summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-01-26Merge pull request #1191 from sever-sever/T4138Christian Poessinger
nat: T4138: Add port-range validation for NAT
2022-01-26Merge pull request #1192 from sarthurdev/T4212Christian Poessinger
pki: T4212: Catch `install_into_config` errors and output for manual command entry
2022-01-26pki: T4212: Catch `install_into_config` errors and output for manual command ↵sarthurdev
entry
2022-01-25nat: T4138: Add port-range validation for NATViacheslav Hletenko
Add port-validators for NAT rules that prevent to set incorrect port-ranges (21-5) and incorrect ports (70000)
2022-01-25Merge pull request #1189 from sever-sever/T3872Christian Poessinger
monitoring: T3872: Delete iptables input plugin as we use nft
2022-01-25monitoring: T3872: Delete iptables input plugin as we use nftViacheslav
Telegraf inputs iptables plugin incompatible with nftables As it tries to get statistics from "iptables -L -n -v" which doesnt display required data in 1.4 as we don't use iptables anymore
2022-01-25Merge pull request #1188 from sever-sever/T4205Christian Poessinger
sshd: T4205: Hide extra version suffix "Debian"
2022-01-25sshd: T4205: Hide extra version suffix "Debian"Viacheslav Hletenko
Disable distribution-specified extra version suffix is included during initial protocol handshake SSH-2.0-OpenSSH_8.4p1 Debian-5 => SSH-2.0-OpenSSH_8.4p1
2022-01-22Merge pull request #1186 from nicolas-fort/T4153Christian Poessinger
bandwidth-test: T4153: Fixed bandwidth-test initiate
2022-01-22bandwidth-test: T4153: Fixed bandwidth-test initiate, which was not working ↵Nicolas Fort
with ipv4
2022-01-22Merge pull request #1184 from sarthurdev/firewall_icmpChristian Poessinger
firewall: T4130: T4186: ICMP/v6 updates, ipv6 state policy check fix
2022-01-21Firewall: T4186: Adding icmpv6 corrections, in corcondancy of what was done ↵Nicolas Fort
for icmp
2022-01-21Firewall: T4186: typo correction on address-mask-reply descriptionNicolas Fort
2022-01-21Firewall: T4186: Correct icmp type-name options for firewall rulesNicolas Fort
2022-01-21firewall: T2199: Verify correct ICMP protocol for ipv4/ipv6sarthurdev
2022-01-21firewall: T4186: ICMP/v6 migrationssarthurdev
2022-01-21firewall: T4130: Use correct table to check for state policy rulesarthurdev
2022-01-21Merge pull request #1183 from hensur/current-ipv6-local-routeChristian Poessinger
policy: T4151: Bugfix policy ipv6-local-route
2022-01-21policy: T4151: Bugfix policy ipv6-local-routeHenning Surmeier
2022-01-21Merge pull request #1180 from goodNETnick/dhcp-client-prefixChristian Poessinger
DHCP: T4196: fix client-prefix-length parameter
2022-01-20DHCP: T4196: fix client-prefix-length parametergoodNETnick
2022-01-20Merge pull request #1182 from jestabro/migrate-while-udevChristian Poessinger
interface-names: T3871: use tempfile during virtual migration
2022-01-20Merge pull request #1181 from sarthurdev/firewallChristian Poessinger
firewall: T2199: Add log prefix to match legacy perl behaviour
2022-01-20interface-names: T3871: use tempfile during virtual migrationJohn Estabrook
Use tempfile to avoid race conditions during virtual migration.
2022-01-20Merge pull request #1144 from hensur/current-ipv6-local-routeChristian Poessinger
policy: T4151: Add policy ipv6-local-route
2022-01-20firewall: T2199: Add log prefix to match legacy perl behavioursarthurdev
Example syslog: [FWNAME-default-D] ... * Also clean-up firewall default-action
2022-01-19Merge pull request #1177 from sarthurdev/mac_groupsChristian Poessinger
firewall: T3560: Add support for MAC address groups
2022-01-19Merge pull request #1176 from sarthurdev/firewallChristian Poessinger
firewall: T1292: T2199: Cleanup rules used by chain to be deleted, check if chain in use by zone-policy
2022-01-19Merge pull request #1179 from fett0/T4195Christian Poessinger
OSPF : T4195: ability to set maximum paths for OSPF
2022-01-19OSPF : T4195: ability to set maximum paths for OSPFfett0
2022-01-18firewall: T2199: Raise ConfigError if deleted node is used in zone-policysarthurdev
2022-01-18firewall: policy: T1292: Clean up any rules required to delete a chainsarthurdev
2022-01-18firewall: T3560: Add support for MAC address groupssarthurdev
2022-01-18Merge pull request #1178 from sarthurdev/firewall_T4188Christian Poessinger
firewall: T4188: Create default conntrack `FW_CONNTRACK` chain
2022-01-18firewall: T4188: Create default conntrack `FW_CONNTRACK` chainsarthurdev
This chain was missing from the XML/Python rewrite thus all traffic fell through to the `notrack` rule.
2022-01-17bgp: T3741: bugfix migrator - exit() was called without savingChristian Poessinger
2022-01-17Merge pull request #1174 from sarthurdev/firewallChristian Poessinger
firewall: T4178: T3873: tcp flags syntax refactor, intra-zone-filtering fix
2022-01-17firewall: T2199: Fix `port-range` validator to accept service namessarthurdev
2022-01-17zone-policy: T3873: Fix intra-zone-filtering return to zone default-actionsarthurdev
2022-01-17firewall: policy: T4178: Migrate and refactor tcp flagssarthurdev
* Add support for ECN and CWR flags
2022-01-16Revert "migrator: interfaces: T4171: bugfix ConfigTreeError"Christian Poessinger
This reverts commit 29efbf51efea559773f61703f11a77a8aee6de36.
2022-01-16Revert "migrator: interfaces: T4171: bugfix ConfigTreeError"Christian Poessinger
This reverts commit 391ce22b76190309f81e048ebffab778b0fdee1d.
2022-01-16dns-forwarding: T1595: remove unnecessary nesting in migration script 1 -> 2Christian Poessinger
2022-01-16bgp: T3741: remove unnecessary exit() in migration script 1 -> 2Christian Poessinger
2022-01-15smoketest: ntp: T4184: check for "restrict default ignore" presencexChristian Poessinger
2022-01-15smoketest: ntp: re-organize testcasesChristian Poessinger
Drop the overcomplex function get_config_value() to search for NTPd configuration values. Rather assemble the required string and probe for its presence in the configuration like we do on most other smoketests.
2022-01-15Merge pull request #1171 from sever-sever/T4184Christian Poessinger
ntp: T4184: Fix allow-clients address
2022-01-15ntp: T4184: Fix allow-clients addressViacheslav
NTP-server with option "allow-clients address x.x.x.x" should accept requests only from clients addresses which declared in configuration if this option exists Add "restrict default ignore" to fix it, in another case it responce to any address
2022-01-15Merge pull request #1169 from sever-sever/T4183Christian Poessinger
wireguard: T4183: Allow to set peer IPv6 link-local address
2022-01-14wireguard: T4183: Allow to set peer IPv6 link-local addressViacheslav