Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-10-04 | Merge pull request #4123 from nicolas-fort/fwall_set_commands | Daniil Baturin | |
T6760: firewall: add packet modifications existing in policy route to regular firewall ruleset. | |||
2024-10-03 | T6761: Add timeout for OSPF smoketest fail | Viacheslav Hletenko | |
From time to time the smoektest script checks frrconfig to early. I.e. FRR does not fully load the config during checking or the OSPF daemon is not started at the time of checking. | |||
2024-10-03 | T6760: firewall: add packet modifications existing in policy route to ↵ | Nicolas Fort | |
regular firewall ruleset. | |||
2024-09-30 | Merge pull request #4024 from nicolas-fort/T6687 | Daniil Baturin | |
T6687: add fqdn support to nat rules. | |||
2024-09-24 | syslog: T6719: fix the behavior of "syslog global preserve-fqdn" | Nicolas Vollmar | |
2024-09-24 | Merge pull request #4086 from natali-rs1985/T6675-current | Christian Breunig | |
bridge: T6675: VXLAN Interface configuration lost due to improper bridge detachment | |||
2024-09-21 | T6630: ntp: move interface timestamping configuration under ptp node | Christian Breunig | |
2024-09-21 | T6630: ntp: rename ptp-transport to ptp and use defaultValue for port | Christian Breunig | |
2024-09-21 | T6630: ntp: add chrony "ntp over ptp" transport | Lucas Christian | |
2024-09-21 | T6630: ntp: add hardware timestamp offload | Lucas Christian | |
2024-09-21 | T6630: ntp: add "interleave" option | Lucas Christian | |
2024-09-20 | bridge: T6675: VXLAN Interface configuration lost due to improper bridge ↵ | Nataliia Solomko | |
detachment | |||
2024-09-16 | T6687: add fqdn support to nat rules. | Nicolas Fort | |
2024-09-15 | bond: T6709: add EAPoL support | Christian Breunig | |
2024-09-14 | ethernet: T6709: move EAPoL support to common framework | Christian Breunig | |
Instead of having EAPoL (Extensible Authentication Protocol over Local Area Network) support only available for ethernet interfaces, move this to common ground at vyos.ifconfig.interface making it available for all sorts of interfaces by simply including the XML portion #include <include/interface/eapol.xml.i> | |||
2024-09-12 | Merge pull request #4021 from natali-rs1985/T6652-current | Daniil Baturin | |
openfabric: T6652: Add support for OpenFabric protocol | |||
2024-09-12 | Merge pull request #4041 from natali-rs1985/T6685-current | Daniil Baturin | |
pppoe-server: T6685: Add options to accept any and blank service names | |||
2024-09-12 | pppoe-server: T6685: Possibility of any services name or blank in pppoe | Nataliia Solomko | |
2024-09-12 | Merge pull request #4032 from dvlogic/Allow_Container_DNS_Disable | Christian Breunig | |
T6701: Added ability to disable the container DNS plugin | |||
2024-09-11 | T6294: Service dns forwarding add the ability to configure ZonetoCache | khramshinr | |
2024-09-11 | Merge pull request #4023 from nvollmar/T6679 | Christian Breunig | |
T6679: add group option for nat66 | |||
2024-09-11 | Merge pull request #4028 from alainlamar/T6693 | Christian Breunig | |
T6693: wireless: Enable WiFi-6 (802.11ax) for 2.4GHz AccessPoints | |||
2024-09-11 | container: T6701: add support to disable container network DNS support | Dave Vogel | |
Add ability to set the container network with a disable-dns setting to disable the DNS plugin that is on be default. set container network <network> no-name-server | |||
2024-09-10 | T6698: firewall: add matcher for vlan type. (#4027) | Nicolás Fort | |
2024-09-07 | T6693: wireless: Enable WiFi-6 (802.11ax) for 2.4GHz AccessPoints | Alain Lamar | |
2024-09-06 | container: T6702: re-add missing UNIX API socket | Christian Breunig | |
During podman upgrade and a build from the original source the UNIX socket definition for systemd got lost in translation. This commit re-adds the UNIX socket which is started on boot to interact with Podman. Example: curl --unix-socket /run/podman/podman.sock -H 'content-type: application/json' \ -sf http://localhost/containers/json | |||
2024-09-04 | openfabric: T6652: Add support for OpenFabric protocol | Nataliia Solomko | |
OpenFabric is a routing protocol providing link-state routing with efficient flooding for topologies like spine-leaf networks. FRR implements OpenFabric in a daemon called fabricd | |||
