summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-09-14nhrp: T2199: Use separate table in nftables for NHRP rulessarthurdev
2022-09-13zone-policy: T2199: Migrate zone-policy to firewall nodesarthurdev
2022-09-13policy: T2199: Typo in policy route smoketest teardownsarthurdev
2022-09-13firewall: T4605: Rename filter tables to vyos_filtersarthurdev
2022-09-13firewall: T2199: Move initial firewall tables to datasarthurdev
2022-09-13firewall: T2199: Refactor firewall + zone-policy, move interfaces under ↵sarthurdev
firewall node * Refactor firewall and zone-policy rule creation and cleanup * Migrate interface firewall values to `firewall interfaces <name> <direction> name/ipv6-name <name>` * Remove `firewall-interface.py` conf script
2022-09-08Merge pull request #1525 from nicolas-fort/T1024Christian Poessinger
T1024: Firewall and Policy route: add option to match dscp value
2022-09-07T1024: Firewall and Policy route: add option to match dscp value, both on ↵Nicolas Fort
firewall and in policy route
2022-09-07Merge pull request #1522 from nicolas-fort/T4670zdc
T4670: policy route: extend matching criteria for policy route and route6
2022-09-07GitHub: assign discrete reviewers - GitHub team did not work properlyChristian Poessinger
2022-09-07Merge pull request #1523 from bmhughes/fix-radius-disableChristian Poessinger
radius: T4672: Fix RADIUS server disable template logic
2022-09-06graphql: T4674: print included op-mode error message, if it existsJohn Estabrook
2022-09-06Merge pull request #1524 from jestabro/bridge-op-modeJohn Estabrook
bridge: T4673: raise UnconfiguredSubsystem on non-existent bridge intf
2022-09-06bridge: T4673: raise UnconfiguredSubsystem on non-existent bridge intfJohn Estabrook
2022-09-06radius: T4672: Fix RADIUS server disable template logicBenjamin M. Hughes
2022-09-06T4670: policy route: extend matching criteria for policy route and route6. ↵Nicolas Fort
Matching criteria added: ttl/hoplimit and packet-length
2022-09-04GitHub: change all reviewers to the @vyos/maintainers teamChristian Poessinger
2022-09-03Merge branch 'firewall' into currentChristian Poessinger
* firewall: firewall: T4651: re-implement packet-length CLI option to use <multi/> firewall: T3568: improve default-action help string firewall: T3568: add XML include block for eq,gt,lt options smoketest: firewall: add re-usable variables when running testcases Firewall: T4651: Change proposed cli from ip-length to packet-length Firewall: T4651: Add options to match packet size on firewall rules.
2022-09-03firewall: T4651: re-implement packet-length CLI option to use <multi/>Christian Poessinger
2022-09-03firewall: T3568: improve default-action help stringChristian Poessinger
2022-09-03firewall: T3568: add XML include block for eq,gt,lt optionsChristian Poessinger
2022-09-03smoketest: firewall: add re-usable variables when running testcasesChristian Poessinger
2022-09-03Merge pull request #1517 from initramfs/current-fix-bond-membersChristian Poessinger
bonding: T4668: Fix bond members not adding/interface state incorrect
2022-09-02bonding: T4668: fix live bonding member add or removeinitramfs
Fixes several bugs around bonding member interface states not matching the committed configuration, including: - Disabled removed interfaces coming back up - Newly added disabled interfaces not staying down - Newly added interfaces not showing up in the bond
2022-09-02bonding: T4668: refactor configuration mode interface bonding scriptinitramfs
Refactor interfaces-bonding.py to simplify existing code and to remove potentially bugprone sections in preparation for member add/remove fixes for T4668.
2022-09-02Merge branch 'T4651' of https://github.com/nicolas-fort/vyos-1x into firewallChristian Poessinger
* 'T4651' of https://github.com/nicolas-fort/vyos-1x: Firewall: T4651: Change proposed cli from ip-length to packet-length Firewall: T4651: Add options to match packet size on firewall rules.
