vyos-1x.git/src/migration-scripts/nat, branch current VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=current 2025-06-28T21:16:52+00:00 T7591: remove copyright years from source files 2025-06-28T21:16:52+00:00 Christian Breunig christian@breunig.cc 2025-06-28T18:51:21+00:00 urn:sha1:1478516ae437f19ebeb7d6ff9b83dd74f8e76758 The legal team says years are not necessary so we can go ahead with it, since it will simplify backporting. Automatically removed using: git ls-files | grep -v libvyosconfig | xargs sed -i -E \ 's/^# Copyright (19|20)[0-9]{2}(-[0-9]{4})? VyOS maintainers.*/# Copyright VyOS maintainers and contributors <maintainers@vyos.io>/g' In addition we will error-out during "make" if someone re-adds a legacy copyright notice T6536: nat: add migration script that replaces wildcard charater supported in 1.3 <+> with character supported in latest version <*> 2024-07-03T13:05:35+00:00 Nicolas Fort nicolasfort1988@gmail.com 2024-07-02T11:54:11+00:00 urn:sha1:148af29b68416a5b8d0e025a16aef252fdf31e67 migration: T6007: convert all migration scripts to load as module 2024-06-26T20:38:41+00:00 John Estabrook jestabro@vyos.io 2024-06-20T01:16:05+00:00 urn:sha1:26740a8d583f64dc0a27b59dd4ae303056972c0b nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel >=5.0 2024-05-22T19:33:06+00:00 Christian Breunig christian@breunig.cc 2024-05-22T19:31:32+00:00 urn:sha1:7fe568ca1672f1dfbd2b56ee3ef7a6ab48b03070 random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454 T6100: Added NAT migration from IP/Netmask to Network/Netmask 2024-04-12T06:42:43+00:00 aapostoliuk a.apostoliuk@vyos.io 2024-04-11T08:40:07+00:00 urn:sha1:52c02ade031f165da18e6fd0542f3952f2cc9bb6 Added NAT migration from IP/Netmask to Network/Netmask. In 1.3 allowed using IP/Netmask in Nat rules. In 1.4 and 1.5 it is prohibited. Allowed Network/Netmask. T5889: Fix migration scripts nat 5-to-6 2024-01-16T12:52:26+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2024-01-16T12:52:26+00:00 urn:sha1:813237d9766f636394b9ab385bb825fbf83202b3 The current migration drop interface name for NAT where not should ``` nat { source { rule 100 { outbound-interface { name "eth0" ... } } } ``` After migration we lost interface: /home/vyos# /opt/vyatta/etc/config-migrate/migrate/nat/5-to-6 tmp.conf /home/vyos# /home/vyos# cat tmp.conf | grep "nat {" -A 10 nat { source { rule 100 { outbound-interface { interface-name "" ... } } } ``` This commit fixes it. T5804: nat: remove inbound|outbound interface from old configuration when it was set to <any>. 2023-12-11T10:08:59+00:00 Nicolas Fort nicolasfort1988@gmail.com 2023-12-11T10:08:59+00:00 urn:sha1:5cb95aed965b45a900c6ba97c0bccefed83332b6 T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher (valid for interfaces and groups) in firewal, nat and nat66. 2023-10-25T11:59:01+00:00 Nicolas Fort nicolasfort1988@gmail.com 2023-10-25T11:59:01+00:00 urn:sha1:51abbc0f1b2ccf4785cf7f29f1fe6f4af6007ee6 T5643: nat: add interface-groups to nat. Use same cli structure for interface-name|interface-group as in firewall. 2023-10-11T09:44:28+00:00 Nicolas Fort nicolasfort1988@gmail.com 2023-10-10T17:35:30+00:00 urn:sha1:2f2c3fa22478c7ba2e116486d655e07df878cdf4 T5427: Fix migration script arguments len expects 2 args 2023-08-02T09:12:23+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2023-08-02T09:12:23+00:00 urn:sha1:d1923b7b58795f0d9635ae0e8df110f591881bdf The script's name is always provided as the first argument sys.argv[0] Expected length for argv is 2 (script itself + config file) Change: 'if (len(argv) < 1)' to 'if len(argv) < 2'