Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-07-22 | T6599: ipsec: support disabling rekey of CHILD_SA. | Lucas Christian | |
Also adds support for life_bytes, life_packets, and DPD for remote-access connections. Changes behavior of remote-access esp-group lifetime setting to have parity with site-to-site connections. (cherry picked from commit fd5d7ff0b4fd69b248ecb29c6ec1f3cf844c41cf) | |||
2024-07-18 | openvpn: T6591: deprecate OpenVPN server net30 topology (#3825)mergify/bp/circinus/pr-3825 | Daniil Baturin | |
(cherry picked from commit e2b05343b30d2f989968532106e792cbaf75ecf6) | |||
2024-07-03 | ssh: T5878: Allow changing the PubkeyAcceptedAlgorithms option | khramshinr | |
(cherry picked from commit 06e6e011cdf12e8d10cf1f6d4d848fd5db51720d) | |||
2024-07-03 | T6538: Add the ability to set GENEVE interfaces to VRF | Viacheslav Hletenko | |
(cherry picked from commit 5748db4ebb4f4023f8e33d45121ff24267941cc7) | |||
2024-06-28 | T6477: Add telegraf loki output plugin | Viacheslav Hletenko | |
Add Loki plugin to telegraf set service monitoring telegraf loki url xxx (cherry picked from commit 3365eb7ab99fa9a259fe440eb51e82fc0a0a4dc6) | |||
2024-06-26 | Merge pull request #3723 from sever-sever/T751 | Daniil Baturin | |
T751: Remove ids suricata | |||
2024-06-24 | T3202: Enable wireguard debug messages | Nataliia Solomko | |
(cherry picked from commit d818788932e3c57d020cca9236df7275da452fce) | |||
2024-06-22 | T5949: Add option to disable USB autosuspend | khramshinr | |
(cherry picked from commit c0b2693cebc3429e1974a9cec5946fa88ffc0205) | |||
2024-06-20 | openconnect: T6500: add support for multiple ca-certificates (#3691) | mergify[bot] | |
Add possibility to provide a full CA chain to the openconnect server. * Support multiple CA certificates * For every CA certificate specified, always determine the full certificate chain in the background and add the necessary SSL certificates (cherry picked from commit 973f06c00b902c43dfea34bdf01bdec7c599c452) Co-authored-by: Christian Breunig <christian@breunig.cc> | |||
2024-06-13 | Merge pull request #3639 from natali-rs1985/T5487-current | Daniil Baturin | |
openvpn: T5487: Remove deprecated option --cipher for server and client mode | |||
2024-06-11 | bgp: T6473: missing completion helper for peer-groups inside a VRF | Christian Breunig | |
Using BGP peer-groups inside a VRF instance will make use if the global VRFs peer-group list during tab-completion and not the peer-groups defined within the BGP instance of the given VRF. | |||
2024-06-11 | openvpn: T5487: Remove eprecated option --cipher for server and client mode | Nataliia Solomko | |
2024-06-10 | Merge pull request #3621 from sever-sever/T6442 | Christian Breunig | |
T6442: CGNAT add log for address allocation | |||
2024-06-10 | T6442: CGNAT add log for address allocation | Viacheslav Hletenko | |
Add the configuration command to log current CGNAT allocation set nat cgnat log-allocation | |||
2024-06-10 | T6219: align with system sysctl and limit parameters to supported | Nicolas Vollmar | |
2024-06-10 | T751: Remove ids suricata | Viacheslav Hletenko | |
2024-06-10 | container: T6219: Add support for container sysctl / kernel parameters | Ben Pilgrim | |
2024-06-07 | reverse-proxy: T6454: Set default value of http for haproxy mode | Alex W | |
2024-06-06 | Merge pull request #3589 from natali-rs1985/T6423-current | John Estabrook | |
xml: T6423: enforce priority on nodes having an owner | |||
2024-06-06 | xml: T6423: enforce priority on nodes having an owner | Nataliia Solomko | |
2024-06-06 | Merge pull request #3578 from nicolas-fort/raw-hook | Daniil Baturin | |
T3900: Add support for raw tables in firewall | |||
2024-06-04 | T3900: T6394: extend functionalities in firewall; move netfilter sysctl ↵ | Nicolas Fort | |
timeout parameters defined in conntrack to firewall global-opton section. | |||
2024-06-03 | reverse-proxy: T6434: Support additional healthcheck options (#3574) | Alex W | |
