summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-09-08Merge pull request #2222 from nicolas-fort/T4072-fwall-bridgeChristian Breunig
T4072: add firewall bridge filtering.
2023-09-08Merge pull request #2220 from sever-sever/T5554Christian Breunig
T5554: Disable sudo for PAM RADIUS
2023-09-08Merge pull request #2223 from vyos/sonarViacheslav Hletenko
Revert Sonar "Create build.yml"
2023-09-08Merge pull request #1602 from goodNETnick/goodnetnick-shloginotp-T4754Viacheslav Hletenko
login: T4754: show configured 2FA OTP key
2023-09-08T5554: Disable sudo for PAM RADIUSViacheslav Hletenko
Disable sudo for PAM RADIUS template that slows down the CLI commands To fix it add: session [default=ignore success=2] pam_succeed_if.so service = sudo
2023-09-08Revert "Create build.yml"Viacheslav Hletenko
This reverts commit 7a99a59b338fecd73d34819a0a95646c054a0f12. SonarCloud is not configured for now properly. Revert this commit until we confiugre all properly if we'll use it in the future.
2023-09-08Merge pull request #2221 from sarthurdev/configtest_extendChristian Breunig
smoketest: T5558: Extend configtest to allow checking of migration script results
2023-09-07T4072: add firewall bridge filtering. First implementation only applies for ↵Nicolas Fort
forward chain and few matchers. Should be extended in the future.
2023-09-07smoketest: T5558: Extend configtest to allow checking of migration script ↵sarthurdev
results
2023-09-07config-mgmt: T5556: fix bug in revision to archive updateJohn Estabrook
2023-09-07Merge pull request #2216 from jestabro/ext-dependencyChristian Breunig
T5412: Add support for extending config-mode dependencies in add-on packages
2023-09-07Merge pull request #2217 from sarthurdev/T5555Christian Breunig
system: T5555: Fix time-zone migrator changing valid time-zones to UTC
2023-09-07system: T5555: Fix time-zone migrator changing valid time-zones to UTCsarthurdev
2023-09-06conf-mode: T5412: move dependency check from smoketest to nosetestJohn Estabrook
2023-09-06conf-mode: T5412: add script for add-on package check of dependenciesJohn Estabrook
2023-09-06conf-mode: T5412: add support for supplemental dependency definitionsJohn Estabrook
Add support for defining config-mode dependencies in add-on packages.
2023-09-06Merge pull request #2199 from sarthurdev/T4309Christian Breunig
conntrack: T4309: T4903: Refactor `system conntrack ignore`, add IPv6 support and firewall groups
2023-09-06Merge pull request #2205 from sever-sever/T5489Christian Breunig
T5489: Add sysctl TCP congestion control by default to BBR
2023-09-06Merge pull request #2206 from sever-sever/T5423Christian Breunig
T5423: Fix for op-mode show vpn ike secrets
2023-09-06Merge pull request #2208 from sarthurdev/T5550Christian Breunig
interface: T5550: Interface source-validation priority over global value
2023-09-06Merge pull request #2211 from jestabro/bug-config-mgmtChristian Breunig
config-mgmt: T5353: normalize archive updates and commit log entries
2023-09-05config-mgmt: T5353: after updated save-config, one can include init revJohn Estabrook
The legacy config-mgmt/save-config tools had an abiding bug that would raise an error if comparing/reading the init archive; this is no longer an issue.
2023-09-05config-mgmt: T5353: correct update check during bootJohn Estabrook
2023-09-05config-mgmt: T5353: only add log entry if archivingJohn Estabrook
2023-09-05Merge pull request #2204 from sever-sever/T5480John Estabrook
T5480: Ability to disable SNMP for keepalived service VRRP
2023-09-05T5533: Fix for vrrp dict key if virtual-server is usedViacheslav Hletenko
When using `virtual-server` alongside Keepalived, there can be situations where the `vrrp` key is completely unused.
