Age | Commit message (Collapse) | Author |
|
Station MAC address-based authentication means:
* 'allow' accept all clients except the one on the deny list
* 'deny' accept only clients listed on the accept list
New CLI commands:
* set interfaces wireless wlan0 security station-address mode <accept|deny>
* set interfaces wireless wlan0 security station-address accept mac <mac>
* set interfaces wireless wlan0 security station-address deny mac <mac>
|
|
This fixes a CLI typo added in commit 77ef9f800 ("T5466: L3VPN label allocation
mode").
|
|
his extends commit b9655365b ("login: T5490: add stricter validation for
home-directory path") by adding a dot to the REGEX allow list.
This was previously allowed and covered in out smoketests which failed.
|
|
wireguard: T5409: Added 'set interfaces wireguard wgX threaded'
|
|
Provides a per-device control to enable/disable the threaded mode for all the
napi instances of the given network device, without the need for a device
up/down.
|
|
Using threaded as CLI node is a very deep term used by kernel threads. To make
this more understandable to users, rename the node to per-client-thread.
It's also not necessary to test if any one peer is configured and probing if
the option is set. There is a base test which requires at least one peer
to be configured.
|
|
|
|
|
|
|
|
|
|
setting
|
|
This is only a cosmetic change so that the default value is properly retrieved
from the defaultValue XML node.
|
|
T5160: Firewall refactor
|
|
|
|
with common matcher for ipv4 and ipv6, and use include on all chains for all this comman matchers
|
|
<drop> to <accept> if default-action is not specified in base chains
|
|
firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip.
|
|
|
|
|
|
Move 'service zabbix-agent'
=> 'service monitoring zabbix-agent'
|
|
T5448: Add service zabbix-agent
|
|
|
|
Add service zabbix-agent
set service zabbix-agent directory '/config/zabbix/'
set service zabbix-agent limits buffer-flush-interval '8'
set service zabbix-agent limits buffer-size '120'
set service zabbix-agent log debug-level 'warning'
set service zabbix-agent log size '1'
set service zabbix-agent server '192.0.2.5'
set service zabbix-agent server-active 192.0.2.5 port '10051'
set service zabbix-agent server-active 2001:db8::123
|
|
T5014: nat: add source and destination nat options for configuring lo…
|
|
order to avoid empty value and problems when removing such parameters
|
|
Added 'set interfaces wireguard wgX threaded' command.
Process traffic from each peer in a dedicated thread.
|
|
set service dns dynamic timeout <60-3600>
|
|
Extend list of allowed characters for the bootfile-option.
|
|
wireguard: T5413: Blocked adding the peer with the router's public key
|
|
Disabeled adding the peer with the same public key as the router has.
Added smoketest
|
|
container: T5407: increase priority before protocol static
|
|
Ability to set locate time format 12|24-hour
set system option time-format 12-hour|24-hour
$ date
Tue Aug 1 12:33:45 PM EEST 2023
$ date
Tue 1 Aug 12:34:09 EEST 2023
|
|
|
|
Change code for new syntax
|
|
balance within a single rule.
|
|
When no-release is specified, dhcp6c client will not release allocated address or prefix on client exit.
vyos.ifconfig: dhcpv6: T5387: re-use options_file for no release flag [WIP]
* Todo: render Jinja2 template and fill it
vyos.ifconfig: dhcpv6: T5387: finish options_file and no release flag in cli
vyos.ifconfig: dhcpv6: T5387: fix missing/wrong end tag
vyos.ifconfig: dhcpv6: T5387: fix options, no var for -n
dhcpv6-client: T5387: fix missing / from filepaths
|
|
T5368: service ids ddos-protection add support sflow mode
|
|
inetfaces
Keep a common CLI structure by re-using the already established offload
node from ethernet.
|
|
|
|
T5154: NTP: allow maximum of one ipv4 and one ipv6 address on paramet…
|
|
<listen-address>. Also allow only one single value <interface>.
|
|
T4889: NAT Redirect: adddestination nat redirection (to local host) feature.
|
|
T4974:add/fixed enable ovpn-dco by default
|
|
|
|
|
|
sFlow mode requires fewer resources then mode "mirror"
Integrate it into configuration mode
set service ids ddos-protection mode 'sflow'
set service ids ddos-protection sflow listen-address '127.0.0.1'
set service ids ddos-protection sflow port '6343'
|
|
New CLI commands:
* set protocols ospf graceful-restart grace-period 300
* set protocols ospf graceful-restart helper planned-only
* set protocols ospf graceful-restart helper no-strict-lsa-checking
* set protocols ospf graceful-restart helper supported-grace-time 400
* set protocols ospf graceful-restart helper enable router-id 192.0.2.1
* set protocols ospf graceful-restart helper enable router-id 192.0.2.2
* set protocols ospfv3 graceful-restart grace-period 300
* set protocols ospfv3 graceful-restart helper planned-only
* set protocols ospfv3 graceful-restart helper lsa-check-disable
* set protocols ospfv3 graceful-restart helper supported-grace-time 400
* set protocols ospfv3 graceful-restart helper enable router-id 192.0.2.1
* set protocols ospfv3 graceful-restart helper enable router-id 192.0.2.2
|
|
|
|
validor for dhcpv6-relay which was missing.
|
|
|