summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
m---------docs/_include/vyos-1x0
-rw-r--r--docs/changelog/1.3.rst6
-rw-r--r--docs/changelog/1.4.rst83
-rw-r--r--docs/changelog/1.5.rst76
-rw-r--r--docs/configexamples/pppoe-ipv6-basic.rst40
-rw-r--r--docs/configuration/service/dns.rst25
6 files changed, 205 insertions, 25 deletions
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x
-Subproject b1a35b8ae02c7a72ee29bf3e1595fedf254479e
+Subproject 48c09cb91079733e4c5517a22b5345ff14d6605
diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst
index 5960cd58..d0d71d55 100644
--- a/docs/changelog/1.3.rst
+++ b/docs/changelog/1.3.rst
@@ -8,6 +8,12 @@
_ext/releasenotes.py
+2023-12-29
+==========
+
+* :vytask:`T5852` ``(bug): Reboots fail with eapol WAN interface``
+
+
2023-12-22
==========
diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst
index 385d1d63..7a4c96c0 100644
--- a/docs/changelog/1.4.rst
+++ b/docs/changelog/1.4.rst
@@ -8,6 +8,89 @@
_ext/releasenotes.py
+2024-01-07
+==========
+
+* :vytask:`T5891` ``(bug): OpenVPN IPv6 config issue with 1.4-rc1``
+* :vytask:`T5887` ``(feature): Upgrade Linux Kernel to 6.6.y (2023 LTS edition)``
+
+
+2024-01-06
+==========
+
+* :vytask:`T3670` ``(feature): Option to disable HTTP port 80 redirect``
+
+
+2024-01-05
+==========
+
+* :vytask:`T3642` ``(feature): PKI configuration``
+* :vytask:`T5894` ``(feature): Extend get_config_dict() with additional parameter with_pki that defaults to False``
+
+
+2024-01-04
+==========
+
+* :vytask:`T4072` ``(feature): Feature Request: Firewall on bridge interfaces``
+* :vytask:`T3459` ``(default): Inform the user when unable to install outdated image``
+
+
+2024-01-03
+==========
+
+* :vytask:`T5880` ``(bug): verify_source_interface should not allow dynamic interfaces like ppp, l2tp, ipoe or sstpc client interfaces``
+* :vytask:`T5879` ``(bug): tunnel: sourceing from dynamic pppoe0 interface will fail on reboots``
+* :vytask:`T4500` ``(bug): Missing firewall logs``
+
+
+2024-01-02
+==========
+
+* :vytask:`T5885` ``(default): image-tools: relax restriction on image-name length from 32 to 64``
+
+
+2024-01-01
+==========
+
+* :vytask:`T5883` ``(bug): Preserve file ownership in /config subdirs on add system image``
+* :vytask:`T5474` ``(feature): Establish common file name pattern for XML conf mode commands``
+
+
+2023-12-30
+==========
+
+* :vytask:`T5875` ``(bug): login: removing and re-adding a user keeps the home directory but UID will change, thus SSH keys no longer work``
+* :vytask:`T5653` ``(feature): Command to display fingerprint``
+
+
+2023-12-29
+==========
+
+* :vytask:`T5829` ``(bug): Can't Add IPv6 Address to Containers``
+* :vytask:`T5852` ``(bug): Reboots fail with eapol WAN interface``
+* :vytask:`T5869` ``(bug): vyos.template.first_host_address() does not honor RFC4291 section 2.6.1``
+
+
+2023-12-28
+==========
+
+* :vytask:`T4163` ``(feature): [BMP-BGP] Routing monitoring feature``
+* :vytask:`T5867` ``(feature): Upgrade podman to Debian Trixie version 4.7.x``
+* :vytask:`T5866` ``(feature): Add op-mode command to restart IPv6 RA daemon``
+* :vytask:`T5861` ``(bug): Flavor build system fails with third-party packages``
+* :vytask:`T5854` ``(feature): Extend override-default script to allow embedded defaultValue settings``
+* :vytask:`T5566` ``(feature): Be able to disable 802.3az/EEE (energy efficient ethernet) for a particular interface``
+* :vytask:`T5792` ``(default): Upgrade ddclient 3.11.2 release``
+
+
+2023-12-25
+==========
+
+* :vytask:`T5855` ``(feature): Migrate "set service lldp snmp enable" -> `set service lldp snmp"``
+* :vytask:`T5837` ``(bug): vyos.configdict.node_changed does not return keys per adding``
+* :vytask:`T5856` ``(bug): SNMP service removal fails``
+
+
2023-12-24
==========
diff --git a/docs/changelog/1.5.rst b/docs/changelog/1.5.rst
index 4ef32704..631ccf91 100644
--- a/docs/changelog/1.5.rst
+++ b/docs/changelog/1.5.rst
@@ -8,6 +8,81 @@
_ext/releasenotes.py
