summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2024-07-22T6599: ipsec: support disabling rekey of CHILD_SA.Lucas Christian
Also adds support for life_bytes, life_packets, and DPD for remote-access connections. Changes behavior of remote-access esp-group lifetime setting to have parity with site-to-site connections. (cherry picked from commit fd5d7ff0b4fd69b248ecb29c6ec1f3cf844c41cf)
2024-07-18openvpn: T6591: deprecate OpenVPN server net30 topology (#3825)mergify/bp/circinus/pr-3825Daniil Baturin
(cherry picked from commit e2b05343b30d2f989968532106e792cbaf75ecf6)
2024-07-03ssh: T5878: Allow changing the PubkeyAcceptedAlgorithms optionkhramshinr
(cherry picked from commit 06e6e011cdf12e8d10cf1f6d4d848fd5db51720d)
2024-07-03T6538: Add the ability to set GENEVE interfaces to VRFViacheslav Hletenko
(cherry picked from commit 5748db4ebb4f4023f8e33d45121ff24267941cc7)
2024-06-28T6477: Add telegraf loki output pluginViacheslav Hletenko
Add Loki plugin to telegraf set service monitoring telegraf loki url xxx (cherry picked from commit 3365eb7ab99fa9a259fe440eb51e82fc0a0a4dc6)
2024-06-26Merge pull request #3723 from sever-sever/T751Daniil Baturin
T751: Remove ids suricata
2024-06-24T3202: Enable wireguard debug messagesNataliia Solomko
(cherry picked from commit d818788932e3c57d020cca9236df7275da452fce)
2024-06-22T5949: Add option to disable USB autosuspendkhramshinr
(cherry picked from commit c0b2693cebc3429e1974a9cec5946fa88ffc0205)
2024-06-20openconnect: T6500: add support for multiple ca-certificates (#3691)mergify[bot]
Add possibility to provide a full CA chain to the openconnect server. * Support multiple CA certificates * For every CA certificate specified, always determine the full certificate chain in the background and add the necessary SSL certificates (cherry picked from commit 973f06c00b902c43dfea34bdf01bdec7c599c452) Co-authored-by: Christian Breunig <christian@breunig.cc>
2024-06-13Merge pull request #3639 from natali-rs1985/T5487-currentDaniil Baturin
openvpn: T5487: Remove deprecated option --cipher for server and client mode
2024-06-11bgp: T6473: missing completion helper for peer-groups inside a VRFChristian Breunig
Using BGP peer-groups inside a VRF instance will make use if the global VRFs peer-group list during tab-completion and not the peer-groups defined within the BGP instance of the given VRF.
2024-06-11openvpn: T5487: Remove eprecated option --cipher for server and client modeNataliia Solomko
2024-06-10Merge pull request #3621 from sever-sever/T6442Christian Breunig
T6442: CGNAT add log for address allocation
2024-06-10T6442: CGNAT add log for address allocationViacheslav Hletenko
Add the configuration command to log current CGNAT allocation set nat cgnat log-allocation
2024-06-10T6219: align with system sysctl and limit parameters to supportedNicolas Vollmar
2024-06-10T751: Remove ids suricataViacheslav Hletenko
2024-06-10container: T6219: Add support for container sysctl / kernel parametersBen Pilgrim
2024-06-07reverse-proxy: T6454: Set default value of http for haproxy modeAlex W
2024-06-06Merge pull request #3589 from natali-rs1985/T6423-currentJohn Estabrook
xml: T6423: enforce priority on nodes having an owner
2024-06-06xml: T6423: enforce priority on nodes having an ownerNataliia Solomko
2024-06-06Merge pull request #3578 from nicolas-fort/raw-hookDaniil Baturin
T3900: Add support for raw tables in firewall
2024-06-04T3900: T6394: extend functionalities in firewall; move netfilter sysctl ↵Nicolas Fort
timeout parameters defined in conntrack to firewall global-opton section.
