Age | Commit message (Collapse) | Author |
|
<drop> to <accept> if default-action is not specified in base chains
|
|
firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip.
|
|
|
|
|
|
T5448: Add service zabbix-agent
|
|
|
|
Add service zabbix-agent
set service zabbix-agent directory '/config/zabbix/'
set service zabbix-agent limits buffer-flush-interval '8'
set service zabbix-agent limits buffer-size '120'
set service zabbix-agent log debug-level 'warning'
set service zabbix-agent log size '1'
set service zabbix-agent server '192.0.2.5'
set service zabbix-agent server-active 192.0.2.5 port '10051'
set service zabbix-agent server-active 2001:db8::123
|
|
T5014: nat: add source and destination nat options for configuring lo…
|
|
order to avoid empty value and problems when removing such parameters
|
|
set service dns dynamic timeout <60-3600>
|
|
Extend list of allowed characters for the bootfile-option.
|
|
wireguard: T5413: Blocked adding the peer with the router's public key
|
|
Disabeled adding the peer with the same public key as the router has.
Added smoketest
|
|
container: T5407: increase priority before protocol static
|
|
Ability to set locate time format 12|24-hour
set system option time-format 12-hour|24-hour
$ date
Tue Aug 1 12:33:45 PM EEST 2023
$ date
Tue 1 Aug 12:34:09 EEST 2023
|
|
|
|
Change code for new syntax
|
|
balance within a single rule.
|
|
When no-release is specified, dhcp6c client will not release allocated address or prefix on client exit.
vyos.ifconfig: dhcpv6: T5387: re-use options_file for no release flag [WIP]
* Todo: render Jinja2 template and fill it
vyos.ifconfig: dhcpv6: T5387: finish options_file and no release flag in cli
vyos.ifconfig: dhcpv6: T5387: fix missing/wrong end tag
vyos.ifconfig: dhcpv6: T5387: fix options, no var for -n
dhcpv6-client: T5387: fix missing / from filepaths
|
|
T5368: service ids ddos-protection add support sflow mode
|
|
inetfaces
Keep a common CLI structure by re-using the already established offload
node from ethernet.
|
|
|
|
T5154: NTP: allow maximum of one ipv4 and one ipv6 address on paramet…
|
|
<listen-address>. Also allow only one single value <interface>.
|
|
T4889: NAT Redirect: adddestination nat redirection (to local host) feature.
|
|
T4974:add/fixed enable ovpn-dco by default
|
|
|
|
|
|
sFlow mode requires fewer resources then mode "mirror"
Integrate it into configuration mode
set service ids ddos-protection mode 'sflow'
set service ids ddos-protection sflow listen-address '127.0.0.1'
set service ids ddos-protection sflow port '6343'
|
|
New CLI commands:
* set protocols ospf graceful-restart grace-period 300
* set protocols ospf graceful-restart helper planned-only
* set protocols ospf graceful-restart helper no-strict-lsa-checking
* set protocols ospf graceful-restart helper supported-grace-time 400
* set protocols ospf graceful-restart helper enable router-id 192.0.2.1
* set protocols ospf graceful-restart helper enable router-id 192.0.2.2
* set protocols ospfv3 graceful-restart grace-period 300
* set protocols ospfv3 graceful-restart helper planned-only
* set protocols ospfv3 graceful-restart helper lsa-check-disable
* set protocols ospfv3 graceful-restart helper supported-grace-time 400
* set protocols ospfv3 graceful-restart helper enable router-id 192.0.2.1
* set protocols ospfv3 graceful-restart helper enable router-id 192.0.2.2
|
|
|
|
validor for dhcpv6-relay which was missing.
|
|
|
|
|
|
bgp: T5338: Added 'protocols bgp interface <int> mpls forwarding' feature
|
|
Added 'protocols bgp interface <int> mpls forwarding' feature.
It is possible to permit BGP install VPN prefixes without transport labels.
This configuration will install VPN prefixes originated from an e-bgp session,
and with the next-hop directly connected.
|
|
Migrate:
high-availability virtual-server 203.0.113.1
to: high-availability virtual-server <name> address 203.0.113.1
|
|
|
|
bgp: T5343: add ipv4-vpn and ipv6-vpn config options to peer-group
|
|
T775: Add service config-sync between 2 routers
|
|
|
|
|
|
|
|
* set protocols ospf aggregation timer <seconds>
* set protocols ospf summary-address x.x.x.x/x [tag 1-4294967295]
* set protocols ospf summary-address x.x.x.x/x no-advertise
|
|
|
|
After an interface is added/removed from VPP, it will be reinitialized, which
allows reconfiguring IP addresses on it.
Also modified VPP load priority to start before interfaces, and avoid
reconfiguration during boot.
|
|
|
|
Service config-sync allows synchronizing a section of
the configuration.
As PoC allow only nat, nat66 and firewall sections
Rertreive the configuration for a section from self node and
send this configuration to the section of the 'secondary' node.
This feature adds a symlink from helper 'vyos_config_sync.py'
to '/config/scripts/commit/post-hooks.d' and config that is
located in '/run/config_sync_conf.conf'
It will synchronyze the config only if the setcion
was changed.
set service config-sync secondary address 192.0.2.11
set service config-sync secondary key xxx
set service config-sync section nat
set service config-sync section nat66
set service config-sync section firewall
set service config-sync mode load
|
|
T1797: Add initial vpp configuration
|
|
The previous implementation did not iterate over the communit list, so only
one match criteria was supported.
set policy route-map FOO rule 10 action 'permit'
set policy route-map FOO rule 10 set extcommunity rt '1111:2222222'
worked but on the other hand this failed:
set policy route-map FOO rule 20 action 'permit'
set policy route-map FOO rule 20 set extcommunity rt '6500:24 6500:23 192.168.0.1:111 192.168.0.1:222'
|