Age | Commit message (Collapse) | Author | |
---|---|---|---|
2023-09-05 | firewall: T3509: Split IPv4 and IPv6 reverse path filtering like on interfaces | sarthurdev | |
2023-09-05 | interface: T5550: Interface source-validation priority over global value | sarthurdev | |
- Migrate IPv4 source-validation to nftables - Interface source-validation value takes priority, fallback to global value | |||
2023-09-05 | Merge pull request #2202 from sever-sever/T5548 | Christian Breunig | |
T5548: Fix load-balancing reverse-proxy timeouts | |||
2023-09-05 | Merge pull request #2203 from sever-sever/T2958 | Christian Breunig | |
T2958: Fix path for leases to config directory | |||
2023-09-05 | Merge branch 'netns' into current | Christian Breunig | |
* netns: smoketest: T5241: re-work netns assertions and provide common utility helper netns: T5241: simplify network namespace handling netns: T5241: improve get_interface_namespace() robustness netns: T5241: use common interface_exists() helper netns: T5241: provide is_netns_interface utility helper T5241: Support netns for veth and dummy interfaces | |||
2023-09-05 | smoketest: T5241: re-work netns assertions and provide common utility helper | Christian Breunig | |
2023-09-05 | netns: T5241: simplify network namespace handling | Christian Breunig | |
2023-09-05 | T2958: Fix path for leases to config directory | Viacheslav Hletenko | |
The leases path should be in `/config` directory to save leases between reboots. The typo was in this commit c07055258b853de641d2a1353582800b24c514d2 Before this the idea was to get leases from `/run` directory only for livecd images. But then we added `/config` directory for livecd. PR was modified and incorrect variable directory `/run` was used. Fix it. | |||
2023-09-05 | T5548: Fix load-balancing reverse-proxy timeouts | Viacheslav Hletenko | |
By default haproxy uses timeouts in millisecond but we set timeouts in seconds from CLI Fix template to use 'seconds' units | |||
2023-09-05 | Merge pull request #2184 from sever-sever/T2958 | Christian Breunig | |
T2958: Refactor DHCP-server systemd unit and lease | |||
2023-09-05 | Merge pull request #2188 from nicolas-fort/T5496 | Christian Breunig | |
T5496: multiple fixes for op-mode command <show firewall> | |||
2023-09-04 | T5496: Change src and|or destination wildcard for any, which still makes it ↵ | Nicolas Fort | |
easy to read, and we get uniform output for both families, and will look the same when working with inet family in the future. Fix output of geo-ip matchers. Fix output for default-action rules: display N/A for counters in base chains, since they are not available.Change from N/A to N/D for empty groups, and for groups which found no reference in config | |||
2023-09-04 | Merge pull request #2201 from dmbaturin/T671-show-dmi | Christian Breunig | |
T671: call dmidecode directly in "show hardware dmi" | |||
2023-09-04 | T671: call dmidecode directly in "show hardware dmi" | Daniil Baturin | |
The old script isn't doing much, in fact, it's much less informative than actual dmidecode | |||
2023-09-04 | T2958: Refactor DHCP-server systemd unit and lease | Viacheslav Hletenko | |
Render isc-dhcp-server systemd unit from configuration | |||
2023-09-04 | Merge pull request #2192 from sever-sever/T5533vyos/1.5dev0 | zdc | |
T5533: Fix VRRP IPv6 group enters in FAULT state | |||
2023-09-04 | T5533: Fix VRRP IPv6 group enters in FAULT state | Viacheslav Hletenko | |
Checks if an IPv6 address on a specific network interface is in the tentative state. IPv6 tentative addresses are not fully configured and are undergoing Duplicate Address Detection (DAD) to ensure they are unique on the network. inet6 2001:db8::3/125 scope global tentative It tentative state the group enters in FAULT state. Fix it | |||
2023-09-04 | Merge pull request #2197 from anthr76/cap-sys-module | Christian Breunig | |
feat(T5544): Allow CAP_SYS_MODULE to be set on containers | |||
2023-09-03 | fix: sys-module auto-tab completion | Anthony Rabbito | |
Signed-off-by: Anthony Rabbito <hello@anthonyrabbito.com> | |||
2023-09-03 | feat(T5544): Allow CAP_SYS_MODULE to be set on containers | Anthony Rabbito | |
Signed-off-by: Anthony Rabbito <hello@anthonyrabbito.com> | |||
2023-09-03 | netns: T5241: improve get_interface_namespace() robustness | Christian Breunig | |
