summaryrefslogtreecommitdiff
path: root/smoketest
AgeCommit message (Collapse)Author
2022-06-14firewall: T970: Use set prefix to domain groupssarthurdev
2022-06-14firewall: T4147: Use named sets for firewall groupssarthurdev
* Refactor nftables clean-up code * Adds policy route test for using firewall groups
2022-06-10Merge pull request #1356 from sarthurdev/nested_groupsChristian Poessinger
firewall: T478: Add support for nesting groups
2022-06-10firewall: T478: Add support for nesting groupssarthurdev
2022-06-10Firewall:T4458: Add ttl match option in firewallNicolas Fort
2022-06-10Merge pull request #1322 from nicolas-fort/T3907-fwall-logDaniil Baturin
Firewall: T3907: add log-level options in firewall
2022-06-10smoketest: T970: Add commit after static-host-mappingViacheslav Hletenko
Staic-host-mapping 'example.com' should be exists before we configure firewall domain-group FOO address example.com
2022-06-09smoketest: sstp: T4444: verify port can be changedChristian Poessinger
2022-06-09Merge pull request #1327 from sever-sever/T970Christian Poessinger
firewall: T970: Add firewall group domain-group
2022-06-05T4387: add more firewall checks for WLB smoketests.Nicolas Fort
2022-06-05Merge pull request #1346 from sever-sever/T4387-currViacheslav Hletenko
smoketest: T4387: Add test for load-balancing wan
2022-06-04Policy: T3976-T4449-nexthop: add - match ipv6 nexthop type - as available ↵Nicolas Fort
for ipv4
2022-06-02smoketest: T4387: Add test for load-balancing wanViacheslav Hletenko
Create 2 network namespaces which allow us to emulate 2 ISP with different static addresses Check routing table 201 for the first ISP and table 202 for the second ISP. Each table must contain default route (cherry picked from commit 6b75cbb0575ca95806e969f5d7f219c0cbeea334)
2022-05-31Merge pull request #1344 from sarthurdev/pki_updateChristian Poessinger
pki: T3642: Update conf scripts using changed PKI objects
2022-05-31pki: T3642: Update conf scripts using changed PKI objectssarthurdev
2022-05-31smoketest: policy: T3976: add migratable config snippetChristian Poessinger
2022-05-31IPv6: T3976: add prefix-list and access-list option from ipv6 route-mapfett0
2022-05-29Policy: T4450: Expand options for ip|ipv6 address match. Now support ↵Nicolas Fort
prefix-len on both matches. Also change help properties of route-source node.
2022-05-29rip: T4448: remove default version for RIPChristian Poessinger
Commit f9e38622 ("rip: T4448: add support to set protocol version on an interface level") also added the versionspecified on a per interface level. the RIp version carried a default value of 2 which makes RIPv1 and RIPv2 no longer working which is dthe default for FRR. Remove the default "2" from the RIP version specifier to make this behavior work again.
2022-05-29Merge branch 'T4449' of https://github.com/nicolas-fort/vyos-1x into currentChristian Poessinger
* 'T4449' of https://github.com/nicolas-fort/vyos-1x: Policy: T4449: Extend matching options for route-map ip nexthop
2022-05-28rip: T4448: add support to set protocol version on an interface levelChristian Poessinger
2022-05-28firewall: T970: Add firewall group domain-groupViacheslav Hletenko
Domain group allows to filter addresses by domain main Resolved addresses as elements are stored to named "nft set" that used in the nftables rules Also added a dynamic "resolver" systemd daemon vyos-domain-group-resolve.service which starts python script for the domain-group addresses resolving by timeout 300 sec set firewall group domain-group DOMAINS address 'example.com' set firewall group domain-group DOMAINS address 'example.org' set firewall name FOO rule 10 action 'drop' set firewall name FOO rule 10 source group domain-group 'DOMAINS' set interfaces ethernet eth0 firewall local name 'FOO' nft list table ip filter table ip filter { set DOMAINS { type ipv4_addr flags interval elements = { 192.0.2.1, 192.0.2.85, 203.0.113.55, 203.0.113.58 } } chain NAME_FOO { ip saddr @DOMAINS counter packets 0 bytes 0 drop comment "FOO-10" counter packets 0 bytes 0 return comment "FOO default-action accept" } }
2022-05-28Policy: T4449: Extend matching options for route-map ip nexthopNicolas Fort
2022-05-28smoketest: rip: T4448: improve class startup timeChristian Poessinger
2022-05-28rip: T4448: add support for explicit version selectionChristian Poessinger
2022-05-27Firewall: T3907: Revert migration script 6-to-7 and add new 7-to-8Nicolas Fort
2022-05-25configtest: T4382: no migration to 'bgp local-as' under vrfJohn Estabrook
The migration script bgp/0-to-1 did not address 'protocols bgp ASN' -> 'protocols bgp local-as ASN' under a vrf. Move to configs.no-load for review on extending/adding a migration script.
