diff options
m--------- | docs/_include/vyos-1x | 0 | ||||
-rw-r--r-- | docs/changelog/1.3.rst | 20 | ||||
-rw-r--r-- | docs/changelog/1.4.rst | 25 | ||||
-rw-r--r-- | docs/configuration/policy/examples.rst | 29 |
4 files changed, 70 insertions, 4 deletions
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject 3f91033927d80748b70e1ef58b2941643d1aca3 +Subproject e1d9982c7b463b173cc8c261f61a9447ace6289 diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index 48dc1319..30e1dc41 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,9 +8,28 @@ _ext/releasenotes.py +2022-11-06 +========== + +* :vytask:`T2913` (bug): Failure to install fpm while building builder docker image + + +2022-11-04 +========== + +* :vytask:`T2417` (feature): Python validator cleanup + + +2022-11-01 +========== + +* :vytask:`T4177` (bug): Strip-private doesn't work for service monitoring + + 2022-10-31 ========== +* :vytask:`T1875` (feature): Add the ability to use network address as BGP neighbor (bgp listen range) * :vytask:`T4785` (feature): snmp: Allow !, @, * and # in community name @@ -1301,7 +1320,6 @@ * :vytask:`T2759` (bug): validate-value prints error messages from validators that fail even if overall validation succeeds * :vytask:`T3234` (bug): multi_to_list fails in certain cases, with root cause an element redundancy in XML interface-definitions * :vytask:`T3732` (feature): override-default helper should support adding defaultValues to default less nodes -* :vytask:`T3574` (default): Add constraintGroup for combining validators with logical AND * :vytask:`T1962` (default): Add syntax version to schema diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index 5a0f445b..3c769cb3 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,10 +8,32 @@ _ext/releasenotes.py +2022-11-06 +========== + +* :vytask:`T4803` (bug): The header 'Authorization' needs to be explictly allowed in http-api CORS middleware + + +2022-11-05 +========== + +* :vytask:`T4802` (feature): Ability to define per container shared-memory size + + +2022-11-01 +========== + +* :vytask:`T4764` (bug): NAT tables vyos_nat and vyos_static_nat not deleting after deleting nat +* :vytask:`T4177` (bug): Strip-private doesn't work for service monitoring + + 2022-10-31 ========== +* :vytask:`T4786` (feature): Add package python3-pyhumps +* :vytask:`T1875` (feature): Add the ability to use network address as BGP neighbor (bgp listen range) * :vytask:`T4785` (feature): snmp: Allow !, @, * and # in community name +* :vytask:`T4787` (feature): ipsec: add support for road-warrior/remote-access RADIUS timeout 2022-10-29 @@ -44,7 +66,6 @@ 2022-10-25 ========== -* :vytask:`T4720` (feature): Ability to configure SSH HostKeyAlgorithms * :vytask:`T4574` (default): Add token based authentication to GraphQL API @@ -83,7 +104,6 @@ 2022-10-14 ========== -* :vytask:`T4750` (feature): Support of higher level SSH keys (sk-ssh-ed25519) * :vytask:`T4672` (bug): RADIUS server disable does not work * :vytask:`T4749` (enhancment): Use config_dict for conf_mode http-api.py @@ -2083,7 +2103,6 @@ * :vytask:`T3764` (bug): Unconfigurable IKE and ESP lifetime * :vytask:`T3234` (bug): multi_to_list fails in certain cases, with root cause an element redundancy in XML interface-definitions * :vytask:`T3732` (feature): override-default helper should support adding defaultValues to default less nodes -* :vytask:`T3574` (default): Add constraintGroup for combining validators with logical AND * :vytask:`T3759` (default): [L3VPN] VPNv4/VPNv6 add commands diff --git a/docs/configuration/policy/examples.rst b/docs/configuration/policy/examples.rst index 2d44f4bc..f52a7950 100644 --- a/docs/configuration/policy/examples.rst +++ b/docs/configuration/policy/examples.rst @@ -182,3 +182,32 @@ Add multiple source IP in one rule with same priority set policy local-route rule 101 source '203.0.113.253' set policy local-route rule 101 source '198.51.100.0/24' +########################### +Clamp MSS for a specific IP +########################### + +This example shows how to target an MSS clamp (in our example to 1360 bytes) +to a specific destination IP. + +.. code-block:: none + + set policy route IP-MSS-CLAMP rule 10 description 'Clamp TCP session MSS to 1360 for 198.51.100.30' + set policy route IP-MSS-CLAMP rule 10 destination address '198.51.100.30/32' + set policy route IP-MSS-CLAMP rule 10 protocol 'tcp' + set policy route IP-MSS-CLAMP rule 10 set tcp-mss '1360' + set policy route IP-MSS-CLAMP rule 10 tcp flags 'SYN' + +To apply this policy to the correct interface, configure it on the +interface the inbound local host will send through to reach our +destined target host (in our example eth1). + +.. code-block:: none + + set interfaces ethernet eth1 policy route IP-MSS-CLAMP + +You can view that the policy is being correctly (or incorrectly) utilised +with the following command: + +.. code-block:: none + + show policy route statistics |