Age | Commit message (Collapse) | Author | |
---|---|---|---|
2023-10-29 | Merge pull request #2408 from nicolas-fort/T5513-show-fwall | Christian Breunig | |
T5513: firewall: update op-mode command show firewall. | |||
2023-10-29 | op-mode: T5661: add "monitor ssh dynamic-protection" command to follow the ↵ | Christian Breunig | |
logfile | |||
2023-10-29 | op-mode: T5661: remove call to sudo in ssh.py and move it to XML definition | Christian Breunig | |
Try to have as few calls to sudo in the op-mode scripts as possible. The XML definitions can deal with it. | |||
2023-10-29 | op-mode: T5661: use common journalctl syntax for sshguard | Christian Breunig | |
This makes the code more easy to maintain in the future if everyone uses the same structure when calling journalctl. | |||
2023-10-26 | Merge pull request #2369 from JeffWDH/current | Daniil Baturin | |
T5661: Add show show ssh dynamic-protection attacker and show log ssh… | |||
2023-10-26 | T5513: T5564: update op-mode command show firewall. Counter available for ↵ | Nicolas Fort | |
default actions and extend references for firewall groups | |||
2023-10-25 | Merge pull request #2406 from nicolas-fort/T5681 | Christian Breunig | |
T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher | |||
2023-10-25 | Merge pull request #2405 from sever-sever/T5683 | Christian Breunig | |
T5683: Fix reverse-proxy PKI filenames mismatch | |||
2023-10-25 | T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher ↵ | Nicolas Fort | |
(valid for interfaces and groups) in firewal, nat and nat66. | |||
2023-10-25 | T5683: Fix reverse-proxy PKI filenames mismatch | Viacheslav Hletenko | |
The current named for certificates are hardcoded in generated config to: - ca.pem - cert.pem.key - cert.pem It cause a generated config certificates and certificates itself are different (test-cert-1.pem and ca.pem) bind :::8080 v4v6 ssl crt /run/haproxy/test-cert-1.pem /run/haproxy/ca.pem It is a bug of initial impelemtation. Fix required correct names from PKI certificates | |||
2023-10-24 | Merge pull request #2355 from nicolas-fort/T5643 | Christian Breunig | |
T5643: nat: add interface-groups to nat. Use same cli structure for i… | |||
2023-10-23 | Merge pull request #2395 from yzguy/yzguy/T5676 | Christian Breunig | |
T5675: Use addr_prefix instead of addr in NAT66 source rule prefix parsing | |||
2023-10-23 | Merge pull request #2396 from yzguy/yzguy/T5677 | Christian Breunig | |
T5677: show lldp neighbors shows empty platform if descr not in lldpctl output | |||
2023-10-23 | T5677: lldp shows empty platform if descr not in lldpctl output | Adam Smith | |
2023-10-22 | T5675: use addr_prefix instead of addr in NAT66 rule | Adam Smith | |
2023-10-22 | Merge pull request #2391 from sever-sever/T5299 | Viacheslav Hletenko | |
T5299: Add missed option ceiling for QoS shaper | |||
2023-10-22 | Merge pull request #2386 from c-po/vxlan-t5671 | Christian Breunig | |
vxlan: T5671: change port to IANA assigned default port | |||
2023-10-22 | vxlan: T5671: warn about changed default port number | Christian Breunig | |
2023-10-22 | T5299: Add missed option ceiling for QoS shaper | Viacheslav Hletenko | |
Add missed option `ceil` for QoS class 'trafficshaper' | |||
2023-10-22 | Merge pull request #2390 from dmbaturin/T5672-remove-node.def-converter | Viacheslav Hletenko | |
scripts: T5672: remove the conf mode node.def importer | |||
2023-10-21 | smoketest: T2897: add basic cluster config | Christian Breunig | |
2023-10-21 | T5661: Add show show ssh dynamic-protection attacker and show log ssh ↵ | JeffWDH | |
dynamic-protection | |||
2023-10-21 | scripts: T5672: remove the conf mode node.def importer | Daniil Baturin | |
2023-10-21 | Merge pull request #2385 from fett0/T5667 | Christian Breunig | |
T5667: BGP label-unicast enable ecmp | |||
2023-10-20 | Merge pull request #2384 from srividya0208/T5642-1 | Christian Breunig | |
T5642: op-cmd: correction of generated file name | |||
2023-10-20 | vxlan: T5671: change port to IANA assigned default port | Christian Breunig | |
