diff options
author | Daniil Baturin <daniil@vyos.io> | 2023-04-21 13:38:13 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-21 13:38:13 +0100 |
commit | 821bc4f511460123e958b8eaa2e588e4623fbfe6 (patch) | |
tree | ca5283d32a34969fa95b9ee1f1421bf7f28db5bd /data | |
parent | dcba3685345b0624c13f83211628136076feac79 (diff) | |
parent | 97ef83ada9c42913bae3c80e0f2432bdf901312a (diff) | |
download | vyos-1x-821bc4f511460123e958b8eaa2e588e4623fbfe6.tar.gz vyos-1x-821bc4f511460123e958b8eaa2e588e4623fbfe6.zip |
Merge branch 'current' into current
Diffstat (limited to 'data')
-rw-r--r-- | data/configd-include.json | 3 | ||||
-rw-r--r-- | data/templates/accel-ppp/pptp.config.j2 | 7 | ||||
-rw-r--r-- | data/templates/container/containers.conf.j2 | 2 | ||||
-rw-r--r-- | data/templates/ethernet/wpa_supplicant.conf.j2 | 7 | ||||
-rw-r--r-- | data/templates/firewall/nftables-policy.j2 | 2 | ||||
-rw-r--r-- | data/templates/frr/isisd.frr.j2 | 11 | ||||
-rw-r--r-- | data/templates/frr/ospfd.frr.j2 | 11 | ||||
-rw-r--r-- | data/templates/frr/vrf-vni.frr.j2 | 9 | ||||
-rw-r--r-- | data/templates/frr/vrf.route-map.frr.j2 | 10 | ||||
-rw-r--r-- | data/templates/frr/vrf.route-map.v6.frr.j2 | 10 | ||||
-rw-r--r-- | data/templates/frr/zebra.route-map.frr.j2 | 9 | ||||
-rw-r--r-- | data/templates/frr/zebra.vrf.route-map.frr.j2 | 24 | ||||
-rw-r--r-- | data/templates/https/nginx.default.j2 | 6 | ||||
-rw-r--r-- | data/templates/login/limits.j2 | 5 | ||||
-rw-r--r-- | data/templates/sflow/hsflowd.conf.j2 | 1 | ||||
-rw-r--r-- | data/templates/telegraf/telegraf.j2 | 2 |
16 files changed, 83 insertions, 36 deletions
diff --git a/data/configd-include.json b/data/configd-include.json index 456211caa..2f1d39006 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -85,6 +85,5 @@ "vpn_l2tp.py", "vpn_pptp.py", "vpn_sstp.py", -"vrf.py", -"vrf_vni.py" +"vrf.py" ] diff --git a/data/templates/accel-ppp/pptp.config.j2 b/data/templates/accel-ppp/pptp.config.j2 index 442830b6b..78a629d2d 100644 --- a/data/templates/accel-ppp/pptp.config.j2 +++ b/data/templates/accel-ppp/pptp.config.j2 @@ -93,10 +93,15 @@ bind={{ radius_source_address }} gw-ip-address={{ gw_ip }} {% endif %} -{% if radius_shaper_attr %} +{% if radius_shaper_enable %} [shaper] verbose=1 +{% if radius_shaper_attr %} attr={{ radius_shaper_attr }} +{% endif %} +{% if radius_shaper_multiplier %} +rate-multiplier={{ radius_shaper_multiplier }} +{% endif %} {% if radius_shaper_vendor %} vendor={{ radius_shaper_vendor }} {% endif %} diff --git a/data/templates/container/containers.conf.j2 b/data/templates/container/containers.conf.j2 index 9f66aed27..c635ca213 100644 --- a/data/templates/container/containers.conf.j2 +++ b/data/templates/container/containers.conf.j2 @@ -282,7 +282,7 @@ default_sysctls = [ # Before changing this value all containers must be stopped otherwise it is likely that
# iptables rules and network interfaces might leak on the host. A reboot will fix this.
#
-network_backend = "cni"
+network_backend = "netavark"
