Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-05-30 | vyos.ifconfig: T6421: verify /etc/hostname exists before reading | Christian Breunig | |
Inspired-By: Brandon Zhi <Huiyuze_Zhi@protonmail.com> | |||
2024-05-30 | hostname: T6421: enforce explicit CLI priority for host-name and domain-name | Christian Breunig | |
To prevent any possible races in the future the host-name and domain-name nodes should be set with explicit priorities! | |||
2024-05-29 | nat: T6371: fix op mode display of configured ports when comma separated ↵ | Ginko | |
list of ports/ranges exists Before: Issuing the op mode command "show nat source rules" will throw an exception if the user has configured NAT rules using a list of ports as a comma-separated list (e.g. '!22,telnet,http,123,1001-1005'). Also there was no handling for the "!" rule and so '!53' would display as '53'. With this PR: Introduced iteration to capture all configured ports and append to the appropriate string for display to the user as well as handling of '!' if present in user's configuration. | |||
2024-05-29 | Merge pull request #3543 from sever-sever/T6415-fix | Christian Breunig | |
T6415: Fix variables for repo sync | |||
2024-05-29 | Merge pull request #3541 from dmbaturin/T6374-openvpn-s2s-tls-validation-fix | Christian Breunig | |
openvpn: T6374: only check TLS role for s2s if TLS is configured | |||
2024-05-29 | T6415: Fix variables for repo sync | Viacheslav Hletenko | |
2024-05-29 | openvpn: T6374: only check TLS role for s2s if TLS is configured | Daniil Baturin | |
2024-05-29 | Merge pull request #3540 from sever-sever/T6415-reuse | Daniil Baturin | |
T6349: Reuse repo sync | |||
2024-05-29 | T6349: Reuse repo sync | Viacheslav Hletenko | |
2024-05-29 | Merge pull request #3534 from sever-sever/T6411 | Daniil Baturin | |
T6411: CGNAT fix sequences for external address ranges | |||
2024-05-29 | Merge pull request #3537 from fett0/T6332 | Christian Breunig | |
ISIS: T6332: Fix isis not working only ipv6 | |||
2024-05-29 | ISIS: T6332: Fix isis not working only ipv6 | fett0 | |
2024-05-28 | Merge pull request #3528 from dmbaturin/T6374-openvpn-s2s-tls-validation | Christian Breunig | |
openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS | |||
2024-05-28 | Merge pull request #3533 from natali-rs1985/T6389-current | John Estabrook | |
op_mode: T6389: Check architecture and flavor compatibility on upgrade attempts | |||
2024-05-28 | Merge pull request #3529 from HollyGurza/T5786 | Christian Breunig | |
T5786: Add set/show system image to /image endpoint | |||
2024-05-28 | container: T6406: add CLI option for cpu-quota | Christian Breunig | |
2024-05-28 | T6411: CGNAT fix sequences for external address ranges | Viacheslav Hletenko | |
Fix the bug where address external alocation was not rely on sequences of the external IP addresses (if set) | |||
2024-05-28 | op mode: T6389: Check architecture and flavor compatibility on upgrade attempts | Nataliia Solomko | |
2024-05-28 | T6406: rename cpus to cpu | Nicolas Vollmar | |
2024-05-28 | T6406: add container cpu limit option | Nicolas Vollmar | |
2024-05-27 | T6406: check for required kernel config | Nicolas Vollmar | |
2024-05-27 | T5786: Add set/show system image to /image endpoint | khramshinr | |
2024-05-27 | openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS | Daniil Baturin | |
2024-05-27 | Merge pull request #3522 from c-po/smoketest-NOIOMMU | Christian Breunig | |
smoketest: T6395: check for VFIO options to be present | |||
2024-05-27 | Merge pull request #3523 from Embezzle/T6402 | Christian Breunig | |
reverse-proxy: T6402: Fix invalid checks in validation script | |||
2024-05-26 | reverse-proxy: T6402: Fix invalid checks in validation script | Alex W | |
2024-05-26 | smoketest: T6395: check for VFIO options to be present | Christian Breunig | |
2024-05-26 | Merge pull request #3517 from c-po/pki-t6377 | Christian Breunig | |
op-mode: T6377: must call pki.py helper as root to work with ACME certificates | |||
2024-05-26 | Merge pull request #3518 from c-po/pki-t6400 | Christian Breunig | |
op-mode: T6400: pki: unable to generate fingerprint for ACME issued certificates | |||
