| Age | Commit message (Collapse) | Author |
|---|
|
Use same format/syntax over all interface types.
Bug 5257
|
|
Need ifb device to be created before other devices redirect
to it.
|
|
More descriptive name for input interface.
|
|
This is configuration wrapper for IFB. See spec.
|
|
/sys/devices/system/cpu/present is 0-NN on SMP and 0 on UP.
|
|
If only one CPU, then not worth bothering doing any kind of interrrupt
affinity.
|
|
local-zone's firewall when using Zone Based Firewall
* changed local zones INPUT and OUTPUT chain rules to allow all local-zone
traffic on the loopback interface rather than using address 127.0.0.1 which
was too restrictive and blocked certain traffic initiated from and going to
local-zone itself. This is compliant with the Zone Concept and similar to
what's done for other transient zones as well where rules are interface based
|
|
|
|
Bug 4977
Need to wait to set/check bond primary device until after it
is put in bond group.
|
|
|
|
RFC-4862 requires that IPv6 operation on an interface be disabled when
DAD fails on a link-local address. The kernel IPv6 code supports this
feature, but doesn't enable it by default. This change provides a
configurable parameter to control this behavior, but, like the
kenrnel, disables it by default.
|
|
bootup
|
|
* fix this for eth, eth.vif, bond, bond.vif interfaces
* also, bridge-group code for bonding interfaces wasn't changed
with commit ec080f99 that re-strucutred bridging code in eth and
eth.vifs to fix bug 4708. bridge-group code for bond and bond.vif
interfaces is now similar to the fix for 4708
|
|
The sshd file format has optional options; copy them to a
placeholder node and generate to authorized_keys
Better error message when wrong number of arguments.
|
|
Bug 5350
Need some changes to support DSA keys (Protocol V2).
Also add support for options in key file.
|
|
Bug 5256
Going out to perl to repeatedly validate ethernet device name slows
down adding VLAN's and other operations with lots of sub-devices.
|
|
|
|
The overhead of compiling perl script repeatedly slows down VIF creation
|
|
|
|
Bug 4754
Want correct host-name for DHCP to work right later under interfaces.
Want timezone correct so that any services started that print time
information have correct data.
|
|
Need ability to open file of new user (to load authorized key).
So move sudo to template.
|
|
Fix help text (Bug 5254) and allow IPV6 static mapping (Bug 5298)
|
|
Bug 5285
|
|
Bug 5286
|
|
If user exists in NSS (LDAP, TACACS+) but not on local machine,
then it can not be changed with CLI. useradd will fail (user exists),
and usermod will fail (can't find user in passwd file).
Bug 5249
|
|
Bug 5269
This prevents user from doing something harmful like making a user
named quagga or cron and putting vbash on that account.
|
|
Bug 5252
The boot script needs to restore default settings, and the
templates are then used to enable root access.
|
|
We need to delay disabling flow control in the sequence of events
until after the interface address has been set. An additional benefit
of adding a "priority" field is that interface configuration will not
fail if the attempt to disable flow control fails for some reason.
|
|
|
|
Values > 30 are likely to cause login timeout, so don't allow them.
|
|
Bug 458
Add
service snmp trap-source <address>
wrapper for /etc/snmp/snmp.conf
|
|
Bug 3756
Allow setting trap communities and port values.
|
|
Postscript to bug 4499
|
|
Bug 212
The entries in config under protocols were all routing protocols
except SNMP which was an unfortunate original design choice.
Config script does migration.
|
|
Bug 4499
|
|
Want to process loopback first, so any local addresses assigned
to loopback are done.
|
|
1. Use non-expression syntax
2. Remove unused init action
|
|
All the other interface types are in vyatta-cfg-system, only
loopback and ethernet were in vyatta-cfg
|
|
Move them under user/node.tag/authorization
|
|
New syntax:
system login user vyatta authentication public-key user@remote type ssh-rsa
|
|
Also change config version for migration.
|
|
|
|
Add public key support
Convert allow-root and password-authentication from boolean nodes to
regular nodes.
|
|
First, we need to set the global IPv6 parameter under "all" when
"disable-forwarding" is deleted because this is the parameter that
actually controls whether the stack will forward IPv6 packets.
Second, if router advertisements were configured while global IPv6
forwarding was disabled, we need to re-start the daemon when global
IPv6 forwarding is re-enabled.
|
|
Now a flag file indicates that IPv6 forwarding is disabled on a specific
interface.
|
|
Part of Bug 3255
|
|
|
|
|
|
|
|
|
