VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=current 2025-06-17T15:16:51+00:00 2025-06-17T15:16:51+00:00 Nataliia Solomko natalirs1985@gmail.com 2025-06-13T09:20:40+00:00 urn:sha1:8dbc3c5e67cc1fd043a78dd3446a1a733ebd814f 2025-06-07T08:55:24+00:00 Christian Breunig christian@breunig.cc 2025-06-07T07:15:30+00:00 urn:sha1:08421b277b1f460ebc51673571bab975aece2215 Previously, we used a lower limit of 1 and a default value of 32768 for the nf_conntrack_buckets (conntrack hash-size) sysctl option. However, the Linux kernel enforces an internal minimum of 1024. A configuration migrator will now adjust the lower limit to 1024 if necessary. The former default value of 32768 was passed as a kernel module option, which only took effect after the second system reboot. This was due to the option being rendered but not applied during the first boot. This behavior has been changed so that the value is now configurable at runtime and takes effect immediately. Additionally, since VyOS 1.4 increased the hardware requirements to 4GB of RAM, we now align the default value of nf_conntrack_buckets with the kernel's default for systems with more than 1GB of RAM to 65536 entries. Previously, we only supported half that amount. 2025-05-08T20:51:39+00:00 Christian Breunig christian@breunig.cc 2025-05-05T18:52:57+00:00 urn:sha1:876786654552b40180a34b73c6eb327722d09e15 VyOS 1.4.1 implemented support for logging facilities for HAProxy. The facilities got included from the syslog XML definition, which also added "virtual" or non existing facilities in HAProxy, namely: all, authpriv and mark. If any of the above facilities is set, HAProxy will not start. The XML definition for syslog also came with an arbitrary log-level "all" that is also unsupported in HAProxy. This commit adds a migration script removing the illegal CLI nodes. 2025-04-22T14:40:06+00:00 Alex Bukharov alex.bukharov@innablr.com.au 2025-04-22T14:40:06+00:00 urn:sha1:427ebbb1e103ff45774bdf79bd5b1cddeff2f686 2025-02-24T19:54:25+00:00 Christian Breunig christian@breunig.cc 2025-02-24T19:54:25+00:00 urn:sha1:216e80b61881a13c502f44c5d32fd7603b6ffe60 LLDP is a stateless protocol which does not necessitate sending to receive advertisements. There are multiple scenarios such as provider peering links in which it is advantageous to receive LLDP but not disclose internal information to the provider. Add new CLI command: * set service lldp interface <name> mode [disable|rx-tx|rx|tx] The default is unchanged and will be rx-tx. Furthermore if an interface has an explicit LLDP disable configured under "set service lldp interface <name> disable" this will be migrated to "set service lldp interface <name> mode disable" 2025-02-13T19:39:54+00:00 Christian Breunig christian@breunig.cc 2025-02-13T19:39:14+00:00 urn:sha1:6ab9de170c7a4ad51b60ed0c576db25831ce745a * set protocols bgp address-family <ipv4-unicast|ipv6-unicast> redistribute table <n> [metric <n>] [route-map <name>] 2025-02-04T17:09:39+00:00 Christian Breunig christian@breunig.cc 2025-01-18T19:28:16+00:00 urn:sha1:5a7a9f3a20e19a52572ce1b9b214528b6ce958ce Rsyslog supports individual VRFs per omfwd remote entry - so we should support this, too. 2025-02-03T06:16:35+00:00 Christian Breunig christian@breunig.cc 2025-01-22T19:52:52+00:00 urn:sha1:211bc4a767564d1eb28b431e1529eb719bb721a9 The previously "global" options actually were only relevant for the local logging to /var/log/messages. 2025-02-03T06:16:07+00:00 Christian Breunig christian@breunig.cc 2025-01-15T19:45:42+00:00 urn:sha1:b9c43b19acb6f649bb6f64c75ab63df768e360c9 2025-02-03T06:16:07+00:00 Christian Breunig christian@breunig.cc 2025-01-15T19:38:43+00:00 urn:sha1:20ab585a68982c4635c4e5a1ee5bbcc219feaebc Move "global preserve-fqdn" one CLI level up, as it relates to all logging targets (console, global and remote).