Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-01-09 | Merge pull request #1142 from sever-sever/T4150 | Christian Poessinger | |
keepalived: T4150: Fix template option conntrack_sync_group | |||
2022-01-09 | Merge pull request #1145 from sever-sever/T4152 | Christian Poessinger | |
nhrp: T4152: Fix template holding-time for nhrp | |||
2022-01-09 | nhrp: T4152: Fix template holding-time for nhrp | Viacheslav | |
Add missed 'holding-time' option for shortcut-target address | |||
2022-01-08 | keepalived: T4150: Fix template option conntrack_sync_group | Viacheslav | |
conntrack_sync_group option not under 'vrrp' section but part of high-avalability dictionary | |||
2022-01-07 | xml: nat: use generic bulding block for rule description | Christian Poessinger | |
2022-01-07 | xml: firewall: T4130: add protocol completion helper all and tcp_udp | Christian Poessinger | |
2022-01-07 | Debian: T4133: add required nfct package dependency | Christian Poessinger | |
2022-01-06 | https: T4146: do not listen on port 80 | John Estabrook | |
2022-01-06 | Merge pull request #1139 from sarthurdev/firewall | Christian Poessinger | |
firewall: zone-policy: T4133: Prevent firewall from trying to clean-up zone-policy chains | |||
2022-01-06 | vrrp: T4141: bugfix missing {% if %} clause when adding sync-groups | Christian Poessinger | |
2022-01-05 | config: T3785: drop restriction to ascii in decode | John Estabrook | |
Following the update to vyos1x-config, commit 64263617, UTF-8 characters are supported within the config file, hence in the output of showConfig. | |||
2022-01-05 | firewall: zone-policy: T4133: Prevent firewall from trying to clean-up ↵ | sarthurdev | |
zone-policy chains * Prevent firewall names from using the reserved VZONE prefix | |||
2022-01-05 | Merge pull request #1138 from sever-sever/T4142 | John Estabrook | |
op-mode: T4142: Fix for show input ifbX interfaces | |||
2022-01-05 | op-mode: T4142: Fix for show input ifbX interfaces | Viacheslav | |
Ability to see interface type "input" ifbX from op-mode | |||
2022-01-05 | Merge pull request #1137 from sarthurdev/current | Christian Poessinger | |
keepalived: T4109: Update configd-include.json to reflect filename change | |||
2022-01-05 | keepalived: T4109: Update configd-include.json to reflect filename change | sarthurdev | |
2022-01-05 | Merge pull request #1136 from sarthurdev/firewall | Christian Poessinger | |
zone-policy: T4135: Raise error when using an invalid "from" zone. | |||
2022-01-05 | zone-policy: T4135: Raise error when using an invalid "from" zone. | sarthurdev | |
2022-01-05 | Merge pull request #1135 from sarthurdev/current | Christian Poessinger | |
smoketest: shim: Optimise speed of `lsof` command | |||
2022-01-05 | Merge pull request #1134 from sarthurdev/firewall | Christian Poessinger | |
firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and zone-policy | |||
2022-01-05 | smoketest: shim: Optimise speed of `lsof` command | sarthurdev | |
2022-01-05 | firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and ↵ | sarthurdev | |
zone-policy | |||
2022-01-04 | Merge pull request #1131 from sever-sever/T4132 | Christian Poessinger | |
firewall: T4132: Fix for op-mode show firewall group | |||
2022-01-04 | Merge pull request #1132 from sever-sever/T4134 | Christian Poessinger | |
firewall: T4134: Fix completion help for protocols | |||
2022-01-04 | Merge pull request #1121 from sever-sever/T4109 | Christian Poessinger | |
keepalived: T4109: Add high-availability virtual-server | |||
2022-01-04 | firewall: T4134: Fix completion help for protocols | Viacheslav | |
2022-01-04 | firewall: T4132: Fix for op-mode show firewall group | Viacheslav | |
After firewall rewriting there is impossible to show a specific firewall group, this commit fixes it. Add tagNode and completion help for op-mode firewall group | |||
2022-01-04 | keepalived: T4109: Add high-availability virtual-server | Viacheslav | |
Add new feature, high-availability virtual-server Change XML, python and templates Move vrrp to root node 'high-availability' as all logic are handler by root node 'high-availability' | |||
