VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=1.3.4 2023-07-19T14:39:45+00:00 2023-07-19T14:39:45+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2023-07-19T14:39:45+00:00 urn:sha1:cd6f7994a9c5d6501ce56b57362c7f33f64fa3d5 Sshguard protects hosts from brute-force attacks It can inspect logs and block "bad" addresses by threshold Auto-generates own tables and rules for nftables, so they are not intercept with VyOS firewall rules. When service stops, all generated tables are deleted. set service ssh dynamic-protection set service ssh dynamic-protection allow-from '192.0.2.1' set service ssh dynamic-protection block-time '120' set service ssh dynamic-protection detect-time '1800' set service ssh dynamic-protection threshold '30' 2023-05-04T19:41:40+00:00 zsdc taras@vyos.io 2023-05-04T19:41:40+00:00 urn:sha1:748199b10df112cba0821703001c0307e325bd90 Added a new service that starts before Cloud-init, waits for all network interfaces initialization, and if requested by config, checks which interfaces can get configuration via DHCP server and creates a corresponding Cloud-init network configuration. This protects from two situations: * when Cloud-init tries to get meta-data via eth0 (default and fallback variant for any data source which depends on network), but the real network is connected to another interface * when Cloud-init starts simultaneously with udev and initializes the first interface to get meta-data before it is renamed to eth0 by udev 2023-02-04T12:26:28+00:00 Christian Breunig christian@breunig.cc 2023-02-04T12:23:00+00:00 urn:sha1:ae9dde044f0a60c9034874b2912729ed694f5375 (cherry picked from commit 29a44a73c638cb22839aa32986de367231b6efe9) 2022-12-31T07:18:59+00:00 Christian Poessinger christian@poessinger.com 2022-12-31T07:18:59+00:00 urn:sha1:5e305d7a173864add90ff3cff0cc839aed0dccdd Dependency is required for the test Docker OCI image used within the smoketest framework 2022-12-30T21:28:25+00:00 Christian Poessinger christian@poessinger.com 2022-12-30T21:23:05+00:00 urn:sha1:0c8b53e6f7a94e914a7815328bbd16c0b3943d40 2022-11-15T05:56:56+00:00 Yuxiang Zhu vfreex@gmail.com 2022-11-14T02:23:46+00:00 urn:sha1:ff901a52bb9acd4bdd0e3a96033c896e4667a6af This is a backport of https://github.com/vyos/vyos-1x/pull/1656. Note I also changed `ip-down.script.tmpl` to not wait for `systemctl stop dhcp6c@$iface.service`, because that command is slow and pppd will kill the ip-down script if it times out. I didn't see `ip-down.script.tmpl` or its equivalent in the 1.4 branch. Not sure if there is another mechanism to handle that functionality or it is missed. 2022-08-16T06:24:21+00:00 Christian Poessinger christian@poessinger.com 2022-08-16T06:23:06+00:00 urn:sha1:6b3c359ed0995d26626ddfc1cbf131e75bff74cc (cherry picked from commit 681bdf2946d1d10f3b432f70452a8d018b7a98ae) 2022-04-03T07:19:18+00:00 Christian Poessinger christian@poessinger.com 2022-04-02T12:38:11+00:00 urn:sha1:7091d0b54f21caf85ea86d2542d9bec4b5fd1afb (cherry picked from commit 5faeacd1111a83e5859b98ccc4193cb6017cdba8) 2022-03-05T19:54:15+00:00 Christian Poessinger christian@poessinger.com 2022-03-05T19:51:13+00:00 urn:sha1:0aa13010b1a013edc3c3a89a007108dfbb82bdad (cherry picked from commit aa8080d316dbeb4d26bf67f6d67efeda43b2bc07) 2022-03-05T19:53:02+00:00 Christian Poessinger christian@poessinger.com 2022-03-05T08:40:32+00:00 urn:sha1:36c46f5893fa1f4df1defcee851e44ca3ed1fd8f (cherry picked from commit 2c94c3ec72a559de405b29b4399250db3085717e)