vyos-1x.git/src/migration-scripts/firewall, branch 1.4.0-rc3

vyos-1x.git/src/migration-scripts/firewall, branch 1.4.0-rc3 VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=1.4.0-rc3 2024-01-11T15:37:25+00:00 firewall: T5814: Retain legacy 'accept' behaviour and re-order migration 2024-01-11T15:37:25+00:00 sarthurdev 965089+sarthurdev@users.noreply.github.com 2024-01-10T16:54:17+00:00 urn:sha1:2df93b32000df4bb12e3cc417287fe7a97bda0fc Pre-1.4 firewall 'accept' action acted as a 'return'. This change ensures the migrated rules meet the expected behaviour. This commit also re-orders migrated in/out/local jumps ordered by direction instead of interface. (cherry picked from commit dc542f109460bca6453d1eeba9fe829aea38bb33) T5888: fix migration script in order to fit new type-names for icmp and icmpv6. 2024-01-02T19:13:50+00:00 Nicolas Fort nicolasfort1988@gmail.com 2024-01-02T18:21:30+00:00 urn:sha1:7b086968c517050ec0e27c6d35606d7ba8a5f2d4 (cherry picked from commit 1ccb3e634d45d0d1a8e190297cc0a310cb0069d6) firewall: T5834: Migration for 'enable-default-log' to 'default-log' 2023-12-30T19:32:02+00:00 Indrajit Raychaudhuri irc@indrajit.com 2023-12-18T08:57:01+00:00 urn:sha1:201501ace13020e187dfbba4b125eb3f8664046d (cherry picked from commit 7c40b70af9def9242b30d1fc949288d9da2bd027) T5575: Update migration scripts for state policy parsing 2023-12-15T20:28:51+00:00 Nicolas Fort nicolasfort1988@gmail.com 2023-11-28T12:36:53+00:00 urn:sha1:c0cefb3b267a1e5e3ad218657eae8a035e663823 T5729: T5590: T5616: backport to sagita fwall marks, fix on firewall logs parsing, and migration to valueless node for log and state matchers 2023-11-14T11:23:40+00:00 Nicolas Fort nicolasfort1988@gmail.com 2023-11-13T18:36:04+00:00 urn:sha1:9e053268355f16b9aba6a551febc1e8902cf20c9 T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher firewal, nat and nat66. 2023-11-01T10:39:10+00:00 Nicolas Fort nicolasfort1988@gmail.com 2023-10-25T11:59:01+00:00 urn:sha1:2b38b45e219e363955b850d90a40564eb4b375c0 (cherry picked from commit 51abbc0f1b2ccf4785cf7f29f1fe6f4af6007ee6) T5541: firewall: re-add zone-based firewall. 2023-10-20T20:02:36+00:00 Nicolas Fort nicolasfort1988@gmail.com 2023-10-20T20:02:36+00:00 urn:sha1:9975ad209704ab9d0fda32324d0432f257c67668 Merge pull request #2016 from nicolas-fort/T5160 2023-08-11T20:14:10+00:00 Christian Breunig christian@breunig.cc 2023-08-11T20:14:10+00:00 urn:sha1:482f7e352272b6ec16ba5d1ac7d9d7ea51d10f1d T5160: Firewall refactor interface: T5465: adjust-mss: config migration fails if applied to a VLAN or Q-in-Q interface 2023-08-11T19:24:32+00:00 Christian Breunig christian@breunig.cc 2023-08-11T19:24:05+00:00 urn:sha1:f8b60fff531e4e8cfe1bba99652343b0680f98ad When migration from 1.3 to 1.4 and a user hat the following configured: options { interface eth0.10{ adjust-mss 1452 adjust-mss6 1432 } } The configuration was wrongly migrated to: interfaces { ethernet eth0.10 { ipv6 { adjust-mss "1432" } ip { adjust-mss "1452" } } Instead of interfaces { ethernet eth0 { vif 10 { ipv6 { adjust-mss "1432" } ip { adjust-mss "1452" } } } T5460: remove config-trap from firewall 2023-08-11T18:26:53+00:00 Nicolas Fort nicolasfort1988@gmail.com 2023-08-11T18:26:53+00:00 urn:sha1:4e07fa25f551325fd90b92426e4693107090d346