+2024-01-07
+==========
+
+* :vytask:`T5899` ``(feature): VyOS vm images use bookworm repo``
+* :vytask:`T5887` ``(feature): Upgrade Linux Kernel to 6.6.y (2023 LTS edition)``
+
+
+2024-01-06
+==========
+
+* :vytask:`T3214` ``(bug): OpenVPN IPv6 fixes``
+
+
+2024-01-05
+==========
+
+* :vytask:`T5894` ``(feature): Extend get_config_dict() with additional parameter with_pki that defaults to False``
+
+
+2024-01-03
+==========
+
+* :vytask:`T5880` ``(bug): verify_source_interface should not allow dynamic interfaces like ppp, l2tp, ipoe or sstpc client interfaces``
+* :vytask:`T5879` ``(bug): tunnel: sourceing from dynamic pppoe0 interface will fail on reboots``
+
+
+2024-01-02
+==========
+
+* :vytask:`T5885` ``(default): image-tools: relax restriction on image-name length from 32 to 64``
+
+
+2024-01-01
+==========
+
+* :vytask:`T5883` ``(bug): Preserve file ownership in /config subdirs on add system image``
+* :vytask:`T5474` ``(feature): Establish common file name pattern for XML conf mode commands``
+
+
+2023-12-30
+==========
+
+* :vytask:`T5875` ``(bug): login: removing and re-adding a user keeps the home directory but UID will change, thus SSH keys no longer work``
+* :vytask:`T5653` ``(feature): Command to display fingerprint``
+
+
+2023-12-29
+==========
+
+* :vytask:`T5829` ``(bug): Can't Add IPv6 Address to Containers``
+* :vytask:`T5852` ``(bug): Reboots fail with eapol WAN interface``
+* :vytask:`T5869` ``(bug): vyos.template.first_host_address() does not honor RFC4291 section 2.6.1``
+
+
+2023-12-28
+==========
+
+* :vytask:`T5827` ``(bug): image-tools: 'show system image' Command Not in Order``
+* :vytask:`T4163` ``(feature): [BMP-BGP] Routing monitoring feature``
+* :vytask:`T5867` ``(feature): Upgrade podman to Debian Trixie version 4.7.x``
+* :vytask:`T5866` ``(feature): Add op-mode command to restart IPv6 RA daemon``
+* :vytask:`T5861` ``(bug): Flavor build system fails with third-party packages``
+* :vytask:`T5854` ``(feature): Extend override-default script to allow embedded defaultValue settings``
+* :vytask:`T5566` ``(feature): Be able to disable 802.3az/EEE (energy efficient ethernet) for a particular interface``
+* :vytask:`T5792` ``(default): Upgrade ddclient 3.11.2 release``
+
+
+2023-12-25
+==========
+
+* :vytask:`T5855` ``(feature): Migrate "set service lldp snmp enable" -> `set service lldp snmp"``
+* :vytask:`T5837` ``(bug): vyos.configdict.node_changed does not return keys per adding``
+* :vytask:`T5856` ``(bug): SNMP service removal fails``
+
+
2023-12-23
==========
@@ -80,7 +155,6 @@
2023-12-13
==========
-* :vytask:`T5688` ``(default): Create the same view of pool configuration for all accel-ppp services``
* :vytask:`T591` ``(feature): Support SRv6``
diff --git a/docs/configexamples/pppoe-ipv6-basic.rst b/docs/configexamples/pppoe-ipv6-basic.rst
index f569d9c3..ad588def 100644
--- a/docs/configexamples/pppoe-ipv6-basic.rst
+++ b/docs/configexamples/pppoe-ipv6-basic.rst
@@ -89,24 +89,28 @@ To have basic protection while keeping IPv6 network functional, we need to:
.. code-block:: none
- set firewall ipv6-name WAN_IN default-action 'drop'
- set firewall ipv6-name WAN_IN rule 10 action 'accept'
- set firewall ipv6-name WAN_IN rule 10 state established 'enable'
- set firewall ipv6-name WAN_IN rule 10 state related 'enable'
- set firewall ipv6-name WAN_IN rule 20 action 'accept'
- set firewall ipv6-name WAN_IN rule 20 protocol 'icmpv6'
- set firewall ipv6-name WAN_LOCAL default-action 'drop'
- set firewall ipv6-name WAN_LOCAL rule 10 action 'accept'
- set firewall ipv6-name WAN_LOCAL rule 10 state established 'enable'
- set firewall ipv6-name WAN_LOCAL rule 10 state related 'enable'
- set firewall ipv6-name WAN_LOCAL rule 20 action 'accept'
- set firewall ipv6-name WAN_LOCAL rule 20 protocol 'icmpv6'
- set firewall ipv6-name WAN_LOCAL rule 30 action 'accept'
- set firewall ipv6-name WAN_LOCAL rule 30 destination port '546'
- set firewall ipv6-name WAN_LOCAL rule 30 protocol 'udp'