2024-05-31 | Merge pull request #3557 from haimgel/T6422/allow-multiple-ns-records | Christian Breunig | |
dns: T6422: allow multiple redundant NS records | |||
2024-05-31 | T5307: QoS - traffic-class-map services (#3492) | Roman Khramshin | |
added new syntax to work with class match filters in QoS policy | |||
2024-05-30 | conntrack: T6396: correction to helper message for custom timeout rule | Giggum | |
2024-05-30 | Merge pull request #3531 from Embezzle/T6409 | Christian Breunig | |
reverse-proxy: T6409: Remove unused backend parameters | |||
2024-05-30 | Merge pull request #3510 from HollyGurza/T4576 | Daniil Baturin | |
T4576: Accel-ppp logging level configuration | |||
2024-05-30 | dns: T6422: allow multiple redundant NS records | Haim Gelfenbeyn | |
NS is unlike CNAME or PTR, multiple NS records are perfectly valid and is a common use case: multiple redundant DNS servers is a common configuration and should be supported. | |||
2024-05-30 | hostname: T6421: enforce explicit CLI priority for host-name and domain-name | Christian Breunig | |
To prevent any possible races in the future the host-name and domain-name nodes should be set with explicit priorities! | |||
2024-05-29 | ISIS: T6332: Fix isis not working only ipv6 | fett0 | |
2024-05-28 | T6406: rename cpus to cpu | Nicolas Vollmar | |
2024-05-28 | T6406: add container cpu limit option | Nicolas Vollmar | |
2024-05-27 | reverse-proxy: T6409: Remove unused backend parameters | Alex W | |
2024-05-27 | T4576: Accel-ppp logging level configuration | khramshinr | |
add ability to change logging level config for: * VPN L2TP * VPN PPTP * VPN SSTP * IPoE Server * PPPoE Serve | |||
2024-05-24 | load-balancing haproxy: T6391: fix typo in timeout help (#3513) | Gregor Michels | |
Co-authored-by: Gregor Michels <hirnpfirsich@brainpeach.de> | |||
2024-05-23 | Merge pull request #3399 from 0xThiebaut/suricata | Christian Breunig | |
suricata: T751: Initial support for suricata | |||
2024-05-23 | suricata: T751: remove implicit default dictionary | Christian Breunig | |
2024-05-23 | suricata: T751: move CLI from "service ids suricata" -> "service suricata" | Christian Breunig | |
2024-05-23 | Merge pull request #3487 from Embezzle/T6370 | Christian Breunig | |
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses | |||
2024-05-22 | nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel ↵ | Christian Breunig | |
>=5.0 random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454 | |||
2024-05-21 | reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses | Alex W | |
2024-05-21 | T6375: Fix/Update NAT logging | l0crian1 | |
Fixed broken logging for "show log nat" Added the following commands: show log nat source show log nat source rule <ruleNum> show log nat destination nat show log nat destination nat rule <ruleNum> show log nat static show log nat static rule <ruleNum> | |||
2024-05-18 | T5169: Allow to set CGNAT multiple internal pools | Viacheslav Hletenko | |
Allow to set multiple CGNAT internal pools ``` set nat cgnat pool internal int-01 range '100.64.0.0/28' set nat cgnat pool internal int-01 range '100.64.222.11-100.64.222.14' ``` | |||
2024-05-17 | T6358: Add config option for host process namespace | Nicolas Vollmar | |
2024-05-16 | Merge pull request #3450 from HollyGurza/T5756 | Christian Breunig | |
T5756: L2TP RADIUS backup and weight settings | |||
2024-05-15 | T3900: add support for raw table in firewall. | Nicolas Fort | |
2024-05-15 | T5756: L2TP RADIUS backup and weight settings | khramshinr | |
2024-05-14 | T3420: Remove service upnp | Viacheslav Hletenko | |
Remove `service upnp` as it never worked as expected, nft rules do not integrated and custom patches do not seem like a suitable solution for now. Security: UPnP has been historically associated with security risks due to its automatic and potentially unauthenticated nature. UPnP devices might be vulnerable to unauthorized access or exploitation. | |||
2024-05-13 | T6251: Extend table number limits for policy route-map set table | khramshinr | |