summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-06-14firewall: T4147: Use named sets for firewall groupssarthurdev
* Refactor nftables clean-up code * Adds policy route test for using firewall groups
2022-06-14Improve IPsec help stringsDaniil Baturin
2022-06-12Merge pull request #1357 from sarthurdev/geoipChristian Poessinger
firewall: T4299: Add support for GeoIP filtering
2022-06-11firewall: T4299: Add support for GeoIP filteringsarthurdev
2022-06-10Merge pull request #1356 from sarthurdev/nested_groupsChristian Poessinger
firewall: T478: Add support for nesting groups
2022-06-10firewall: T478: Add support for nesting groupssarthurdev
2022-06-10scripts: T4465: node.def generation requires whitespace on multiple use of ↵Christian Poessinger
<path>
2022-06-10Merge pull request #1355 from nicolas-fort/T4458-ipv4-ttlChristian Poessinger
Firewall:T4458: Add ttl match option in firewall
2022-06-10Merge pull request #1326 from sever-sever/T4429Christian Poessinger
op-mode: T4429: Ability to detect external IP address
2022-06-10xml: drop not always applicable REQUIRED suffix from completion help stringChristian Poessinger
If a parameter is required is determined from the Python string on commit. This "indicator" is not used consistently and sometimes missing, or added where it is not required anymore due to Python script improvement/rewrite.
2022-06-10Firewall:T4458: Add ttl match option in firewallNicolas Fort
2022-06-10Revert "dmvpn: nhrp: T4434: secret length can not exceed 8 characters"Christian Poessinger
This reverts commit 6f818ee9033ee3abeedbed73eb44331dc27e7408.
2022-06-10nhrp: T4460: update error message for cisco-authentication password lengthChristian Poessinger
2022-06-10Merge pull request #1353 from nicolas-fort/T4460Christian Poessinger
Protocols: T4460: Add input checks for cisco-authentication in nhrp
2022-06-10Merge pull request #1354 from sever-sever/T970Christian Poessinger
firewall: T970: Fix for Regex for domain and check empty group
2022-06-10firewall: T970: Fix for Regex for domain and check empty groupViacheslav Hletenko
It can be more then 5 symbols in top-level-domain address for example '.photography' and '.accountants' Firewall group can be added without address: * set firewall group domain-group DOMAIN Check if 'address' exists in group_config
2022-06-10Protocols: T4460: Add input checks for cisco-authentication parameter in ↵Nicolas Fort
nhrp protocol
2022-06-10Merge pull request #1322 from nicolas-fort/T3907-fwall-logDaniil Baturin
Firewall: T3907: add log-level options in firewall
2022-06-10Merge pull request #1352 from sever-sever/T970-testJohn Estabrook
smoketest: T970: Add commit after static-host-mapping
2022-06-10smoketest: T970: Add commit after static-host-mappingViacheslav Hletenko
Staic-host-mapping 'example.com' should be exists before we configure firewall domain-group FOO address example.com
2022-06-09smoketest: sstp: T4444: verify port can be changedChristian Poessinger
2022-06-09sstp: T4444: merge of defaultValue already done in get_accel_dict()Christian Poessinger
2022-06-09xml: sstp: T4444: re-use port-number.xml.i building blockChristian Poessinger
2022-06-09Merge branch 'sstp_port' of https://github.com/goodNETnick/vyos-1x into currentChristian Poessinger
* 'sstp_port' of https://github.com/goodNETnick/vyos-1x: sstp: T4444. Port number changing support
2022-06-09Merge pull request #1327 from sever-sever/T970Christian Poessinger
firewall: T970: Add firewall group domain-group
2022-06-08arp: T4397: bugfix on address iteration - ARP is IPv4 onlyChristian Poessinger
2022-06-08Merge pull request #1340 from sever-sever/T3083Christian Poessinger
event-handler: T3083: Add simple event-handler
2022-06-08event-handler: Change tagNode event-handler to nodeViacheslav Hletenko
Before: set service event-handler Foo After: set service event-handler event Foo
