Age | Commit message (Collapse) | Author | |
---|---|---|---|
2023-09-08 | Merge pull request #2222 from nicolas-fort/T4072-fwall-bridge | Christian Breunig | |
T4072: add firewall bridge filtering. | |||
2023-09-08 | Merge pull request #2220 from sever-sever/T5554 | Christian Breunig | |
T5554: Disable sudo for PAM RADIUS | |||
2023-09-08 | Merge pull request #2223 from vyos/sonar | Viacheslav Hletenko | |
Revert Sonar "Create build.yml" | |||
2023-09-08 | Merge pull request #1602 from goodNETnick/goodnetnick-shloginotp-T4754 | Viacheslav Hletenko | |
login: T4754: show configured 2FA OTP key | |||
2023-09-08 | T5554: Disable sudo for PAM RADIUS | Viacheslav Hletenko | |
Disable sudo for PAM RADIUS template that slows down the CLI commands To fix it add: session [default=ignore success=2] pam_succeed_if.so service = sudo | |||
2023-09-08 | Revert "Create build.yml" | Viacheslav Hletenko | |
This reverts commit 7a99a59b338fecd73d34819a0a95646c054a0f12. SonarCloud is not configured for now properly. Revert this commit until we confiugre all properly if we'll use it in the future. | |||
2023-09-08 | Merge pull request #2221 from sarthurdev/configtest_extend | Christian Breunig | |
smoketest: T5558: Extend configtest to allow checking of migration script results | |||
2023-09-07 | T4072: add firewall bridge filtering. First implementation only applies for ↵ | Nicolas Fort | |
forward chain and few matchers. Should be extended in the future. | |||
2023-09-07 | smoketest: T5558: Extend configtest to allow checking of migration script ↵ | sarthurdev | |
results | |||
2023-09-07 | config-mgmt: T5556: fix bug in revision to archive update | John Estabrook | |
2023-09-07 | Merge pull request #2216 from jestabro/ext-dependency | Christian Breunig | |
T5412: Add support for extending config-mode dependencies in add-on packages | |||
2023-09-07 | Merge pull request #2217 from sarthurdev/T5555 | Christian Breunig | |
system: T5555: Fix time-zone migrator changing valid time-zones to UTC | |||
2023-09-07 | system: T5555: Fix time-zone migrator changing valid time-zones to UTC | sarthurdev | |
2023-09-06 | conf-mode: T5412: move dependency check from smoketest to nosetest | John Estabrook | |
2023-09-06 | conf-mode: T5412: add script for add-on package check of dependencies | John Estabrook | |
2023-09-06 | conf-mode: T5412: add support for supplemental dependency definitions | John Estabrook | |
Add support for defining config-mode dependencies in add-on packages. | |||
2023-09-06 | Merge pull request #2199 from sarthurdev/T4309 | Christian Breunig | |
conntrack: T4309: T4903: Refactor `system conntrack ignore`, add IPv6 support and firewall groups | |||
2023-09-06 | Merge pull request #2205 from sever-sever/T5489 | Christian Breunig | |
T5489: Add sysctl TCP congestion control by default to BBR | |||
2023-09-06 | Merge pull request #2206 from sever-sever/T5423 | Christian Breunig | |
T5423: Fix for op-mode show vpn ike secrets | |||
2023-09-06 | Merge pull request #2208 from sarthurdev/T5550 | Christian Breunig | |
interface: T5550: Interface source-validation priority over global value | |||
2023-09-06 | Merge pull request #2211 from jestabro/bug-config-mgmt | Christian Breunig | |
config-mgmt: T5353: normalize archive updates and commit log entries | |||
2023-09-05 | config-mgmt: T5353: after updated save-config, one can include init rev | John Estabrook | |
The legacy config-mgmt/save-config tools had an abiding bug that would raise an error if comparing/reading the init archive; this is no longer an issue. | |||
2023-09-05 | config-mgmt: T5353: correct update check during boot | John Estabrook | |
2023-09-05 | config-mgmt: T5353: only add log entry if archiving | John Estabrook | |
2023-09-05 | Merge pull request #2204 from sever-sever/T5480 | John Estabrook | |
T5480: Ability to disable SNMP for keepalived service VRRP | |||
2023-09-05 | T5533: Fix for vrrp dict key if virtual-server is used | Viacheslav Hletenko | |
When using `virtual-server` alongside Keepalived, there can be situations where the `vrrp` key is completely unused. | |||
2023-09-05 | firewall: T3509: Split IPv4 and IPv6 reverse path filtering like on interfaces | sarthurdev | |
2023-09-05 | interface: T5550: Interface source-validation priority over global value | sarthurdev | |
- Migrate IPv4 source-validation to nftables - Interface source-validation value takes priority, fallback to global value | |||
