VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=current 2025-06-28T21:16:52+00:00 2025-06-28T21:16:52+00:00 Christian Breunig christian@breunig.cc 2025-06-28T18:51:21+00:00 urn:sha1:1478516ae437f19ebeb7d6ff9b83dd74f8e76758 The legal team says years are not necessary so we can go ahead with it, since it will simplify backporting. Automatically removed using: git ls-files | grep -v libvyosconfig | xargs sed -i -E \ 's/^# Copyright (19|20)[0-9]{2}(-[0-9]{4})? VyOS maintainers.*/# Copyright VyOS maintainers and contributors <maintainers@vyos.io>/g' In addition we will error-out during "make" if someone re-adds a legacy copyright notice 2025-06-19T14:44:46+00:00 Daniil Baturin daniil@vyos.io 2025-06-19T14:44:46+00:00 urn:sha1:79dec52ed4c3a6c035204fad28b9229f709c87c4 firewall: T6951: Add a configuration command for ethertypes that bridge firewalls should always accept 2025-06-18T23:07:51+00:00 John Estabrook jestabro@vyos.io 2025-06-18T20:37:12+00:00 urn:sha1:f7ce71b4e464582450eada5112cdfbd86f39436d 1.3.x did not disallow an ip address as value of: protocols static route addr next-hop-interface Consequently, the case should be checked and handled during migration. 2025-06-17T15:16:51+00:00 Nataliia Solomko natalirs1985@gmail.com 2025-06-13T09:20:40+00:00 urn:sha1:8dbc3c5e67cc1fd043a78dd3446a1a733ebd814f 2025-06-17T15:02:07+00:00 opswill will@nixops.org 2025-06-17T15:02:07+00:00 urn:sha1:5ae3924234f9ffaa2ffda7e9fc52c2b3518a85e2 2025-06-07T08:55:24+00:00 Christian Breunig christian@breunig.cc 2025-06-07T07:15:30+00:00 urn:sha1:08421b277b1f460ebc51673571bab975aece2215 Previously, we used a lower limit of 1 and a default value of 32768 for the nf_conntrack_buckets (conntrack hash-size) sysctl option. However, the Linux kernel enforces an internal minimum of 1024. A configuration migrator will now adjust the lower limit to 1024 if necessary. The former default value of 32768 was passed as a kernel module option, which only took effect after the second system reboot. This was due to the option being rendered but not applied during the first boot. This behavior has been changed so that the value is now configurable at runtime and takes effect immediately. Additionally, since VyOS 1.4 increased the hardware requirements to 4GB of RAM, we now align the default value of nf_conntrack_buckets with the kernel's default for systems with more than 1GB of RAM to 65536 entries. Previously, we only supported half that amount. 2025-05-08T20:51:39+00:00 Christian Breunig christian@breunig.cc 2025-05-05T18:52:57+00:00 urn:sha1:876786654552b40180a34b73c6eb327722d09e15 VyOS 1.4.1 implemented support for logging facilities for HAProxy. The facilities got included from the syslog XML definition, which also added "virtual" or non existing facilities in HAProxy, namely: all, authpriv and mark. If any of the above facilities is set, HAProxy will not start. The XML definition for syslog also came with an arbitrary log-level "all" that is also unsupported in HAProxy. This commit adds a migration script removing the illegal CLI nodes. 2025-05-05T18:50:46+00:00 John Estabrook jestabro@vyos.io 2025-05-05T18:16:54+00:00 urn:sha1:40c82fd472c4961e506acea86461833e9b244f98 Migration from 1.3.x may not contain table entries, later required. The migration script should not fail with error, leaving enforcement to config scripts. 2025-05-05T18:20:26+00:00 John Estabrook jestabro@vyos.io 2025-05-05T17:10:25+00:00 urn:sha1:53ce5e378ace1d94dedeba0d84c353fbb3b59433 The migration script assumed the existence of path ['vrf', 'name', tag-val-name, 'protocols', 'static', 'route'] ignoring sole entries for [..., 'route6']. Check existence of each path before calling set_tag. 2025-04-15T14:54:02+00:00 Daniil Baturin daniil@vyos.io 2025-04-15T14:54:02+00:00 urn:sha1:9e47c2153be7cc0e5ed21ca8a976336d4bf872d8 kea: T7281: Add ping-check, use built-in option for classless static routes