summaryrefslogtreecommitdiff
path: root/interface-definitions/include
AgeCommit message (Collapse)Author
2022-05-28firewall: T970: Add firewall group domain-groupViacheslav Hletenko
Domain group allows to filter addresses by domain main Resolved addresses as elements are stored to named "nft set" that used in the nftables rules Also added a dynamic "resolver" systemd daemon vyos-domain-group-resolve.service which starts python script for the domain-group addresses resolving by timeout 300 sec set firewall group domain-group DOMAINS address 'example.com' set firewall group domain-group DOMAINS address 'example.org' set firewall name FOO rule 10 action 'drop' set firewall name FOO rule 10 source group domain-group 'DOMAINS' set interfaces ethernet eth0 firewall local name 'FOO' nft list table ip filter table ip filter { set DOMAINS { type ipv4_addr flags interval elements = { 192.0.2.1, 192.0.2.85, 203.0.113.55, 203.0.113.58 } } chain NAME_FOO { ip saddr @DOMAINS counter packets 0 bytes 0 drop comment "FOO-10" counter packets 0 bytes 0 return comment "FOO default-action accept" } }
2022-05-16Merge pull request #1290 from sever-sever/T4373Christian Poessinger
ppppoe-server: T4373: Add option multiplier for correct shaping
2022-05-16pppoe-server: T4373: Add option multiplier for correct shapingViacheslav Hletenko
Multiplier option is required by some vendors for correct shaping For RADIUS based rate-limits edit service pppoe-server set authentication radius rate-limit multiplier '0.001'
2022-05-09Merge pull request #1279 from nicolas-fort/T990Christian Poessinger
Firewall: T990: Add snat and dnat connection status on firewall
2022-05-06ocserv: T4231: XML OTP support must not be added globally - only for openconnectChristian Poessinger
2022-05-05policy: T4414: add support for route-map "as-path prepend last-as x"Christian Poessinger
2022-04-29xml: T4047: use full string match in the regex validatorChristian Poessinger
2022-04-28arp: T4397: bump component version numberChristian Poessinger
2022-04-23Firewall: T990: Modifications for new connection-status cliNicolas Fort
2022-04-21pppoe: T4384: replace default-route CLI option with common CLI nodes already ↵Christian Poessinger
present for DHCP VyOS 1.4 still leverages PPPd internals on the CLI. pppd supports three options for a default route, none, auto, force. * none: No default route is installed on interface up * auto: Default route is only installed if there is yet no default route * force: overwrite any default route There are several drawbacks in this design for VyOS and the users. If auto is specified, this only counted for static default routes - but what about dynamic ones? Same for force, only a static default route got replaced but dynamic ones did not got taken into account. The CLI is changed and we now re-use already existing nodes from the DHCP interface configuration: * no-default-route: On link up no default route is installed, same as the previous default-route none * default-route-distance: We can now specify the distance of this route for the routing table on the system. This defaults to 210 as we have for DHCP interfaces. All this will be migrated using a CLI migration script.
2022-04-21xml: T4385: provide building blocks for default route configurationChristian Poessinger
2022-04-18vxlan: geneve: T4370: support configuration of DF bit optionChristian Poessinger
set interfaces vxlan vxlan0 parameters ip df <set|unset|inherit> set interfaces geneve gnv0 parameters ip df <set|unset|inherit>
2022-04-18bgp: xml: update as-override help stringChristian Poessinger
2022-04-16xml: include: improve don't fragment helpChristian Poessinger
2022-04-11Firewall: T990: Add snat and dst connection status on firewallNicolas Fort
2022-04-10ocserv: T4231: increment config version 1 -> 2Christian Poessinger
2022-04-09Merge pull request #1242 from goodNETnick/ocserv_local_otpChristian Poessinger
ocserv: T4231: Added OTP support for Openconnect 2FA
2022-04-09ocserv: T4231: Added OTP support for Openconnect 2FAgoodNETnick
2022-04-08Firewall: T990: Add snat and dnat connection status on firewallNicolas Fort
2022-04-07ipv6: T4346: delete (migrate) CLI command to disable IPv6 address familyChristian Poessinger
2022-04-07qos: T4284: rename "traffic-policy" node to "qos policy"Christian Poessinger
"set traffic-policy" now becomes "set qos policy" "set interface ethernet eth0 traffic-policy" now bvecomes "set qos interface eth0"
2022-04-07qos: T4284: support mirror and redirect on vlan subinterfacesChristian Poessinger
