Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-02-20 | ipsec: T3948: Add CLI site-to-site peer connection-type none | Viacheslav Hletenko | |
set vpn ipsec site-to-site peer 192.0.2.14 connection-type none | |||
2022-02-20 | Merge branch 't4203-dhcp' into current | Christian Poessinger | |
* t4203-dhcp: smoketest: dhcp: T4203: move testcase to base class static: T4203: obey interface dhcp default route distance interface: T4203: prevent DHCP client restart if not necessary | |||
2022-02-20 | Merge pull request #1226 from sever-sever/T4254 | Christian Poessinger | |
vpn: T4254: Add cisco_flexvpn and install_virtual_ip_on options | |||
2022-02-20 | static: T4203: obey interface dhcp default route distance | Christian Poessinger | |
Commit 05aa22dc ("protocols: static: T3680: do not delete DHCP received routes") added a bug whenever a static route is modified - the DHCP interface will always end up with metric 210 - if there was a default route over a DHCP interface. | |||
2022-02-19 | vpn: T4254: Add cisco_flexvpn and install_virtual_ip_on options | Viacheslav Hletenko | |
Ability to set Cisco FlexVPN vendor ID payload: charon.cisco_flexvpn charon.install_virtual_ip_on swanctl.connections.<conn>.vips = x.x.x.x, z.z.z.z set vpn ipsec options flexvpn set vpn ipsec options virtual-ip set vpn ipsec options interface tunX set vpn ipsec site-to-site peer x.x.x.x virtual-address x.x.x.x | |||
2022-02-18 | DHCP : T4258: Set correct port for dhcp-failover | fett0 | |
2022-02-09 | openvpn: T3686: Fix for check local-address in script and tmpl | Viacheslav Hletenko | |
Local-address should be checked/executed only if it exists in the openvpn configuration, dictionary, jinja2 template | |||
2022-02-08 | Merge pull request #1208 from sever-sever/T3600 | Christian Poessinger | |
dhcp: T3600: Fix DHCP static table dhcp-interface route | |||
2022-02-08 | monitoring: T3872: Add input filter for firewall InfluxDB2 | Viacheslav Hletenko | |
Input filter for firewall allows to get bytes/counters from nftables in format, required for InfluxDB2 | |||
2022-02-07 | dhcp: T3600: Fix DHCP static table dhcp-interface route | Viacheslav Hletenko | |
Static table dhcp-interface route required table in template Without table this route will be placed to table 'main' by default | |||
2022-02-05 | Merge pull request #1200 from sever-sever/T3872 | Christian Poessinger | |
monitoring: T3872: Fix template input plugin for running services | |||
2022-02-04 | firewall: T4209: Fix support for rule `recent` matches | sarthurdev | |
2022-02-02 | monitoring: T3872: Fix template input plugin for running services | Viacheslav Hletenko | |
Add required capability for input scripts which collect statistics of running services | |||
2022-01-29 | firewall: T4218: Adds a prefix to all user defined chains | sarthurdev | |
2022-01-30 | Merge pull request #789 from jack9603301/T3420 | Daniil Baturin | |
upnpd: T3420: Support UPNP protocol | |||
2022-01-25 | monitoring: T3872: Delete iptables input plugin as we use nft | Viacheslav | |
Telegraf inputs iptables plugin incompatible with nftables As it tries to get statistics from "iptables -L -n -v" which doesnt display required data in 1.4 as we don't use iptables anymore | |||
2022-01-25 | sshd: T4205: Hide extra version suffix "Debian" | Viacheslav Hletenko | |
Disable distribution-specified extra version suffix is included during initial protocol handshake SSH-2.0-OpenSSH_8.4p1 Debian-5 => SSH-2.0-OpenSSH_8.4p1 | |||
2022-01-21 | Merge pull request #1180 from goodNETnick/dhcp-client-prefix | Christian Poessinger | |
DHCP: T4196: fix client-prefix-length parameter | |||
2022-01-20 | DHCP: T4196: fix client-prefix-length parameter | goodNETnick | |
2022-01-20 | firewall: T2199: Add log prefix to match legacy perl behaviour | sarthurdev | |
Example syslog: [FWNAME-default-D] ... * Also clean-up firewall default-action | |||
2022-01-19 | Merge pull request #1177 from sarthurdev/mac_groups | Christian Poessinger | |
firewall: T3560: Add support for MAC address groups | |||
2022-01-19 | OSPF : T4195: ability to set maximum paths for OSPF | fett0 | |
2022-01-18 | firewall: T3560: Add support for MAC address groups | sarthurdev | |
2022-01-18 | firewall: T4188: Create default conntrack `FW_CONNTRACK` chain | sarthurdev | |
This chain was missing from the XML/Python rewrite thus all traffic fell through to the `notrack` rule. | |||
2022-01-17 | Merge pull request #1174 from sarthurdev/firewall | Christian Poessinger | |