2023-09-05firewall: T3509: Split IPv4 and IPv6 reverse path filtering like on interfacessarthurdev
2023-09-05interface: T5550: Interface source-validation priority over global valuesarthurdev
- Migrate IPv4 source-validation to nftables - Interface source-validation value takes priority, fallback to global value
2023-09-05save-config: T5551: check if None before write, as is the case at bootJohn Estabrook
2023-09-05Merge pull request #2202 from sever-sever/T5548Christian Breunig
T5548: Fix load-balancing reverse-proxy timeouts
2023-09-05Merge pull request #2203 from sever-sever/T2958Christian Breunig
T2958: Fix path for leases to config directory
2023-09-05Merge branch 'netns' into currentChristian Breunig
* netns: smoketest: T5241: re-work netns assertions and provide common utility helper netns: T5241: simplify network namespace handling netns: T5241: improve get_interface_namespace() robustness netns: T5241: use common interface_exists() helper netns: T5241: provide is_netns_interface utility helper T5241: Support netns for veth and dummy interfaces
2023-09-05smoketest: T5241: re-work netns assertions and provide common utility helperChristian Breunig
2023-09-05netns: T5241: simplify network namespace handlingChristian Breunig
2023-09-05T5423: Fix for op-mode show vpn ike secretsViacheslav Hletenko
We don't use ipsec.secrets anymore Fix op-mode for "show vpn ike secrets". Ability to get "RAW" format
2023-09-05T5489: Add sysctl TCP congestion control by default to BBRViacheslav Hletenko
Add by default sysctl TCP congestion control to BBR. Default value `cubic` is not optimal. net.core.default_qdisc=fq net.ipv4.tcp_congestion_control=bbr
2023-09-05T5480: Ability to disable SNMP for keepalived service VRRPViacheslav Hletenko
By default we enable `--snmp` for keepalived unit service Add ability to disable it set high-availability vrrp disable-snmp
2023-09-05T2958: Fix path for leases to config directoryViacheslav Hletenko
The leases path should be in `/config` directory to save leases between reboots. The typo was in this commit c07055258b853de641d2a1353582800b24c514d2 Before this the idea was to get leases from `/run` directory only for livecd images. But then we added `/config` directory for livecd. PR was modified and incorrect variable directory `/run` was used. Fix it.
2023-09-05T5548: Fix load-balancing reverse-proxy timeoutsViacheslav Hletenko
By default haproxy uses timeouts in millisecond but we set timeouts in seconds from CLI Fix template to use 'seconds' units
2023-09-05Merge pull request #2184 from sever-sever/T2958Christian Breunig
T2958: Refactor DHCP-server systemd unit and lease
2023-09-05Merge pull request #2188 from nicolas-fort/T5496Christian Breunig
T5496: multiple fixes for op-mode command <show firewall>
2023-09-04T5496: Change src and|or destination wildcard for any, which still makes it ↵Nicolas Fort
easy to read, and we get uniform output for both families, and will look the same when working with inet family in the future. Fix output of geo-ip matchers. Fix output for default-action rules: display N/A for counters in base chains, since they are not available.Change from N/A to N/D for empty groups, and for groups which found no reference in config
2023-09-04Merge pull request #2201 from dmbaturin/T671-show-dmiChristian Breunig
T671: call dmidecode directly in "show hardware dmi"
2023-09-04T671: call dmidecode directly in "show hardware dmi"Daniil Baturin
The old script isn't doing much, in fact, it's much less informative than actual dmidecode
2023-09-04T2958: Refactor DHCP-server systemd unit and leaseViacheslav Hletenko
Render isc-dhcp-server systemd unit from configuration
2023-09-04nat: T1877: Fix typo in nat ConfigErrorsarthurdev
2023-09-04conntrack: T4309: Add `conntrack ignore` smoketestsarthurdev
2023-09-04conntrack: T4309: T4903: Refactor `system conntrack ignore` rule generation, ↵sarthurdev
add IPv6 support and firewall groups
2023-09-04Merge pull request #2192 from sever-sever/T5533vyos/1.5dev0zdc
T5533: Fix VRRP IPv6 group enters in FAULT state
2023-09-04T5533: Fix VRRP IPv6 group enters in FAULT stateViacheslav Hletenko
Checks if an IPv6 address on a specific network interface is in the tentative state. IPv6 tentative addresses are not fully configured and are undergoing Duplicate Address Detection (DAD) to ensure they are unique on the network. inet6 2001:db8::3/125 scope global tentative It tentative state the group enters in FAULT state. Fix it