summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2023-04-21 13:38:13 +0100
committerGitHub <noreply@github.com>2023-04-21 13:38:13 +0100
commit821bc4f511460123e958b8eaa2e588e4623fbfe6 (patch)
treeca5283d32a34969fa95b9ee1f1421bf7f28db5bd /data
parentdcba3685345b0624c13f83211628136076feac79 (diff)
parent97ef83ada9c42913bae3c80e0f2432bdf901312a (diff)
downloadvyos-1x-821bc4f511460123e958b8eaa2e588e4623fbfe6.tar.gz
vyos-1x-821bc4f511460123e958b8eaa2e588e4623fbfe6.zip
Merge branch 'current' into current
Diffstat (limited to 'data')
-rw-r--r--data/configd-include.json3
-rw-r--r--data/templates/accel-ppp/pptp.config.j27
-rw-r--r--data/templates/container/containers.conf.j22
-rw-r--r--data/templates/ethernet/wpa_supplicant.conf.j27
-rw-r--r--data/templates/firewall/nftables-policy.j22
-rw-r--r--data/templates/frr/isisd.frr.j211
-rw-r--r--data/templates/frr/ospfd.frr.j211
-rw-r--r--data/templates/frr/vrf-vni.frr.j29
-rw-r--r--data/templates/frr/vrf.route-map.frr.j210
-rw-r--r--data/templates/frr/vrf.route-map.v6.frr.j210
-rw-r--r--data/templates/frr/zebra.route-map.frr.j29
-rw-r--r--data/templates/frr/zebra.vrf.route-map.frr.j224
-rw-r--r--data/templates/https/nginx.default.j26
-rw-r--r--data/templates/login/limits.j25
-rw-r--r--data/templates/sflow/hsflowd.conf.j21
-rw-r--r--data/templates/telegraf/telegraf.j22
16 files changed, 83 insertions, 36 deletions
diff --git a/data/configd-include.json b/data/configd-include.json
index 456211caa..2f1d39006 100644
--- a/data/configd-include.json
+++ b/data/configd-include.json
@@ -85,6 +85,5 @@
"vpn_l2tp.py",
"vpn_pptp.py",
"vpn_sstp.py",
-"vrf.py",
-"vrf_vni.py"
+"vrf.py"
]
diff --git a/data/templates/accel-ppp/pptp.config.j2 b/data/templates/accel-ppp/pptp.config.j2
index 442830b6b..78a629d2d 100644
--- a/data/templates/accel-ppp/pptp.config.j2
+++ b/data/templates/accel-ppp/pptp.config.j2
@@ -93,10 +93,15 @@ bind={{ radius_source_address }}
gw-ip-address={{ gw_ip }}
{% endif %}
-{% if radius_shaper_attr %}
+{% if radius_shaper_enable %}
[shaper]
verbose=1
+{% if radius_shaper_attr %}
attr={{ radius_shaper_attr }}
+{% endif %}
+{% if radius_shaper_multiplier %}
+rate-multiplier={{ radius_shaper_multiplier }}
+{% endif %}
{% if radius_shaper_vendor %}
vendor={{ radius_shaper_vendor }}
{% endif %}
diff --git a/data/templates/container/containers.conf.j2 b/data/templates/container/containers.conf.j2
index 9f66aed27..c635ca213 100644
--- a/data/templates/container/containers.conf.j2
+++ b/data/templates/container/containers.conf.j2
@@ -282,7 +282,7 @@ default_sysctls = [
# Before changing this value all containers must be stopped otherwise it is likely that
# iptables rules and network interfaces might leak on the host. A reboot will fix this.
#
-network_backend = "cni"
+network_backend = "netavark"
# Path to directory where CNI plugin binaries are located.
#
diff --git a/data/templates/ethernet/wpa_supplicant.conf.j2 b/data/templates/ethernet/wpa_supplicant.conf.j2
index 8f140f6cb..cd35d6d1e 100644
--- a/data/templates/ethernet/wpa_supplicant.conf.j2
+++ b/data/templates/ethernet/wpa_supplicant.conf.j2
@@ -67,6 +67,11 @@ network={
# discards such frames to protect against potential attacks by rogue
# devices, but this option can be used to disable that protection for cases
# where the server/authenticator does not need to be authenticated.
- phase1="allow_canned_success=1"
+ #
+ # "tls_disable_tlsv1_0=0" is used to allow TLSv1 for compatibility with
+ # legacy networks. This follows the behavior of Debian's wpa_supplicant,
+ # which includes a custom patch for allowing TLSv1, but the patch currently
+ # does not work for VyOS' git builds of wpa_supplicant.
