summaryrefslogtreecommitdiff
path: root/data/templates
AgeCommit message (Collapse)Author
2022-09-14Merge pull request #1537 from sarthurdev/nhrp_nftablesChristian Poessinger
nhrp: T2199: Use separate table in nftables for NHRP rules
2022-09-14nhrp: T2199: Use separate table in nftables for NHRP rulessarthurdev
2022-09-14Merge pull request #1534 from sarthurdev/firewall_interfacesChristian Poessinger
firewall: zone-policy: T2199: T4605: Refactor firewall, migrate zone-policy
2022-09-13isis: T4693: Fix ISIS segment routing configurationsCheeze_It
This change is to fix a bug in which ISIS segment routing was broken due to a refactor. This change also is going to introduce a smoketest to make sure this is caught in the future.
2022-09-13zone-policy: T2199: Migrate zone-policy to firewall nodesarthurdev
2022-09-13firewall: T4605: Rename filter tables to vyos_filtersarthurdev
2022-09-13firewall: T2199: Move initial firewall tables to datasarthurdev
2022-09-13firewall: T2199: Refactor firewall + zone-policy, move interfaces under ↵sarthurdev
firewall node * Refactor firewall and zone-policy rule creation and cleanup * Migrate interface firewall values to `firewall interfaces <name> <direction> name/ipv6-name <name>` * Remove `firewall-interface.py` conf script
2022-09-12telegraf: T4617: add Restart=always to systemd unitChristian Poessinger
2022-09-11T4665: Keepalived: Fix interface namesSander Klein
When applying the same VRID for IPv4 and IPv6 with RFC3768 compatibility enabled, the IPv6 interfaces came back with the wrong name. For example: Name Interface VRID State Priority Last Transition ------ ----------- ------ ------- ---------- ----------------- v4-10 eth1v10 10 MASTER 100 21s v6-10 vrrpv10 10 MASTER 100 21s Because of this, the IPv6 interface didn't show up in `show int`. This change suffixes the interface with the IP version so `show int` works again. Name Interface VRID State Priority Last Transition ------ ----------- ------ ------- ---------- ----------------- v4-10 eth1v10v4 10 MASTER 100 21s v6-10 eth1v10v6 10 MASTER 100 21s vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- [....] eth1v10v4 192.168.10.60/24 u/u eth1v10v6 2001:ffff::1/64 u/u [....]
2022-09-06radius: T4672: Fix RADIUS server disable template logicBenjamin M. Hughes
2022-09-01Merge pull request #1466 from sever-sever/T538Christian Poessinger
nat: T538: Add static NAT one-to-one
2022-09-01policy-route: T4655: Remove default_action from templateViacheslav Hletenko
Remove `default_action` from template "nftables-policy" as XML policy route does not use it Set default action 'accept' for policy route, as default action 'drop' must be used only for firewall and not related to the policy route
2022-08-31nat: T538: Move nat configs to /run directoryViacheslav Hletenko
2022-08-26Merge pull request #1482 from sever-sever/T4631Christian Poessinger
nat66: T4631: Add port and protocol to nat66 conf
2022-08-25telegraf: T4617: add VRF supportChristian Poessinger
2022-08-22BGP: T4634: Allow configuration of disable-connected-checkSander Klein
2022-08-20nat66: T4631: Add port and protocol to nat66Viacheslav Hletenko
Ability to configure src/dst/translation port and protocol for SNAT and DNAT IPv6
2022-08-19UPnP: T4611: Rule must be as prefix instead of an addressViacheslav Hletenko
From the doc miniupnpd IP/mask format must be nnn.nnn.nnn.nnn/nn Comment out invalid option "anchor"
2022-08-17nat: T538: Add static NAT one-to-oneViacheslav Hletenko
Ability to set static NAT (one-to-one) in one rule set nat static rule 10 destination address '203.0.113.0/24' set nat static rule 10 inbound-interface 'eth0' set nat static rule 10 translation address '192.0.2.0/24' It will be enough for PREROUTING and POSTROUTING rules Use a separate table 'vyos_static_nat' as SRC/DST rules and STATIC rules can have the same rule number
2022-08-16UPnP: T4620: Fix Jinja2 template rulesViacheslav Hletenko
2022-08-15ocserv: openconnect: T4614: add support for split-dnsChristian Poessinger
set vpn openconnect network-settings split-dns <domain>
2022-08-15ocserv: T4333: migrate to new vyos_defined Jinja2 testChristian Poessinger
2022-08-10dmvpn: T4595: Fix dpd profile optionsViacheslav Hletenko
Fix template for configuration DMVPN IKE profile dead-peer-detection delay and dead-peer-detecion timeout options
2022-08-05nat66: T4598: Add exclude options in nat66Nicolas Fort
2022-08-04Merge https://github.com/Cheeze-It/vyos-1x into currentChristian Poessinger
* https://github.com/Cheeze-It/vyos-1x: bgp: T4257: Changing BGP "local-as" to "system-as"
2022-08-04macsec: T4537: macsec_csindex can be set even without encryptionChristian Poessinger
2022-08-04Merge pull request #1457 from sever-sever/T4586Christian Poessinger
nat66: T4586: Add SNAT destination prefix and DNAT address
2022-08-03Merge pull request #1369 from nicolas-fort/T4480Daniil Baturin
T4480: webproxy: Add safe-ports and ssl-safe-ports for acl squid config
2022-08-03nat66: T4586: Add SNAT destination prefix and DNAT addressViacheslav Hletenko
Ability to configure SNAT destination prefix and DNAT source address Add option "!" - not address/prefix for NAT66
2022-08-02macsec: T4537: add mussing macsec_csindex option to support GCM-AES-256Christian Poessinger
2022-07-30bgp: T4257: Changing BGP "local-as" to "system-as"Cheeze_It
bgp: T4257: Changing BGP "local-as" to "system-as" This change is to change the global BGP name for the node "local-as" to "system-as" This is needed so that there's less ambiguity with the local-as feature per neighbor. bgp: T4257: Changing BGP "local-as" to "system-as" bgp: T4257: Changing BGP "local-as" to "system-as" This change is to change the global BGP name for the node "local-as" to "system-as" This is needed so that there's less ambiguity with the local-as feature per neighbor.
