summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-01-09Merge pull request #1142 from sever-sever/T4150Christian Poessinger
keepalived: T4150: Fix template option conntrack_sync_group
2022-01-09Merge pull request #1145 from sever-sever/T4152Christian Poessinger
nhrp: T4152: Fix template holding-time for nhrp
2022-01-09nhrp: T4152: Fix template holding-time for nhrpViacheslav
Add missed 'holding-time' option for shortcut-target address
2022-01-08keepalived: T4150: Fix template option conntrack_sync_groupViacheslav
conntrack_sync_group option not under 'vrrp' section but part of high-avalability dictionary
2022-01-07xml: nat: use generic bulding block for rule descriptionChristian Poessinger
2022-01-07xml: firewall: T4130: add protocol completion helper all and tcp_udpChristian Poessinger
2022-01-07Debian: T4133: add required nfct package dependencyChristian Poessinger
2022-01-06https: T4146: do not listen on port 80John Estabrook
2022-01-06Merge pull request #1139 from sarthurdev/firewallChristian Poessinger
firewall: zone-policy: T4133: Prevent firewall from trying to clean-up zone-policy chains
2022-01-06vrrp: T4141: bugfix missing {% if %} clause when adding sync-groupsChristian Poessinger
2022-01-05config: T3785: drop restriction to ascii in decodeJohn Estabrook
Following the update to vyos1x-config, commit 64263617, UTF-8 characters are supported within the config file, hence in the output of showConfig.
2022-01-05firewall: zone-policy: T4133: Prevent firewall from trying to clean-up ↵sarthurdev
zone-policy chains * Prevent firewall names from using the reserved VZONE prefix
2022-01-05Merge pull request #1138 from sever-sever/T4142John Estabrook
op-mode: T4142: Fix for show input ifbX interfaces
2022-01-05op-mode: T4142: Fix for show input ifbX interfacesViacheslav
Ability to see interface type "input" ifbX from op-mode
2022-01-05Merge pull request #1137 from sarthurdev/currentChristian Poessinger
keepalived: T4109: Update configd-include.json to reflect filename change
2022-01-05keepalived: T4109: Update configd-include.json to reflect filename changesarthurdev
2022-01-05Merge pull request #1136 from sarthurdev/firewallChristian Poessinger
zone-policy: T4135: Raise error when using an invalid "from" zone.
2022-01-05zone-policy: T4135: Raise error when using an invalid "from" zone.sarthurdev
2022-01-05Merge pull request #1135 from sarthurdev/currentChristian Poessinger
smoketest: shim: Optimise speed of `lsof` command
2022-01-05Merge pull request #1134 from sarthurdev/firewallChristian Poessinger
firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and zone-policy
2022-01-05smoketest: shim: Optimise speed of `lsof` commandsarthurdev
2022-01-05firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and ↵sarthurdev
zone-policy
2022-01-04Merge pull request #1131 from sever-sever/T4132Christian Poessinger
firewall: T4132: Fix for op-mode show firewall group
2022-01-04Merge pull request #1132 from sever-sever/T4134Christian Poessinger
firewall: T4134: Fix completion help for protocols
2022-01-04Merge pull request #1121 from sever-sever/T4109Christian Poessinger
keepalived: T4109: Add high-availability virtual-server
2022-01-04firewall: T4134: Fix completion help for protocolsViacheslav
2022-01-04firewall: T4132: Fix for op-mode show firewall groupViacheslav
After firewall rewriting there is impossible to show a specific firewall group, this commit fixes it. Add tagNode and completion help for op-mode firewall group
2022-01-04keepalived: T4109: Add high-availability virtual-serverViacheslav
Add new feature, high-availability virtual-server Change XML, python and templates Move vrrp to root node 'high-availability' as all logic are handler by root node 'high-availability'
2022-01-04Merge pull request #1130 from sarthurdev/firewallChristian Poessinger
firewall: T4130: Fix firewall state-policy errors
2022-01-04firewall: T4130: Add state-policy test to firewall smoketestsarthurdev
2022-01-04firewall: T4130: Fix firewall state-policy errorssarthurdev
Also fixes: * Issue with multiple state-policy rules being created on firewall updates * Prevents interface rules being inserted before state-policy
2022-01-03keepalived: T4128: add missing keepalived.service fileChristian Poessinger
2022-01-03keepalived: T4128: add systemd option Type=simpleChristian Poessinger
Without this option systemd startup will hit a timeout and the kill keepalived again.
2022-01-03test: vyos.validate: also test interface identifier in is_ipv6_link_local()Christian Poessinger
2022-01-03Merge pull request #1018 from sever-sever/T3872Christian Poessinger
monitoring: T3872: Add a new feature service monitoring
2022-01-03monitoring: T3872: Add a new feature service monitoring telegrafViacheslav
2022-01-03Merge pull request #1124 from sever-sever/T4110Christian Poessinger
listen-address: T4110: Ability to set IPv6 link-local addresses
2022-01-03listen-address: T4110: Ability to set IPv6 link-local addressesViacheslav
Some services allows to set link-local IPv6 addresses as listen-address. Allow it and add a validator 'ipv6-link-local' and extend listen-address.xml.i to this validator
2022-01-01nat: T2199: rename iptables -> nftables variable prefixChristian Poessinger
2021-12-31Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into currentChristian Poessinger
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python
2021-12-31smoketest: ipsec: T4126: verify configured priorityChristian Poessinger
2021-12-31smoketest: ipsec: make use of setUpClass()Christian Poessinger
2021-12-31Merge pull request #1129 from sever-sever/T4126Christian Poessinger
ipsec: T4126: Ability to set priorities for installed policy
2021-12-31ipsec: T4126: Ability to set priorities for installed policyViacheslav
Add priority for policy based IPSec VPN tunnels If 2 tunnels have the same pair of local and remote traffic selectors (prefixes) it allows to set more preforable install policy from required peer The lowest priority is more preforable
2021-12-31firewall: xml: T4100: increase maximum number of rules to 999999Christian Poessinger
2021-12-31snmp: T4124: remove snmp.py from vyos-configdChristian Poessinger
Commit 566f7f24 ("snmp: T4124: migrate to get_config_dict()") changed the internal structure to support vyos-configd. When using SNMPv3 we need to alter the running config by replacing the plaintext-password with an encrypted one, this is not allowed with vyos-configd.
2021-12-30smoketest: snmp: T4124: locally connect to SNMP service and retrieve dataChristian Poessinger
2021-12-30snmp: T4124: migrate to get_config_dict()Christian Poessinger
2021-12-30Merge pull request #1128 from zdc/T4121-sagittaKim
dhclient: T4121: Fixed resolv.conf generation at early boot stage
2021-12-30dhclient: T4121: Fixed resolv.conf generation at early boot stagezsdc
In case if a CLI configuration is not available, dhclient cannot add nameservers to a `resolv.conf` file, because `vyos-hostsd` requires that an interface be listed in the `set system name-server` option. This commit introduces two changes: * `vyos-hostsd` service will not be started before Cloud-Init fetch all remote data. This is required because all meta-data should be available for Cloud-Init before any of VyOS-related services start since it is used for configuration generation. * the `vyos-hostsd-client` in the `dhclient-script` will be used only if the `vyos-hostsd` is running. In other words - if VyOS services already started, dhclient changes `resolv.conf` using `vyos-hostsd`; in other cases - does this directly. These changes should protect us from problems with DHCP during system boot if DHCP is required by third-party utils.