summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2022-01-10Merge pull request #1152 from sarthurdev/firewall_validatorsChristian Poessinger
firewall: validators: T4148: Improve validators and firewall validator usage
2022-01-10conntrack: T3579: make the timeout tree re-usable as XML includeChristian Poessinger
2022-01-10conntrack: T3579: migrate "conntrack ignore" tree to vyos-1x and nftablesChristian Poessinger
2022-01-10firewall: validators: T2199: Improve port validationsarthurdev
2022-01-10policy: T4161: Set correct description for local-preferenceNicolas Fort
2022-01-09Merge pull request #1143 from sever-sever/T1972Christian Poessinger
vrrp: T1972: Ability to set IP address on not vrrp interface
2022-01-09vrrp: T1972: Ability to set IP address on not vrrp interfaceViacheslav
Ability to set virtual_address on not vrrp-listen interface Add ability don't track primary vrrp interface "exclude-vrrp-interface" Add ability to set tracking (state UP/Down) on desired interfaces For example eth0 is used for vrrp and we want to track another eth1 interface that not belong to any vrrp-group
2022-01-07xml: nat: use generic bulding block for rule descriptionChristian Poessinger
2022-01-07xml: firewall: T4130: add protocol completion helper all and tcp_udpChristian Poessinger
2022-01-04Merge pull request #1132 from sever-sever/T4134Christian Poessinger
firewall: T4134: Fix completion help for protocols
2022-01-04Merge pull request #1121 from sever-sever/T4109Christian Poessinger
keepalived: T4109: Add high-availability virtual-server
2022-01-04firewall: T4134: Fix completion help for protocolsViacheslav
2022-01-04keepalived: T4109: Add high-availability virtual-serverViacheslav
Add new feature, high-availability virtual-server Change XML, python and templates Move vrrp to root node 'high-availability' as all logic are handler by root node 'high-availability'
2022-01-03Merge pull request #1018 from sever-sever/T3872Christian Poessinger
monitoring: T3872: Add a new feature service monitoring
2022-01-03monitoring: T3872: Add a new feature service monitoring telegrafViacheslav
2022-01-03Merge pull request #1124 from sever-sever/T4110Christian Poessinger
listen-address: T4110: Ability to set IPv6 link-local addresses
2022-01-03listen-address: T4110: Ability to set IPv6 link-local addressesViacheslav
Some services allows to set link-local IPv6 addresses as listen-address. Allow it and add a validator 'ipv6-link-local' and extend listen-address.xml.i to this validator
2021-12-31Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into currentChristian Poessinger
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python
2021-12-31ipsec: T4126: Ability to set priorities for installed policyViacheslav
Add priority for policy based IPSec VPN tunnels If 2 tunnels have the same pair of local and remote traffic selectors (prefixes) it allows to set more preforable install policy from required peer The lowest priority is more preforable
2021-12-31firewall: xml: T4100: increase maximum number of rules to 999999Christian Poessinger
2021-12-30snmp: T4124: migrate to get_config_dict()Christian Poessinger
2021-12-29Improve IPsec help stringsDaniil Baturin
2021-12-29More consise consistent help strings for listen-address commandsDaniil Baturin
2021-12-29Improve tunnel interface help stringsDaniil Baturin
2021-12-27keepalived: T4109: Add XML for high-availability virtual-serverViacheslav
Add XML for required 'virtual-server' configuration commands
2021-12-26xml: ospfv3: remove leading whitespaces from ospfv3/no-summary.xml.iChristian Poessinger
2021-12-26ospfv3: T4107: add support for "default-information originate"Christian Poessinger
2021-12-26ospfv3: T4108: add support for auto-cost parameterChristian Poessinger
2021-12-25flow-accounting: T4106: support specification of capture packet lengthChristian Poessinger
2021-12-25flow-accounting: T4105: drop "sflow agent-address auto"Christian Poessinger
The implementation of the "auto" option to specify the sflow/netflow agent-address is very error prone. The current implementation will determine the IP address used for the "auto" value as follow: Get BGP router-id 1) If not found use OSPF router-id 2) If not found use OSPFv3 router-id 3) If not found use "the first IP address found on the system Well, what is the "first IP address found"? Also this changes if DHCP is in use. Also another disadvantage is when the BGP/OSPF/OSPFv3 router-id is changed, the agent-address is not updated upon the next reboot of the system. This task is about removing the "auto" keyword from the CLI at all and make it either entirely configurable by the user and hardcode the value in CLI, or not use this at all. If "auto" is specified we will query the system in the above order and set the proper router-id in the CLI. If none can be found the CLI node is removed.
2021-12-25flow-accounting: T4099: rename "netflow source-ip" to source-addressChristian Poessinger
sFlow uses the source-address CLI node and netflow uses source-ip this is just confusing and should be synced to the common source-address CLI node.