2022-04-06firewall: T4345: Fix incorrect rule limit rate syntaxsarthurdev
2022-04-04Merge pull request #1267 from sever-sever/T2580Christian Poessinger
ipoe: T2580: Add pools and gateway options
2022-04-04ipoe: T2580: Add pools and gateway optionsViacheslav Hletenko
Add new feature to allow to use named pools Can be used also with Radius attribute 'Framed-Pool' set service ipoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1' set service ipoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
2022-04-03isis: T3156: add segment routing local-block for ISISChristian Poessinger
2022-04-03xml: isis: T3236: create common high-low label value include blockChristian Poessinger
2022-04-03isis: T4336: add support for MD5 authentication password on a circuitChristian Poessinger
2022-03-31bgp: T4326: Add bgp parameter no-suppress-duplicatesViacheslav Hletenko
Add new bgp parameter 'no-suppress-duplicates' set protocols bgp parameters no-suppress-duplicates
2022-03-31Merge branch 'vyos:current' into ocserv_local_otpgoodNETnick
2022-03-25xml: T4319: use common building block for table-size CLI optionChristian Poessinger
2022-03-24ipsec: T4288: bump config version 8 -> 9Christian Poessinger
2022-03-21qos: T4284: initial XML interface definitions for rewriteChristian Poessinger
2022-03-17OSPF : T4304: Set import/export filter inter-area prefixfett0
2022-03-16ocserv: T4231: Added OTP support for Openconnect 2FAgoodNETnick
2022-03-07ipsec prefix: T4275: Fix for prefix val_help of remote-access and s2s vpnsrividya0208
It accepts network as the input value but the completion help is showing ip address, continuation of previous commit
2022-03-03static: T4283: support "reject" routes - emit an ICMP unreachable when matchedChristian Poessinger
2022-03-03static: T4283: create re-usable XML interface definitions for blackholeChristian Poessinger
2022-03-03static: T4283: fix help string for route/route6Christian Poessinger
2022-02-25nat: T1083: use defaultValue from XML when handling translationsChristian Poessinger
2022-02-25vpn: ipsec: T3093: add missing defaultValue entriesChristian Poessinger
2022-02-24scripts: T4269: node.def generator should automatically add default valuesChristian Poessinger
Since introducing the XML <defaultValue> node it was common, but redundant, practice to also add a help string indicating which value would be used as default if the node is unset. This makes no sense b/c it's duplicated code/value/characters and prone to error. The node.def scripts should be extended to automatically render the appropriate default value into the CLI help string. For e.g. SSH the current PoC renders: $ cat templates-cfg/service/ssh/port/node.def multi: type: txt help: Port for SSH service (default: 22) val_help: u32:1-65535; Numeric IP port ... Not all subsystems are already migrated to get_config_dict() and make use of the defaults() call - those subsystems need to be migrated, first before the new default is added to the CLI help.
2022-02-20vxlan: T4120: rename tunnel-remotes.xml.i -> tunnel-remote-multi.xml.iChristian Poessinger
2022-02-20vxlan: T4120: add ability to set multiple remotes (PR #1127)Andreas
VXLAN does support using multiple remotes but VyOS does not. Add the ability to set multiple remotes and add their flood lists using "bridge" command.
2022-02-20static: T4203: obey interface dhcp default route distanceChristian Poessinger
Commit 05aa22dc ("protocols: static: T3680: do not delete DHCP received routes") added a bug whenever a static route is modified - the DHCP interface will always end up with metric 210 - if there was a default route over a DHCP interface.
2022-02-16xml: T3474: add component version include filesJohn Estabrook
Add the include files containing the syntaxVersion element defining the version of the respective component; these files are included by the top level file 'xml-component-versions.xml.in'. Processing of these elements was previously added to the python xml lib in commit 40f5359d. This will replace the use of 'curver_DATA' in vyatta-cfg-system and other legacy packages.
2022-02-07xml: ssh: T4233: sync regex for allow/deny usernames to "system login"Christian Poessinger
2022-02-04firewall: T4209: Fix support for rule `recent` matchessarthurdev
2022-01-30policy: T4219: add local-route(6) incoming-interfaceHenning Surmeier
2022-01-25nat: T4138: Add port-range validation for NATViacheslav Hletenko
Add port-validators for NAT rules that prevent to set incorrect port-ranges (21-5) and incorrect ports (70000)