Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-06-22 | Policy: T4475: add support for matching ipv6 addresses on peer option in ↵ | Nicolas Fort | |
route-map | |||
2022-06-20 | T778: T782: dhcp-server: add missing bootfile-size and bootfile-name constraints | Christian Poessinger | |
2022-06-20 | dhcp: T4156: bootfile-option: add missing constraints and valueHelp | Christian Poessinger | |
2022-06-18 | policy: T4467: bugfix relative (+/-) increase of metric | Christian Poessinger | |
2022-06-16 | webproxy: T4468: Fix regex for squidguard source-group | Viacheslav Hletenko | |
2022-06-14 | Improve IPsec help strings | Daniil Baturin | |
2022-06-11 | firewall: T4299: Add support for GeoIP filtering | sarthurdev | |
2022-06-10 | Merge pull request #1356 from sarthurdev/nested_groups | Christian Poessinger | |
firewall: T478: Add support for nesting groups | |||
2022-06-10 | firewall: T478: Add support for nesting groups | sarthurdev | |
2022-06-10 | Merge pull request #1355 from nicolas-fort/T4458-ipv4-ttl | Christian Poessinger | |
Firewall:T4458: Add ttl match option in firewall | |||
2022-06-10 | xml: drop not always applicable REQUIRED suffix from completion help string | Christian Poessinger | |
If a parameter is required is determined from the Python string on commit. This "indicator" is not used consistently and sometimes missing, or added where it is not required anymore due to Python script improvement/rewrite. | |||
2022-06-10 | Firewall:T4458: Add ttl match option in firewall | Nicolas Fort | |
2022-06-10 | nhrp: T4460: update error message for cisco-authentication password length | Christian Poessinger | |
2022-06-10 | Merge pull request #1353 from nicolas-fort/T4460 | Christian Poessinger | |
Protocols: T4460: Add input checks for cisco-authentication in nhrp | |||
2022-06-10 | firewall: T970: Fix for Regex for domain and check empty group | Viacheslav Hletenko | |
It can be more then 5 symbols in top-level-domain address for example '.photography' and '.accountants' Firewall group can be added without address: * set firewall group domain-group DOMAIN Check if 'address' exists in group_config | |||
2022-06-10 | Protocols: T4460: Add input checks for cisco-authentication parameter in ↵ | Nicolas Fort | |
nhrp protocol | |||
2022-06-10 | Merge pull request #1322 from nicolas-fort/T3907-fwall-log | Daniil Baturin | |
Firewall: T3907: add log-level options in firewall | |||
2022-06-09 | xml: sstp: T4444: re-use port-number.xml.i building block | Christian Poessinger | |
2022-06-09 | Merge branch 'sstp_port' of https://github.com/goodNETnick/vyos-1x into current | Christian Poessinger | |
* 'sstp_port' of https://github.com/goodNETnick/vyos-1x: sstp: T4444. Port number changing support | |||
2022-06-09 | Merge pull request #1327 from sever-sever/T970 | Christian Poessinger | |
firewall: T970: Add firewall group domain-group | |||
2022-06-08 | Merge pull request #1340 from sever-sever/T3083 | Christian Poessinger | |
event-handler: T3083: Add simple event-handler | |||
2022-06-08 | event-handler: Change tagNode event-handler to node | Viacheslav Hletenko | |
Before: set service event-handler Foo After: set service event-handler event Foo | |||
2022-06-07 | event-handler: T3083: Extended event-handler features | zsdc | |
* Added the ability to filter by a syslog identifier * Added the ability to pass arguments to a script * Added the ability to pass preconfigured environment variables to a script * A message that triggered a script is now passed in the `message` variable and can be used in a script * Replaced `call()` to `run()`, since stdout are not need to be printed | |||
2022-06-07 | firewall: T970: domain-group should not starts with numeric | Viacheslav Hletenko | |
Edit regex to check firewall-group | |||
2022-06-07 | event-handler: T3083: Add arguments and environment options XML | Viacheslav Hletenko | |
2022-06-07 | event-handler: T3083: Move system to service event-handler | Viacheslav Hletenko | |
Move 'system event-handler' to 'service event-handler' | |||
2022-06-06 | event-handler: T3083: Add simple event-handler | Viacheslav Hletenko | |
Event-handler allows executing a custom script when in logs it detects configured "pattern" A simple implemenation set system event-handler first pattern '.*ssh2.*' set system event-handler first script '/config/scripts/hello.sh' | |||
2022-06-04 | Policy: T3976-T4449-nexthop: add - match ipv6 nexthop type - as available ↵ | Nicolas Fort | |
for ipv4 | |||