Currently VyOS VXLAN implementation uses the Linux assigned port 8472 that predates the IANA assignment. As Most other vendors use the IANA assigned port, follow this guideline and use the new default port 4789. Existing configuration not defining an explicit port number will be migrated to the old default port number of 8472, keeping existing configurations work! | |||
2023-10-20 | T5667: BGP label-uniscat enable ecmp | fett0 | |
2023-10-20 | T5642: op-cmd: correction of generated file name | srividya0208 | |
2023-10-19 | Merge pull request #2378 from c-po/bridge-t5670 | Christian Breunig | |
bridge: T5670: add missing constraint on "member interface" node | |||
2023-10-19 | Merge pull request #2362 from nicolas-fort/T5541 | Christian Breunig | |
T5541: firewall zone: re add firewall zone-base firewall | |||
2023-10-19 | Merge pull request #2377 from dmbaturin/T2897-no-cluster | Christian Breunig | |
cluster: T2897: add a migration script for converting cluster to VRRP | |||
2023-10-19 | Merge pull request #2344 from nicolas-fort/T5637 | Christian Breunig | |
T5637: add new rule at the end of base chains for default-actions and log capabilities | |||
2023-10-19 | vyos.configdict: T5670: move from str to list when calling conf.exists() | Christian Breunig | |
We have had a mix of both string and list arguments to conf.exists(), stremaline this to only make use of list calls. | |||
2023-10-19 | bridge: T5670: add missing constraint on "member interface" node | Christian Breunig | |
One could specify a bridge member of VXLAN1 interface, but it is not possible to create a VXLAN interface with the name of VXLAN1 - prohibited by VXLAN interface name validator. Add missing interface-name validator code | |||
2023-10-19 | cluster: T2897: add a migration script for converting cluster to VRRP | Daniil Baturin | |
2023-10-18 | Merge pull request #2373 from c-po/t4913-wifi-op-mode | Christian Breunig | |
T4913: migrate wireless scripts to new op-mode style | |||
2023-10-18 | Merge pull request #2374 from zdc/T5232-circinus | Christian Breunig | |
pmacct: T5232: Fixed socket parameters for trigger-packets | |||
2023-10-18 | pmacct: T5232: Fixed socket parameters for trigger-packets | zsdc | |
This fixes sending packets to uacctd using a socket. | |||
2023-10-17 | T4913: migrate wireless scripts to new op-mode style | Christian Breunig | |
2023-10-17 | Merge pull request #2371 from jestabro/bug-config-dep | John Estabrook | |
configdep: T5662: fix incorrect inspect.stack index of calling script | |||
2023-10-17 | configdep: T5662: fix incorrect inspect.stack index of calling script | John Estabrook | |
2023-10-17 | T5541: remove migration script from zone-based firewall to new cli. Syntax ↵ | Nicolas Fort | |
remains the same, so no migration is needed regarding this feature | |||
2023-10-16 | op-mode: T5653: command to display SSH server public key fingerprints | JeffWDH | |
2023-10-16 | Merge pull request #2367 from aapostoliuk/T5642-current | Christian Breunig | |
op-mode: T5642: 'generate tech-support archive' moved to vyos-1x | |||
2023-10-16 | Merge pull request #2366 from sever-sever/T5634 | Christian Breunig | |
T5634: Smoketest add OpenVPN encryption ciphers | |||
2023-10-16 | op-mode: T5642: 'generate tech-support archive' moved to vyos-1x | aapostoliuk | |
'generate tech-support archive' moved to vyos-1x. Output of 'show tech-support report' command is added to archive. The default location of the archive is moved to '/tmp'. The script is rewritten to Python. | |||
2023-10-16 | T5634: Smoketest add encryption ciphers | Viacheslav Hletenko | |
As `providers legacy default` option was deleted with insecure DES and Blowfish ciphers, the smoketest cannot pass without adding encyption ciphers Otherwise Oct 16 09:41:34 r4 openvpn-vtun5[9648]: DCO version: N/A Oct 16 09:41:34 r4 openvpn-vtun5[9648]: Cipher BF-CBC not supported Oct 16 09:41:34 r4 openvpn-vtun5[9648]: Exiting due to fatal error Fix the smoketest | |||
2023-10-14 | Merge pull request #2359 from erkin/progressbar | Christian Breunig | |
remote: T5650: Resize-aware progressbar implementation | |||
2023-10-14 | Merge pull request #2361 from zdc/T5232-circinus | Christian Breunig | |
pmacct: T5232: Fixed pmacct service control via systemctl | |||
2023-10-13 | T5541: firewall zone: re add firewall zone-base firewall | Nicolas Fort | |