summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-05-16nat: T2198: do not run DNAT rule if rule is disabledChristian Poessinger
2020-05-16nat: T2198: restructure DNAT templateChristian Poessinger
Make the entire template more maintainable
2020-05-16nat: T2198: verify translation address for SNAT and DNATChristian Poessinger
2020-05-16nat: T2198: extend verify() for destination portsChristian Poessinger
Destination NAT configuration: destination ports can only be specified when protocol is tcp, udp or tcp_udp.
2020-05-16nat: T2198: migrate "log enable" node to only "log"Christian Poessinger
2020-05-16nat: T2198: add protocol completion helper and regex constraintChristian Poessinger
2020-05-16nat: T2198: migrate "show nat" commands to XML and PythonChristian Poessinger
- "show nat source|destination statistics" is now implemented in Python - "show nat source|destination rules" needs a new implementation, see T2459 - "show nat source|destination translations" has been copied over from the old repo and is here until it is rewritten, this was not possible for "rules" as there would have been too much dependencies. This one only requires libxml-simple-perl
2020-05-16nat: T2198: add some basic verify() rulesChristian Poessinger
2020-05-16nat: T2198: split nat-address-port include into individual filesChristian Poessinger
2020-05-16nat: T2198: add ipv4-{address,prefix,rage}-exclude validatorsChristian Poessinger
Exclude validators are required to support the ! (not) operator on the CLI to exclude addresses from NAT.
2020-05-16nat: T2198: add new ipv4-range validatorChristian Poessinger
2020-05-16nat: T2198: make use of jmespath when walking nftables JSON outputChristian Poessinger
2020-05-16nat: T2198: implement deletion of NAT subsystemChristian Poessinger
2020-05-16nat: T2198: automatically determine handler numbersChristian Poessinger
When instantiating NAT it is required to isntall some nftable jump targets. The targets need to be added after a specific other target thus we need to dynamically query the handler number. This is done by get_handler() which could be moved to vyos.util at a later point in time so it can be reused for a firewall rewrite.
2020-05-16nat: T2198: move from iptables to nftablesChristian Poessinger
2020-05-16nat: T2198: migrate to common template for source/destination NATChristian Poessinger
2020-05-16nat: T2198: destination nat template for iptables-restoreChristian Poessinger
2020-05-16nat: T2198: initial XML and Python representationChristian Poessinger
2020-05-16Merge pull request #410 from kroy-the-rabbit/patch-3Daniil Baturin
T2467: Restarting of service needs a sudo
2020-05-15T2467: Restarting of service needs `sudo`kroy-the-rabbit
2020-05-13Merge pull request #406 from runborg/T2267Christian Poessinger
T2267: Versioning: Update version tag from GIT repo
2020-05-13Merge pull request #409 from DmitriyEshenko/fix-flow-acct01Christian Poessinger
flow-accounting: T2456: Replace old function
2020-05-13flow-accounting: T2456: Replace old functionDmitriyEshenko
2020-05-13Merge pull request #408 from kroy-the-rabbit/patch-2Daniil Baturin
T2449: Fixing key to appropriate one
2020-05-12T2449: Fixing key to appropriate onekroy-the-rabbit
2020-05-12tunnel: T2449: bugfix KeyError 'address'Christian Poessinger
Commit 9e5c6a935e2f55 ("tunnel: T2449: set accept_ra=2 if ipv6 address autoconf or dhcpv6 is set") referenced wrong key in dict.
2020-05-11Merge pull request #407 from jjakob/accept-ra-fix-T2449Christian Poessinger
T2449: set 'accept_ra=2' if 'address dhcpv6' or 'ipv6 address autoconf' is set
2020-05-11ifconfig/dhcp: T2449: remove accept_ra logic as it was wrongJernej Jakob
Currently accept_ra was set to 0 if 'address dhcpv6' was set on an interface. This is wrong, as without RA, the system will get no routes to the DHCPv6-obtained prefix. Since the logic for accept_ra was moved to the interface scripts, it can be removed from the dhclient code.
