Age | Commit message (Collapse) | Author |
|
Containers have the ability to add Linux system capabilities to them, this is
done using the "set container name <name> cap-add" command.
The CLI node sounds off and rather should be "set container name <name>
capability" instead as we use and pass a capability to a container and not
add/invent new ones.
(cherry picked from commit b30faa43c28b592febd83a7fd3a58247de6b27bc)
|
|
T6203: remove obsoleted xml lib (backport #3255)
|
|
T6199: start validating smoketests against real CLI defaultValues (backport #3266)
|
|
T6188: add description to show firewall (backport #3219)
|
|
conntrack-sync: T1244: Support for StartupResync in conntrackd (backport #3254)
|
|
T6199: remove unused Python imports from migration scripts (backport #3260)
|
|
Use vyos.xml_ref.default_value to query XML default values and take them into
account when validating properly applied defaults in individual smoketests
instead of using hardcoded values like 443 for https port.
(cherry picked from commit d9d2e9c8ead29c173fefd1b565d191a85baaa071)
|
|
(cherry picked from commit 4c5afe0ba7853cf3fc4626933ecde70b321e9d67)
|
|
For readability in console sessions, moved the description column to only be shown in the detail view.
Changed wrapping in the detail view for description to 65 characters to prevent full line wrapping in console sessions.
(cherry picked from commit 4dba82c7517f4a93b9727d22104e4a339bad127a)
|
|
- modified: src/op_mode/firewall.py
Changed behavior of "show firewall" for specific rule to only show rule and not also default-action
(cherry picked from commit a7c5205ab12e767c6c60887033694c597e01f21b)
|
|
- Added show firewall <sections> detail paths
modified: src/op_mode/firewall.py
- Added Description as a header to normal "show firewall" commands
- Added 'detail' view which shows the output in a list key-pair format
Description column was added for these commands and their subsections:
show firewall statistics
show firewall groups
show firewall <family>
Detail view was added for these commands:
show firewall bridge forward filter detail
show firewall bridge forward filter rule <rule#> detail
show firewall bridge name <chain> detail
show firewall bridge name <chain> rule <rule#> detail
show firewall ipv4 forward filter detail
show firewall ipv4 forward filter rule <rule#> detail
show firewall ipv4 input filter detail
show firewall ipv4 input filter rule <rule#> detail
show firewall ipv4 output filter detail
show firewall ipv4 output filter rule <rule#> detail
show firewall ipv4 name <chain> detail
show firewall ipv4 name <chain> rule <rule#> detail
show firewall ipv6 forward filter detail
show firewall ipv6 forward filter rule <rule#> detail
show firewall ipv6 input filter detail
show firewall ipv6 input filter rule <rule#> detail
show firewall ipv6 output filter detail
show firewall ipv6 output filter rule <rule#> detail
show firewall ipv6 name <chain> detail
show firewall ipv6 name <chain> rule <rule#> detail
show firewall group detail
show firewall group <group> detail
(cherry picked from commit 025438ccacc654274efbd3bea8b13fcc73ae08b6)
|
|
(cherry picked from commit b2ced47bdc547ada59b37e6617422188e150282c)
|
|
(cherry picked from commit 2eb7f96ca2038bf37dc1d274821ca6f619489b58)
|
|
(cherry picked from commit 71786307eed6a0ebb42755f24c19dfd46b1b9696)
|
|
(cherry picked from commit 489e6fababa60d9c0fbfdb421305cbe563432499)
# Conflicts:
# src/migration-scripts/dhcp-server/9-to-10
# src/migration-scripts/dhcpv6-server/3-to-4
|
|
The vyos.xml functionality is replaced with vyos.xml_ref.
