Age | Commit message (Collapse) | Author |
|
<name> interface <ifname>`
* Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup
* T4605: Rename mangle table to vyos_mangle
|
|
firewall node
* Refactor firewall and zone-policy rule creation and cleanup
* Migrate interface firewall values to `firewall interfaces <name> <direction> name/ipv6-name <name>`
* Remove `firewall-interface.py` conf script
|
|
|
|
"set traffic-policy" now becomes "set qos policy"
"set interface ethernet eth0 traffic-policy" now bvecomes "set qos interface eth0"
|
|
|
|
|
|
Since introducing the XML <defaultValue> node it was common, but redundant,
practice to also add a help string indicating which value would be used as
default if the node is unset.
This makes no sense b/c it's duplicated code/value/characters and prone to
error. The node.def scripts should be extended to automatically render the
appropriate default value into the CLI help string.
For e.g. SSH the current PoC renders:
$ cat templates-cfg/service/ssh/port/node.def
multi:
type: txt
help: Port for SSH service (default: 22)
val_help: u32:1-65535; Numeric IP port
...
Not all subsystems are already migrated to get_config_dict() and make use of
the defaults() call - those subsystems need to be migrated, first before the new
default is added to the CLI help.
|
|
* 'firewall' of https://github.com/sarthurdev/vyos-1x:
zone_policy: T3873: Implement intra-zone-filtering
policy: T2199: Migrate policy route op-mode to XML/Python
policy: T2199: Migrate policy route to XML/Python
zone-policy: T2199: Migrate zone-policy op-mode to XML/Python
zone-policy: T2199: Migrate zone-policy to XML/Python
firewall: T2199: Migrate firewall op-mode to XML/Python
firewall: T2199: Migrate firewall to XML/Python
|
|
|
|
|
|
|
|
(cherry picked from commit c1015d8ce0013719eb898b60b14ffec192b8141c)
|
|
|
|
|
|
|
|
|
|
Set default TTL value for tunnels from 0 to 64
There are a lot of situation when default value 0 (inherit)
not work properly when you have routing configuration for OSPF
or BGP over the tunnels. To fix it you need explicit set TTL
value other then 0. Or hardcode another value as default.
|
|
|
|
This was not possible due to a regression in iproute2 where the erspan_dir key
did not have a value. See [1] for more information.
[1]: https://lore.kernel.org/netdev/3ac544c09842410fb863b332917a03ad@poessinger.com/
|
|
Instead of having a dedicated ERSPAN interface type, rather move the specifics
into "interface tunnel". A migrator is not needed as there is yet no LTS release
with this feature and this is considered experimental.
|
|
As the amount of include files now has reached a certain amount, it is getting
more and more crowsded, thuse introducing "per topic" subdirectories on the
filesystem to keep a clean structure makes sense.
|
|
|
|
|
|
Streamline the CLI configuration where we try to use remote on other interfaces
like vxlan, geneve.
|
|
The following list shows the mapping of VyOS tunnel encapsulation modes to the
corresponding Linux modes.
VyOS Linux
gre gre
gre-bridge gretap
ipip ipip
ipip6 ipip6
ip6ip6 ip6ip6
ip6gre ip6gre
sit sit
Besides gre-bridge this is pretty consistent. As bridge interfaces are also
called tap interfaces gre-bridge will be renamed to gretap to make the
post-processing much easier.
This means (in detail) that there are no more child classes of _Tunnel and
there will be now one geneirc TunnelIf class handling all sorts of encapsulation.
|
|
VXLAN will get tos, ttl and flowlabel options thus make individual parameter
settings reusable by splitting tunnel-parameters-ip.xml.i into individual files.
|
|
In 8413278c, we left out a parameter in the tunnel
that caused the tunnel smoke test to fail.
Now, let's add it
|
|
package type automatic detection)
|
|
|
|
|
|
|
|
|
|
This replaces the Python script by a bash variant which is much faster as the
Python interpreter does not need to be launched on invocation.
|
|
A pre-defined list of common format strings to be used inside the <format> node
of <valueHelp> is available from [1]. Adjust all currently in use <format> nodes
to re-use the predefined strings over writing them on their own by even
encapsulating the <> signs as < and >.
[1]: https://github.com/vyos/vyatta-cfg/blob/5aec1a0429f2f/etc/bash_completion.d/vyatta-cfg#L515-L566
|
|
|
|
|
|
This reduces duplicated #include statements as each interface type already
contained the individual includes.
|
|
|
|
|
|
|
|
|
|
Autoconfigure addresses using Prefix Information in Router Advertisements.
|
|
... to new XML and Python based frontend/backend.
|
|
|
|
This patch migrates the "interface tunnel" section to xml/python
|