Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-01-25 | nat: T4138: Add port-range validation for NAT | Viacheslav Hletenko | |
Add port-validators for NAT rules that prevent to set incorrect port-ranges (21-5) and incorrect ports (70000) | |||
2022-01-22 | Merge pull request #1184 from sarthurdev/firewall_icmp | Christian Poessinger | |
firewall: T4130: T4186: ICMP/v6 updates, ipv6 state policy check fix | |||
2022-01-21 | Firewall: T4186: Adding icmpv6 corrections, in corcondancy of what was done ↵ | Nicolas Fort | |
for icmp | |||
2022-01-21 | Firewall: T4186: typo correction on address-mask-reply description | Nicolas Fort | |
2022-01-21 | Firewall: T4186: Correct icmp type-name options for firewall rules | Nicolas Fort | |
2022-01-20 | Merge pull request #1144 from hensur/current-ipv6-local-route | Christian Poessinger | |
policy: T4151: Add policy ipv6-local-route | |||
2022-01-19 | Merge pull request #1177 from sarthurdev/mac_groups | Christian Poessinger | |
firewall: T3560: Add support for MAC address groups | |||
2022-01-19 | OSPF : T4195: ability to set maximum paths for OSPF | fett0 | |
2022-01-18 | firewall: T3560: Add support for MAC address groups | sarthurdev | |
2022-01-17 | Merge pull request #1174 from sarthurdev/firewall | Christian Poessinger | |
firewall: T4178: T3873: tcp flags syntax refactor, intra-zone-filtering fix | |||
2022-01-17 | firewall: policy: T4178: Migrate and refactor tcp flags | sarthurdev | |
* Add support for ECN and CWR flags | |||
2022-01-14 | wireguard: T4183: Allow to set peer IPv6 link-local address | Viacheslav | |
2022-01-14 | Merge pull request #1167 from sarthurdev/firewall | Christian Poessinger | |
firewall: T4178: Use lowercase for TCP flags and add an validator | |||
2022-01-14 | firewall: T4178: Use lowercase for TCP flags and add an validator | sarthurdev | |
2022-01-14 | policy: T4151: Add policy ipv6-local-route | Henning Surmeier | |
Adds support for `ip -6 rule` policy based routing. Also, extends the existing ipv4 implemenation with a `destination` key, which is translated as `ip rule add to x.x.x.x/x` rules. https://phabricator.vyos.net/T4151 | |||
2022-01-13 | Firewall: T4181: Set correct description for ipv6-network-group | fett0 | |
2022-01-11 | Merge pull request #1157 from nicolas-fort/T4162 | Christian Poessinger | |
vpn: T4162: Correct helper description for ikev2-reauth | |||
2022-01-11 | policy: T2199: Refactor policy route script for better error handling | sarthurdev | |
* Migrates all policy route references from `ipv6-route` to `route6` * Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6` | |||
2022-01-11 | ike-group: T4162: Correct helper description for ikev2-reauth | Nicolas Fort | |
2022-01-11 | firewall: T2199: Add ipv6-range support to IPv6 address group | sarthurdev | |
2022-01-11 | policy: T4170: rename "policy ipv6-route" -> "policy route6" | Christian Poessinger | |
In order to have a consistent looking CLI we should rename this CLI node. There is: * access-list and access-list6 (policy) * prefix-list and prefix-list6 (policy) * route and route6 (static routes) | |||
2022-01-11 | policy: T2199: add missing rule constraints | Christian Poessinger | |
2022-01-10 | Merge pull request #1152 from sarthurdev/firewall_validators | Christian Poessinger | |
firewall: validators: T4148: Improve validators and firewall validator usage | |||
2022-01-10 | conntrack: T3579: make the timeout tree re-usable as XML include | Christian Poessinger | |
2022-01-10 | conntrack: T3579: migrate "conntrack ignore" tree to vyos-1x and nftables | Christian Poessinger | |
2022-01-10 | firewall: validators: T2199: Improve port validation | sarthurdev | |
2022-01-10 | policy: T4161: Set correct description for local-preference | Nicolas Fort | |
2022-01-09 | Merge pull request #1143 from sever-sever/T1972 | Christian Poessinger | |
vrrp: T1972: Ability to set IP address on not vrrp interface | |||
2022-01-09 | vrrp: T1972: Ability to set IP address on not vrrp interface | Viacheslav | |
Ability to set virtual_address on not vrrp-listen interface Add ability don't track primary vrrp interface "exclude-vrrp-interface" Add ability to set tracking (state UP/Down) on desired interfaces For example eth0 is used for vrrp and we want to track another eth1 interface that not belong to any vrrp-group | |||
2022-01-07 | xml: nat: use generic bulding block for rule description | Christian Poessinger | |
2022-01-07 | xml: firewall: T4130: add protocol completion helper all and tcp_udp | Christian Poessinger | |
2022-01-04 | Merge pull request #1132 from sever-sever/T4134 | Christian Poessinger | |
firewall: T4134: Fix completion help for protocols | |||
2022-01-04 | Merge pull request #1121 from sever-sever/T4109 | Christian Poessinger | |
keepalived: T4109: Add high-availability virtual-server | |||
2022-01-04 | firewall: T4134: Fix completion help for protocols | Viacheslav | |
2022-01-04 | keepalived: T4109: Add high-availability virtual-server | Viacheslav | |
Add new feature, high-availability virtual-server Change XML, python and templates Move vrrp to root node 'high-availability' as all logic are handler by root node 'high-availability' | |||
2022-01-03 | Merge pull request #1018 from sever-sever/T3872 | Christian Poessinger | |
monitoring: T3872: Add a new feature service monitoring | |||
2022-01-03 | monitoring: T3872: Add a new feature service monitoring telegraf | Viacheslav | |
2022-01-03 | Merge pull request #1124 from sever-sever/T4110 | Christian Poessinger | |
listen-address: T4110: Ability to set IPv6 link-local addresses | |||
2022-01-03 | listen-address: T4110: Ability to set IPv6 link-local addresses | Viacheslav | |
Some services allows to set link-local IPv6 addresses as listen-address. Allow it and add a validator 'ipv6-link-local' and extend listen-address.xml.i to this validator | |||
2021-12-31 | Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into current | Christian Poessinger | |
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python | |||
2021-12-31 | ipsec: T4126: Ability to set priorities for installed policy | Viacheslav | |
Add priority for policy based IPSec VPN tunnels If 2 tunnels have the same pair of local and remote traffic selectors (prefixes) it allows to set more preforable install policy from required peer The lowest priority is more preforable | |||
2021-12-31 | firewall: xml: T4100: increase maximum number of rules to 999999 | Christian Poessinger | |
2021-12-30 | snmp: T4124: migrate to get_config_dict() | Christian Poessinger | |
2021-12-29 | Improve IPsec help strings | Daniil Baturin | |
2021-12-29 | More consise consistent help strings for listen-address commands | Daniil Baturin | |
2021-12-29 | Improve tunnel interface help strings | Daniil Baturin | |
2021-12-27 | keepalived: T4109: Add XML for high-availability virtual-server | Viacheslav | |
Add XML for required 'virtual-server' configuration commands | |||
2021-12-26 | xml: ospfv3: remove leading whitespaces from ospfv3/no-summary.xml.i | Christian Poessinger | |
2021-12-26 | ospfv3: T4107: add support for "default-information originate" | Christian Poessinger | |
2021-12-26 | ospfv3: T4108: add support for auto-cost parameter | Christian Poessinger | |