| Age | Commit message (Collapse) | Author |
|---|
|
Exclude validators are required to support the ! (not) operator on the CLI to
exclude addresses from NAT.
|
|
|
|
|
|
|
|
When instantiating NAT it is required to isntall some nftable jump targets.
The targets need to be added after a specific other target thus we need to
dynamically query the handler number. This is done by get_handler() which could
be moved to vyos.util at a later point in time so it can be reused for a
firewall rewrite.
|
|
|
|
|
|
|
|
|
|
T2467: Restarting of service needs a sudo
|
|
|
|
T2267: Versioning: Update version tag from GIT repo
|
|
flow-accounting: T2456: Replace old function
|
|
|
|
T2449: Fixing key to appropriate one
|
|
|
|
Commit 9e5c6a935e2f55 ("tunnel: T2449: set accept_ra=2 if ipv6 address autoconf
or dhcpv6 is set") referenced wrong key in dict.
|
|
T2449: set 'accept_ra=2' if 'address dhcpv6' or 'ipv6 address autoconf' is set
|
|
Currently accept_ra was set to 0 if 'address dhcpv6' was set on an
interface. This is wrong, as without RA, the system will get no routes
to the DHCPv6-obtained prefix.
Since the logic for accept_ra was moved to the interface scripts,
it can be removed from the dhclient code.
|
|
|
|
To make SLAAC and DHCPv6 work when forwarding=1, accept_ra must be 2
(default for accept_ra is 1).
|
|
To make SLAAC and DHCPv6 work when forwarding=1, accept_ra must be 2
(default for accept_ra is 1).
|
|
|
|
To make SLAAC and DHCPv6 work when forwarding=1, accept_ra must be 2
(default for accept_ra is 1).
|
|
To make SLAAC and DHCPv6 work when forwarding=1, accept_ra must be 2
(default for accept_ra is 1).
|
|
|
|
To make SLAAC and DHCPv6 work when forwarding=1, accept_ra must be 2
(default for accept_ra is 1).
|
|
|
|
|
|
To make SLAAC and DHCPv6 work when forwarding=1, accept_ra must be 2
(default for accept_ra is 1).
|
|
|
|
This commit will update the version field of the generated deb package from the git repo version tag.
the tag needs to be in the format "vyos/<version>" eg. "vyos/1.2.5" 1.2.5 is then used as the version
The version field will be one of the following syntaxes:
on a commit:
- <version>-<commits from tag>-g<commit id>
eg. 1.2.5-4-g23232343
on a commit with unstaged changes:
- <version>-<commits from tag>-g<commit id>+dirty
eg. 1.2.5-4-g23232343+dirty
This will make it clear what state the repo was in when the package was generated.
It is possible to remove the number and commit id on the tagged commit, but i've decided to use the same
format for all commits tagged or not. as for now the tagged commit will be sufixed with -0-g<commit id>
if no valid tag is recieved from `git describe`, the script uses a 0.0 version number.
The changelog is also updated to reflext that we dont use it and refers to the Git Changelog and vyos release-notes
|
|
T2441: Fix parse error in TZ validator
|
|
|
|
|
|
|
|
File now provided by vyos-utils
|
|
validator: T2417: try to make the code clearer
|
|
|
|
T2436: Adding offline python compile to fetch syntax faults
|
|
into current
* 'dhcpd-permissions-T2432' of https://github.com/jjakob/vyos-1x:
dhcp-server, dhcpv6-server: T2432: chown lease file to nobody:nogroup
|
|
wireless: T2427: migrate to use common configdict and vlan functions, add common interface includes to template
|
|
openvpn: T2241: fix wrong indent caused by 66e15005
|
|
T2435: fix syntax errors
|
|
dhcp(v6)-server/relay: T2438: change systemd service type to forking, validate config files
|
|
The default of systemd services Type=simple isn't suitable for dhcrelay and
other daemons.
- change service type to forking
- add RuntimeDirectory
- set PIDFile
|
|
The default of systemd services Type=simple isn't suitable for dhcrelay and
other daemons.
- change service type to forking
- add RuntimeDirectory
- set PIDFile
|
|
The default of systemd services Type=simple isn't suitable for dhcpd and
other daemons.
- change service type to forking
- add RuntimeDirectory
- set paths to files in Environment
- set PIDFile
- validate config and lease file in ExecStartPre
- add -q to make dhcpd quiet and only log to syslog
- set Restart=always
|
|
The default of systemd services Type=simple isn't suitable for dhcpd and
other daemons.
- change service type to forking
- add RuntimeDirectory
- set paths to files in Environment
- set PIDFile
- validate config and lease file in ExecStartPre
- add -q to make dhcpd quiet and only log to syslog
- set Restart=always
|
|
Commits f37194604 and 0cbad2850 migrated isc-dhcp-server(6) from
SysVInit to SystemD, changing the user and group dhcpd is started as.
This caused a permission error when dhcpd tried to write to lease files:
dhcpd[2829]: Can't create new lease file: Permission denied
As dhcpd is started as nobody:nogroup, setting the permissions on the
lease files to 664 root:vyattacfg would make dhcpd unable to write to
them. We can't make the files other-writable, as that would be a big
security issue, so we need to set either the owner or group of the files
to be dhcpd writeble. There should be no harm in changing both to
nobody:nogroup, as they were previously root:root.
If some other VyOS code doesn't like the ownership of these files in
/config, they can be either excluded from the check (possibly moved into
their own directory), or changed back to root:vyattacfg and vyattacfg added
to nogroup.
|
