Age | Commit message (Collapse) | Author | |
---|---|---|---|
2023-09-08 | Merge pull request #2222 from nicolas-fort/T4072-fwall-bridge | Christian Breunig | |
T4072: add firewall bridge filtering. | |||
2023-09-07 | T4072: add firewall bridge filtering. First implementation only applies for ↵ | Nicolas Fort | |
forward chain and few matchers. Should be extended in the future. | |||
2023-09-06 | Merge pull request #2199 from sarthurdev/T4309 | Christian Breunig | |
conntrack: T4309: T4903: Refactor `system conntrack ignore`, add IPv6 support and firewall groups | |||
2023-09-06 | Merge pull request #2208 from sarthurdev/T5550 | Christian Breunig | |
interface: T5550: Interface source-validation priority over global value | |||
2023-09-05 | Merge pull request #2204 from sever-sever/T5480 | John Estabrook | |
T5480: Ability to disable SNMP for keepalived service VRRP | |||
2023-09-05 | firewall: T3509: Split IPv4 and IPv6 reverse path filtering like on interfaces | sarthurdev | |
2023-09-05 | Merge branch 'netns' into current | Christian Breunig | |
* netns: smoketest: T5241: re-work netns assertions and provide common utility helper netns: T5241: simplify network namespace handling netns: T5241: improve get_interface_namespace() robustness netns: T5241: use common interface_exists() helper netns: T5241: provide is_netns_interface utility helper T5241: Support netns for veth and dummy interfaces | |||
2023-09-05 | T5480: Ability to disable SNMP for keepalived service VRRP | Viacheslav Hletenko | |
By default we enable `--snmp` for keepalived unit service Add ability to disable it set high-availability vrrp disable-snmp | |||
2023-09-04 | conntrack: T4309: T4903: Refactor `system conntrack ignore` rule generation, ↵ | sarthurdev | |
add IPv6 support and firewall groups | |||
2023-09-03 | fix: sys-module auto-tab completion | Anthony Rabbito | |
Signed-off-by: Anthony Rabbito <hello@anthonyrabbito.com> | |||
2023-09-03 | feat(T5544): Allow CAP_SYS_MODULE to be set on containers | Anthony Rabbito | |
Signed-off-by: Anthony Rabbito <hello@anthonyrabbito.com> | |||
2023-09-03 | Merge branch 'T5241-control-edition' of ↵ | Christian Breunig | |
https://github.com/sever-sever/vyos-1x into netns * 'T5241-control-edition' of https://github.com/sever-sever/vyos-1x: T5241: Support netns for veth and dummy interfaces | |||
2023-09-01 | container: T4353: capitalize ascii -> ASCII | Christian Breunig | |
2023-08-31 | Merge pull request #2189 from sever-sever/T5531 | Christian Breunig | |
T5531: Containers add label option | |||
2023-08-31 | T5531: Containers add label option | Viacheslav Hletenko | |
Ability to set labels for container set container name c1 allow-host-networks set container name c1 image 'busybox' set container name c1 label mypods value 'My label for containers' | |||
2023-08-31 | eapol: T4782: Support multiple CA chains | sarthurdev | |
2023-08-25 | interface: T3509: Add per-interface IPv6 source validation | sarthurdev | |
2023-08-23 | Merge pull request #2139 from dmbaturin/T5449-mss-probing | Christian Breunig | |
system-ip: T5449: add TCP MSS probing options | |||
2023-08-23 | Merge pull request #2159 from c-po/t5491-wifi | Christian Breunig | |
wifi: T5491: allow white-/blacklisting station MAC addresses for security | |||
2023-08-23 | Merge pull request #2160 from sever-sever/T5448 | Christian Breunig | |
T5448: Add configuration host-name for zabbix-agent | |||
2023-08-23 | Merge pull request #2161 from sever-sever/T5463 | Christian Breunig | |
T5463: Container allow publish listen-addresses | |||
2023-08-23 | bgp: T3759: add l3vpn "import vrf default" completion helper | Christian Breunig | |
2023-08-23 | Merge pull request #2142 from nicolas-fort/T5450 | Christian Breunig | |
T5450: allow inverted matcher for interface and interface-group | |||
2023-08-23 | T5463: Container allow publish listen-addresses | Viacheslav Hletenko | |
Ability to publish multiple IP/IPv6 addresses for container set container name c1 port web destination '80' set container name c1 port web listen-address '192.0.2.1' set container name c1 port web listen-address '2001:db8:1111::1' set container name c1 port web source '8080' --publish 192.0.2.1:8080:80/tcp --publish [2001:db8:1111::1]:8080:80/tcp | |||