2022-01-04 | Merge pull request #1130 from sarthurdev/firewall | Christian Poessinger | |
firewall: T4130: Fix firewall state-policy errors | |||
2022-01-04 | firewall: T4130: Add state-policy test to firewall smoketest | sarthurdev | |
2022-01-04 | firewall: T4130: Fix firewall state-policy errors | sarthurdev | |
Also fixes: * Issue with multiple state-policy rules being created on firewall updates * Prevents interface rules being inserted before state-policy | |||
2022-01-03 | keepalived: T4128: add missing keepalived.service file | Christian Poessinger | |
2022-01-03 | keepalived: T4128: add systemd option Type=simple | Christian Poessinger | |
Without this option systemd startup will hit a timeout and the kill keepalived again. | |||
2022-01-03 | test: vyos.validate: also test interface identifier in is_ipv6_link_local() | Christian Poessinger | |
2022-01-03 | Merge pull request #1018 from sever-sever/T3872 | Christian Poessinger | |
monitoring: T3872: Add a new feature service monitoring | |||
2022-01-03 | monitoring: T3872: Add a new feature service monitoring telegraf | Viacheslav | |
2022-01-03 | Merge pull request #1124 from sever-sever/T4110 | Christian Poessinger | |
listen-address: T4110: Ability to set IPv6 link-local addresses | |||
2022-01-03 | listen-address: T4110: Ability to set IPv6 link-local addresses | Viacheslav | |
Some services allows to set link-local IPv6 addresses as listen-address. Allow it and add a validator 'ipv6-link-local' and extend listen-address.xml.i to this validator | |||
2022-01-01 | nat: T2199: rename iptables -> nftables variable prefix | Christian Poessinger | |
2021-12-31 | Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into current | Christian Poessinger | |
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python | |||
2021-12-31 | smoketest: ipsec: T4126: verify configured priority | Christian Poessinger | |
2021-12-31 | smoketest: ipsec: make use of setUpClass() | Christian Poessinger | |
2021-12-31 | Merge pull request #1129 from sever-sever/T4126 | Christian Poessinger | |
ipsec: T4126: Ability to set priorities for installed policy | |||
2021-12-31 | ipsec: T4126: Ability to set priorities for installed policy | Viacheslav | |
Add priority for policy based IPSec VPN tunnels If 2 tunnels have the same pair of local and remote traffic selectors (prefixes) it allows to set more preforable install policy from required peer The lowest priority is more preforable | |||
2021-12-31 | firewall: xml: T4100: increase maximum number of rules to 999999 | Christian Poessinger | |
2021-12-31 | snmp: T4124: remove snmp.py from vyos-configd | Christian Poessinger | |
Commit 566f7f24 ("snmp: T4124: migrate to get_config_dict()") changed the internal structure to support vyos-configd. When using SNMPv3 we need to alter the running config by replacing the plaintext-password with an encrypted one, this is not allowed with vyos-configd. | |||
2021-12-30 | smoketest: snmp: T4124: locally connect to SNMP service and retrieve data | Christian Poessinger | |
2021-12-30 | snmp: T4124: migrate to get_config_dict() | Christian Poessinger | |
2021-12-30 | Merge pull request #1128 from zdc/T4121-sagitta | Kim | |
dhclient: T4121: Fixed resolv.conf generation at early boot stage | |||
2021-12-30 | dhclient: T4121: Fixed resolv.conf generation at early boot stage | zsdc | |
In case if a CLI configuration is not available, dhclient cannot add nameservers to a `resolv.conf` file, because `vyos-hostsd` requires that an interface be listed in the `set system name-server` option. This commit introduces two changes: * `vyos-hostsd` service will not be started before Cloud-Init fetch all remote data. This is required because all meta-data should be available for Cloud-Init before any of VyOS-related services start since it is used for configuration generation. * the `vyos-hostsd-client` in the `dhclient-script` will be used only if the `vyos-hostsd` is running. In other words - if VyOS services already started, dhclient changes `resolv.conf` using `vyos-hostsd`; in other cases - does this directly. These changes should protect us from problems with DHCP during system boot if DHCP is required by third-party utils. |