3 files changed, 57 insertions, 19 deletions
diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py
index 14387cbbf..a7dc33d9d 100755
--- a/src/conf_mode/container.py
+++ b/src/conf_mode/container.py
@@ -419,12 +419,18 @@ def generate(container):
                 'dns_enabled': True,
                 'ipam_options': {
                     'driver': 'host-local'
+                },
+                'options': {
+                    'mtu': '1500'
                 }
             }
 
             if 'no_name_server' in network_config:
                 tmp['dns_enabled'] = False
 
+            if 'mtu' in network_config:
+                tmp['options']['mtu'] = network_config['mtu']
+
             for prefix in network_config['prefix']:
                 net = {'subnet': prefix, 'gateway': inc_ip(prefix, 1)}
                 tmp['subnets'].append(net)
diff --git a/src/conf_mode/interfaces_wireguard.py b/src/conf_mode/interfaces_wireguard.py
index 7abdfdbfa..b6fd6b0b2 100755
--- a/src/conf_mode/interfaces_wireguard.py
+++ b/src/conf_mode/interfaces_wireguard.py
@@ -70,9 +70,6 @@ def verify(wireguard):
     if 'private_key' not in wireguard:
         raise ConfigError('Wireguard private-key not defined')
 
-    if 'peer' not in wireguard:
-        raise ConfigError('At least one Wireguard peer is required!')
-
     if 'port' in wireguard and 'port_changed' in wireguard:
         listen_port = int(wireguard['port'])
         if check_port_availability('0.0.0.0', listen_port, 'udp') is not True:
@@ -80,28 +77,29 @@ def verify(wireguard):
                                'cannot be used for the interface!')
 
     # run checks on individual configured WireGuard peer
-    public_keys = []
-    for tmp in wireguard['peer']:
-        peer = wireguard['peer'][tmp]
+    if 'peer' in wireguard:
+        public_keys = []
+        for tmp in wireguard['peer']:
+            peer = wireguard['peer'][tmp]
 
-        if 'allowed_ips' not in peer:
-            raise ConfigError(f'Wireguard allowed-ips required for peer "{tmp}"!')
+            if 'allowed_ips' not in peer:
+                raise ConfigError(f'Wireguard allowed-ips required for peer "{tmp}"!')
 
-        if 'public_key' not in peer:
-            raise ConfigError(f'Wireguard public-key required for peer "{tmp}"!')
+            if 'public_key' not in peer:
+                raise ConfigError(f'Wireguard public-key required for peer "{tmp}"!')
 
-        if ('address' in peer and 'port' not in peer) or ('port' in peer and 'address' not in peer):
-            raise ConfigError('Both Wireguard port and address must be defined '
-                              f'for peer "{tmp}" if either one of them is set!')
+            if ('address' in peer and 'port' not in peer) or ('port' in peer and 'address' not in peer):
+                raise ConfigError('Both Wireguard port and address must be defined '
+                                  f'for peer "{tmp}" if either one of them is set!')
 
-        if peer['public_key'] in public_keys:
-            raise ConfigError(f'Duplicate public-key defined on peer "{tmp}"')
+            if peer['public_key'] in public_keys:
+                raise ConfigError(f'Duplicate public-key defined on peer "{tmp}"')
 
-        if 'disable' not in peer:
-            if is_wireguard_key_pair(wireguard['private_key'], peer['public_key']):
-                raise ConfigError(f'Peer "{tmp}" has the same public key as the interface "{wireguard["ifname"]}"')
+            if 'disable' not in peer:
+                if is_wireguard_key_pair(wireguard['private_key'], peer['public_key']):
+                    raise ConfigError(f'Peer "{tmp}" has the same public key as the interface "{wireguard["ifname"]}"')
 
-        public_keys.append(peer['public_key'])
+            public_keys.append(peer['public_key'])
 
 def generate(wireguard):
     return None
diff --git a/src/migration-scripts/qos/2-to-3 b/src/migration-scripts/qos/2-to-3
new file mode 100644
index 000000000..284fe828e
--- /dev/null
+++ b/src/migration-scripts/qos/2-to-3
@@ -0,0 +1,34 @@
+# Copyright 2024 VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library.  If not, see <http://www.gnu.org/licenses/>.
+
+from vyos.configtree import ConfigTree
+
+
+def migrate(config: ConfigTree) -> None:
+    base = ['qos', 'policy', 'cake']
+    if config.exists(base):
+        for policy in config.list_nodes(base):
+            if config.exists(base + [policy, 'flow-isolation']):
+                isolation = None
+                for isol in config.list_nodes(base + [policy, 'flow-isolation']):
+                    if isol == 'nat':
+                        config.set(base + [policy, 'flow-isolation-nat'])
+                    else:
+                        isolation = isol
+
+                config.delete(base + [policy, 'flow-isolation'])
+
+                if isolation:
+                    config.set(base + [policy, 'flow-isolation'], value=isolation)