2023-08-23 | T5450: update smoketest and interface definition in order to work with new ↵ | Nicolas Fort | |
firewall cli | |||
2023-08-23 | T5448: Add configuration host-name for zabbix-agent | Viacheslav Hletenko | |
Ability to configure host-name for zabbix-agent set service monitoring zabbix-agent host-name 'r-vyos' | |||
2023-08-23 | Merge pull request #2156 from giga1699/T5447 | Christian Breunig | |
T5447: Initial support for MACsec static keys | |||
2023-08-20 | T5447: Implement maintainer feedback | Giga Murphy | |
2023-08-20 | wifi: T5491: allow white-/blacklisting station MAC addresses for security | Christian Breunig | |
Station MAC address-based authentication means: * 'allow' accept all clients except the one on the deny list * 'deny' accept only clients listed on the accept list New CLI commands: * set interfaces wireless wlan0 security station-address mode <accept|deny> * set interfaces wireless wlan0 security station-address accept mac <mac> * set interfaces wireless wlan0 security station-address deny mac <mac> | |||
2023-08-19 | bgp: T5466: rename type on CLI per-nexhop -> per-nexthop for l3vpn MPLS labels | Christian Breunig | |
This fixes a CLI typo added in commit 77ef9f800 ("T5466: L3VPN label allocation mode"). | |||
2023-08-18 | login: T5490: allow . (dot) in user home-directory path | Christian Breunig | |
his extends commit b9655365b ("login: T5490: add stricter validation for home-directory path") by adding a dot to the REGEX allow list. This was previously allowed and covered in out smoketests which failed. | |||
2023-08-18 | T5447: Initial support for MACsec static keys | Giga Murphy | |
2023-08-17 | Merge pull request #2130 from aapostoliuk/T5409-sagitta | Christian Breunig | |
wireguard: T5409: Added 'set interfaces wireguard wgX threaded' | |||
2023-08-17 | wireless: T5409: add per-client-thread CLI option | Christian Breunig | |
Provides a per-device control to enable/disable the threaded mode for all the napi instances of the given network device, without the need for a device up/down. | |||
2023-08-17 | wireguard: T5409: rename threaded CLI not to per-client-thread | Christian Breunig | |
Using threaded as CLI node is a very deep term used by kernel threads. To make this more understandable to users, rename the node to per-client-thread. It's also not necessary to test if any one peer is configured and probing if the option is set. There is a base test which requires at least one peer to be configured. | |||
2023-08-17 | login: T5490: add stricter validation for home-directory path | Christian Breunig | |
2023-08-17 | radius: T5490: add stricter validation for key | Christian Breunig | |
2023-08-17 | system-ip: T5449: add TCP MSS probing options | Daniil Baturin | |
2023-08-16 | T5466: L3VPN label allocation mode | fett0 | |
2023-08-16 | wireguard: T1843: add peer description CLI option | Christian Breunig | |
2023-08-11 | ipv6: T5464: add support for per-interface dad (duplicate address detection) ↵ | Christian Breunig | |
setting | |||
2023-08-11 | ipv6: T5464: use proper XML default for DAD transmits | Christian Breunig | |
This is only a cosmetic change so that the default value is properly retrieved from the defaultValue XML node. | |||
2023-08-11 | Merge pull request #2016 from nicolas-fort/T5160 | Christian Breunig | |
T5160: Firewall refactor | |||
2023-08-11 | T5460: remove config-trap from firewall | Nicolas Fort | |
2023-08-11 | T5160: firewall refactor: fix regexep for connection-status. Create new file ↵ | Nicolas Fort | |
with common matcher for ipv4 and ipv6, and use include on all chains for all this comman matchers | |||
2023-08-11 | T5160: firewall refactor: change default value for <default-action> from ↵ | Nicolas Fort | |
<drop> to <accept> if default-action is not specified in base chains | |||
2023-08-11 | T5160: firewall refactor: move <set firewall ipv6 ipv6-name ...> to <set ↵ | Nicolas Fort | |
firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip. | |||
2023-08-11 | T5160: firewall refactor: change firewall ip to firewall ipv4 | Nicolas Fort | |
2023-08-11 | T5160: firewall refactor: new cli structure. Update only all xml | Nicolas Fort | |
2023-08-11 | T5448: Move zabbix-agent to node monitoring | Viacheslav Hletenko | |
Move 'service zabbix-agent' => 'service monitoring zabbix-agent' |