Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-01-14 | firewall: T4178: Use lowercase for TCP flags and add an validator | sarthurdev | |
2022-01-11 | Merge pull request #1157 from nicolas-fort/T4162 | Christian Poessinger | |
vpn: T4162: Correct helper description for ikev2-reauth | |||
2022-01-11 | policy: T2199: Refactor policy route script for better error handling | sarthurdev | |
* Migrates all policy route references from `ipv6-route` to `route6` * Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6` | |||
2022-01-11 | ike-group: T4162: Correct helper description for ikev2-reauth | Nicolas Fort | |
2022-01-11 | firewall: T2199: Add ipv6-range support to IPv6 address group | sarthurdev | |
2022-01-11 | policy: T4170: rename "policy ipv6-route" -> "policy route6" | Christian Poessinger | |
In order to have a consistent looking CLI we should rename this CLI node. There is: * access-list and access-list6 (policy) * prefix-list and prefix-list6 (policy) * route and route6 (static routes) | |||
2022-01-11 | policy: T2199: add missing rule constraints | Christian Poessinger | |
2022-01-10 | Merge pull request #1152 from sarthurdev/firewall_validators | Christian Poessinger | |
firewall: validators: T4148: Improve validators and firewall validator usage | |||
2022-01-10 | conntrack: T3579: make the timeout tree re-usable as XML include | Christian Poessinger | |
2022-01-10 | conntrack: T3579: migrate "conntrack ignore" tree to vyos-1x and nftables | Christian Poessinger | |
2022-01-10 | firewall: validators: T2199: Improve port validation | sarthurdev | |
2022-01-10 | policy: T4161: Set correct description for local-preference | Nicolas Fort | |
2022-01-09 | Merge pull request #1143 from sever-sever/T1972 | Christian Poessinger | |
vrrp: T1972: Ability to set IP address on not vrrp interface | |||
2022-01-09 | vrrp: T1972: Ability to set IP address on not vrrp interface | Viacheslav | |
Ability to set virtual_address on not vrrp-listen interface Add ability don't track primary vrrp interface "exclude-vrrp-interface" Add ability to set tracking (state UP/Down) on desired interfaces For example eth0 is used for vrrp and we want to track another eth1 interface that not belong to any vrrp-group | |||
2022-01-07 | xml: nat: use generic bulding block for rule description | Christian Poessinger | |
2022-01-07 | xml: firewall: T4130: add protocol completion helper all and tcp_udp | Christian Poessinger | |
2022-01-04 | Merge pull request #1132 from sever-sever/T4134 | Christian Poessinger | |
firewall: T4134: Fix completion help for protocols | |||
2022-01-04 | Merge pull request #1121 from sever-sever/T4109 | Christian Poessinger | |
keepalived: T4109: Add high-availability virtual-server | |||
2022-01-04 | firewall: T4134: Fix completion help for protocols | Viacheslav | |
2022-01-04 | keepalived: T4109: Add high-availability virtual-server | Viacheslav | |
Add new feature, high-availability virtual-server Change XML, python and templates Move vrrp to root node 'high-availability' as all logic are handler by root node 'high-availability' | |||
2022-01-03 | Merge pull request #1018 from sever-sever/T3872 | Christian Poessinger | |
monitoring: T3872: Add a new feature service monitoring | |||
2022-01-03 | monitoring: T3872: Add a new feature service monitoring telegraf | Viacheslav | |
2022-01-03 | Merge pull request #1124 from sever-sever/T4110 | Christian Poessinger | |
listen-address: T4110: Ability to set IPv6 link-local addresses | |||
2022-01-03 | listen-address: T4110: Ability to set IPv6 link-local addresses | Viacheslav | |
Some services allows to set link-local IPv6 addresses as listen-address. Allow it and add a validator 'ipv6-link-local' and extend listen-address.xml.i to this validator | |||
2021-12-31 | Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into current | Christian Poessinger | |
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python | |||
2021-12-31 | ipsec: T4126: Ability to set priorities for installed policy | Viacheslav | |
Add priority for policy based IPSec VPN tunnels If 2 tunnels have the same pair of local and remote traffic selectors (prefixes) it allows to set more preforable install policy from required peer The lowest priority is more preforable | |||