(cherry picked from commit 28a7195d8e200418d2fdc3b8839f14f514d788e7)
|
|
(cherry picked from commit aa1fb0733f18dfb0ccdfb37df36839c6a358d8ee)
|
|
T6204: cleanup shebang lines
|
|
|
|
T6197: Fixed usage ipoe interface client-subnet without pools (backport #3244)
|
|
ospf: T6089: fix invalid "ospf passive-interface default" (backport #3249)
|
|
The option "passive-interface default" was set even if it was not present in
the previous version we are migrating from. Fix migration script to handle this
with a conditional path.
(cherry picked from commit ef8d9a73335bc685084e3ff97238836e452dfa8c)
|
|
(cherry picked from commit 44bd4c360dc032e4bde55b11423ddae0f042600e)
|
|
T6199: drop unused Python imports from graphql source (backport #3246)
|
|
Allowed using ipoe interface client-subnet without client pools
configuration.
(cherry picked from commit 49d4df5926637ec3dfd33a1dfcaab364adc28c4c)
|
|
(cherry picked from commit faa153524f04ebe8ab5f12d7afe6df2a6eb3728a)
|
|
(cherry picked from commit 9b4a3bc54ec6d2ff8e435add5e2de995a54dfc6a)
|
|
bgp: T5943: BGP Peer-group members must be all internal or all external (backport #3238)
|
|
(cherry picked from commit d403117cdb5e7718c8590cfeb79a336cb5b67aac)
|
|
T6199: spring cleaning - drop unused Python imports (backport #3240)
|
|
T6068: T6171: change <fail-over> node to <high-availability>; add <mode> parameter
|
|
(cherry picked from commit 8205e3cf918142a55e00c00dc241a6a30914fbd9)
|
|
(cherry picked from commit 74198e68a6edbdb36a6103a7666de530bdd71696)
|
|
found using "git ls-files *.py | xargs pylint | grep W0611"
(cherry picked from commit 274b2da242acd1f1f64ff1dee471e34295137c5f)
|
|
* Use interface_exists() outside of verify()
* Use verify_interface_exists() in verify() to drop common error message
(cherry picked from commit 4c7c168fe970b807750a05ceb66b70c0d8652535)
|
|
(cherry picked from commit 86b632874288aa5707a94a4f28ca816e543823b9)
|
|
<high-availability>. Also, add <mode> parameter in order to configure active-active or active-passive behavior for HA.
|
|
T6192: allow binding SSH to multiple VRF instances (backport #3229)
|
|
configverify: T6198: add common helper for PKI certificate validation (backport #3236)
|
|
The next evolutional step after adding get_config_dict(..., with_pki=True) is
to add a common verification function for the recurring task of validating SSL
certificate existance in e.g. EAPoL, OpenConnect, SSTP or HTTPS.
(cherry picked from commit 3b758d870449e92fece9e29c791b950b332e6e65)
|
|
T6196: Fixed applying parameters for aggregation in BGP (backport #3232)
|
|
firewall: nat: policy: vrf: nft call syntax and import cleanup (backport #3230)
|
|
Currently VyOS only supports binding a service to one individual VRF. It might
become handy to have the services (initially it will be VRF, NTP and SNMP) be
bound to multiple VRFs.
Changed VRF from leafNode to multi leafNode with defaultValue: default - which
is the name of the default VRF.
(cherry picked from commit e5af1f0905991103b12302892e6f0070bbb7b770)
|
|
(cherry picked from commit 5bb27f0c6220fd940b63cdd37a60c312c0ac3efd)
|
|
(cherry picked from commit 32d6a693de99021d2cd44fb4235e929caf7b4a6d)
|
|
(cherry picked from commit 0529371bc587e2fcdd8794061e9bb9d60c792c43)
|
|
(cherry picked from commit f1c51884fb62d3917e92af51d4219e291c7a8e74)
|
|
(cherry picked from commit 462ba67cf2e193883e33b4ce655b2b0cd1aab80f)
|
|
(cherry picked from commit f92ef7f3c86ca09775b536ca2bd9813f95cc7d3f)
|
|
(cherry picked from commit a33946630348371518247ff13ce918c208ef50d1)
|