2024-09-02 | T6679: add destination groups | Nicolas Vollmar | |
2024-09-02 | Merge pull request #4018 from nicolas-fort/T6647 | Daniil Baturin | |
T6647: firewall. Introduce patch for accepting invalid ARP and DHCP | |||
2024-09-01 | smoketest: T6681: radvd: verify new "no-send-interval" CLI option | Christian Breunig | |
2024-08-28 | T6647: firewall. Introduce patch for accepting ARP and DHCP replies on ↵ | Nicolas Fort | |
stateful bridge firewall. This patch is needed because ARP and DHCP are marked as invalid connections. Also, add ehternet-type matcher in bridge firewall. | |||
2024-08-25 | T6671: add smoketest for dependency deferred to priority | John Estabrook | |
2024-08-21 | T6672: Fix system option ssh-client source-interface | Viacheslav Hletenko | |
Fix for system option ssh-client source-interface For the `verify_source_interface` the key `ifname` if required | |||
2024-08-20 | Merge pull request #3975 from lucasec/t6183 | Christian Breunig | |
T6183: interfaces openvpn: suppport specifying IP protocol version | |||
2024-08-16 | Merge pull request #3987 from natali-rs1985/T6649-current | Daniil Baturin | |
ipoe_server: T6649: Accel-ppp separate vlan-mon from listen interfaces | |||
2024-08-15 | T6649: Accel-ppp separate vlan-mon from listen interfaces | Nataliia Solomko | |
2024-08-15 | Merge pull request #3982 from nicolas-fort/T6636 | Christian Breunig | |
T6636: firewall: fix firewall template in order print logs for default-action | |||
2024-08-14 | T6636: firewall: fix firewall template in order to write logs for ↵ | Nicolas Fort | |
default-action in order to match same structure as in rules. This way op-mode command for showing firewall log prints logs for default-actions too | |||
2024-08-14 | T6646: conntrack: in ignore rules, if protocols=all, do not append it to the ↵ | Nicolas Fort | |
rule | |||
2024-08-13 | T6183: interfaces openvpn: suppport specifying IP protocol version | Lucas Christian | |
2024-08-09 | T6643: firewall: fix ip address range parsing on firewall rules. | Nicolas Fort | |
2024-08-06 | smoketest: T6614: add op-mode test for Kernel version (#3946) | Christian Breunig | |
2024-08-05 | sysctl: T3204: restore sysctl setttings overwritten by tuned | Christian Breunig | |
2024-08-05 | smoketest: T6555: openvpn: NameError: name 'elf' is not defined | Christian Breunig | |
2024-08-05 | smoketest: T6555: openvpn: SyntaxError: '(' was never closed | Christian Breunig | |
2024-08-05 | Merge branch 'current' into feature/T4694/gre-match-fields | Christian Breunig | |
2024-08-05 | Merge pull request #3920 from fett0/T6555 | Christian Breunig | |
OPENVPN: T6555: add server-bridge options in mode server | |||
2024-08-04 | firewall: T4694: Adding GRE flags & fields matches to firewall rules | Andrew Topp | |
* Only matching flags and fields used by modern RFC2890 "extended GRE" - this is backwards-compatible, but does not match all possible flags. * There are no nftables helpers for the GRE key field, which is critical to match individual tunnel sessions (more detail in the forum post) * nft expression syntax is not flexible enough for multiple field matches in a single rule and the key offset changes depending on flags. * Thus, clumsy compromise in requiring an explicit match on the "checksum" flag if a key is present, so we know where key will be. In most cases, nobody uses the checksum, but assuming it to be off or automatically adding a "not checksum" match unless told otherwise would be confusing * The automatic "flags key" check when specifying a key doesn't have similar validation, I added it first and it makes sense. I would still like to find a workaround to the "checksum" offset problem. * If we could add 2 rules from 1 config definition, we could match both cases with appropriate offsets, but this would break existing FW generation logic, logging, etc. * Added a "test_gre_match" smoketest | |||
2024-08-04 | Merge pull request #3901 from nicolas-fort/T4072-extend-bridge-fwall | Christian Breunig | |
T4072: firewall extend bridge firewall | |||
2024-08-02 | T6619: Remove the remaining uses of per-protocol FRR configs (#3916) | Roman Khramshin | |