Age | Commit message (Collapse) | Author |
|
A commit that removes `firewall bridge` will delete the table and not re-create it. Therefore any further firewall commit will fail trying to delete the non-existent bridge table. This commit ensures the table is always present (even if empty) to ensure successful commit.
|
|
supports HW flowtable offload
- Add required offload setting for interfaces + flowtable offload (hw-tc-offload)
- Verification of interface support for hardware offloaded flowtables
|
|
`set firewall flowtable <name> interface <ifname>`
`set firewall flowtable <name> offload [software|hardware]`
`set firewall [ipv4|ipv6] forward filter rule N action offload`
`set firewall [ipv4|ipv6] forward filter rule N offload-target <name>`
|
|
|
|
T5590: firewall log rule: fix order which rule are processed
|
|
conntrack: T5571: Refactor conntrack using vyos.configdep
|
|
- Moves MSS node out of `tcp-flags.xml.i` and into `tcp-mss.xml.i`
- Update smoketest to verify TCP flag matching
|
|
should be added at the end of the rule, after all matchers and befora action. Also change 2 lines in policy_route smoketest, which suddenly wasn't working as expected
|
|
ddclient: T5573: Fix smoketest for updated ddclient config
|
|
GitHub: Add smoketest result menu
|
|
T5594: vrrp: extend function is_ipv6_tentative
|
|
address, and not only global ipv6 address. This allows to configure ipv6 link local address on vrrp hello-source-address parameter.
|
|
Add the `Smoketest result` option to the default PR template
|
|
|
|
ddclient: T5573: Update config generation aligning with caching fixes
|
|
|
|
/usr/libexec/vyos/conf_mode/nat.py:21: DeprecationWarning: The distutils package is deprecated and slated for removal in Python 3.12. Use setuptools or check PEP 632 for potential alternatives
from distutils.version import LooseVersion
|
|
firewall, nat, nat66
|
|
T5586: Disable by default SNMP for Keeplived VRRP service
|
|
T5261: Add AWS load-balancing tunnel handler
|
|
T4502: Fix syntax error introduced by #2062
|
|
AgentX does not work stable. From time to time we see the system
service crashing/degrading if something is wrong with SNMP from
util net-snmp.
We should disable it by default and enable it only if configured.
set high-availability vrrp snmp
|
|
When rebasing https://github.com/vyos/vyos-1x/pull/2062, some additional
lines are mistakenly included.
https://github.com/vyos/vyos-1x/commit/45cfd569119b66abd2f0dfb954042b57921881bd
has removed the extra `}`, but the `{{ group_tmpl.groups(group, True)
}}` line needs to be removed as well.
|
|
ddclient: T5585: Fix file access mode for dynamic dns configuration
|
|
After commit 976f82785 ("T5575: ARP/NDP table-size isnt set properly") the
system bootup process got interrupted as both system-ip.py and system-ipv6.py
tried to talk to FRR which was yet not started.
This has been fixed by using a conditional path to only execute when FRR service
has been enabled. This is safe to do as the initial commit call will has FRR
service running and the path will be executed.
|
|
|
|
After commit 0ccbbca01b ("openvpn: T3214: specify nopool on --server line only
if needed") that removed the net30 option and nopool smoketests needed a fix.
|
|
ddclient.conf file is expected to have permission 600. We need to set
the permission explicitly while creating the file.
|
|
T5579: show log firewall - Fix and extend command
|
|
structure; extend command options so it can be used on every layer ; use journalctl to get the logs
|
|
T4072: Firewall op-mode command: add bridge capabilities
|
|
T5561: nat: inbound|outbound interface should not be mandatory
|
|
T5575: ARP/NDP table-size isnt set properly
|
|
op mode: T5582: Add 'force ntp synchronization'
|
|
|
|
openvpn: T3214: fix server-ipv6 and nopool handling
|
|
T4502: firewall: Add software flow offload using flowtable
|
|
T2044: RPKI doesn't boot properly
|
|
|
|
|
|
|
|
T671: do not preserve old tech-support report implementation
|
|
|
|
T5576: Add BGP remove-private-as all option
|
|
op-mode: T5581: add "show ip nht" command (IPv4 nexthop tracking table)
|
|
vyos@vyos:~$ show ip nht
172.18.254.202
resolved via ospf
via 172.18.201.254, eth0.201 (vrf default), weight 1
Client list: bgp(fd 28)
|
|
|
|
frr: T5239: fix process startup order
|
|
while configuring dNAT|sNAT rule
|
|
Add the ability to use the option all for remove-private-as.
Remove private ASNs in outbound updates.
all - Apply to all AS numbers
set protocols bgp neighbor <tag> address-family ipv4-unicast remove-private-as all
|