2021-12-25flow-accounting: T4097: move to get_config_dict()Christian Poessinger
2021-12-25ospfv3: T4102: add support for NSSA area-typeChristian Poessinger
2021-12-24smoketest: flow-accounting: add sflow and netflow testcasesChristian Poessinger
2021-12-20T4088: login banner: Typo in completion help of banner typessrividya0208
There is typo in the completion help when this command "set sys login banner" executed, Changed the completion help to a proper one.
2021-12-19Merge pull request #1112 from srividya0208/T4070Christian Poessinger
T4070: natv4: Add "any" for inbound-interface list
2021-12-19T4070: natv4: Add "any" for inbound-interface listsrividya0208
"any" was missing from the interface list which will be useful to indicate any interface.
2021-12-19vxlan: T3700: add support for Generic Protocol extension (VXLAN-GPE)Christian Poessinger
2021-12-17Merge pull request #1103 from zdc/T3774-sagittaChristian Poessinger
logs: T3774: Added CLI options to control atop logs rotation
2021-12-17logs: T3774: Optimization for logrotate configszsdc
* Added proper handling of default values from CLI. * Replaced rsyslog restart postrotate action to native `rsyslog-rotate` script. * Removed unnecessary checks for `None` instead `dict` - with default values the situation becomes impossible. * Fixed default value from 10 to 1 in the rsyslog CLI.
2021-12-15http-api: T4076: allow setting CORS option 'Access-Control-Allow-Origin'John Estabrook
2021-12-13logs: T3774: Added new CLI itemzsdc
Added the ability to control the `/var/log/messages` rotation. Renamed the option `maxsize` to `max-size`.
2021-12-13http-api: T4071: allow API to bind to unix domain socketJohn Estabrook
2021-12-12bgp: T3967: add support for conditional advertisementChristian Poessinger
The BGP conditional advertisement feature uses the non-exist-map or the exist-map and the advertise-map keywords of the neighbor advertise-map command in order to track routes by the route prefix. non-exist-map ============= * If a route prefix is not present in the output of non-exist-map command, then advertise the route specified by the advertise-map command. * If a route prefix is present in the output of non-exist-map command, then do not advertise the route specified by the addvertise-map command. exist-map ========= * If a route prefix is present in the output of exist-map command, then advertise the route specified by the advertise-map command. * If a route prefix is not present in the output of exist-map command, then do not advertise the route specified by the advertise-map command. This feature is useful when some prefixes are advertised to one of its peers only if the information from the other peer is not present (due to failure in peering session or partial reachability etc). The conditional BGP announcements are sent in addition to the normal announcements that a BGP router sends to its peer. CLI nodes can be found under: * set protocols bgp neighbor <ip> address-family <afi> conditional-advertisement * set protocols bgp peer-group <p> address-family <afi> conditional-advertisement
2021-12-12xml: bgp: rename afi-common.xml.i -> neighbor-afi-ipv4-ipv6-common.xml.iChristian Poessinger
2021-12-12bgp: T4069: add "parameters suppress-fib-pending" CLI optionChristian Poessinger
This command is applicable at the global level and at an individual bgp level. If applied at the global level all bgp instances will wait for fib installation before announcing routes and there is no way to turn it off for a particular BGP vrf.
2021-12-12bgp: T4069: add "parameters shutdown" CLI optionChristian Poessinger
Administrative shutdown of all peers of a bgp instance. Drop all BGP peers, but preserve their configurations. The peers are notified in accordance with RFC 8203 by sending a NOTIFICATION message with error code Cease and subcode Administrative Shutdown prior to terminating connections. This global shutdown is independent of the neighbor shutdown, meaning that individually shut down peers will not be affected by lifting it.
2021-12-12bgp: T4069: add "parameters reject-as-sets" CLI optionChristian Poessinger
This command enables rejection of incoming and outgoing routes having AS_SET or AS_CONFED_SET type.
2021-12-12bgp: T4069: add "parameters minimum-holdtime <n>" CLI optionChristian Poessinger
This command allows user to prevent session establishment with BGP peers with lower holdtime less than configured minimum holdtime. When this command is not set, minimum holdtime does not work.
2021-12-12bgp: T4069: add "parameters fast-convergence" CLI optionChristian Poessinger
Whenever BGP peer address becomes unreachable we must bring down the BGP session immediately. Currently only single-hop EBGP sessions are brought down immediately. IBGP and multi-hop EBGP sessions wait for hold-timer expiry to bring down the sessions. This new configuration option helps user to teardown BGP sessions immediately whenever peer becomes unreachable. This configuration is available at the bgp level. When enabled, configuration is applied to all the neighbors configured in that bgp instance.