Age | Commit message (Collapse) | Author |
|
|
|
Add `policy local-route` source and destination port
set policy local-route rule 23 destination port '222'
set policy local-route rule 23 protocol 'tcp'
set policy local-route rule 23 set table '123'
set policy local-route rule 23 source port '8888'
% ip rule show prio 23
23: from all ipproto tcp sport 8888 dport 222 lookup 123
(cherry picked from commit ff43733074675b94ce4ead83fe63870b6cf953c5)
|
|
(cherry picked from commit e357258e645cf85de0035d4ecfbf99db4dd90f7e)
|
|
Set the MRU (Maximum Receive Unit) value to n. PPPd will ask the peer to send
packets of no more than n bytes. The value of n must be between 128 and 16384,
the default was always 1492 to match PPPoE MTU.
A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256
bytes of data). Note that for the IPv6 protocol, the MRU must be at least 1280.
CLI:
set interfaces pppoe pppoe0 mru 1280
(cherry picked from commit e062a8c11856f213983f5b41f50d4f9dbc0dde0f)
|
|
(cherry picked from commit aeb0138c9df73b57489eced152f026c0666d1ee5)
|
|
Migrate policy local-route <destination|source> to node address
replace 'policy local-route{v6} rule <tag> destination|source <x.x.x.x>'
=> 'policy local-route{v6} rule <tag> destination|source address <x.x.x.x>'
(cherry picked from commit 9f7a5f79200782f7849cab72f55a39dedf45f214)
|
|
This commit adds a new configuration option to the mDNS repeater service
to allow controlling which IP version to use for mDNS repeater.
Additionally, publishing AAAA record over IPv4 and A record over IPv6 is
disabled as suggested.
See:
- https://github.com/lathiat/avahi/issues/117#issuecomment-1651475104
- https://bugzilla.redhat.com/show_bug.cgi?id=669627#c2
(cherry picked from commit e66f7075ee12ae3107d29efaf683442c3535e8b9)
|
|
T5165: Add option protocol for policy local-route (backport #2313)
|
|
(cherry picked from commit 81dee963a9ca3224ddbd54767a36efae5851a001)
|
|
Add option `protocol` for policy local-route
set policy local-route rule 100 destination '192.0.2.12'
set policy local-route rule 100 protocol 'tcp'
set policy local-route rule 100 set table '100'
(cherry picked from commit 96b8b38a3c17aa08fa964eef9141cf89f1c1d442)
|
|
Also includes an update to smoketest to verify
(cherry picked from commit 1ac230548c86d3308ff5b479b79b0e64b75a0e8a)
|
|
(cherry picked from commit 12440ea1af8e60482a6a91c1cb04dcb86d7f4a68)
|
|
bgp: T5596: add new features from FRR 9 (backport #2284)
|
|
A `backup` server can be defined to take over in the case of all other
backends failing
set load-balancing reverse-proxy backend <tag> server <tag> address '192.0.2.3'
set load-balancing reverse-proxy backend <tag> server <tag> port '8883'
set load-balancing reverse-proxy backend <tag> server <tag> backup
(cherry picked from commit cb297aea56da91144c53be1f396b64a26a8e5b04)
|
|
* Add BGP Software Version capability (draft-abraitis-bgp-version-capability)
set protocols bgp neighbor 192.0.2.1 capability software-version
* Add BGP neighbor path-attribute treat-as-withdraw command
set protocols bgp neighbor 192.0.2.1 path-attribute treat-as-withdraw
(cherry picked from commit d285355716708a46767c18661976906812da8a3c)
|
|
* Add support for IS-IS advertise-high-metrics
set protocols isis advertise-high-metrics
* Add support for IS-IS advertise-passive-only
set protocols isis advertise-passive-only
(cherry picked from commit f7d35c15256ea74ab32c9b978a5c6fdbd659a7a0)
|
|
while configuring dNAT|sNAT rule
(cherry picked from commit ec5437913e489f40fea6bab89a6bb5f565cd1ab7)
|
|
Cleanup nets for the smoketest load-balancing
Remove deleting container interfaces from default netns as those
interfaces leave inly in netns.
(cherry picked from commit 849499f44f6e50c591e250cf40b5ab0115839b53)
|
|
FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when
working with the Linux kernel. In this new way, the mapping of a VLAN to a VNI
is configured against a container VXLAN interface which is referred to as a
'Single VXLAN device (SVD)'.
