vyos-1x.git/src/migration-scripts/nat, branch T6674-circ-trigger VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=T6674-circ-trigger 2024-07-03T19:17:47+00:00 T6536: change wildcard character from + to * - extend fix to interfaces defined in zone policy. 2024-07-03T19:17:47+00:00 Nicolas Fort nicolasfort1988@gmail.com 2024-07-03T12:53:56+00:00 urn:sha1:d38c917949018feae464bcee6b097c0d02fdc7ed (cherry picked from commit 66ec278393dbabe71f320c543816f27797d51140) T6536: nat: add migration script that replaces wildcard charater supported in 1.3 <+> with character supported in latest version <*> 2024-07-03T14:33:55+00:00 Nicolas Fort nicolasfort1988@gmail.com 2024-07-02T11:54:11+00:00 urn:sha1:272a1b25515405f48a97908ccc5c04295cf3b92c (cherry picked from commit 148af29b68416a5b8d0e025a16aef252fdf31e67) # Conflicts: # src/migration-scripts/nat/6-to-7 nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel >=5.0 2024-05-22T19:33:06+00:00 Christian Breunig christian@breunig.cc 2024-05-22T19:31:32+00:00 urn:sha1:7fe568ca1672f1dfbd2b56ee3ef7a6ab48b03070 random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454 T6100: Added NAT migration from IP/Netmask to Network/Netmask 2024-04-12T06:42:43+00:00 aapostoliuk a.apostoliuk@vyos.io 2024-04-11T08:40:07+00:00 urn:sha1:52c02ade031f165da18e6fd0542f3952f2cc9bb6 Added NAT migration from IP/Netmask to Network/Netmask. In 1.3 allowed using IP/Netmask in Nat rules. In 1.4 and 1.5 it is prohibited. Allowed Network/Netmask. T5889: Fix migration scripts nat 5-to-6 2024-01-16T12:52:26+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2024-01-16T12:52:26+00:00 urn:sha1:813237d9766f636394b9ab385bb825fbf83202b3 The current migration drop interface name for NAT where not should ``` nat { source { rule 100 { outbound-interface { name "eth0" ... } } } ``` After migration we lost interface: /home/vyos# /opt/vyatta/etc/config-migrate/migrate/nat/5-to-6 tmp.conf /home/vyos# /home/vyos# cat tmp.conf | grep "nat {" -A 10 nat { source { rule 100 { outbound-interface { interface-name "" ... } } } ``` This commit fixes it. T5804: nat: remove inbound|outbound interface from old configuration when it was set to <any>. 2023-12-11T10:08:59+00:00 Nicolas Fort nicolasfort1988@gmail.com 2023-12-11T10:08:59+00:00 urn:sha1:5cb95aed965b45a900c6ba97c0bccefed83332b6 T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher (valid for interfaces and groups) in firewal, nat and nat66. 2023-10-25T11:59:01+00:00 Nicolas Fort nicolasfort1988@gmail.com 2023-10-25T11:59:01+00:00 urn:sha1:51abbc0f1b2ccf4785cf7f29f1fe6f4af6007ee6 T5643: nat: add interface-groups to nat. Use same cli structure for interface-name|interface-group as in firewall. 2023-10-11T09:44:28+00:00 Nicolas Fort nicolasfort1988@gmail.com 2023-10-10T17:35:30+00:00 urn:sha1:2f2c3fa22478c7ba2e116486d655e07df878cdf4 T5427: Fix migration script arguments len expects 2 args 2023-08-02T09:12:23+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2023-08-02T09:12:23+00:00 urn:sha1:d1923b7b58795f0d9635ae0e8df110f591881bdf The script's name is always provided as the first argument sys.argv[0] Expected length for argv is 2 (script itself + config file) Change: 'if (len(argv) < 1)' to 'if len(argv) < 2' T3346: handle the case of empty nodes when migrating NAT to syntax version 5 2021-02-22T15:03:05+00:00 Daniil Baturin daniil@vyos.io 2021-02-22T15:03:05+00:00 urn:sha1:28cd2e3edb3e2108c43ad20c0084d496a7ffef25