summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-09-05firewall: T3509: Split IPv4 and IPv6 reverse path filtering like on interfacessarthurdev
2023-09-05interface: T5550: Interface source-validation priority over global valuesarthurdev
- Migrate IPv4 source-validation to nftables - Interface source-validation value takes priority, fallback to global value
2023-09-05Merge pull request #2202 from sever-sever/T5548Christian Breunig
T5548: Fix load-balancing reverse-proxy timeouts
2023-09-05Merge pull request #2203 from sever-sever/T2958Christian Breunig
T2958: Fix path for leases to config directory
2023-09-05Merge branch 'netns' into currentChristian Breunig
* netns: smoketest: T5241: re-work netns assertions and provide common utility helper netns: T5241: simplify network namespace handling netns: T5241: improve get_interface_namespace() robustness netns: T5241: use common interface_exists() helper netns: T5241: provide is_netns_interface utility helper T5241: Support netns for veth and dummy interfaces
2023-09-05smoketest: T5241: re-work netns assertions and provide common utility helperChristian Breunig
2023-09-05netns: T5241: simplify network namespace handlingChristian Breunig
2023-09-05T2958: Fix path for leases to config directoryViacheslav Hletenko
The leases path should be in `/config` directory to save leases between reboots. The typo was in this commit c07055258b853de641d2a1353582800b24c514d2 Before this the idea was to get leases from `/run` directory only for livecd images. But then we added `/config` directory for livecd. PR was modified and incorrect variable directory `/run` was used. Fix it.
2023-09-05T5548: Fix load-balancing reverse-proxy timeoutsViacheslav Hletenko
By default haproxy uses timeouts in millisecond but we set timeouts in seconds from CLI Fix template to use 'seconds' units
2023-09-05Merge pull request #2184 from sever-sever/T2958Christian Breunig
T2958: Refactor DHCP-server systemd unit and lease
2023-09-05Merge pull request #2188 from nicolas-fort/T5496Christian Breunig
T5496: multiple fixes for op-mode command <show firewall>
2023-09-04T5496: Change src and|or destination wildcard for any, which still makes it ↵Nicolas Fort
easy to read, and we get uniform output for both families, and will look the same when working with inet family in the future. Fix output of geo-ip matchers. Fix output for default-action rules: display N/A for counters in base chains, since they are not available.Change from N/A to N/D for empty groups, and for groups which found no reference in config
2023-09-04Merge pull request #2201 from dmbaturin/T671-show-dmiChristian Breunig
T671: call dmidecode directly in "show hardware dmi"
2023-09-04T671: call dmidecode directly in "show hardware dmi"Daniil Baturin
The old script isn't doing much, in fact, it's much less informative than actual dmidecode
2023-09-04T2958: Refactor DHCP-server systemd unit and leaseViacheslav Hletenko
Render isc-dhcp-server systemd unit from configuration
2023-09-04Merge pull request #2192 from sever-sever/T5533vyos/1.5dev0zdc
T5533: Fix VRRP IPv6 group enters in FAULT state
2023-09-04T5533: Fix VRRP IPv6 group enters in FAULT stateViacheslav Hletenko
Checks if an IPv6 address on a specific network interface is in the tentative state. IPv6 tentative addresses are not fully configured and are undergoing Duplicate Address Detection (DAD) to ensure they are unique on the network. inet6 2001:db8::3/125 scope global tentative It tentative state the group enters in FAULT state. Fix it
2023-09-04Merge pull request #2197 from anthr76/cap-sys-moduleChristian Breunig
feat(T5544): Allow CAP_SYS_MODULE to be set on containers
2023-09-03fix: sys-module auto-tab completionAnthony Rabbito
Signed-off-by: Anthony Rabbito <hello@anthonyrabbito.com>
2023-09-03feat(T5544): Allow CAP_SYS_MODULE to be set on containersAnthony Rabbito
Signed-off-by: Anthony Rabbito <hello@anthonyrabbito.com>
2023-09-03netns: T5241: improve get_interface_namespace() robustnessChristian Breunig
2023-09-03netns: T5241: use common interface_exists() helperChristian Breunig
2023-09-03netns: T5241: provide is_netns_interface utility helperChristian Breunig
2023-09-03Merge branch 'T5241-control-edition' of ↵Christian Breunig
https://github.com/sever-sever/vyos-1x into netns * 'T5241-control-edition' of https://github.com/sever-sever/vyos-1x: T5241: Support netns for veth and dummy interfaces
2023-09-03T5543: IGMP: fix source address handling in static joinsYuxiang Zhu
The following command expects to join source-specific multicast group 239.1.2.3 on interface eth0, where the source address is 192.0.2.1. set protocols igmp interface eth0 join 239.1.2.3 source 192.0.2.1 This command should generate FRR config: interface eth0 ip igmp ip igmp join 239.1.2.3 192.0.2.1 exit However, there is a bug in the Jinja template where `if ifaces[iface].gr_join[group]` is mostly evaluated as `false` because `iface` is a loop variable from another loop.
