Age | Commit message (Collapse) | Author |
|
Co-authored-by: Gregor Michels <hirnpfirsich@brainpeach.de>
(cherry picked from commit 609563d6acfeafbed46b1ac5e6bd497ce097e3bc)
Co-authored-by: Gregor Michels <gregor.michels@web.de>
|
|
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses (backport #3487)
|
|
(cherry picked from commit e1450096b4c667a4c33a3fcd8f67ebf6a39d441d)
|
|
nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel >=5.0 (backport #3507)
|
|
>=5.0
random - In kernel 5.0 and newer this is the same as fully-random. In earlier
kernels the port mapping will be randomized using a seeded MD5 hash mix using
source and destination address and destination port.
https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454
(cherry picked from commit 7fe568ca1672f1dfbd2b56ee3ef7a6ab48b03070)
|
|
nat66: T6365: remove warnings for negated interface selections by name (backport #3505)
|
|
(cherry picked from commit 59781ff365a5e1b15ef6c4c2481f3d3815548b9d)
|
|
nat: T6365: remove warnings for negated interface selections by name (backport #3482)
|
|
vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_no (backport #3502)
|
|
and return False if the user interrupts the prompt with Ctrl-C
(cherry picked from commit 5a5dda14fd3d472680568f1792e9fbdb030f3995)
|
|
(cherry picked from commit 645c43ba60d29ca676a4323ccc5ca16c6bd8127a)
|
|
(cherry picked from commit 3870247517741ce23e2fcee8aaa1d194f0ad621b)
|
|
(cherry picked from commit 03eae30b27433055ddc10f09fc134b83e9bd6cec)
|
|
rollback-soft: T6384: tell the user to compare or commit (backport #3501)
|
|
after applying the diff
(cherry picked from commit 7bba95c8052af5b0cc5908cb9e740caa01b44161)
|
|
dhcpv6-server: T3493: adds prefix range validation and fixes typos in…
|
|
T6375: Fix/Update NAT logging (backport #3493)
|
|
T6373: QoS Policy Limiter - classes for marked traffic do not work (backport #3494)
|
|
ConfigError messages
|
|
(cherry picked from commit e50b7afc9d5b727d04933116ccf364a2b9a48c30)
|
|
Fixed broken logging for "show log nat"
Added the following commands:
show log nat source
show log nat source rule <ruleNum>
show log nat destination nat
show log nat destination nat rule <ruleNum>
show log nat static
show log nat static rule <ruleNum>
(cherry picked from commit 5cb9b84bd9ce909460d8da7f039d9371143ede6c)
|
|
op-mode: T6367: fix "force commit-archive" TypeError (backport #3489)
|
|
/usr/bin/config-mgmt requires an argument OR to be symbolically linked to
*commit-revision or *commit-archive, for which it interprets argv[0] through
the useful trickery:
https://github.com/vyos/vyos-1x/blob/current/python/vyos/config_mgmt.py#L693-L700
Traceback (most recent call last):
File "/usr/bin/config-mgmt", line 33, in <module>
sys.exit(load_entry_point('vyos==1.3.0', 'console_scripts', 'config-mgmt')())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/config_mgmt.py", line 746, in run
func = getattr(config_mgmt, args['subcommand'])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: attribute name must be string, not 'NoneType'
(cherry picked from commit 0d6e44179bae5f73d37502884194656b34b1c4f9)
|
|
T6354: do an explicit read from version file to avoid circular reference (backport #3480)
|
|
(cherry picked from commit e0105ef380f1575613982f3b43c8ea3856654208)
|
|
op mode: T6348: SNAT op-mode fails with flowtable offload entries (backport #3471)
|
|
T6354: Get rid of the custom boot type check in version.py (backport #3474)
|
|
T6358: Container config option to enable host pid (backport #3472)
|
|
(cherry picked from commit 1cba74f91a67348bc8e8ad3e2ef4325dc9f9d6e0)
|
|
(cherry picked from commit 783edc98f82f8718ccc856976d9a8f59bc6822e9)
|
|
(cherry picked from commit f5051de4fc034bd95677ef142423e59eae47cd2f)
|
|
(cherry picked from commit 240f199cdfadbc12ce713dae74c8db3af44a398c)
|
|
T6335: Add/Update EVPN op commands (backport #3458)
|
|
Converted completion helpers from python to bash for performance
Previous commit:
Added the following commands:
show evpn
show evpn es
show evpn es <es-id>
show evpn es detail
show evpn es-evi
show evpn es-evi detail
show evpn es-evi vni <num>
show evpn vni
show evpn vni detail
show evpn vni <num>
Updated the following commands:
show evpn access-vlan
show evpn arp-cache
show evpn mac
show evpn next-hops
show evpn rmac
(cherry picked from commit 3917e3e9f985063ab7419c903f6019116224f640)
|
|
Added the following commands:
show evpn
show evpn es
show evpn es <es-id>
show evpn es detail
show evpn es-evi
show evpn es-evi detail
show evpn es-evi vni <num>
show evpn vni
show evpn vni detail
show evpn vni <num>
Updated the following commands:
show evpn access-vlan
show evpn arp-cache
show evpn mac
show evpn next-hops
show evpn rmac
(cherry picked from commit c6be441c86bc8fe2e938e2bd3c85f99071cbfb49)
|
|
op mode: T4519: Show DUID instead of IAID_DUID
|
|
T5756: L2TP RADIUS backup and weight settings (backport #3450)
|
|
op mode: T6339: display build flavor and comment in "show version" (backport #3456)
|
|
op mode: T3355: remove the mention of legacy non-image installations (backport #3457)
|
|
|
|
They were never supported by VyOS,
that was just for very old systens upgraded from Vyatta Core
(cherry picked from commit d8223d50ab627d2b58e14101891bf8ffb8111234)
|
|
(cherry picked from commit 75d553932504c55e710265776e4865a238223e1f)
|
|
(cherry picked from commit cc0573a78aac4d6ac4479fdf951d151a36b88cbc)
|
|
T3420: Remove service upnp (backport #3452)
|
|
smoketest: ospf: T4739: add timeout in ldp test (backport #3454)
|
|
Remove `service upnp` as it never worked as expected, nft rules do
not integrated and custom patches do not seem like a suitable
solution for now.
Security:
UPnP has been historically associated with security risks due to its automatic
and potentially unauthenticated nature.
UPnP devices might be vulnerable to unauthorized access or exploitation.
(cherry picked from commit 7c438caa2c21101cbefc2eec21935ab55af19c46)
|
|
(cherry picked from commit fbc846725d7d581f54b2db48a584e4580be3ad00)
|
|
ethernet: T6306: add support for EVPN MH uplink/core tracking (backport #3447)
|
|
When all the underlay links go down the PE no longer has access to the VxLAN
+overlay.
To prevent blackholing of traffic the server/ES links are protodowned on the PE.
A link can be setup for uplink tracking via the following configuration:
set interfaces ethernet eth0 evpn uplink
(cherry picked from commit 5565f27d15c5e7378e94aae8db8a894a12e25d7b)
|
|
T6329: firewall: add a patch for op-mode command <show firewall group> (backport #3442)
|