2022-09-01Firewall: T4651: Change proposed cli from ip-length to packet-lengthNicolas Fort
2022-09-01Merge pull request #1466 from sever-sever/T538Christian Poessinger
nat: T538: Add static NAT one-to-one
2022-09-01Merge pull request #1512 from sever-sever/T4655Christian Poessinger
policy-route: T4655: Remove default_action from template
2022-09-01Merge pull request #1513 from roedie/T4665Christian Poessinger
T4665: Keepalived: Allow same VRID on interface
2022-09-01Merge pull request #1514 from sever-sever/T4663Daniil Baturin
macvlan: T4663: Fix update mode for pethX interface
2022-09-01macvlan: T4663: Fix update mode for pethX interfaceViacheslav Hletenko
Fix the issue when configured pseudo-ethernet interface cannot change self mode
2022-09-01policy-route: T4655: Remove default_action from templateViacheslav Hletenko
Remove `default_action` from template "nftables-policy" as XML policy route does not use it Set default action 'accept' for policy route, as default action 'drop' must be used only for firewall and not related to the policy route
2022-09-01T4665: Keepalived: Allow same VRID on interfaceSander Klein
Using the same VRID on an interface is allowed as long as the address family is different (VRRPv2 vs VRRPv3)
2022-08-31nat: T538: Move nat configs to /run directoryViacheslav Hletenko
2022-08-30firewall: T4655: implement XML defaultValue for name and ipv6-nameChristian Poessinger
This extends the implementation of commit 0cc7e0a49094 ("firewall: T4655: Fix default action 'drop' for the firewall") in a way that we can now also use the XML <defaultValue> node under "firewall name" and "firewall ipv6-name". This is a much cleaner approach which also adds the default value automatically to the CLIs completion helper ("?").
2022-08-30dns: op-mode: T2488: drop invalid "monitor dns forwarding" commandChristian Poessinger
The CLI command was a duplicate of the "show dns forwarding" command and did not follow or re-trigger the commadn to watch it. It produced 1:1 the same output as "show dns forwarding".
2022-08-30firewall: T3568: cleanup XML help node - remove information passed via valueHelpChristian Poessinger
2022-08-30firewall: T3568: rename XML building blocks to match CLI node nameChristian Poessinger
2022-08-30Merge pull request #1509 from zdc/T4657-sagittaDaniil Baturin
opmode: T4657: fixed opmode with return type hints
2022-08-30Merge pull request #1506 from sever-sever/T4655Christian Poessinger
firewall: T4655: Fix default action 'drop' for the firewall
2022-08-30Merge pull request #1505 from sever-sever/T4367Christian Poessinger
nat: T4367: Move nat rules from /tmp to /run/nftables_nat.conf
2022-08-30Merge pull request #1508 from zdc/T4646-sagittaChristian Poessinger
console: T4646: Fixed USB console issues
2022-08-30opmode: T4657: fixed opmode with return type hintszsdc
This commit excludes `return` from `typing.get_type_hints()` output, which allows generate argparse arguments for function properly.
2022-08-30console: T4646: Fixed USB console issueszsdc
* fixed the `systemctl restart` command that used a value from config instead converted to `ttyUSBX` * moved systemd units from `/etc/` to `/run/`
2022-08-29ethernet: T4653: bugfix copy-paste when processing NIC offloadingChristian Poessinger
Commit 31169fa8a763e ("vyos.ifconfig: T3619: only set offloading options if supported by NIC") added the new implementation which handles NIC offloading. Unfortunately every single implementation was copied from "gro" which resulted in a change to gro for each offloading option - thus options like lro, sg, tso had no effect at all. It all comes down to copy/paste errors ... one way or another.
2022-08-29firewall: T4655: Fix default action 'drop' for the firewallViacheslav Hletenko
For some reason after firewall rewriting we are having default action 'accept' for 1.4 and default action 'drop' for 1.3 Fix this issue, set default action 'drop'
2022-08-29nat: T4367: Move nat rules from /tmp to /run/nftables_nat.confViacheslav Hletenko
Move nftables nat configuration from /tmp to /run As we have for other services like firewall, conntrack Don't remove the config file '/run/nftables_nat.conf' after commit
2022-08-29Merge pull request #1503 from sever-sever/T4654Christian Poessinger
rpki: T4654: Fix RPKI cache description
2022-08-29rpki: T4654: Fix RPKI cache descriptionViacheslav Hletenko
Fix wrong descriptions for the RPKI server It was mentioned about the NTP server