2020-05-11wireless: T2449: set accept_ra on wireless interfacesJernej Jakob
2020-05-11vxlan: T2449: set accept_ra=2 if ipv6 address autoconf or dhcpv6 is setJernej Jakob
To make SLAAC and DHCPv6 work when forwarding=1, accept_ra must be 2 (default for accept_ra is 1).
2020-05-11tunnel: T2449: set accept_ra=2 if ipv6 address autoconf or dhcpv6 is setJernej Jakob
To make SLAAC and DHCPv6 work when forwarding=1, accept_ra must be 2 (default for accept_ra is 1).
2020-05-11pseudo-ethernet: T2449: set accept_ra on pseudo-ethernet interfacesJernej Jakob
2020-05-11openvpn: T2449: set accept_ra=2 if ipv6 address autoconf or dhcpv6 is setJernej Jakob
To make SLAAC and DHCPv6 work when forwarding=1, accept_ra must be 2 (default for accept_ra is 1).
2020-05-11l2tpv3: T2449: set accept_ra=2 if ipv6 address autoconf or dhcpv6 is setJernej Jakob
To make SLAAC and DHCPv6 work when forwarding=1, accept_ra must be 2 (default for accept_ra is 1).
2020-05-11ethernet: T2449: set accept_ra on ethernet interfacesJernej Jakob
2020-05-11bridge: T2449: set accept_ra=2 if ipv6 address autoconf or dhcpv6 is setJernej Jakob
To make SLAAC and DHCPv6 work when forwarding=1, accept_ra must be 2 (default for accept_ra is 1).
2020-05-11bonding: T2449: set accept_ra on bonding interfacesJernej Jakob
2020-05-11vlan: T2449: set accept_ra on vlan interfacesJernej Jakob
2020-05-11configdict: T2449: set accept_ra=2 if ipv6 address autoconf or dhcpv6 is setJernej Jakob
To make SLAAC and DHCPv6 work when forwarding=1, accept_ra must be 2 (default for accept_ra is 1).
2020-05-11interface: T2449: add ability to set accept_raJernej Jakob
2020-05-09T2267: Versioning: Update version tag from GIT repoRunar Borge
This commit will update the version field of the generated deb package from the git repo version tag. the tag needs to be in the format "vyos/<version>" eg. "vyos/1.2.5" 1.2.5 is then used as the version The version field will be one of the following syntaxes: on a commit: - <version>-<commits from tag>-g<commit id> eg. 1.2.5-4-g23232343 on a commit with unstaged changes: - <version>-<commits from tag>-g<commit id>+dirty eg. 1.2.5-4-g23232343+dirty This will make it clear what state the repo was in when the package was generated. It is possible to remove the number and commit id on the tagged commit, but i've decided to use the same format for all commits tagged or not. as for now the tagged commit will be sufixed with -0-g<commit id> if no valid tag is recieved from `git describe`, the script uses a 0.0 version number. The changelog is also updated to reflext that we dont use it and refers to the Git Changelog and vyos release-notes
2020-05-09Merge pull request #405 from kroy-the-rabbit/patch-1Daniil Baturin
T2441: Fix parse error in TZ validator
2020-05-08T2441: Fix parse errorkroy-the-rabbit
2020-05-09Merge branch 'current' of https://github.com/vyos/vyos-1x into currentDaniil Baturin
2020-05-09T2431: remove the numeric validator for it now lives in vyos-utils.Daniil Baturin
2020-05-08validator: T2417: remove src/validators/mac-addressChristian Poessinger
File now provided by vyos-utils
2020-05-08Merge pull request #395 from thomas-mangin/T2417Christian Poessinger
validator: T2417: try to make the code clearer
2020-05-08Merge branch 'current' of github.com:thomas-mangin/vyos-1x into T2417Thomas Mangin
2020-05-08Merge pull request #401 from runborg/T2436Christian Poessinger
T2436: Adding offline python compile to fetch syntax faults
2020-05-08Merge branch 'dhcpd-permissions-T2432' of https://github.com/jjakob/vyos-1x ↵Christian Poessinger
into current * 'dhcpd-permissions-T2432' of https://github.com/jjakob/vyos-1x: dhcp-server, dhcpv6-server: T2432: chown lease file to nobody:nogroup