Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-07-20 | T4480:webproxy: Add safe-ports and ssl-safe-ports for acel squid config -- ↵ | Nicolas Fort | |
Fix conflicts | |||
2022-07-18 | macsec: T4537: allow 32-byte keys for gcm-aes-256 | Christian Poessinger | |
2022-07-15 | monitoring: T4411: add monitoring-version.xml.i to component-versions | John Estabrook | |
When adding a new component version file, one must also include the file in xml-component-version.xml.in | |||
2022-07-10 | bond: T4522: add ability to specify mii monitor interval via CLI | Christian Poessinger | |
Linux Kernel supports to specify the MII link monitoring frequency in milliseconds. This determines how often the link state of each slave is inspected for link failures. A value of zero disables MII link monitoring. A value of 100 is a good starting point. The default value is 100. set interfaces bonding bond0 mii-mon-interval <n> | |||
2022-07-09 | ip: T4517: drop forwarding from CLI "system ip ↵ | Christian Poessinger | |
disable-directed-broadcast-forwarding" | |||
2022-07-09 | ip: T4517: add option to enable directed broadcast forwarding | Yuxiang Zhu | |
Directed broadcast is described in rfc1812#section-5.3.5.2 and rfc2644. By default Linux kernel doesn't forward directed broadcast packets unless both of `/proc/sys/net/ipv4/conf/all/bc_forwarding` and `/proc/sys/net/ipv4/conf/$iface/bc_forwarding` are set to 1. | |||
2022-07-07 | monitoring: T4411: Migrate influxdb options to influxdb node | Viacheslav Hletenko | |
As we have specific configuration for each plugin: set service monitoring telegraf xxx - azure-data-explorer - prometheus-client - splunk We should to move configuration that related to influxdb under influxdb node Replace: set service monitoring telegraf - authentication xxx - bucket xxx - port xxx - url To: set service monitoring telegraf influxdb xxx | |||
2022-07-07 | syslog: T4500: Remove max-size from rsyslog leaving rotation to logrotate | sarthurdev | |
After discussion with @zsdc this was decided the better long term fix * Removes hourly logrotate cron in favour of systemd timer override | |||
2022-07-05 | zone-policy: T4512: Add support for `enable-default-log` | sarthurdev | |
2022-07-05 | Merge pull request #1389 from sever-sever/T4509 | Christian Poessinger | |
dns: T4509: Add dns64-prefix option | |||
2022-07-05 | dns: T4509: Add dns64-prefix option | Viacheslav Hletenko | |
rfc6147: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers set service dns forwarding dns64-prefix 2001:db8:aabb::/96 | |||
2022-07-04 | Merge pull request #1386 from sarthurdev/geoip_negate | Christian Poessinger | |
firewall: T4299: Add ability to inverse match country-codes | |||
2022-07-04 | firewall: T4299: Add ability to inverse match country codes | sarthurdev | |
2022-07-04 | ntp: T4456: support listening on specified interface | Christian Poessinger | |
When clients only use DHCP for interface addressing we can not bind NTPd to an address - as it will fail if the address changes. This commit adds support to bind ntpd to a given interface in addition to a given address. set system ntp interface <name> | |||
2022-07-04 | xml: include: interface - fix help string | Christian Poessinger | |
2022-07-04 | Merge pull request #1382 from sever-sever/T4378 | Viacheslav Hletenko | |
dns: T4378: Allow wildcard A AAAA record with option all | |||
2022-07-04 | dns: T4378: Allow wildcard A AAAA record with option any | Viacheslav Hletenko | |
Ability to set wildcard record for authoritative-domain set authoritative-domain example.com records a any address 192.0.2.11 cat /run/powerdns/zone.example.com.conf * 300 A 192.0.2.11 | |||
2022-07-02 | ipoe: T4507: Add option rate-limit for RADIUS authentication | Viacheslav Hletenko | |
Add rate-limit options: attribute, muptiplier and vendor set service ipoe-server auth radius rate-limit attribute 'Mikrotik-Rate-Limit' set service ipoe-server auth radius rate-limit enable set service ipoe-server auth radius rate-limit multiplier '0.001' set service ipoe-server auth radius rate-limit vendor 'Miktorik' | |||
2022-07-01 | Merge pull request #1380 from sarthurdev/ovpn-multi-ca | Christian Poessinger | |
openvpn: T4485: Accept multiple tls ca-certificate values | |||
2022-07-01 | xml: update interface help strings | Christian Poessinger | |
2022-07-01 | xml: vti: T2455: state that VTI is now of type XFRM | Christian Poessinger | |
2022-07-01 | vti: T2455: add IPv6 address support | Christian Poessinger | |
2022-07-01 | xml: include: add missing prefix in include file comment | Christian Poessinger | |