2022-06-07event-handler: T3083: Extended event-handler featureszsdc
* Added the ability to filter by a syslog identifier * Added the ability to pass arguments to a script * Added the ability to pass preconfigured environment variables to a script * A message that triggered a script is now passed in the `message` variable and can be used in a script * Replaced `call()` to `run()`, since stdout are not need to be printed
2022-06-07firewall: T970: domain-group should not starts with numericViacheslav Hletenko
Edit regex to check firewall-group
2022-06-07event-handler: T3083: Add arguments and environment options XMLViacheslav Hletenko
2022-06-07event-handler: T3083: Move system to service event-handlerViacheslav Hletenko
Move 'system event-handler' to 'service event-handler'
2022-06-07event-handler: T3083: Optimized event-handlerViacheslav Hletenko
2022-06-06event-handler: T3083: Optimized event-handlerzsdc
* Removed dynamic generating for systemd unit * Optimized configuration file deleting process * Added exceptions handlers to event-handler script to protect service from most obvious potential troubles * Improved logging * Moved pattern compilation outside a messages loop to avoid extra operations * Added signal handlers for proper systemd integration
2022-06-06event-handler: T3083: Add simple event-handlerViacheslav Hletenko
Event-handler allows executing a custom script when in logs it detects configured "pattern" A simple implemenation set system event-handler first pattern '.*ssh2.*' set system event-handler first script '/config/scripts/hello.sh'
2022-06-06Merge pull request #1347 from dmbaturin/T4446Viacheslav Hletenko
T4446: use a unified neighbor display script
2022-06-06T4446: use format strings instead of old-fasionhed format methodDaniil Baturin
2022-06-05Merge pull request #1350 from nicolas-fort/T4387-WLB-smoketestChristian Poessinger
T4387: add more firewall checks for WLB smoketests.
2022-06-05T4387: add more firewall checks for WLB smoketests.Nicolas Fort
2022-06-05Merge pull request #1346 from sever-sever/T4387-currViacheslav Hletenko
smoketest: T4387: Add test for load-balancing wan
2022-06-05Merge pull request #2 from sarthurdev/T970Viacheslav Hletenko
firewall: T970: Maintain a domain state to fallback if resolution fails
2022-06-05firewall: T970: Maintain a domain state to fallback if resolution failssarthurdev
2022-06-04Merge pull request #1348 from nicolas-fort/T3976-T4449-nexthopChristian Poessinger
Policy: T3976-T4449-nexthop: add - match ipv6 nexthop type -
2022-06-04Policy: T3976-T4449-nexthop: add - match ipv6 nexthop type - as available ↵Nicolas Fort
for ipv4
2022-06-02T4446: use a unified neighbor display scriptDaniil Baturin
2022-06-02smoketest: T4387: Add test for load-balancing wanViacheslav Hletenko
Create 2 network namespaces which allow us to emulate 2 ISP with different static addresses Check routing table 201 for the first ISP and table 202 for the second ISP. Each table must contain default route (cherry picked from commit 6b75cbb0575ca95806e969f5d7f219c0cbeea334)
2022-06-02Merge pull request #1345 from sever-sever/T4222Christian Poessinger
sla: T4222: Add OWAMP and TWAMP for service sla
2022-06-02sla: T4222: Add OWAMP and TWAMP for service slaViacheslav Hletenko
OWAMP is a command line client application and a policy daemon used to determine one way latencies between hosts. OWAMP session control uses traditional client-server communication between a control-client and a server, TWAMP (two-way active measurement protocol) Add configuration and operation modes set service sla owamp-server set service sla twamp-server run force owping 192.0.2.120 run force twping 192.0.2.190
2022-05-31Merge pull request #1344 from sarthurdev/pki_updateChristian Poessinger
pki: T3642: Update conf scripts using changed PKI objects
2022-05-31pki: T3642: Update conf scripts using changed PKI objectssarthurdev