summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-01-18Merge pull request #1178 from sarthurdev/firewall_T4188Christian Poessinger
firewall: T4188: Create default conntrack `FW_CONNTRACK` chain
2022-01-18firewall: T4188: Create default conntrack `FW_CONNTRACK` chainsarthurdev
This chain was missing from the XML/Python rewrite thus all traffic fell through to the `notrack` rule.
2022-01-17bgp: T3741: bugfix migrator - exit() was called without savingChristian Poessinger
2022-01-17Merge pull request #1174 from sarthurdev/firewallChristian Poessinger
firewall: T4178: T3873: tcp flags syntax refactor, intra-zone-filtering fix
2022-01-17firewall: T2199: Fix `port-range` validator to accept service namessarthurdev
2022-01-17zone-policy: T3873: Fix intra-zone-filtering return to zone default-actionsarthurdev
2022-01-17firewall: policy: T4178: Migrate and refactor tcp flagssarthurdev
* Add support for ECN and CWR flags
2022-01-16Revert "migrator: interfaces: T4171: bugfix ConfigTreeError"Christian Poessinger
This reverts commit 29efbf51efea559773f61703f11a77a8aee6de36.
2022-01-16Revert "migrator: interfaces: T4171: bugfix ConfigTreeError"Christian Poessinger
This reverts commit 391ce22b76190309f81e048ebffab778b0fdee1d.
2022-01-16dns-forwarding: T1595: remove unnecessary nesting in migration script 1 -> 2Christian Poessinger
2022-01-16bgp: T3741: remove unnecessary exit() in migration script 1 -> 2Christian Poessinger
2022-01-15smoketest: ntp: T4184: check for "restrict default ignore" presencexChristian Poessinger
2022-01-15smoketest: ntp: re-organize testcasesChristian Poessinger
Drop the overcomplex function get_config_value() to search for NTPd configuration values. Rather assemble the required string and probe for its presence in the configuration like we do on most other smoketests.
2022-01-15Merge pull request #1171 from sever-sever/T4184Christian Poessinger
ntp: T4184: Fix allow-clients address
2022-01-15ntp: T4184: Fix allow-clients addressViacheslav
NTP-server with option "allow-clients address x.x.x.x" should accept requests only from clients addresses which declared in configuration if this option exists Add "restrict default ignore" to fix it, in another case it responce to any address
2022-01-15Merge pull request #1169 from sever-sever/T4183Christian Poessinger
wireguard: T4183: Allow to set peer IPv6 link-local address
2022-01-14wireguard: T4183: Allow to set peer IPv6 link-local addressViacheslav
2022-01-14Merge pull request #1164 from sever-sever/T4179Christian Poessinger
op-mode: T4179: Add op-mode CLI show virtual-server
2022-01-14Merge pull request #1167 from sarthurdev/firewallChristian Poessinger
firewall: T4178: Use lowercase for TCP flags and add an validator
2022-01-14firewall: T4178: Use lowercase for TCP flags and add an validatorsarthurdev
2022-01-13Merge pull request #1166 from sever-sever/T4182Christian Poessinger
vrrp: T4182: Check if VRRP configured in op mode
2022-01-13op-mode: T4179: Add op-mode CLI show virtual-serverViacheslav
2022-01-13vrrp: T4182: Check if VRRP configured in op modeViacheslav
There is a situation when service keepalived is active but there a no any "vrrp" configuration. In that case "show vrrp" hangs up because it expect data from keepalived daemon which can't get Check if "vrrp" exists in configuration and only then check if pid is active
2022-01-13Merge pull request #1168 from fett0/T4181Christian Poessinger
Firewall: T4181: Set correct description for ipv6-network-group
2022-01-13Firewall: T4181: Set correct description for ipv6-network-groupfett0
2022-01-13Merge pull request #1163 from sever-sever/T4177Christian Poessinger
strip-private: T4177: Fix for hiding private data token/url/bucket
2022-01-13strip-private: T4177: Fix for hiding private data token/url/bucketViacheslav
Add URL, token and bucket hidind data when is used function "strip-private"
2022-01-13Merge pull request #1162 from sever-sever/T3872Christian Poessinger
monitoring: T3872: Add just required interfaces for ethtool telegraf template
2022-01-13monitoring: T3872: Add just required interfaces for ethtoolViacheslav
Telegraf ethtool input filter expected ethX interfaces and not other interfaces like vlans/tunnels/dummy Add "interface_include" option to telegraf template.
