Age | Commit message (Collapse) | Author |
|
firewall: policy: T4131: T4144: T4159: T4164: Fix reported firewall issues, policy-route refactor
|
|
* Migrates all policy route references from `ipv6-route` to `route6`
* Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6`
|
|
Migrating 1.2.8 -> 1.4-rolling-202201110811
vyos-router[970]: Waiting for NICs to settle down: settled in 0sec..
vyos-router[1085]: Started watchfrr.
vyos-router[970]: Mounting VyOS Config...done.
vyos-router[970]: Starting VyOS router: migrate
vyos-router[1490]: Traceback (most recent call last):
vyos-router[1490]: File "/opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6", line 112, in <module>
vyos-router[1490]: for if_type in config.list_nodes(['interfaces']):
vyos-router[1490]: File "/usr/lib/python3/dist-packages/vyos/configtree.py", line 236, in list_nodes
vyos-router[1490]: raise ConfigTreeError("Path [{}] doesn't exist".format(path_str))
vyos-router[1490]: vyos.configtree.ConfigTreeError: Path [b'interfaces'] doesn't exist
vyos-router[1455]: Migration script error: /opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6: Command
'['/opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6', '/opt/vyatta/etc/config/config.boot']'
returned non-zero exit status 1..
vyos-router[970]: configure.
vyos-config[979]: Configuration success
|
|
|
|
is changed
|
|
items sorted and one per line
|
|
|
|
|
|
file for group definitions.
|
|
|
|
In order to have a consistent looking CLI we should rename this CLI node.
There is:
* access-list and access-list6 (policy)
* prefix-list and prefix-list6 (policy)
* route and route6 (static routes)
|
|
|
|
frr: T4166: move log debug setting to init function for vyos-configd
|
|
containers: T2216: bugfix host networking on image upgrade
|
|
The bug was partially fixed with this commit:
https://github.com/vyos/vyos-1x/commit/358f0b481d8620cad4954e3fe418054b9a8c3ecd
The earlier commit introduced a startup retry (up to 10 times) to allow the OS
to settle before the container is started. However, it only applies if
host networking is NOT used. This change applies the same for containers
where host networking is employed.
Since the retry portion of the code (written in the earlier commit) is now
referenced twice, it has been moved to its own function.
|
|
frr.py debugging is set True if the file '/tmp/vyos.frr.debug' exists;
this check needs to be called within an init function, as frr.py will
have already been loaded by vyos-configd before the /tmp/*.debug files
are created by vyos-router, or by call to 'touch'.
|
|
Before installing a new conntrack policy into the OS Kernel, the new policy
should be verified by nftables if it can be loaded at all or if it will fail
to load. There is no need to load a "bad" configuration if we can pre-test it.
|
|
Before installing a new conntrack policy into the OS Kernel, the new policy
should be verified by nftables if it can be loaded at all or if it will fail
to load. There is no need to load a "bad" configuration if we can pre-test it.
|
|
|
|
firewall: validators: T4148: Improve validators and firewall validator usage
|
|
|
|
|
|
|
|
|
|
|
|
|
|
firewall: policy: T4149: T4155: Fix incorrect table variable, fix handling of deleted base firewall node
|
|
policy: T4161: Set correct description for local-preference
|
|
|
|
|
|
T4157: Add `jinja2` to pip test requirements
|
|
|
|
Signed-off-by: Georg <georg@lysergic.dev>
|
|
vrrp: T1972: Ability to set IP address on not vrrp interface
|
|
keepalived: T4150: Fix template option conntrack_sync_group
|
|
nhrp: T4152: Fix template holding-time for nhrp
|
|
Add missed 'holding-time' option for shortcut-target address
|
|
Ability to set virtual_address on not vrrp-listen interface
Add ability don't track primary vrrp interface "exclude-vrrp-interface"
Add ability to set tracking (state UP/Down) on desired interfaces
For example eth0 is used for vrrp and we want to track another eth1
interface that not belong to any vrrp-group
|
|
conntrack_sync_group option not under 'vrrp' section but part of
high-avalability dictionary
|
|
|
|
|
|
|
|
|
|
firewall: zone-policy: T4133: Prevent firewall from trying to clean-up zone-policy chains
|
|
|
|
Following the update to vyos1x-config, commit 64263617, UTF-8 characters
are supported within the config file, hence in the output of showConfig.
|
|
zone-policy chains
* Prevent firewall names from using the reserved VZONE prefix
|
|
op-mode: T4142: Fix for show input ifbX interfaces
|
|
Ability to see interface type "input" ifbX from op-mode
|
|
keepalived: T4109: Update configd-include.json to reflect filename change
|