# Path to directory where CNI plugin binaries are located.
#
diff --git a/data/templates/ethernet/wpa_supplicant.conf.j2 b/data/templates/ethernet/wpa_supplicant.conf.j2 index 8f140f6cb..cd35d6d1e 100644 --- a/data/templates/ethernet/wpa_supplicant.conf.j2 +++ b/data/templates/ethernet/wpa_supplicant.conf.j2 @@ -67,6 +67,11 @@ network={ # discards such frames to protect against potential attacks by rogue # devices, but this option can be used to disable that protection for cases # where the server/authenticator does not need to be authenticated. - phase1="allow_canned_success=1" + # + # "tls_disable_tlsv1_0=0" is used to allow TLSv1 for compatibility with + # legacy networks. This follows the behavior of Debian's wpa_supplicant, + # which includes a custom patch for allowing TLSv1, but the patch currently + # does not work for VyOS' git builds of wpa_supplicant. + phase1="allow_canned_success=1 tls_disable_tlsv1_0=0" } diff --git a/data/templates/firewall/nftables-policy.j2 b/data/templates/firewall/nftables-policy.j2 index 6cb3b2f95..7a89d29e4 100644 --- a/data/templates/firewall/nftables-policy.j2 +++ b/data/templates/firewall/nftables-policy.j2 @@ -11,7 +11,7 @@ table ip vyos_mangle { type filter hook prerouting priority -150; policy accept; {% if route is vyos_defined %} {% for route_text, conf in route.items() if conf.interface is vyos_defined %} - iifname { {{ ",".join(conf.interface) }} } counter jump VYOS_PBR_{{ route_text }} + iifname { {{ conf.interface | join(",") }} } counter jump VYOS_PBR_{{ route_text }} {% endfor %} {% endif %} } diff --git a/data/templates/frr/isisd.frr.j2 b/data/templates/frr/isisd.frr.j2 index 8df1e9513..3c37e28b9 100644 --- a/data/templates/frr/isisd.frr.j2 +++ b/data/templates/frr/isisd.frr.j2 @@ -25,6 +25,12 @@ interface {{ iface }} {% if iface_config.hello_padding is vyos_defined %} isis hello padding {% endif %} +{% if iface_config.ldp_sync.disable is vyos_defined %} + no isis mpls ldp-sync +{% elif iface_config.ldp_sync.holddown is vyos_defined %} + isis mpls ldp-sync + isis mpls ldp-sync holddown {{ iface_config.ldp_sync.holddown }} +{% endif %} {% if iface_config.metric is vyos_defined %} isis metric {{ iface_config.metric }} {% endif %} @@ -84,6 +90,11 @@ router isis VyOS {{ 'vrf ' + vrf if vrf is vyos_defined }} {% if max_lsp_lifetime is vyos_defined %} max-lsp-lifetime {{ max_lsp_lifetime }} {% endif %} +{% if ldp_sync.holddown is vyos_defined %} + mpls ldp-sync holddown {{ ldp_sync.holddown }} +{% elif ldp_sync is vyos_defined %} + mpls ldp-sync +{% endif %} {% if spf_interval is vyos_defined %} spf-interval {{ spf_interval }} {% endif %} diff --git a/data/templates/frr/ospfd.frr.j2 b/data/templates/frr/ospfd.frr.j2 index 8c4a81c57..3f97b7325 100644 --- a/data/templates/frr/ospfd.frr.j2 +++ b/data/templates/frr/ospfd.frr.j2 @@ -44,6 +44,12 @@ interface {{ iface }} {% if iface_config.bfd.profile is vyos_defined %} ip ospf bfd profile {{ iface_config.bfd.profile }} {% endif %} +{% if iface_config.ldp_sync.disable is vyos_defined %} + no ip ospf mpls ldp-sync +{% elif iface_config.ldp_sync.holddown is vyos_defined %} + ip ospf mpls ldp-sync + ip ospf mpls ldp-sync holddown {{ iface_config.ldp_sync.holddown }} +{% endif %} {% if iface_config.mtu_ignore is vyos_defined %} ip ospf mtu-ignore {% endif %} @@ -133,6 +139,11 @@ router ospf {{ 'vrf ' ~ vrf if vrf is vyos_defined }} {% if maximum_paths is vyos_defined %} maximum-paths {{ maximum_paths }} {% endif %} +{% if ldp_sync.holddown is vyos_defined %} + mpls ldp-sync holddown {{ ldp_sync.holddown }} +{% elif ldp_sync is vyos_defined %} + mpls ldp-sync +{% endif %} {% if distance.global is vyos_defined %} distance {{ distance.global }} {% endif %} diff --git a/data/templates/frr/vrf-vni.frr.j2 b/data/templates/frr/vrf-vni.frr.j2 deleted file mode 100644 index e5f4810a1..000000000 --- a/data/templates/frr/vrf-vni.frr.j2 +++ /dev/null @@ -1,9 +0,0 @@ -{% if name is vyos_defined %} -{% for vrf, vrf_config in name.items() %} -vrf {{ vrf }} -{% if vrf_config.vni is vyos_defined %} - vni {{ vrf_config.vni }} -{% endif %} - exit-vrf -{% endfor %} -{% endif %} diff --git a/data/templates/frr/vrf.route-map.frr.j2 b/data/templates/frr/vrf.route-map.frr.j2 deleted file mode 100644 index 5e0c56a7b..000000000 --- a/data/templates/frr/vrf.route-map.frr.j2 +++ /dev/null @@ -1,10 +0,0 @@ -! -{% if vrf is vyos_defined and route_map is vyos_defined %} -vrf {{ vrf }} - ip protocol {{ protocol }} route-map {{ route_map }} - exit-vrf -! -{% elif route_map is vyos_defined %} -ip protocol {{ protocol }} route-map {{ route_map }} -{% endif %} -! diff --git a/data/templates/frr/vrf.route-map.v6.frr.j2 b/data/templates/frr/vrf.route-map.v6.frr.j2 deleted file mode 100644 index 7dc59a046..000000000 --- a/data/templates/frr/vrf.route-map.v6.frr.j2 +++ /dev/null @@ -1,10 +0,0 @@ -! -{% if vrf is vyos_defined and route_map is vyos_defined %} -vrf {{ vrf }} - ipv6 protocol {{ protocol }} route-map {{ route_map }} - exit-vrf -! -{% elif route_map is vyos_defined %} -ipv6 protocol {{ protocol }} route-map {{ route_map }} -{% endif %} -! diff --git a/data/templates/frr/zebra.route-map.frr.j2 b/data/templates/frr/zebra.route-map.frr.j2 new file mode 100644 index 000000000..8e18abbde --- /dev/null +++ b/data/templates/frr/zebra.route-map.frr.j2 @@ -0,0 +1,9 @@ +! +{% if protocol is vyos_defined %} +{% for protocol_name, protocol_config in protocol.items() %} +{% if protocol_name is vyos_defined('ospfv3') %} +{% set protocol_name = 'ospf6' %} +{% endif %} +{{ afi }} protocol {{ protocol_name }} route-map {{ protocol_config.route_map }} +{% endfor %} +{% endif %} diff --git a/data/templates/frr/zebra.vrf.route-map.frr.j2 b/data/templates/frr/zebra.vrf.route-map.frr.j2 new file mode 100644 index 000000000..eb6abd8e7 --- /dev/null +++ b/data/templates/frr/zebra.vrf.route-map.frr.j2 @@ -0,0 +1,24 @@ +! +{% if name is vyos_defined %} +{% for vrf, vrf_config in name.items() %} +vrf {{ vrf }} +{% if vrf_config.ip.protocol is vyos_defined %} +{% for protocol_name, protocol_config in vrf_config.ip.protocol.items() %} + ip protocol {{ protocol_name }} route-map {{ protocol_config.route_map }} +{% endfor %} +{% endif %} +{% if vrf_config.ipv6.protocol is vyos_defined %} +{% for protocol_name, protocol_config in vrf_config.ipv6.protocol.items() %} +{% if protocol_name is vyos_defined('ospfv3') %} +{% set protocol_name = 'ospf6' %} +{% endif %} + ipv6 protocol {{ protocol_name }} route-map {{ protocol_config.route_map }} +{% endfor %} +{% endif %} +{% if vrf_config.vni is vyos_defined %} + vni {{ vrf_config.vni }} +{% endif %} +{% endfor %} + exit-vrf +! +{% endif %} diff --git a/data/templates/https/nginx.default.j2 b/data/templates/https/nginx.default.j2 index d42b3b389..b541ff309 100644 --- a/data/templates/https/nginx.default.j2 +++ b/data/templates/https/nginx.default.j2 @@ -50,6 +50,12 @@ server { {% else %} return 503; {% endif %} +{% if server.allow_client %} +{% for client in server.allow_client %} + allow {{ client }}; +{% endfor %} + deny all; +{% endif %} } error_page 497 =301 https://$host:{{ server.port }}$request_uri; diff --git a/data/templates/login/limits.j2 b/data/templates/login/limits.j2 new file mode 100644 index 000000000..5e2c11f35 --- /dev/null +++ b/data/templates/login/limits.j2 @@ -0,0 +1,5 @@ +# Generated by /usr/libexec/vyos/conf_mode/system-login.py + +{% if max_login_session is vyos_defined %} +* - maxsyslogins {{ max_login_session }} +{% endif %} diff --git a/data/templates/sflow/hsflowd.conf.j2 b/data/templates/sflow/hsflowd.conf.j2 index 94f5939be..5000956bd 100644 --- a/data/templates/sflow/hsflowd.conf.j2 +++ b/data/templates/sflow/hsflowd.conf.j2 @@ -28,4 +28,5 @@ sflow { {% if drop_monitor_limit is vyos_defined %} dropmon { limit={{ drop_monitor_limit }} start=on sw=on hw=off } {% endif %} + dbus { } } diff --git a/data/templates/telegraf/telegraf.j2 b/data/templates/telegraf/telegraf.j2 index c9f402281..5852d6232 100644 --- a/data/templates/telegraf/telegraf.j2 +++ b/data/templates/telegraf/telegraf.j2 @@ -12,7 +12,7 @@ debug = false quiet = false logfile = "" - hostname = "" + hostname = "{{ hostname }}" omit_hostname = false {% if azure_data_explorer is vyos_defined %} ### Azure Data Explorer ### |