2024-06-03reverse-proxy: T6434: Support additional healthcheck options (#3574)Alex W
2024-05-31Merge pull request #3557 from haimgel/T6422/allow-multiple-ns-recordsChristian Breunig
dns: T6422: allow multiple redundant NS records
2024-05-31T5307: QoS - traffic-class-map services (#3492)Roman Khramshin
added new syntax to work with class match filters in QoS policy
2024-05-30conntrack: T6396: correction to helper message for custom timeout ruleGiggum
2024-05-30Merge pull request #3531 from Embezzle/T6409Christian Breunig
reverse-proxy: T6409: Remove unused backend parameters
2024-05-30Merge pull request #3510 from HollyGurza/T4576Daniil Baturin
T4576: Accel-ppp logging level configuration
2024-05-30dns: T6422: allow multiple redundant NS recordsHaim Gelfenbeyn
NS is unlike CNAME or PTR, multiple NS records are perfectly valid and is a common use case: multiple redundant DNS servers is a common configuration and should be supported.
2024-05-30hostname: T6421: enforce explicit CLI priority for host-name and domain-nameChristian Breunig
To prevent any possible races in the future the host-name and domain-name nodes should be set with explicit priorities!
2024-05-29ISIS: T6332: Fix isis not working only ipv6fett0
2024-05-28T6406: rename cpus to cpuNicolas Vollmar
2024-05-28T6406: add container cpu limit optionNicolas Vollmar
2024-05-27reverse-proxy: T6409: Remove unused backend parametersAlex W
2024-05-27T4576: Accel-ppp logging level configurationkhramshinr
add ability to change logging level config for: * VPN L2TP * VPN PPTP * VPN SSTP * IPoE Server * PPPoE Serve
2024-05-24load-balancing haproxy: T6391: fix typo in timeout help (#3513)Gregor Michels
Co-authored-by: Gregor Michels <hirnpfirsich@brainpeach.de>
2024-05-23Merge pull request #3399 from 0xThiebaut/suricataChristian Breunig
suricata: T751: Initial support for suricata
2024-05-23suricata: T751: remove implicit default dictionaryChristian Breunig
2024-05-23suricata: T751: move CLI from "service ids suricata" -> "service suricata"Christian Breunig
2024-05-23Merge pull request #3487 from Embezzle/T6370Christian Breunig
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses
2024-05-22nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel ↵Christian Breunig
>=5.0 random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454
2024-05-21reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responsesAlex W
2024-05-21T6375: Fix/Update NAT loggingl0crian1
Fixed broken logging for "show log nat" Added the following commands: show log nat source show log nat source rule <ruleNum> show log nat destination nat show log nat destination nat rule <ruleNum> show log nat static show log nat static rule <ruleNum>
2024-05-18T5169: Allow to set CGNAT multiple internal poolsViacheslav Hletenko
Allow to set multiple CGNAT internal pools ``` set nat cgnat pool internal int-01 range '100.64.0.0/28' set nat cgnat pool internal int-01 range '100.64.222.11-100.64.222.14' ```
2024-05-17T6358: Add config option for host process namespaceNicolas Vollmar
2024-05-16Merge pull request #3450 from HollyGurza/T5756Christian Breunig
T5756: L2TP RADIUS backup and weight settings
2024-05-15T3900: add support for raw table in firewall.Nicolas Fort
2024-05-15T5756: L2TP RADIUS backup and weight settingskhramshinr
2024-05-14T3420: Remove service upnpViacheslav Hletenko
Remove `service upnp` as it never worked as expected, nft rules do not integrated and custom patches do not seem like a suitable solution for now. Security: UPnP has been historically associated with security risks due to its automatic and potentially unauthenticated nature. UPnP devices might be vulnerable to unauthorized access or exploitation.
2024-05-13T6251: Extend table number limits for policy route-map set tablekhramshinr