- set firewall ipv6-name WAN_LOCAL rule 30 source port '547'
- set interfaces pppoe pppoe0 firewall in ipv6-name 'WAN_IN'
- set interfaces pppoe pppoe0 firewall local ipv6-name 'WAN_LOCAL'
+ set firewall ipv6 name WAN_IN default-action 'drop'
+ set firewall ipv6 name WAN_IN rule 10 action 'accept'
+ set firewall ipv6 name WAN_IN rule 10 state established 'enable'
+ set firewall ipv6 name WAN_IN rule 10 state related 'enable'
+ set firewall ipv6 name WAN_IN rule 20 action 'accept'
+ set firewall ipv6 name WAN_IN rule 20 protocol 'icmpv6'
+ set firewall ipv6 name WAN_LOCAL default-action 'drop'
+ set firewall ipv6 name WAN_LOCAL rule 10 action 'accept'
+ set firewall ipv6 name WAN_LOCAL rule 10 state established 'enable'
+ set firewall ipv6 name WAN_LOCAL rule 10 state related 'enable'
+ set firewall ipv6 name WAN_LOCAL rule 20 action 'accept'
+ set firewall ipv6 name WAN_LOCAL rule 20 protocol 'icmpv6'
+ set firewall ipv6 name WAN_LOCAL rule 30 action 'accept'
+ set firewall ipv6 name WAN_LOCAL rule 30 destination port '546'
+ set firewall ipv6 name WAN_LOCAL rule 30 protocol 'udp'
+ set firewall ipv6 name WAN_LOCAL rule 30 source port '547'
+ set firewall ipv6 forward filter rule 10 action jump
+ set firewall ipv6 forward filter rule 10 jump-target 'WAN_IN'
+ set firewall ipv6 forward filter rule 10 inbound-interface name 'pppoe0'
+ set firewall ipv6 input filter rule 10 action jump
+ set firewall ipv6 input filter rule 10 jump-target 'WAN_LOCAL'
+ set firewall ipv6 input filter rule 10 inbound-interface name 'pppoe0'
Note to allow the router to receive DHCPv6 response from ISP. We need to allow
packets with source port 547 (server) and destination port 546 (client).
diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst
index 2caeb22d..7624d309 100644
--- a/docs/configuration/service/dns.rst
+++ b/docs/configuration/service/dns.rst
@@ -143,6 +143,19 @@ avoid being tracked by the provider of your upstream DNS server.
168.192.in-addr.arpa, 16-31.172.in-addr.arpa, which enabling upstream
DNS server(s) to be used for reverse lookups of these zones.
+.. cfgcmd:: set service dns forwarding serve-stale-extension <0-65535>
+
+ Maximum number of times an expired record’s TTL is extended by 30s when
+ serving stale. Extension only occurs if a record cannot be refreshed. A
+ value of 0 means the Serve Stale mechanism is not used. To allow records
+ becoming stale to be served for an hour, use a value of 120.
+
+.. cfgcmd:: set service dns forwarding exclude-throttle-address <ip|prefix>
+
+ When an authoritative server does not answer a query or sends a reply the
+ recursor does not like, it is throttled. Any servers matching the supplied
+ netmasks will never be throttled.
+
Example
=======
@@ -381,12 +394,12 @@ By default, ddclient_ will update a dynamic dns record using the IP address
directly attached to the interface. If your VyOS instance is behind NAT, your
record will be updated to point to your internal IP.
-Above, command syntax isn noted to configure dynamic dns on a specific interface.
-It is possible to overlook the additional address option, web, when completeing
-those commands. ddclient_ has another way to determine the WAN IP address, using
-a web-based url to determine the external IP. Each of the commands above will
-need to be modified to use 'web' as the 'interface' specified if this functionality
-is to be utilized.
+Above, command syntax isn noted to configure dynamic dns on a specific interface.
+It is possible to overlook the additional address option, web, when completeing
+those commands. ddclient_ has another way to determine the WAN IP address, using
+a web-based url to determine the external IP. Each of the commands above will
+need to be modified to use 'web' as the 'interface' specified if this functionality
+is to be utilized.
This functionality is controlled by adding the following configuration:
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-18 09:22:00 +0000