summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-05-30vyos.ifconfig: T6421: verify /etc/hostname exists before readingChristian Breunig
Inspired-By: Brandon Zhi <Huiyuze_Zhi@protonmail.com>
2024-05-30hostname: T6421: enforce explicit CLI priority for host-name and domain-nameChristian Breunig
To prevent any possible races in the future the host-name and domain-name nodes should be set with explicit priorities!
2024-05-29nat: T6371: fix op mode display of configured ports when comma separated ↵Ginko
list of ports/ranges exists Before: Issuing the op mode command "show nat source rules" will throw an exception if the user has configured NAT rules using a list of ports as a comma-separated list (e.g. '!22,telnet,http,123,1001-1005'). Also there was no handling for the "!" rule and so '!53' would display as '53'. With this PR: Introduced iteration to capture all configured ports and append to the appropriate string for display to the user as well as handling of '!' if present in user's configuration.
2024-05-29Merge pull request #3543 from sever-sever/T6415-fixChristian Breunig
T6415: Fix variables for repo sync
2024-05-29Merge pull request #3541 from dmbaturin/T6374-openvpn-s2s-tls-validation-fixChristian Breunig
openvpn: T6374: only check TLS role for s2s if TLS is configured
2024-05-29T6415: Fix variables for repo syncViacheslav Hletenko
2024-05-29openvpn: T6374: only check TLS role for s2s if TLS is configuredDaniil Baturin
2024-05-29Merge pull request #3540 from sever-sever/T6415-reuseDaniil Baturin
T6349: Reuse repo sync
2024-05-29T6349: Reuse repo syncViacheslav Hletenko
2024-05-29Merge pull request #3534 from sever-sever/T6411Daniil Baturin
T6411: CGNAT fix sequences for external address ranges
2024-05-29Merge pull request #3537 from fett0/T6332Christian Breunig
ISIS: T6332: Fix isis not working only ipv6
2024-05-29ISIS: T6332: Fix isis not working only ipv6fett0
2024-05-28Merge pull request #3528 from dmbaturin/T6374-openvpn-s2s-tls-validationChristian Breunig
openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS
2024-05-28Merge pull request #3533 from natali-rs1985/T6389-currentJohn Estabrook
op_mode: T6389: Check architecture and flavor compatibility on upgrade attempts
2024-05-28Merge pull request #3529 from HollyGurza/T5786Christian Breunig
T5786: Add set/show system image to /image endpoint
2024-05-28container: T6406: add CLI option for cpu-quotaChristian Breunig
2024-05-28T6411: CGNAT fix sequences for external address rangesViacheslav Hletenko
Fix the bug where address external alocation was not rely on sequences of the external IP addresses (if set)
2024-05-28op mode: T6389: Check architecture and flavor compatibility on upgrade attemptsNataliia Solomko
2024-05-28T6406: rename cpus to cpuNicolas Vollmar
2024-05-28T6406: add container cpu limit optionNicolas Vollmar
2024-05-27T6406: check for required kernel configNicolas Vollmar
2024-05-27T5786: Add set/show system image to /image endpointkhramshinr
2024-05-27openvpn: T6374: ensure that TLS role is configured for site-to-site with TLSDaniil Baturin
2024-05-27Merge pull request #3522 from c-po/smoketest-NOIOMMUChristian Breunig
smoketest: T6395: check for VFIO options to be present
2024-05-27Merge pull request #3523 from Embezzle/T6402Christian Breunig
reverse-proxy: T6402: Fix invalid checks in validation script
2024-05-26reverse-proxy: T6402: Fix invalid checks in validation scriptAlex W
2024-05-26smoketest: T6395: check for VFIO options to be presentChristian Breunig
2024-05-26Merge pull request #3517 from c-po/pki-t6377Christian Breunig
op-mode: T6377: must call pki.py helper as root to work with ACME certificates
2024-05-26Merge pull request #3518 from c-po/pki-t6400Christian Breunig
op-mode: T6400: pki: unable to generate fingerprint for ACME issued certificates