Multiple VLAN to VNI mappings can be configured against the same SVD. This
allows for a significant scaling of the number of VNIs since a separate VXLAN
interface is no longer required for each VNI.
Sample configuration of SVD with VLAN to VNI mappings is shown below.
set interfaces bridge br0 member interface vxlan0
set interfaces vxlan vxlan0 external
set interfaces vxlan vxlan0 source-interface 'dum0'
set interfaces vxlan vxlan0 vlan-to-vni 10 vni '10010'
set interfaces vxlan vxlan0 vlan-to-vni 11 vni '10011'
set interfaces vxlan vxlan0 vlan-to-vni 30 vni '10030'
set interfaces vxlan vxlan0 vlan-to-vni 31 vni '10031'
(cherry picked from commit 7f6624f5a6f8bd1749b54103ea5ec9f010adf778)
|
|
Commit 6896aabb6 ("wireless: T5540: fix VHT capability settings for 802.11ac"
changed how the VHT channel-sidth is configured in hostapd - but smoketests
did not get adjusted.
|
|
|
|
|
|
|
|
|
|
|
|
Configuring "set system ip protocol ospf|bgp route-map foo" and commit it
installs the route-map into FRR. Removing the CLI configuration "delete system
ip protocol" does not remove the route-map from FRR - it stays active.
This commit adds the fix and appropriate smoketests extenstion.
|
|
wifi: T5491: allow white-/blacklisting station MAC addresses for security
|
|
T5448: Add configuration host-name for zabbix-agent
|
|
T5472: nat redirect: allow redirection without defining redirected port
|
|
T5450: allow inverted matcher for interface and interface-group
|
|
|
|
firewall cli
|
|
Ability to configure host-name for zabbix-agent
set service monitoring zabbix-agent host-name 'r-vyos'
|
|
T5447: Initial support for MACsec static keys
|
|
|
|
Station MAC address-based authentication means:
* 'allow' accept all clients except the one on the deny list
* 'deny' accept only clients listed on the accept list
New CLI commands:
* set interfaces wireless wlan0 security station-address mode <accept|deny>
* set interfaces wireless wlan0 security station-address accept mac <mac>
* set interfaces wireless wlan0 security station-address deny mac <mac>
|
|
This fixes a CLI typo added in commit 77ef9f800 ("T5466: L3VPN label allocation
mode").
|
|
|
|
Commit 77ef9f800 ("T5466: L3VPN label allocation mode") added support for a new
CLI node that is added "label vpn export allocation-mode per-nexthop" to FRRs
running configuration. Unfortunately the smoketest contained a trailing
whitespace and the above mentioned line could not be evaluated to true.
|
|
wireguard: T5409: Added 'set interfaces wireguard wgX threaded'
|
|
Using threaded as CLI node is a very deep term used by kernel threads. To make
this more understandable to users, rename the node to per-client-thread.
It's also not necessary to test if any one peer is configured and probing if
the option is set. There is a base test which requires at least one peer
to be configured.
|
|
|
|
Testcases after the bugfix in commit 011697508 ("T5467: removing ospf(v3) or
isis interface in VRF context did not clear FRR config").
For ISIS change in the tests - do not run self_commit() in a for loop if not
really necessary, this will slow down the tests.
|
|
This fixes the smoketest after the change in commit e7d7bd20b ("openvpn: T5270:
do not require classic DH params in any more Generate 'dh none' instead and let
OpenVPN use ECDH")
... as there is no exception raised
05:47:26 DEBUG - ======================================================================
05:47:26 DEBUG - FAIL: test_openvpn_server_verify (__main__.TestInterfacesOpenVPN.test_openvpn_server_verify)
05:47:26 DEBUG - ----------------------------------------------------------------------
05:47:26 DEBUG - Traceback (most recent call last):
05:47:26 DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_interfaces_openvpn.py", line 342, in test_openvpn_server_verify
05:47:26 DEBUG - with self.assertRaises(ConfigSessionError):
05:47:26 DEBUG - AssertionError: ConfigSessionError not raised
|
|
setting
|
|
T5160: Firewall refactor
|
|
<drop> to <accept> if default-action is not specified in base chains
|
|
firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip.
|
|
firewall smoketest
|
|
|