2023-09-03 | netns: T5241: use common interface_exists() helper | Christian Breunig | |
2023-09-03 | netns: T5241: provide is_netns_interface utility helper | Christian Breunig | |
2023-09-03 | Merge branch 'T5241-control-edition' of ↵ | Christian Breunig | |
https://github.com/sever-sever/vyos-1x into netns * 'T5241-control-edition' of https://github.com/sever-sever/vyos-1x: T5241: Support netns for veth and dummy interfaces | |||
2023-09-03 | T5543: IGMP: fix source address handling in static joins | Yuxiang Zhu | |
The following command expects to join source-specific multicast group 239.1.2.3 on interface eth0, where the source address is 192.0.2.1. set protocols igmp interface eth0 join 239.1.2.3 source 192.0.2.1 This command should generate FRR config: interface eth0 ip igmp ip igmp join 239.1.2.3 192.0.2.1 exit However, there is a bug in the Jinja template where `if ifaces[iface].gr_join[group]` is mostly evaluated as `false` because `iface` is a loop variable from another loop. | |||
2023-09-03 | ipoe: T5542: fix Jinja2 template and add missing dhcp relay config | Niklas Polte | |
2023-09-03 | wireless: T5540: fix smoketests after adjusting VHT channel width | Christian Breunig | |
Commit 6896aabb6 ("wireless: T5540: fix VHT capability settings for 802.11ac" changed how the VHT channel-sidth is configured in hostapd - but smoketests did not get adjusted. | |||
2023-09-03 | wireless: T5540: use elif in Jinja2 template for VHT channel width | Christian Breunig | |
2023-09-02 | wireless: T5540: fix VHT capability settings for 802.11ac | alainlamar | |
2023-09-01 | container: T4353: capitalize ascii -> ASCII | Christian Breunig | |
2023-09-01 | Merge pull request #2193 from sever-sever/T5536 | Christian Breunig | |
T5536: Fix show dhcp client leases | |||
2023-09-01 | T2546: re-add "monitor command" op-mode command with a new "diff" option as well | Christian Breunig | |
2023-09-01 | T5536: Fix show dhcp client leases | Viacheslav Hletenko | |
Fix helpers was moved to vyos.utils package Fix empty new address from the lease file causes OSError: illegal IP address string passed to inet_pton | |||
2023-08-31 | Merge pull request #2189 from sever-sever/T5531 | Christian Breunig | |
T5531: Containers add label option | |||
2023-08-31 | Merge pull request #2190 from sarthurdev/T4782 | Christian Breunig | |
eapol: T4782: Support multiple CA chains | |||
2023-08-31 | T5531: Containers add label option | Viacheslav Hletenko | |
Ability to set labels for container set container name c1 allow-host-networks set container name c1 image 'busybox' set container name c1 label mypods value 'My label for containers' | |||
2023-08-30 | T5496: add fqdn and geo-ip matchers in op-mode command <show firewall statics> | Nicolas Fort | |
2023-08-31 | eapol: T4782: Support multiple CA chains | sarthurdev | |
2023-08-30 | Merge pull request #2186 from nicolas-fort/T5496 | Christian Breunig | |
T5496: firewall: fix op-mode command show firewall | |||
2023-08-29 | T5496: firewall op-mode: add fix for source and destination when not ↵ | Nicolas Fort | |
specified (correct ::/0 for ipv6). Also, add columns for inbound and outbound interfaces | |||
2023-08-29 | T5496: firewall op-mode: add fix for firewall statics. Include groups ↵ | Nicolas Fort | |
correct reference in source/destination column | |||
2023-08-29 | Debian: T5521: remove unused tacacs UNIX group | Christian Breunig | |
2023-08-29 | T5496: firewall op-mode: fix show command for group member and references | Nicolas Fort | |
2023-08-29 | Debian: T5521: use bash over dash for postinstall script | Christian Breunig | |
2023-08-28 | Debian: T5521: use --no-create-home for TACACS users | Christian Breunig | |
2023-08-28 | Debian: T5521: place AAA users in users group (besides aaa group) | Christian Breunig | |
2023-08-28 | Debian: T5521: both RADIUS and TACACS users belong to aaa group, add group first | Christian Breunig | |
2023-08-28 | Merge pull request #2180 from vfreex/fix-call-hangs | Christian Breunig | |
T5519: Fix `vyos.utils.process.call` hangs | |||
2023-08-28 | T5519: Fix `vyos.utils.process.call` hangs | Yuxiang Zhu | |
See https://vyos.dev/T5519 for more information. | |||
2023-08-27 | Merge pull request #2176 from sarthurdev/T5080 | Christian Breunig | |
firewall: T5080: Disable conntrack unless required by rules |