2024-05-25op-mode: T6400: pki: unable to generate fingerprint for ACME issued certificatesChristian Breunig
This fixes (for and ACME generated certificate) vyos@vyos:~$ show pki certificate vyos fingerprint sha512 Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/pki.py", line 1081, in <module> show_certificate_fingerprint(args.certificate, args.fingerprint) File "/usr/libexec/vyos/op_mode/pki.py", line 934, in show_certificate_fingerprint print(get_certificate_fingerprint(cert, hash)) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/pki.py", line 76, in get_certificate_fingerprint fp = cert.fingerprint(hash_algorithm) ^^^^^^^^^^^^^^^^ AttributeError: 'bool' object has no attribute 'fingerprint' After the fix: vyos@vyos# run show pki certificate vyos fingerprint sha256 10:2C:EF:2C:DA:7A:EE:C6:D7:8E:53:12:F0:F5:DE:B9:E9:D0:6C:B4:49:1C:8B:70:2B:D9:AF:FC:9B:75:A3:D2
2024-05-25op-mode: T6377: must call pki.py helper as root to work with ACME certificatesChristian Breunig
This fixes the error: vyos@vyos:~$ show pki certificate Traceback (most recent call last): File "/usr/lib/python3/dist-packages/vyos/config.py", line 111, in config_dict_mangle_acme tmp = read_file(f'{vyos_certbot_dir}/live/{name}/cert.pem') ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 44, in read_file raise e File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 38, in read_file with open(fname, 'r') as f: ^^^^^^^^^^^^^^^^ PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/vyos/cert.pem'
2024-05-24load-balancing haproxy: T6391: fix typo in timeout help (#3513)Gregor Michels
Co-authored-by: Gregor Michels <hirnpfirsich@brainpeach.de>
2024-05-23Merge pull request #3399 from 0xThiebaut/suricataChristian Breunig
suricata: T751: Initial support for suricata
2024-05-23suricata: T751: use key_mangling in get_config_dict()Christian Breunig
2024-05-23suricata: T751: remove implicit default dictionaryChristian Breunig
2024-05-23suricata: T751: move CLI from "service ids suricata" -> "service suricata"Christian Breunig
2024-05-23Merge pull request #3487 from Embezzle/T6370Christian Breunig
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses
2024-05-23Merge pull request #3507 from c-po/nat-T6345Daniil Baturin
nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel >=5.0
2024-05-23Merge pull request #3505 from c-po/nat66-T6365Daniil Baturin
nat66: T6365: remove warnings for negated interface selections by name
2024-05-23dhcpv6-server: T6381: fix typos in select ConfigError messages in VyOS ↵Ginko
current (#3508)
2024-05-22nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel ↵Christian Breunig
>=5.0 random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454
2024-05-22Merge pull request #3502 from dmbaturin/T6385-yes-no-ctrl-cChristian Breunig
vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_no
2024-05-22nat66: T6365: remove warnings for negated interface selections by nameChristian Breunig
2024-05-22Merge pull request #3482 from alryaz/patch-1Christian Breunig
nat: T6365: remove warnings for negated interface selections by name
2024-05-22nat: T6365: use interface_exists() over netifaces.interfaces()Christian Breunig
2024-05-22nat: T6365: use string startswith() over [0] index accessChristian Breunig
2024-05-22nat: T6365: remove warnings for negated interface selections by nameRyazanov Alexander Mihailovich
2024-05-22Merge pull request #3500 from vyos/feature/T6378-remove-labeler-ymlChristian Breunig
T6378: remove labler yml as it is kept in reusable workflow repo
2024-05-22Merge pull request #3501 from dmbaturin/T6384-rollback-soft-helpJohn Estabrook
rollback-soft: T6384: tell the user to compare or commit
2024-05-22vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_noDaniil Baturin
and return False if the user interrupts the prompt with Ctrl-C