
+==========
+
+* :vytask:`T2913` (bug): Failure to install fpm while building builder docker image
+
+
+2022-11-04
+==========
+
+* :vytask:`T2417` (feature): Python validator cleanup
+
+
+2022-11-01
+==========
+
+* :vytask:`T4177` (bug): Strip-private doesn't work for service monitoring
+
+
2022-10-31
==========
+* :vytask:`T1875` (feature): Add the ability to use network address as BGP neighbor (bgp listen range)
* :vytask:`T4785` (feature): snmp: Allow !, @, * and # in community name
@@ -1301,7 +1320,6 @@
* :vytask:`T2759` (bug): validate-value prints error messages from validators that fail even if overall validation succeeds
* :vytask:`T3234` (bug): multi_to_list fails in certain cases, with root cause an element redundancy in XML interface-definitions
* :vytask:`T3732` (feature): override-default helper should support adding defaultValues to default less nodes
-* :vytask:`T3574` (default): Add constraintGroup for combining validators with logical AND
* :vytask:`T1962` (default): Add syntax version to schema
diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst
index 5a0f445b..3c769cb3 100644
--- a/docs/changelog/1.4.rst
+++ b/docs/changelog/1.4.rst
@@ -8,10 +8,32 @@
_ext/releasenotes.py
+2022-11-06
+==========
+
+* :vytask:`T4803` (bug): The header 'Authorization' needs to be explictly allowed in http-api CORS middleware
+
+
+2022-11-05
+==========
+
+* :vytask:`T4802` (feature): Ability to define per container shared-memory size
+
+
+2022-11-01
+==========
+
+* :vytask:`T4764` (bug): NAT tables vyos_nat and vyos_static_nat not deleting after deleting nat
+* :vytask:`T4177` (bug): Strip-private doesn't work for service monitoring
+
+
2022-10-31
==========
+* :vytask:`T4786` (feature): Add package python3-pyhumps
+* :vytask:`T1875` (feature): Add the ability to use network address as BGP neighbor (bgp listen range)
* :vytask:`T4785` (feature): snmp: Allow !, @, * and # in community name
+* :vytask:`T4787` (feature): ipsec: add support for road-warrior/remote-access RADIUS timeout
2022-10-29
@@ -44,7 +66,6 @@
2022-10-25
==========
-* :vytask:`T4720` (feature): Ability to configure SSH HostKeyAlgorithms
* :vytask:`T4574` (default): Add token based authentication to GraphQL API
@@ -83,7 +104,6 @@
2022-10-14
==========
-* :vytask:`T4750` (feature): Support of higher level SSH keys (sk-ssh-ed25519)
* :vytask:`T4672` (bug): RADIUS server disable does not work
* :vytask:`T4749` (enhancment): Use config_dict for conf_mode http-api.py
@@ -2083,7 +2103,6 @@
* :vytask:`T3764` (bug): Unconfigurable IKE and ESP lifetime
* :vytask:`T3234` (bug): multi_to_list fails in certain cases, with root cause an element redundancy in XML interface-definitions
* :vytask:`T3732` (feature): override-default helper should support adding defaultValues to default less nodes
-* :vytask:`T3574` (default): Add constraintGroup for combining validators with logical AND
* :vytask:`T3759` (default): [L3VPN] VPNv4/VPNv6 add commands
diff --git a/docs/configuration/policy/examples.rst b/docs/configuration/policy/examples.rst
index 2d44f4bc..f52a7950 100644
--- a/docs/configuration/policy/examples.rst
+++ b/docs/configuration/policy/examples.rst
@@ -182,3 +182,32 @@ Add multiple source IP in one rule with same priority
set policy local-route rule 101 source '203.0.113.253'
set policy local-route rule 101 source '198.51.100.0/24'
+###########################
+Clamp MSS for a specific IP
+###########################
+
+This example shows how to target an MSS clamp (in our example to 1360 bytes)
+to a specific destination IP.
+
+.. code-block:: none
+
+ set policy route IP-MSS-CLAMP rule 10 description 'Clamp TCP session MSS to 1360 for 198.51.100.30'
+ set policy route IP-MSS-CLAMP rule 10 destination address '198.51.100.30/32'
+ set policy route IP-MSS-CLAMP rule 10 protocol 'tcp'
+ set policy route IP-MSS-CLAMP rule 10 set tcp-mss '1360'
+ set policy route IP-MSS-CLAMP rule 10 tcp flags 'SYN'
+
+To apply this policy to the correct interface, configure it on the
+interface the inbound local host will send through to reach our
+destined target host (in our example eth1).
+
+.. code-block:: none
+
+ set interfaces ethernet eth1 policy route IP-MSS-CLAMP
+
+You can view that the policy is being correctly (or incorrectly) utilised
+with the following command:
+
+.. code-block:: none
+
+ show policy route statistics