| Age | Commit message (Collapse) | Author |
|---|
|
Add port-validators for NAT rules that prevent to set incorrect
port-ranges (21-5) and incorrect ports (70000)
|
|
for icmp
|
|
|
|
|
|
firewall: T3560: Add support for MAC address groups
|
|
|
|
|
|
* Add support for ECN and CWR flags
|
|
|
|
* Migrates all policy route references from `ipv6-route` to `route6`
* Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6`
|
|
firewall: validators: T4148: Improve validators and firewall validator usage
|
|
|
|
|
|
|
|
|
|
|
|
|
|
listen-address: T4110: Ability to set IPv6 link-local addresses
|
|
Some services allows to set link-local IPv6 addresses as
listen-address. Allow it and add a validator 'ipv6-link-local'
and extend listen-address.xml.i to this validator
|
|
* 'firewall' of https://github.com/sarthurdev/vyos-1x:
zone_policy: T3873: Implement intra-zone-filtering
policy: T2199: Migrate policy route op-mode to XML/Python
policy: T2199: Migrate policy route to XML/Python
zone-policy: T2199: Migrate zone-policy op-mode to XML/Python
zone-policy: T2199: Migrate zone-policy to XML/Python
firewall: T2199: Migrate firewall op-mode to XML/Python
firewall: T2199: Migrate firewall to XML/Python
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The BGP conditional advertisement feature uses the non-exist-map or the
exist-map and the advertise-map keywords of the neighbor advertise-map command
in order to track routes by the route prefix.
non-exist-map
=============
* If a route prefix is not present in the output of non-exist-map command, then
advertise the route specified by the advertise-map command.
* If a route prefix is present in the output of non-exist-map command, then do
not advertise the route specified by the addvertise-map command.
exist-map
=========
* If a route prefix is present in the output of exist-map command, then
advertise the route specified by the advertise-map command.
* If a route prefix is not present in the output of exist-map command, then do
not advertise the route specified by the advertise-map command.
This feature is useful when some prefixes are advertised to one of its peers
only if the information from the other peer is not present (due to failure in
peering session or partial reachability etc).
The conditional BGP announcements are sent in addition to the normal
announcements that a BGP router sends to its peer.
CLI nodes can be found under:
* set protocols bgp neighbor <ip> address-family <afi> conditional-advertisement
* set protocols bgp peer-group <p> address-family <afi> conditional-advertisement
|
|
|
|
This command is applicable at the global level and at an individual bgp level.
If applied at the global level all bgp instances will wait for fib installation
before announcing routes and there is no way to turn it off for a particular
BGP vrf.
|
|
Administrative shutdown of all peers of a bgp instance. Drop all BGP peers,
but preserve their configurations. The peers are notified in accordance with
RFC 8203 by sending a NOTIFICATION message with error code Cease and subcode
Administrative Shutdown prior to terminating connections.
This global shutdown is independent of the neighbor shutdown, meaning that
individually shut down peers will not be affected by lifting it.
|
|
This command enables rejection of incoming and outgoing routes having AS_SET
or AS_CONFED_SET type.
|
|
This command allows user to prevent session establishment with BGP peers with
lower holdtime less than configured minimum holdtime.
When this command is not set, minimum holdtime does not work.
|
|
Whenever BGP peer address becomes unreachable we must bring down the BGP
session immediately. Currently only single-hop EBGP sessions are brought down
immediately. IBGP and multi-hop EBGP sessions wait for hold-timer expiry to
bring down the sessions.
This new configuration option helps user to teardown BGP sessions immediately
whenever peer becomes unreachable.
This configuration is available at the bgp level. When enabled, configuration
is applied to all the neighbors configured in that bgp instance.
|
|
Set the period to rerun the conditional advertisement scanner process.
The default is 60 seconds.
|
|
|
|
|
|
|
|
|
|
T562: Config syntax for defining DNS forward authoritative zones
|
|
|
|
|
|
this in CLI"
This reverts commit 49047b88c9bac0b2e007ccce7ac7d42e82ee0a2b.
> Echo mode is only available for single hop sessions
|
|
|
|
|
|
|
|
netns: T3829: Ability to configure network namespaces
|
|
|
|
|
|
Mark session as passive: a passive session will not attempt to start the
connection and will wait for control packets from peer before it begins
replying.
This feature is useful when you have a router that acts as the central node of
a star network and you want to avoid sending BFD control packets you don't
need to. The default is active-mode
|
|
|
