Age | Commit message (Collapse) | Author |
|
The following command expects to join source-specific multicast group 239.1.2.3
on interface eth0, where the source address is 192.0.2.1.
set protocols igmp interface eth0 join 239.1.2.3 source 192.0.2.1
This command should generate FRR config:
interface eth0
ip igmp
ip igmp join 239.1.2.3 192.0.2.1
exit
However, there is a bug in the Jinja template where `if ifaces[iface].gr_join[group]`
is mostly evaluated as `false` because `iface` is a loop variable from another loop.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
wifi: T5491: allow white-/blacklisting station MAC addresses for security
|
|
Ability to configure host-name for zabbix-agent
set service monitoring zabbix-agent host-name 'r-vyos'
|
|
Station MAC address-based authentication means:
* 'allow' accept all clients except the one on the deny list
* 'deny' accept only clients listed on the accept list
New CLI commands:
* set interfaces wireless wlan0 security station-address mode <accept|deny>
* set interfaces wireless wlan0 security station-address accept mac <mac>
* set interfaces wireless wlan0 security station-address deny mac <mac>
|
|
This fixes a CLI typo added in commit 77ef9f800 ("T5466: L3VPN label allocation
mode").
|
|
This reverts commit 9afcea251bdc895ffd49cb11f455fd636fdf817b
A DHCP relese must also be originated from the VRF where the dhclient program is
running, else the RELEASE message can not be send through the interface towards
the DHCP server.
The reason it did not work in the past was because of https://vyos.dev/T5476
|
|
|
|
|
|
The condition is useless since OpenVPN simply switches to ECDH in all modes
when the classic DH prime is not specified
|
|
firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip.
|
|
that contains fqnd and/or geo-ip in base chains. Fix mig script
|
|
|
|
scripts and src firewall
|
|
T5448: Add service zabbix-agent
|
|
|
|
Add service zabbix-agent
set service zabbix-agent directory '/config/zabbix/'
set service zabbix-agent limits buffer-flush-interval '8'
set service zabbix-agent limits buffer-size '120'
set service zabbix-agent log debug-level 'warning'
set service zabbix-agent log size '1'
set service zabbix-agent server '192.0.2.5'
set service zabbix-agent server-active 192.0.2.5 port '10051'
set service zabbix-agent server-active 2001:db8::123
|
|
Otherwise packet can be received in a VRF that was already deleted.
Image of the following CLI commands:
del interface ethernet eth0 address dhcp
del interface ethernet eth0 vrf red
del vrf name red
VRF could be deleted even if dhclient release was not yet completely
processed.
|
|
order to avoid empty value and problems when removing such parameters
|
|
set service dns dynamic timeout <60-3600>
|
|
|
|
|
|
vyos@vyos# run show vrf MGMT processes
2282 sshd
There is no dhclient process running in given VRF. dhclient complains it can
not send out packets via the given interface (as it's not bound to that VRF)
Aug 02 20:29:54 dhclient[1686]: send_packet: Network is unreachable
Aug 02 20:29:54 dhclient[1686]: send_packet: please consult README file regarding broadcast address.
Aug 02 20:29:54 dhclient[1686]: dhclient.c:3001: Failed to send 300 byte long packet over fallback interface.
|
|
|
|
|
|
When no-release is specified, dhcp6c client will not release allocated address or prefix on client exit.
vyos.ifconfig: dhcpv6: T5387: re-use options_file for no release flag [WIP]
* Todo: render Jinja2 template and fill it
vyos.ifconfig: dhcpv6: T5387: finish options_file and no release flag in cli
vyos.ifconfig: dhcpv6: T5387: fix missing/wrong end tag
vyos.ifconfig: dhcpv6: T5387: fix options, no var for -n
dhcpv6-client: T5387: fix missing / from filepaths
|
|
T5368: service ids ddos-protection add support sflow mode
|
|
inetfaces
Keep a common CLI structure by re-using the already established offload
node from ethernet.
|
|
T5154: NTP: allow maximum of one ipv4 and one ipv6 address on paramet…
|
|
<listen-address>. Also allow only one single value <interface>.
|
|
T4974:add/fixed enable ovpn-dco by default
|
|
|
|
|
|
sFlow mode requires fewer resources then mode "mirror"
Integrate it into configuration mode
set service ids ddos-protection mode 'sflow'
set service ids ddos-protection sflow listen-address '127.0.0.1'
set service ids ddos-protection sflow port '6343'
|
|
New CLI commands:
* set protocols ospf graceful-restart grace-period 300
* set protocols ospf graceful-restart helper planned-only
* set protocols ospf graceful-restart helper no-strict-lsa-checking
* set protocols ospf graceful-restart helper supported-grace-time 400
* set protocols ospf graceful-restart helper enable router-id 192.0.2.1
* set protocols ospf graceful-restart helper enable router-id 192.0.2.2
* set protocols ospfv3 graceful-restart grace-period 300
* set protocols ospfv3 graceful-restart helper planned-only
* set protocols ospfv3 graceful-restart helper lsa-check-disable
* set protocols ospfv3 graceful-restart helper supported-grace-time 400
* set protocols ospfv3 graceful-restart helper enable router-id 192.0.2.1
* set protocols ospfv3 graceful-restart helper enable router-id 192.0.2.2
|
|
Fix template do not add interfaces with 'disable' option to the
lldp.conf
|
|
Fixed setting vrrp version
|
|
There was no /var/log/messages handler for logrotate making rsyslog
crash after a few days.
In addition we had some JIna2 templating errors for hosts, user and file
CLI nodes
jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'facility'
Looks like therey are used rarely ;) - lucky me!
|
|
|
|
bgp: T5338: Added 'protocols bgp interface <int> mpls forwarding' feature
|
|
Added 'protocols bgp interface <int> mpls forwarding' feature.
It is possible to permit BGP install VPN prefixes without transport labels.
This configuration will install VPN prefixes originated from an e-bgp session,
and with the next-hop directly connected.
|
|
Migrate:
high-availability virtual-server 203.0.113.1
to: high-availability virtual-server <name> address 203.0.113.1
|
|
- changed memory requirement from total to available. This allows to start on
systems with less total memory and protects from startup on systems with
overloaded memory.
- prevent startup if sysctl settings were not applied. This protects from
situations when the system cannot allocate enough hugepages or apply other
sysctl settings.
|
|
T5333: Set prefix UD for PBR generated user-defined chain names
|