firewall: T4178: T3873: tcp flags syntax refactor, intra-zone-filtering fix | |||
2022-01-17 | zone-policy: T3873: Fix intra-zone-filtering return to zone default-action | sarthurdev | |
2022-01-15 | ntp: T4184: Fix allow-clients address | Viacheslav | |
NTP-server with option "allow-clients address x.x.x.x" should accept requests only from clients addresses which declared in configuration if this option exists Add "restrict default ignore" to fix it, in another case it responce to any address | |||
2022-01-13 | monitoring: T3872: Add just required interfaces for ethtool | Viacheslav | |
Telegraf ethtool input filter expected ethX interfaces and not other interfaces like vlans/tunnels/dummy Add "interface_include" option to telegraf template. | |||
2022-01-11 | policy: T2199: Refactor policy route script for better error handling | sarthurdev | |
* Migrates all policy route references from `ipv6-route` to `route6` * Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6` | |||
2022-01-11 | firewall: policy: T4159: T4164: Fix empty firewall groups, create separate ↵ | sarthurdev | |
file for group definitions. | |||
2022-01-11 | policy: T4170: rename "policy ipv6-route" -> "policy route6" | Christian Poessinger | |
In order to have a consistent looking CLI we should rename this CLI node. There is: * access-list and access-list6 (policy) * prefix-list and prefix-list6 (policy) * route and route6 (static routes) | |||
2022-01-10 | conntrack: T3579: prepare for "conntrack timeout custom rule" CLI commands | Christian Poessinger | |
2022-01-10 | conntrack: T3579: use "notrack" over "return" in nft statements | Christian Poessinger | |
2022-01-10 | conntrack: T3579: migrate "conntrack ignore" tree to vyos-1x and nftables | Christian Poessinger | |
2022-01-09 | Merge pull request #1143 from sever-sever/T1972 | Christian Poessinger | |
vrrp: T1972: Ability to set IP address on not vrrp interface | |||
2022-01-09 | Merge pull request #1142 from sever-sever/T4150 | Christian Poessinger | |
keepalived: T4150: Fix template option conntrack_sync_group | |||
2022-01-09 | nhrp: T4152: Fix template holding-time for nhrp | Viacheslav | |
Add missed 'holding-time' option for shortcut-target address | |||
2022-01-09 | vrrp: T1972: Ability to set IP address on not vrrp interface | Viacheslav | |
Ability to set virtual_address on not vrrp-listen interface Add ability don't track primary vrrp interface "exclude-vrrp-interface" Add ability to set tracking (state UP/Down) on desired interfaces For example eth0 is used for vrrp and we want to track another eth1 interface that not belong to any vrrp-group | |||
2022-01-08 | keepalived: T4150: Fix template option conntrack_sync_group | Viacheslav | |
conntrack_sync_group option not under 'vrrp' section but part of high-avalability dictionary | |||
2022-01-06 | https: T4146: do not listen on port 80 | John Estabrook | |
2022-01-06 | vrrp: T4141: bugfix missing {% if %} clause when adding sync-groups | Christian Poessinger | |
2022-01-05 | keepalived: T4109: Update configd-include.json to reflect filename change | sarthurdev | |
2022-01-05 | Merge pull request #1134 from sarthurdev/firewall | Christian Poessinger | |
firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and zone-policy | |||
2022-01-05 | firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and ↵ | sarthurdev | |
zone-policy | |||
2022-01-04 | Merge pull request #1121 from sever-sever/T4109 | Christian Poessinger | |
keepalived: T4109: Add high-availability virtual-server | |||
2022-01-04 | keepalived: T4109: Add high-availability virtual-server | Viacheslav | |
Add new feature, high-availability virtual-server Change XML, python and templates Move vrrp to root node 'high-availability' as all logic are handler by root node 'high-availability' | |||
2022-01-04 | Merge pull request #1130 from sarthurdev/firewall | Christian Poessinger | |
firewall: T4130: Fix firewall state-policy errors | |||
2022-01-04 | firewall: T4130: Fix firewall state-policy errors | sarthurdev | |
Also fixes: * Issue with multiple state-policy rules being created on firewall updates * Prevents interface rules being inserted before state-policy | |||
2022-01-03 | Merge pull request #1018 from sever-sever/T3872 | Christian Poessinger | |
monitoring: T3872: Add a new feature service monitoring | |||
2022-01-03 | monitoring: T3872: Add a new feature service monitoring telegraf | Viacheslav | |