2022-01-13monitoring: T3872: Rewrite input filter custom_scriptViacheslav
Rewrite and improve the custom input filter telegraf script "show_interfaces_input_filter.py" to more readable and clear format Fix bug when it failed with configured tunnel "tunX" interfaces
2022-01-12Merge pull request #1161 from sarthurdev/firewallChristian Poessinger
firewall: T4160: Fix support for inverse matches
2022-01-12firewall: T4160: Fix support for inverse matchessarthurdev
2022-01-11migrator: interfaces: T4171: bugfix ConfigTreeErrorChristian Poessinger
2022-01-11Merge pull request #1160 from bjw-s/T4174Christian Poessinger
firewall: validators: T4174: Correct upper port range boundary
2022-01-11Merge pull request #1159 from sarthurdev/firewallChristian Poessinger
policy: T2199: Update op-mode syntax to `route6`
2022-01-11firewall: validators: T4174: Correct upper port range boundaryBᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs
2022-01-11policy: T2199: Update op-mode syntax to `route6`sarthurdev
2022-01-11Merge pull request #1157 from nicolas-fort/T4162Christian Poessinger
vpn: T4162: Correct helper description for ikev2-reauth
2022-01-11Merge pull request #1158 from sarthurdev/firewallChristian Poessinger
firewall: policy: T4131: T4144: T4159: T4164: Fix reported firewall issues, policy-route refactor
2022-01-11policy: T2199: Refactor policy route script for better error handlingsarthurdev
* Migrates all policy route references from `ipv6-route` to `route6` * Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6`
2022-01-11ike-group: T4162: Correct helper description for ikev2-reauthNicolas Fort
2022-01-11migrator: interfaces: T4171: bugfix ConfigTreeErrorChristian Poessinger
Migrating 1.2.8 -> 1.4-rolling-202201110811 vyos-router[970]: Waiting for NICs to settle down: settled in 0sec.. vyos-router[1085]: Started watchfrr. vyos-router[970]: Mounting VyOS Config...done. vyos-router[970]: Starting VyOS router: migrate vyos-router[1490]: Traceback (most recent call last): vyos-router[1490]: File "/opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6", line 112, in <module> vyos-router[1490]: for if_type in config.list_nodes(['interfaces']): vyos-router[1490]: File "/usr/lib/python3/dist-packages/vyos/configtree.py", line 236, in list_nodes vyos-router[1490]: raise ConfigTreeError("Path [{}] doesn't exist".format(path_str)) vyos-router[1490]: vyos.configtree.ConfigTreeError: Path [b'interfaces'] doesn't exist vyos-router[1455]: Migration script error: /opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6: Command '['/opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6', '/opt/vyatta/etc/config/config.boot']' returned non-zero exit status 1.. vyos-router[970]: configure. vyos-config[979]: Configuration success
2022-01-11firewall: T4159: Add warning when an empty group is applied to a rulesarthurdev
2022-01-11firewall: policy: T2199: Reload policy route script if `firewall group` node ↵sarthurdev
is changed
2022-01-11firewall: op-mode: T4131: Display `show firewall group` reference and member ↵sarthurdev
items sorted and one per line
2022-01-11firewall: T2199: Add ipv6-range support to IPv6 address groupsarthurdev
2022-01-11validators: T4144: Add error messages to the majority of IP validatorssarthurdev
2022-01-11firewall: policy: T4159: T4164: Fix empty firewall groups, create separate ↵sarthurdev
file for group definitions.
2022-01-11remote: T3950: Gracefully handle chained exceptionserkin
2022-01-11policy: T4170: rename "policy ipv6-route" -> "policy route6"Christian Poessinger
In order to have a consistent looking CLI we should rename this CLI node. There is: * access-list and access-list6 (policy) * prefix-list and prefix-list6 (policy) * route and route6 (static routes)