2023-09-05 | save-config: T5551: check if None before write, as is the case at boot | John Estabrook | |
2023-09-05 | Merge pull request #2202 from sever-sever/T5548 | Christian Breunig | |
T5548: Fix load-balancing reverse-proxy timeouts | |||
2023-09-05 | Merge pull request #2203 from sever-sever/T2958 | Christian Breunig | |
T2958: Fix path for leases to config directory | |||
2023-09-05 | Merge branch 'netns' into current | Christian Breunig | |
* netns: smoketest: T5241: re-work netns assertions and provide common utility helper netns: T5241: simplify network namespace handling netns: T5241: improve get_interface_namespace() robustness netns: T5241: use common interface_exists() helper netns: T5241: provide is_netns_interface utility helper T5241: Support netns for veth and dummy interfaces | |||
2023-09-05 | smoketest: T5241: re-work netns assertions and provide common utility helper | Christian Breunig | |
2023-09-05 | netns: T5241: simplify network namespace handling | Christian Breunig | |
2023-09-05 | T5423: Fix for op-mode show vpn ike secrets | Viacheslav Hletenko | |
We don't use ipsec.secrets anymore Fix op-mode for "show vpn ike secrets". Ability to get "RAW" format | |||
2023-09-05 | T5489: Add sysctl TCP congestion control by default to BBR | Viacheslav Hletenko | |
Add by default sysctl TCP congestion control to BBR. Default value `cubic` is not optimal. net.core.default_qdisc=fq net.ipv4.tcp_congestion_control=bbr | |||
2023-09-05 | T5480: Ability to disable SNMP for keepalived service VRRP | Viacheslav Hletenko | |
By default we enable `--snmp` for keepalived unit service Add ability to disable it set high-availability vrrp disable-snmp | |||
2023-09-05 | T2958: Fix path for leases to config directory | Viacheslav Hletenko | |
The leases path should be in `/config` directory to save leases between reboots. The typo was in this commit c07055258b853de641d2a1353582800b24c514d2 Before this the idea was to get leases from `/run` directory only for livecd images. But then we added `/config` directory for livecd. PR was modified and incorrect variable directory `/run` was used. Fix it. | |||
2023-09-05 | T5548: Fix load-balancing reverse-proxy timeouts | Viacheslav Hletenko | |
By default haproxy uses timeouts in millisecond but we set timeouts in seconds from CLI Fix template to use 'seconds' units | |||
2023-09-05 | Merge pull request #2184 from sever-sever/T2958 | Christian Breunig | |
T2958: Refactor DHCP-server systemd unit and lease | |||
2023-09-05 | Merge pull request #2188 from nicolas-fort/T5496 | Christian Breunig | |
T5496: multiple fixes for op-mode command <show firewall> | |||
2023-09-04 | T5496: Change src and|or destination wildcard for any, which still makes it ↵ | Nicolas Fort | |
easy to read, and we get uniform output for both families, and will look the same when working with inet family in the future. Fix output of geo-ip matchers. Fix output for default-action rules: display N/A for counters in base chains, since they are not available.Change from N/A to N/D for empty groups, and for groups which found no reference in config | |||
2023-09-04 | Merge pull request #2201 from dmbaturin/T671-show-dmi | Christian Breunig | |
T671: call dmidecode directly in "show hardware dmi" | |||
2023-09-04 | T671: call dmidecode directly in "show hardware dmi" | Daniil Baturin | |
The old script isn't doing much, in fact, it's much less informative than actual dmidecode | |||
2023-09-04 | T2958: Refactor DHCP-server systemd unit and lease | Viacheslav Hletenko | |
Render isc-dhcp-server systemd unit from configuration | |||
2023-09-04 | nat: T1877: Fix typo in nat ConfigError | sarthurdev | |
2023-09-04 | conntrack: T4309: Add `conntrack ignore` smoketest | sarthurdev | |
2023-09-04 | conntrack: T4309: T4903: Refactor `system conntrack ignore` rule generation, ↵ | sarthurdev | |
add IPv6 support and firewall groups | |||
2023-09-04 | Merge pull request #2192 from sever-sever/T5533vyos/1.5dev0 | zdc | |
T5533: Fix VRRP IPv6 group enters in FAULT state | |||
2023-09-04 | T5533: Fix VRRP IPv6 group enters in FAULT state | Viacheslav Hletenko | |
Checks if an IPv6 address on a specific network interface is in the tentative state. IPv6 tentative addresses are not fully configured and are undergoing Duplicate Address Detection (DAD) to ensure they are unique on the network. inet6 2001:db8::3/125 scope global tentative It tentative state the group enters in FAULT state. Fix it |