+ phase1="allow_canned_success=1 tls_disable_tlsv1_0=0"
}
diff --git a/data/templates/firewall/nftables-policy.j2 b/data/templates/firewall/nftables-policy.j2
index 6cb3b2f95..7a89d29e4 100644
--- a/data/templates/firewall/nftables-policy.j2
+++ b/data/templates/firewall/nftables-policy.j2
@@ -11,7 +11,7 @@ table ip vyos_mangle {
type filter hook prerouting priority -150; policy accept;
{% if route is vyos_defined %}
{% for route_text, conf in route.items() if conf.interface is vyos_defined %}
- iifname { {{ ",".join(conf.interface) }} } counter jump VYOS_PBR_{{ route_text }}
+ iifname { {{ conf.interface | join(",") }} } counter jump VYOS_PBR_{{ route_text }}
{% endfor %}
{% endif %}
}
diff --git a/data/templates/frr/isisd.frr.j2 b/data/templates/frr/isisd.frr.j2
index 8df1e9513..3c37e28b9 100644
--- a/data/templates/frr/isisd.frr.j2
+++ b/data/templates/frr/isisd.frr.j2
@@ -25,6 +25,12 @@ interface {{ iface }}
{% if iface_config.hello_padding is vyos_defined %}
isis hello padding
{% endif %}
+{% if iface_config.ldp_sync.disable is vyos_defined %}
+ no isis mpls ldp-sync
+{% elif iface_config.ldp_sync.holddown is vyos_defined %}
+ isis mpls ldp-sync
+ isis mpls ldp-sync holddown {{ iface_config.ldp_sync.holddown }}
+{% endif %}
{% if iface_config.metric is vyos_defined %}
isis metric {{ iface_config.metric }}
{% endif %}
@@ -84,6 +90,11 @@ router isis VyOS {{ 'vrf ' + vrf if vrf is vyos_defined }}
{% if max_lsp_lifetime is vyos_defined %}
max-lsp-lifetime {{ max_lsp_lifetime }}
{% endif %}
+{% if ldp_sync.holddown is vyos_defined %}
+ mpls ldp-sync holddown {{ ldp_sync.holddown }}
+{% elif ldp_sync is vyos_defined %}
+ mpls ldp-sync
+{% endif %}
{% if spf_interval is vyos_defined %}
spf-interval {{ spf_interval }}
{% endif %}
diff --git a/data/templates/frr/ospfd.frr.j2 b/data/templates/frr/ospfd.frr.j2
index 8c4a81c57..3f97b7325 100644
--- a/data/templates/frr/ospfd.frr.j2
+++ b/data/templates/frr/ospfd.frr.j2
@@ -44,6 +44,12 @@ interface {{ iface }}
{% if iface_config.bfd.profile is vyos_defined %}
ip ospf bfd profile {{ iface_config.bfd.profile }}
{% endif %}
+{% if iface_config.ldp_sync.disable is vyos_defined %}
+ no ip ospf mpls ldp-sync
+{% elif iface_config.ldp_sync.holddown is vyos_defined %}
+ ip ospf mpls ldp-sync
+ ip ospf mpls ldp-sync holddown {{ iface_config.ldp_sync.holddown }}
+{% endif %}
{% if iface_config.mtu_ignore is vyos_defined %}
ip ospf mtu-ignore
{% endif %}
@@ -133,6 +139,11 @@ router ospf {{ 'vrf ' ~ vrf if vrf is vyos_defined }}
{% if maximum_paths is vyos_defined %}
maximum-paths {{ maximum_paths }}
{% endif %}
+{% if ldp_sync.holddown is vyos_defined %}
+ mpls ldp-sync holddown {{ ldp_sync.holddown }}
+{% elif ldp_sync is vyos_defined %}
+ mpls ldp-sync
+{% endif %}
{% if distance.global is vyos_defined %}
distance {{ distance.global }}
{% endif %}
diff --git a/data/templates/frr/vrf-vni.frr.j2 b/data/templates/frr/vrf-vni.frr.j2
deleted file mode 100644
index e5f4810a1..000000000
--- a/data/templates/frr/vrf-vni.frr.j2
+++ /dev/null
@@ -1,9 +0,0 @@
-{% if name is vyos_defined %}
-{% for vrf, vrf_config in name.items() %}
-vrf {{ vrf }}
-{% if vrf_config.vni is vyos_defined %}
- vni {{ vrf_config.vni }}
-{% endif %}
- exit-vrf
-{% endfor %}
-{% endif %}
diff --git a/data/templates/frr/vrf.route-map.frr.j2 b/data/templates/frr/vrf.route-map.frr.j2
deleted file mode 100644
index 5e0c56a7b..000000000
--- a/data/templates/frr/vrf.route-map.frr.j2
+++ /dev/null
@@ -1,10 +0,0 @@
-!
-{% if vrf is vyos_defined and route_map is vyos_defined %}
-vrf {{ vrf }}
- ip protocol {{ protocol }} route-map {{ route_map }}
- exit-vrf
-!