2021-12-31 | firewall: xml: T4100: increase maximum number of rules to 999999 | Christian Poessinger | |
2021-12-30 | snmp: T4124: migrate to get_config_dict() | Christian Poessinger | |
2021-12-29 | Improve IPsec help strings | Daniil Baturin | |
2021-12-29 | More consise consistent help strings for listen-address commands | Daniil Baturin | |
2021-12-29 | Improve tunnel interface help strings | Daniil Baturin | |
2021-12-27 | keepalived: T4109: Add XML for high-availability virtual-server | Viacheslav | |
Add XML for required 'virtual-server' configuration commands | |||
2021-12-26 | xml: ospfv3: remove leading whitespaces from ospfv3/no-summary.xml.i | Christian Poessinger | |
2021-12-26 | ospfv3: T4107: add support for "default-information originate" | Christian Poessinger | |
2021-12-26 | ospfv3: T4108: add support for auto-cost parameter | Christian Poessinger | |
2021-12-25 | flow-accounting: T4106: support specification of capture packet length | Christian Poessinger | |
2021-12-25 | flow-accounting: T4105: drop "sflow agent-address auto" | Christian Poessinger | |
The implementation of the "auto" option to specify the sflow/netflow agent-address is very error prone. The current implementation will determine the IP address used for the "auto" value as follow: Get BGP router-id 1) If not found use OSPF router-id 2) If not found use OSPFv3 router-id 3) If not found use "the first IP address found on the system Well, what is the "first IP address found"? Also this changes if DHCP is in use. Also another disadvantage is when the BGP/OSPF/OSPFv3 router-id is changed, the agent-address is not updated upon the next reboot of the system. This task is about removing the "auto" keyword from the CLI at all and make it either entirely configurable by the user and hardcode the value in CLI, or not use this at all. If "auto" is specified we will query the system in the above order and set the proper router-id in the CLI. If none can be found the CLI node is removed. | |||
2021-12-25 | flow-accounting: T4099: rename "netflow source-ip" to source-address | Christian Poessinger | |
sFlow uses the source-address CLI node and netflow uses source-ip this is just confusing and should be synced to the common source-address CLI node. | |||
2021-12-25 | flow-accounting: T4097: move to get_config_dict() | Christian Poessinger | |
2021-12-25 | ospfv3: T4102: add support for NSSA area-type | Christian Poessinger | |
2021-12-24 | smoketest: flow-accounting: add sflow and netflow testcases | Christian Poessinger | |
2021-12-20 | T4088: login banner: Typo in completion help of banner types | srividya0208 | |
There is typo in the completion help when this command "set sys login banner" executed, Changed the completion help to a proper one. | |||
2021-12-19 | Merge pull request #1112 from srividya0208/T4070 | Christian Poessinger | |
T4070: natv4: Add "any" for inbound-interface list | |||
2021-12-19 | T4070: natv4: Add "any" for inbound-interface list | srividya0208 | |
"any" was missing from the interface list which will be useful to indicate any interface. | |||
2021-12-19 | vxlan: T3700: add support for Generic Protocol extension (VXLAN-GPE) | Christian Poessinger | |
2021-12-17 | Merge pull request #1103 from zdc/T3774-sagitta | Christian Poessinger | |
logs: T3774: Added CLI options to control atop logs rotation | |||
2021-12-17 | logs: T3774: Optimization for logrotate configs | zsdc | |
* Added proper handling of default values from CLI. * Replaced rsyslog restart postrotate action to native `rsyslog-rotate` script. * Removed unnecessary checks for `None` instead `dict` - with default values the situation becomes impossible. * Fixed default value from 10 to 1 in the rsyslog CLI. | |||
2021-12-15 | http-api: T4076: allow setting CORS option 'Access-Control-Allow-Origin' | John Estabrook | |
2021-12-13 | logs: T3774: Added new CLI item | zsdc | |
Added the ability to control the `/var/log/messages` rotation. Renamed the option `maxsize` to `max-size`. | |||
2021-12-13 | http-api: T4071: allow API to bind to unix domain socket | John Estabrook | |