2023-09-03ipoe: T5542: fix Jinja2 template and add missing dhcp relay configNiklas Polte
2023-09-03wireless: T5540: fix smoketests after adjusting VHT channel widthChristian Breunig
Commit 6896aabb6 ("wireless: T5540: fix VHT capability settings for 802.11ac" changed how the VHT channel-sidth is configured in hostapd - but smoketests did not get adjusted.
2023-09-03wireless: T5540: use elif in Jinja2 template for VHT channel widthChristian Breunig
2023-09-02wireless: T5540: fix VHT capability settings for 802.11acalainlamar
2023-09-01container: T4353: capitalize ascii -> ASCIIChristian Breunig
2023-09-01Merge pull request #2193 from sever-sever/T5536Christian Breunig
T5536: Fix show dhcp client leases
2023-09-01T2546: re-add "monitor command" op-mode command with a new "diff" option as wellChristian Breunig
2023-09-01T5536: Fix show dhcp client leasesViacheslav Hletenko
Fix helpers was moved to vyos.utils package Fix empty new address from the lease file causes OSError: illegal IP address string passed to inet_pton
2023-08-31Merge pull request #2189 from sever-sever/T5531Christian Breunig
T5531: Containers add label option
2023-08-31Merge pull request #2190 from sarthurdev/T4782Christian Breunig
eapol: T4782: Support multiple CA chains
2023-08-31T5531: Containers add label optionViacheslav Hletenko
Ability to set labels for container set container name c1 allow-host-networks set container name c1 image 'busybox' set container name c1 label mypods value 'My label for containers'
2023-08-30T5496: add fqdn and geo-ip matchers in op-mode command <show firewall statics>Nicolas Fort
2023-08-31eapol: T4782: Support multiple CA chainssarthurdev
2023-08-30Merge pull request #2186 from nicolas-fort/T5496Christian Breunig
T5496: firewall: fix op-mode command show firewall
2023-08-29T5496: firewall op-mode: add fix for source and destination when not ↵Nicolas Fort
specified (correct ::/0 for ipv6). Also, add columns for inbound and outbound interfaces
2023-08-29T5496: firewall op-mode: add fix for firewall statics. Include groups ↵Nicolas Fort
correct reference in source/destination column
2023-08-29Debian: T5521: remove unused tacacs UNIX groupChristian Breunig
2023-08-29T5496: firewall op-mode: fix show command for group member and referencesNicolas Fort
2023-08-29Debian: T5521: use bash over dash for postinstall scriptChristian Breunig
2023-08-28Debian: T5521: use --no-create-home for TACACS usersChristian Breunig
2023-08-28Debian: T5521: place AAA users in users group (besides aaa group)Christian Breunig
2023-08-28Debian: T5521: both RADIUS and TACACS users belong to aaa group, add group firstChristian Breunig
2023-08-28Merge pull request #2180 from vfreex/fix-call-hangsChristian Breunig
T5519: Fix `vyos.utils.process.call` hangs
2023-08-28T5519: Fix `vyos.utils.process.call` hangsYuxiang Zhu
See https://vyos.dev/T5519 for more information.
2023-08-27Merge pull request #2176 from sarthurdev/T5080Christian Breunig
firewall: T5080: Disable conntrack unless required by rules