summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-03-16ocserv: T4231: Added OTP support for Openconnect 2FAgoodNETnick
2022-01-29Merge pull request #1195 from hensur/current-ipv6-local-routeChristian Poessinger
policy: T4151: bugfix multiple commits and smoketest
2022-01-29Merge pull request #1197 from sarthurdev/T4178_1Christian Poessinger
firewall: T4178: Fix dict_keys issue with tcp flags
2022-01-30Merge pull request #789 from jack9603301/T3420Daniil Baturin
upnpd: T3420: Support UPNP protocol
2022-01-29policy: T4151: bugfix smoketestHenning Surmeier
.sort() is an inplace operation and return None...
2022-01-29firewall: T4178: Fix dict_keys issue with tcp flagssarthurdev
2022-01-28dhclient: T3392: remove /usr/sbin prefix from iproute2 ip commandChristian Poessinger
2022-01-28firewall: T4217: install protocol tcp_udp if port group does not use a protocolChristian Poessinger
2022-01-28policy: T4151: remove all previous rules on editHenning Surmeier
2022-01-27Merge pull request #1194 from sarthurdev/T4213Christian Poessinger
policy: T4213: Fix rule creation/deletion for IPv6 policy routes
2022-01-27policy: T4213: Fix rule creation/deletion for IPv6 policy routessarthurdev
2022-01-27Merge pull request #1190 from sever-sever/T4194Christian Poessinger
policy: T4194: Add prefix-list duplication checks
2022-01-27Merge pull request #1193 from sarthurdev/T4178Christian Poessinger
firewall: T4178: Fix tcp flags output when `not` isn't used
2022-01-27firewall: T4178: Fix tcp flags output when `not` isn't usedsarthurdev
2022-01-26Merge pull request #1191 from sever-sever/T4138Christian Poessinger
nat: T4138: Add port-range validation for NAT
2022-01-26Merge pull request #1192 from sarthurdev/T4212Christian Poessinger
pki: T4212: Catch `install_into_config` errors and output for manual command entry
2022-01-26pki: T4212: Catch `install_into_config` errors and output for manual command ↵sarthurdev
entry
2022-01-25nat: T4138: Add port-range validation for NATViacheslav Hletenko
Add port-validators for NAT rules that prevent to set incorrect port-ranges (21-5) and incorrect ports (70000)
2022-01-25Merge pull request #1189 from sever-sever/T3872Christian Poessinger
monitoring: T3872: Delete iptables input plugin as we use nft
2022-01-25policy: T4194: Add prefix-list duplication checksViacheslav Hletenko
Prefix-list should not be duplicatied as FRR doesn't accept it One option when it can be duplicated when it uses "le" or "ge"
2022-01-25monitoring: T3872: Delete iptables input plugin as we use nftViacheslav
Telegraf inputs iptables plugin incompatible with nftables As it tries to get statistics from "iptables -L -n -v" which doesnt display required data in 1.4 as we don't use iptables anymore
2022-01-25Merge pull request #1188 from sever-sever/T4205Christian Poessinger
sshd: T4205: Hide extra version suffix "Debian"
2022-01-25sshd: T4205: Hide extra version suffix "Debian"Viacheslav Hletenko
Disable distribution-specified extra version suffix is included during initial protocol handshake SSH-2.0-OpenSSH_8.4p1 Debian-5 => SSH-2.0-OpenSSH_8.4p1
2022-01-22Merge pull request #1186 from nicolas-fort/T4153Christian Poessinger
bandwidth-test: T4153: Fixed bandwidth-test initiate
2022-01-22bandwidth-test: T4153: Fixed bandwidth-test initiate, which was not working ↵Nicolas Fort
with ipv4
2022-01-22Merge pull request #1184 from sarthurdev/firewall_icmpChristian Poessinger
firewall: T4130: T4186: ICMP/v6 updates, ipv6 state policy check fix
2022-01-21Firewall: T4186: Adding icmpv6 corrections, in corcondancy of what was done ↵Nicolas Fort
for icmp
2022-01-21Firewall: T4186: typo correction on address-mask-reply descriptionNicolas Fort
2022-01-21Firewall: T4186: Correct icmp type-name options for firewall rulesNicolas Fort
2022-01-21firewall: T2199: Verify correct ICMP protocol for ipv4/ipv6sarthurdev
2022-01-21firewall: T4186: ICMP/v6 migrationssarthurdev
2022-01-21firewall: T4130: Use correct table to check for state policy rulesarthurdev
2022-01-21Merge pull request #1183 from hensur/current-ipv6-local-routeChristian Poessinger
policy: T4151: Bugfix policy ipv6-local-route
2022-01-21policy: T4151: Bugfix policy ipv6-local-routeHenning Surmeier
2022-01-21Merge pull request #1180 from goodNETnick/dhcp-client-prefixChristian Poessinger
DHCP: T4196: fix client-prefix-length parameter
2022-01-20DHCP: T4196: fix client-prefix-length parametergoodNETnick
2022-01-20Merge pull request #1182 from jestabro/migrate-while-udevChristian Poessinger
interface-names: T3871: use tempfile during virtual migration
2022-01-20Merge pull request #1181 from sarthurdev/firewallChristian Poessinger
firewall: T2199: Add log prefix to match legacy perl behaviour
2022-01-20interface-names: T3871: use tempfile during virtual migrationJohn Estabrook
Use tempfile to avoid race conditions during virtual migration.
2022-01-20Merge pull request #1144 from hensur/current-ipv6-local-routeChristian Poessinger
policy: T4151: Add policy ipv6-local-route
2022-01-20firewall: T2199: Add log prefix to match legacy perl behavioursarthurdev
Example syslog: [FWNAME-default-D] ... * Also clean-up firewall default-action
2022-01-19Merge pull request #1177 from sarthurdev/mac_groupsChristian Poessinger
firewall: T3560: Add support for MAC address groups
2022-01-19Merge pull request #1176 from sarthurdev/firewallChristian Poessinger
firewall: T1292: T2199: Cleanup rules used by chain to be deleted, check if chain in use by zone-policy
2022-01-19Merge pull request #1179 from fett0/T4195Christian Poessinger
OSPF : T4195: ability to set maximum paths for OSPF
2022-01-19OSPF : T4195: ability to set maximum paths for OSPFfett0
2022-01-18firewall: T2199: Raise ConfigError if deleted node is used in zone-policysarthurdev
2022-01-18firewall: policy: T1292: Clean up any rules required to delete a chainsarthurdev
2022-01-18firewall: T3560: Add support for MAC address groupssarthurdev
2022-01-18Merge pull request #1178 from sarthurdev/firewall_T4188Christian Poessinger
firewall: T4188: Create default conntrack `FW_CONNTRACK` chain
2022-01-18firewall: T4188: Create default conntrack `FW_CONNTRACK` chainsarthurdev
This chain was missing from the XML/Python rewrite thus all traffic fell through to the `notrack` rule.