2022-06-29 | router-advert: T4477: support RDNSS lifetime option | Christian Poessinger | |
set service router-advert interface eth0 name-server-lifetime <value> | |||
2022-06-29 | xml: streamline interface definition filenames, drop _ | Christian Poessinger | |
Some files that described the CLI used underscores to split CLI levels, some others did not. This commit removes all underscores from the filename and only makes use of a hyphen. | |||
2022-06-29 | bridge: add option to enable/disable IGMP/MLD snooping | Yuxiang Zhu | |
This PR adds an config option to enable/disable IGMP/MLD snooping. ``` set interfaces bridge brN igmp snooping ``` | |||
2022-06-29 | openvpn: T4485: Accept multiple `tls ca-certificate` values | sarthurdev | |
2022-06-28 | mpls: T4489: Set priority 400 for MPLS after tunnel | Viacheslav Hletenko | |
Fix worng behavior with priority with using tunnel interfaces MPLS configuration must be applied after tunnel interfaces as we use an addition sysctl option 'net.mpls.conf.tun0.input = 1' which doesn't exist without tunnel interface Change priority: 299 protocols/mpls 380 interfaces/tunnel To: 380 interfaces/tunnel 400 protocols/mpls | |||
2022-06-22 | Merge pull request #1367 from nicolas-fort/T4475 | Christian Poessinger | |
Policy: T4475: add support for matching ipv6 addresses on peer option… | |||
2022-06-22 | Policy: T4475: add support for matching ipv6 addresses on peer option in ↵ | Nicolas Fort | |
route-map | |||
2022-06-20 | xml: T1748: cleanup <help> and </help> nodes not closing on the same line | Christian Poessinger | |
Commit a6f82bb484 ("T1748: vbash: beautify tab completion output/line breaks") added a method to split the help string and insert newlines and leading tabs in a deterministic way. This commit cleans up the legacy implementations where leading whitespaces got counted and added by humans in a try/error method. | |||
2022-06-20 | T778: T782: dhcp-server: add missing bootfile-size and bootfile-name constraints | Christian Poessinger | |
2022-06-20 | dhcp: T4156: bootfile-option: add missing constraints and valueHelp | Christian Poessinger | |
2022-06-18 | policy: T4467: bugfix relative (+/-) increase of metric | Christian Poessinger | |
2022-06-16 | webproxy: T4468: Fix regex for squidguard source-group | Viacheslav Hletenko | |
2022-06-14 | Improve IPsec help strings | Daniil Baturin | |
2022-06-11 | firewall: T4299: Add support for GeoIP filtering | sarthurdev | |
2022-06-10 | Merge pull request #1356 from sarthurdev/nested_groups | Christian Poessinger | |
firewall: T478: Add support for nesting groups | |||
2022-06-10 | firewall: T478: Add support for nesting groups | sarthurdev | |
2022-06-10 | Merge pull request #1355 from nicolas-fort/T4458-ipv4-ttl | Christian Poessinger | |
Firewall:T4458: Add ttl match option in firewall | |||
2022-06-10 | xml: drop not always applicable REQUIRED suffix from completion help string | Christian Poessinger | |
If a parameter is required is determined from the Python string on commit. This "indicator" is not used consistently and sometimes missing, or added where it is not required anymore due to Python script improvement/rewrite. | |||
2022-06-10 | Firewall:T4458: Add ttl match option in firewall | Nicolas Fort | |
2022-06-10 | nhrp: T4460: update error message for cisco-authentication password length | Christian Poessinger | |
2022-06-10 | Merge pull request #1353 from nicolas-fort/T4460 | Christian Poessinger | |
Protocols: T4460: Add input checks for cisco-authentication in nhrp | |||
2022-06-10 | firewall: T970: Fix for Regex for domain and check empty group | Viacheslav Hletenko | |
It can be more then 5 symbols in top-level-domain address for example '.photography' and '.accountants' Firewall group can be added without address: * set firewall group domain-group DOMAIN Check if 'address' exists in group_config | |||
2022-06-10 | Protocols: T4460: Add input checks for cisco-authentication parameter in ↵ | Nicolas Fort | |
nhrp protocol | |||
2022-06-10 | Merge pull request #1322 from nicolas-fort/T3907-fwall-log | Daniil Baturin | |
Firewall: T3907: add log-level options in firewall | |||
2022-06-09 | xml: sstp: T4444: re-use port-number.xml.i building block | Christian Poessinger | |
2022-06-09 | Merge branch 'sstp_port' of https://github.com/goodNETnick/vyos-1x into current | Christian Poessinger | |
* 'sstp_port' of https://github.com/goodNETnick/vyos-1x: sstp: T4444. Port number changing support | |||
2022-06-09 | Merge pull request #1327 from sever-sever/T970 | Christian Poessinger | |
firewall: T970: Add firewall group domain-group |