2022-05-25configtest: T4382: missing block in migration script vrf/0-to-1John Estabrook
The config vrf-basic reveals a missing block in the migration script vrf/0-to-1, moving 'next-hop-vrf' to 'vrf'. As this only exists in Sagitta, modify script 0-to-1. Also, fix the 'system nt' typo seen in vrf-ospf.
2022-05-25configtest: T4382: inconsistent ipsec component versionJohn Estabrook
The pki-ipsec sagitta-era config contains 'vpn ipsec ipsec-interfaces interface eth0' with ipsec component version ipsec@6, however, this construction is successfully moved by migration script ipsec/5-to-6. Consequently, this must have been an error in translation of the config file. Note that this is unrelated to the corrected error regarding an empty 'ipsec-interfaces' node. Move config to configs.no-load for review.
2022-05-25configtest: T4382: bgp_small_as has a nonsensical entryJohn Estabrook
bgp_small_as contains set commands such as: 'protocols static route 10.0.0.0/8 MY-NAS distance 254' which would appear to have no meaning, in any VyOS version. Move to config.no-load for analysis.
2022-05-25configtest: T4382: 'nat ... log' takes no 'enable' argumentJohn Estabrook
The component version in bgp-dmvpn-spoke is nat@5, however, 4-to-5 removes the boolean argument. It is confirmed that the migration script works correctly, hence, it must be a typo in translation; remove argument 'enable'.
2022-05-25configtest: T4382: system@20 cannot have 'user level' (16-to-17)John Estabrook
The config file isis-small has system@20, but 'user level' which was migrated in system/16-to-17; remove the line in the config, as there is no problem with the migration script in question.
2022-05-25configtest: T4382: remove typoJohn Estabrook
This is a typo in vrf-ospf: 'system nt' on the line before 'system ntp'.
2022-05-25Merge pull request #1088 from zdc/T4020-sagittaDaniil Baturin
FRR: T4020: Added CLI options for FRR daemons
2022-05-21smoketest: flow-accounting: T4437: adjust smoketest to new generated config ↵Christian Poessinger
syntax
2022-05-13smoketest: add sshguard allow-from caseChristian Poessinger
2022-05-12sshguard: T4408: Add service ssh dynamic-protectionViacheslav Hletenko
Sshguard protects hosts from brute-force attacks Can inspect logs and block "bad" addresses by threshold Auto-generate rules for nftables When service stopped all generated rules are deleted nft "type filter hook input priority filter - 10" set service ssh dynamic-protection set service ssh dynamic-protection block-time 120 set service ssh dynamic-protection detect-time 1800 set service ssh dynamic-protection threshold 30 set service ssh dynamic-protection whitelist-address 192.0.2.1
2022-05-11Firewall: T3907: add log-level options in firewallNicolas Fort
2022-05-09Merge pull request #1279 from nicolas-fort/T990Christian Poessinger
Firewall: T990: Add snat and dnat connection status on firewall
2022-05-08smoketest: policy-route: use setUpClass()Christian Poessinger
2022-05-08policy: evpn: T3739: support "set evpn gateway-ip"Christian Poessinger
2022-05-07vrf: T4419: support to disable IP forwarding within a given VRFChristian Poessinger
2022-05-06bgp: T4385: verify() peer-group in interface based neighborsChristian Poessinger
2022-05-05smoketest: do not auto-load big firewall config on smoketestChristian Poessinger
This takes a very long time, but keep the config for manual runs
2022-05-05policy: T4414: add support for route-map "as-path prepend last-as x"Christian Poessinger
2022-04-30smoketest: import large firewall config from T1230Christian Poessinger
2022-04-29smoketest: add basic QoS configurationChristian Poessinger
2022-04-28arp: T4397: change CLI syntax to support interface and VRF bound ARP entriesChristian Poessinger
* set protocols static arp interface eth0 address 192.0.2.1 mac 01:23:45:67:89:01
2022-04-26smoketest: http: add decorator to suppress warnings locallyJohn Estabrook
2022-04-26smoketest: ethernet: bugfix - NameError: name 'af' is not definedChristian Poessinger