-{% elif route_map is vyos_defined %}
-ip protocol {{ protocol }} route-map {{ route_map }}
-{% endif %}
-!
diff --git a/data/templates/frr/vrf.route-map.v6.frr.j2 b/data/templates/frr/vrf.route-map.v6.frr.j2
deleted file mode 100644
index 7dc59a046..000000000
--- a/data/templates/frr/vrf.route-map.v6.frr.j2
+++ /dev/null
@@ -1,10 +0,0 @@
-!
-{% if vrf is vyos_defined and route_map is vyos_defined %}
-vrf {{ vrf }}
- ipv6 protocol {{ protocol }} route-map {{ route_map }}
- exit-vrf
-!
-{% elif route_map is vyos_defined %}
-ipv6 protocol {{ protocol }} route-map {{ route_map }}
-{% endif %}
-!
diff --git a/data/templates/frr/zebra.route-map.frr.j2 b/data/templates/frr/zebra.route-map.frr.j2
new file mode 100644
index 000000000..8e18abbde
--- /dev/null
+++ b/data/templates/frr/zebra.route-map.frr.j2
@@ -0,0 +1,9 @@
+!
+{% if protocol is vyos_defined %}
+{% for protocol_name, protocol_config in protocol.items() %}
+{% if protocol_name is vyos_defined('ospfv3') %}
+{% set protocol_name = 'ospf6' %}
+{% endif %}
+{{ afi }} protocol {{ protocol_name }} route-map {{ protocol_config.route_map }}
+{% endfor %}
+{% endif %}
diff --git a/data/templates/frr/zebra.vrf.route-map.frr.j2 b/data/templates/frr/zebra.vrf.route-map.frr.j2
new file mode 100644
index 000000000..eb6abd8e7
--- /dev/null
+++ b/data/templates/frr/zebra.vrf.route-map.frr.j2
@@ -0,0 +1,24 @@
+!
+{% if name is vyos_defined %}
+{% for vrf, vrf_config in name.items() %}
+vrf {{ vrf }}
+{% if vrf_config.ip.protocol is vyos_defined %}
+{% for protocol_name, protocol_config in vrf_config.ip.protocol.items() %}
+ ip protocol {{ protocol_name }} route-map {{ protocol_config.route_map }}
+{% endfor %}
+{% endif %}
+{% if vrf_config.ipv6.protocol is vyos_defined %}
+{% for protocol_name, protocol_config in vrf_config.ipv6.protocol.items() %}
+{% if protocol_name is vyos_defined('ospfv3') %}
+{% set protocol_name = 'ospf6' %}
+{% endif %}
+ ipv6 protocol {{ protocol_name }} route-map {{ protocol_config.route_map }}
+{% endfor %}
+{% endif %}
+{% if vrf_config.vni is vyos_defined %}
+ vni {{ vrf_config.vni }}
+{% endif %}
+{% endfor %}
+ exit-vrf
+!
+{% endif %}
diff --git a/data/templates/https/nginx.default.j2 b/data/templates/https/nginx.default.j2
index d42b3b389..b541ff309 100644
--- a/data/templates/https/nginx.default.j2
+++ b/data/templates/https/nginx.default.j2
@@ -50,6 +50,12 @@ server {
{% else %}
return 503;
{% endif %}
+{% if server.allow_client %}
+{% for client in server.allow_client %}
+ allow {{ client }};
+{% endfor %}
+ deny all;
+{% endif %}
}
error_page 497 =301 https://$host:{{ server.port }}$request_uri;
diff --git a/data/templates/login/limits.j2 b/data/templates/login/limits.j2
new file mode 100644
index 000000000..5e2c11f35
--- /dev/null
+++ b/data/templates/login/limits.j2
@@ -0,0 +1,5 @@
+# Generated by /usr/libexec/vyos/conf_mode/system-login.py
+
+{% if max_login_session is vyos_defined %}
+* - maxsyslogins {{ max_login_session }}
+{% endif %}
diff --git a/data/templates/sflow/hsflowd.conf.j2 b/data/templates/sflow/hsflowd.conf.j2
index 94f5939be..5000956bd 100644
--- a/data/templates/sflow/hsflowd.conf.j2
+++ b/data/templates/sflow/hsflowd.conf.j2
@@ -28,4 +28,5 @@ sflow {
{% if drop_monitor_limit is vyos_defined %}
dropmon { limit={{ drop_monitor_limit }} start=on sw=on hw=off }
{% endif %}
+ dbus { }
}
diff --git a/data/templates/telegraf/telegraf.j2 b/data/templates/telegraf/telegraf.j2
index c9f402281..5852d6232 100644
--- a/data/templates/telegraf/telegraf.j2
+++ b/data/templates/telegraf/telegraf.j2
@@ -12,7 +12,7 @@
debug = false
quiet = false
logfile = ""
- hostname = ""
+ hostname = "{{ hostname }}"
omit_hostname = false
{% if azure_data_explorer is vyos_defined %}
### Azure Data Explorer ###