Age | Commit message (Collapse) | Author |
|
<name> interface <ifname>`
* Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup
* T4605: Rename mangle table to vyos_mangle
|
|
firewall node
* Refactor firewall and zone-policy rule creation and cleanup
* Migrate interface firewall values to `firewall interfaces <name> <direction> name/ipv6-name <name>`
* Remove `firewall-interface.py` conf script
|
|
|
|
"set traffic-policy" now becomes "set qos policy"
"set interface ethernet eth0 traffic-policy" now bvecomes "set qos interface eth0"
|
|
|
|
|
|
|
|
Since introducing the XML <defaultValue> node it was common, but redundant,
practice to also add a help string indicating which value would be used as
default if the node is unset.
This makes no sense b/c it's duplicated code/value/characters and prone to
error. The node.def scripts should be extended to automatically render the
appropriate default value into the CLI help string.
For e.g. SSH the current PoC renders:
$ cat templates-cfg/service/ssh/port/node.def
multi:
type: txt
help: Port for SSH service (default: 22)
val_help: u32:1-65535; Numeric IP port
...
Not all subsystems are already migrated to get_config_dict() and make use of
the defaults() call - those subsystems need to be migrated, first before the new
default is added to the CLI help.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
As the amount of include files now has reached a certain amount, it is getting
more and more crowsded, thuse introducing "per topic" subdirectories on the
filesystem to keep a clean structure makes sense.
|
|
Rename CLI options local-ip to source-address and remote-ip to remote to
get a consistent CLI experience for the user.
|
|
|
|
|
|
This reduces duplicated #include statements as each interface type already
contained the individual includes.
|
|
There is a Myricom 10G card with 16k MTU available.
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
|
|
|
|
Every interface on the system can be a member of a bridge - thus the bridge
interface must be the one interface which has the highest priority
compared to all other interfaces - incl. l2tpv3.
With this change the system boots up fine with also l2tpv3 interfaces
participating as bridge members. This change was needed as a l2tpv3 interface
requires proper configured routing oin the system, else adding the
interface will fail miserably:
FileNotFoundError: [Errno 2] ip l2tp add tunnel tunnel_id 200
peer_tunnel_id 100 udp_sport 4000 udp_dport 3000 encap udp
local 172.18.201.10 remote 172.18.203.10
returned: RTNETLINK answers: Network is unreachable
|
|
As L2TPv3 interfaces can be member interface of a bridge device it must be
configured prior to the bridge - else the system will boot with an error as
member adding fails.
|
|
Autoconfigure addresses using Prefix Information in Router Advertisements.
|
|
... to new XML and Python based frontend/backend.
|
|
|
|
|
|
Tested using:
R1:
---
set interfaces l2tpv3 l2tpeth10 address '2001:db8:beef::1/64'
set interfaces l2tpv3 l2tpeth10 address '100.0.0.1/24'
set interfaces l2tpv3 l2tpeth10 destination-port '3000'
set interfaces l2tpv3 l2tpeth10 encapsulation 'udp'
set interfaces l2tpv3 l2tpeth10 local-ip '172.18.201.10'
set interfaces l2tpv3 l2tpeth10 peer-session-id '10'
set interfaces l2tpv3 l2tpeth10 peer-tunnel-id '100'
set interfaces l2tpv3 l2tpeth10 remote-ip '172.18.204.10'
set interfaces l2tpv3 l2tpeth10 session-id '20'
set interfaces l2tpv3 l2tpeth10 source-port '6000'
set interfaces l2tpv3 l2tpeth10 tunnel-id '200'
R2:
---
set interfaces l2tpv3 l2tpeth10 address '2001:db8:beef::2/64'
set interfaces l2tpv3 l2tpeth10 address '100.0.0.2/24'
set interfaces l2tpv3 l2tpeth10 destination-port '6000'
set interfaces l2tpv3 l2tpeth10 encapsulation 'udp'
set interfaces l2tpv3 l2tpeth10 local-ip '172.18.204.10'
set interfaces l2tpv3 l2tpeth10 peer-session-id '20'
set interfaces l2tpv3 l2tpeth10 peer-tunnel-id '200'
set interfaces l2tpv3 l2tpeth10 remote-ip '172.18.201.10'
set interfaces l2tpv3 l2tpeth10 session-id '10'
set interfaces l2tpv3 l2tpeth10 source-port '3000'
set interfaces l2tpv3 l2tpeth10 tunnel-id '100'
|