2022-07-25fastnetmon: T4556: Allow configure white_list_path and populate with ↵Adrian Almenar
hosts/networks that should be ignored.
2022-07-22ssh: T3212: do not load systemd EnvironmentFileChristian Poessinger
2022-07-22Merge pull request #1421 from vfreex/radvd-prefix-specific-optionsChristian Poessinger
T4550: router-advert: Add deprecate-prefix & decrement-lifetimes options
2022-07-21fastnetmon: T4555: add IPv6 supportChristian Poessinger
2022-07-21T4550: router-advert: Add deprecate-prefix & decrement-lifetimes optionsYuxiang Zhu
DeprecatePrefix and DecrementLifetimes options in radvd is useful in a DHCPv6-PD environment to accommodate prefix changes from ISP's delegating router. Though there is currently no integration between the DHCP PD client (wide-dhcpv6-client) and radvd, it could be a good start point to have the 2 options configurable by the user. https://phabricator.vyos.net/T4550 - deprecate-prefix: Upon shutdown, deprecate the prefix. This is useful in a DHCPv6 PD environment: When ISP re-assigns a new prefix, deprecate the old prefix that was advertised. - decrement-lifetimes: Decrement the values of the preferred and valid lifetimes for the prefix over time. This is also useful in a DHCPv6 PD environment to keep the advertised prefix's lifetimes in sync with the prefix from delegating router.
2022-07-21fastnetmon: T4553: Allow to configure ban_time instead of 1900s default valueAdrian Almenar
2022-07-20T4480:webproxy: Add safe-ports and ssl-safe-ports for acel squid config -- ↵Nicolas Fort
Fix conflicts
2022-07-15netflow: T4532: replace dot and colons to dashViacheslav Hletenko
Fix for IPv6 netflow_plugin name When we use IPv6 uacctd.conf doesnt expect coluns in the plugin name. Replace dots and colons to dash.
2022-07-07monitoring: T4411: Migrate influxdb options to influxdb nodeViacheslav Hletenko
As we have specific configuration for each plugin: set service monitoring telegraf xxx - azure-data-explorer - prometheus-client - splunk We should to move configuration that related to influxdb under influxdb node Replace: set service monitoring telegraf - authentication xxx - bucket xxx - port xxx - url To: set service monitoring telegraf influxdb xxx
2022-07-07syslog: T4500: Remove max-size from rsyslog leaving rotation to logrotatesarthurdev
After discussion with @zsdc this was decided the better long term fix * Removes hourly logrotate cron in favour of systemd timer override
2022-07-05zone-policy: T4512: Add support for `enable-default-log`sarthurdev
2022-07-05Merge pull request #1389 from sever-sever/T4509Christian Poessinger
dns: T4509: Add dns64-prefix option
2022-07-05dns: T4509: Add dns64-prefix optionViacheslav Hletenko
rfc6147: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers set service dns forwarding dns64-prefix 2001:db8:aabb::/96
2022-07-04ntp: T4456: support listening on specified interfaceChristian Poessinger
When clients only use DHCP for interface addressing we can not bind NTPd to an address - as it will fail if the address changes. This commit adds support to bind ntpd to a given interface in addition to a given address. set system ntp interface <name>
2022-07-02ipoe: T4507: Add option rate-limit for RADIUS authenticationViacheslav Hletenko
Add rate-limit options: attribute, muptiplier and vendor set service ipoe-server auth radius rate-limit attribute 'Mikrotik-Rate-Limit' set service ipoe-server auth radius rate-limit enable set service ipoe-server auth radius rate-limit multiplier '0.001' set service ipoe-server auth radius rate-limit vendor 'Miktorik'
2022-06-29router-advert: T4477: support RDNSS lifetime optionChristian Poessinger
set service router-advert interface eth0 name-server-lifetime <value>
2022-06-25dhcp: pppoe: T4384: bugfix not honoring no-default-route CLI optionChristian Poessinger
Commit a2ab95ff68b ("pppoe: T4384: replace default-route CLI option with common CLI nodes already present for DHCP") had an issue as the PPPoE interface options and also DHCP interface options did not honor the no-default-route option. This has been fixed.
2022-06-14firewall: T970: Use set prefix to domain groupssarthurdev