2024-05-25 | op-mode: T6400: pki: unable to generate fingerprint for ACME issued certificates | Christian Breunig | |
This fixes (for and ACME generated certificate) vyos@vyos:~$ show pki certificate vyos fingerprint sha512 Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/pki.py", line 1081, in <module> show_certificate_fingerprint(args.certificate, args.fingerprint) File "/usr/libexec/vyos/op_mode/pki.py", line 934, in show_certificate_fingerprint print(get_certificate_fingerprint(cert, hash)) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/pki.py", line 76, in get_certificate_fingerprint fp = cert.fingerprint(hash_algorithm) ^^^^^^^^^^^^^^^^ AttributeError: 'bool' object has no attribute 'fingerprint' After the fix: vyos@vyos# run show pki certificate vyos fingerprint sha256 10:2C:EF:2C:DA:7A:EE:C6:D7:8E:53:12:F0:F5:DE:B9:E9:D0:6C:B4:49:1C:8B:70:2B:D9:AF:FC:9B:75:A3:D2 | |||
2024-05-25 | op-mode: T6377: must call pki.py helper as root to work with ACME certificates | Christian Breunig | |
This fixes the error: vyos@vyos:~$ show pki certificate Traceback (most recent call last): File "/usr/lib/python3/dist-packages/vyos/config.py", line 111, in config_dict_mangle_acme tmp = read_file(f'{vyos_certbot_dir}/live/{name}/cert.pem') ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 44, in read_file raise e File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 38, in read_file with open(fname, 'r') as f: ^^^^^^^^^^^^^^^^ PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/vyos/cert.pem' | |||
2024-05-24 | load-balancing haproxy: T6391: fix typo in timeout help (#3513) | Gregor Michels | |
Co-authored-by: Gregor Michels <hirnpfirsich@brainpeach.de> | |||
2024-05-23 | Merge pull request #3399 from 0xThiebaut/suricata | Christian Breunig | |
suricata: T751: Initial support for suricata | |||
2024-05-23 | suricata: T751: use key_mangling in get_config_dict() | Christian Breunig | |
2024-05-23 | suricata: T751: remove implicit default dictionary | Christian Breunig | |
2024-05-23 | suricata: T751: move CLI from "service ids suricata" -> "service suricata" | Christian Breunig | |
2024-05-23 | Merge pull request #3487 from Embezzle/T6370 | Christian Breunig | |
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses | |||
2024-05-23 | Merge pull request #3507 from c-po/nat-T6345 | Daniil Baturin | |
nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel >=5.0 | |||
2024-05-23 | Merge pull request #3505 from c-po/nat66-T6365 | Daniil Baturin | |
nat66: T6365: remove warnings for negated interface selections by name | |||
2024-05-23 | dhcpv6-server: T6381: fix typos in select ConfigError messages in VyOS ↵ | Ginko | |
current (#3508) | |||
2024-05-22 | nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel ↵ | Christian Breunig | |
>=5.0 random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454 | |||
2024-05-22 | Merge pull request #3502 from dmbaturin/T6385-yes-no-ctrl-c | Christian Breunig | |
vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_no | |||
2024-05-22 | nat66: T6365: remove warnings for negated interface selections by name | Christian Breunig | |
2024-05-22 | Merge pull request #3482 from alryaz/patch-1 | Christian Breunig | |
nat: T6365: remove warnings for negated interface selections by name | |||
2024-05-22 | nat: T6365: use interface_exists() over netifaces.interfaces() | Christian Breunig | |
2024-05-22 | nat: T6365: use string startswith() over [0] index access | Christian Breunig | |
2024-05-22 | nat: T6365: remove warnings for negated interface selections by name | Ryazanov Alexander Mihailovich | |
2024-05-22 | Merge pull request #3500 from vyos/feature/T6378-remove-labeler-yml | Christian Breunig | |
T6378: remove labler yml as it is kept in reusable workflow repo | |||
2024-05-22 | Merge pull request #3501 from dmbaturin/T6384-rollback-soft-help | John Estabrook | |
rollback-soft: T6384: tell the user to compare or commit | |||
2024-05-22 | vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_no | Daniil Baturin | |
and return False if the user interrupts the prompt with Ctrl-C |