2022-06-02 | sla: T4222: Add OWAMP and TWAMP for service sla | Viacheslav Hletenko | |
OWAMP is a command line client application and a policy daemon used to determine one way latencies between hosts. OWAMP session control uses traditional client-server communication between a control-client and a server, TWAMP (two-way active measurement protocol) Add configuration and operation modes set service sla owamp-server set service sla twamp-server run force owping 192.0.2.120 run force twping 192.0.2.190 | |||
2022-05-31 | pki: T3642: Update conf scripts using changed PKI objects | sarthurdev | |
2022-05-31 | policy: T3976: bump version 2 -> 3 | Christian Poessinger | |
2022-05-31 | IPv6: T3976: add prefix-list and access-list option from ipv6 route-map | fett0 | |
2022-05-29 | Policy: T4450: Expand options for ip|ipv6 address match. Now support ↵ | Nicolas Fort | |
prefix-len on both matches. Also change help properties of route-source node. | |||
2022-05-29 | xml: reword static routing completion help | Christian Poessinger | |
2022-05-29 | eigrp: T2472: add missing <multi/> specifier when redistributing protocols | Christian Poessinger | |
2022-05-29 | eigrp: T2472: add "local-as" CLI node to specify ASN like under BGP | Christian Poessinger | |
2022-05-29 | eigrp: T2472: add basic template rendering and FRR communication | Christian Poessinger | |
2022-05-29 | rip: T4448: remove default version for RIP | Christian Poessinger | |
Commit f9e38622 ("rip: T4448: add support to set protocol version on an interface level") also added the versionspecified on a per interface level. the RIp version carried a default value of 2 which makes RIPv1 and RIPv2 no longer working which is dthe default for FRR. Remove the default "2" from the RIP version specifier to make this behavior work again. | |||
2022-05-29 | eigrp: vrf: T2773: prepare XML definitions for VRF instance | Christian Poessinger | |
2022-05-29 | eigrp: T2473: add XML definitions | sever-sever | |
2022-05-29 | Merge branch 'T4449' of https://github.com/nicolas-fort/vyos-1x into current | Christian Poessinger | |
* 'T4449' of https://github.com/nicolas-fort/vyos-1x: Policy: T4449: Extend matching options for route-map ip nexthop | |||
2022-05-28 | rip: T4448: add support to set protocol version on an interface level | Christian Poessinger | |
2022-05-28 | xml: rip: T4448: rename include files to match schema | Christian Poessinger | |
2022-05-28 | firewall: T970: Add firewall group domain-group | Viacheslav Hletenko | |
Domain group allows to filter addresses by domain main Resolved addresses as elements are stored to named "nft set" that used in the nftables rules Also added a dynamic "resolver" systemd daemon vyos-domain-group-resolve.service which starts python script for the domain-group addresses resolving by timeout 300 sec set firewall group domain-group DOMAINS address 'example.com' set firewall group domain-group DOMAINS address 'example.org' set firewall name FOO rule 10 action 'drop' set firewall name FOO rule 10 source group domain-group 'DOMAINS' set interfaces ethernet eth0 firewall local name 'FOO' nft list table ip filter table ip filter { set DOMAINS { type ipv4_addr flags interval elements = { 192.0.2.1, 192.0.2.85, 203.0.113.55, 203.0.113.58 } } chain NAME_FOO { ip saddr @DOMAINS counter packets 0 bytes 0 drop comment "FOO-10" counter packets 0 bytes 0 return comment "FOO default-action accept" } } | |||
2022-05-28 | Policy: T4449: Extend matching options for route-map ip nexthop | Nicolas Fort | |
2022-05-28 | rip: T4448: add support for explicit version selection | Christian Poessinger | |
2022-05-27 | Firewall: T3907: Revert migration script 6-to-7 and add new 7-to-8 | Nicolas Fort | |
2022-05-27 | dhcp6: pd: T4447: bugfix sla-id limits (must be greater then 128 | Christian Poessinger | |
The sla-id parameter of DHCPv6 prefix delegations is limited to 128. While this is enough to use all /64 subnets of a /57 prefix, with a /56 prefix that is no longer sufficient. Increased sla-id length tp 64535 so one could delegate an entire /48. | |||
2022-05-26 | sstp: T4444. Port number changing support | goodNETnick | |
2022-05-25 | configtest: T4382: missing 'ipv4-options' in 'interfaces openvpn' | John Estabrook | |
As a result of the firewall/5-to-6 migration script, 'firewall options interface vtun0 adjust-mss' is moved to: 'interfaces openvpn vtun0 ip adjust-mss 1380' however, interfaces-openvpn.xml.in is missing the include file ipv4-options.xml.i. Add missing include file. |