summaryrefslogtreecommitdiff
path: root/src/conf_mode
AgeCommit message (Collapse)Author
2024-07-02T6497: CGNAT refactoring delete conntrack entries (#3699) (#3732)mergify[bot]
(cherry picked from commit 804efa2ef6bfee84d13f633d863f6f22f9eec273) Co-authored-by: Viacheslav Hletenko <v.gletenko@vyos.io>
2024-07-02T6523: Telegraf use nft scripts only if the firewall configuredViacheslav Hletenko
If a firewall is not configured there is no reason to get and execute telegraf firewall custom scripts as there are no nft chain in the firewall nftables configuration (cherry picked from commit ebff0c481907ac0c2c0be9981c3c3d87caf3003b)
2024-06-28T6477: Add telegraf loki output pluginViacheslav Hletenko
Add Loki plugin to telegraf set service monitoring telegraf loki url xxx (cherry picked from commit 3365eb7ab99fa9a259fe440eb51e82fc0a0a4dc6)
2024-06-26Merge pull request #3723 from sever-sever/T751Daniil Baturin
T751: Remove ids suricata
2024-06-25Merge pull request #3707 from vyos/mergify/bp/circinus/pr-3679Christian Breunig
T3202: Enable wireguard debug messages (backport #3679)
2024-06-25Merge pull request #3716 from vyos/mergify/bp/circinus/pr-3694Daniil Baturin
snmp: T6489: use new Python wrapper to interact with config filesystem (backport #3694)
2024-06-24T6489: add abstraction vyos.utils.configfs to work natively with the config ↵Christian Breunig
filesystem (cherry picked from commit d7a18a3da949bfa3df89661cc0871e8f23b18a10)
2024-06-24T6489: add abstraction vyos.utils.auth.get_current_user()Christian Breunig
(cherry picked from commit e1a34e661d3e5f0090550796ac266dac15e1e337)
2024-06-24login: T6489: add smarter way to interact with the working config instead of ↵Christian Breunig
my_set/my_delete (cherry picked from commit da29c9b3ab7b0cc23d64c8b033fc5a79c1b09174)
2024-06-24snmp: T6489: use new Python wrapper to interact with config filesystemChristian Breunig
Do no longer use my_set and my_delete as this prevents scripts beeing run under supervision of vyos-configd. (cherry picked from commit 7e0e8101998a6c8de6cb93c42bfbf1278c13f226)
2024-06-24T3202: add single variable for Kernel dynamic debug settingsChristian Breunig
(cherry picked from commit 9495f904fcc157521ca001ee21cf31be28a6b3a0)
2024-06-24T3202: Enable wireguard debug messagesNataliia Solomko
(cherry picked from commit d818788932e3c57d020cca9236df7275da452fce)
2024-06-22T5949: Add option to disable USB autosuspendkhramshinr
(cherry picked from commit c0b2693cebc3429e1974a9cec5946fa88ffc0205)
2024-06-20openconnect: T6500: add support for multiple ca-certificates (#3691)mergify[bot]
Add possibility to provide a full CA chain to the openconnect server. * Support multiple CA certificates * For every CA certificate specified, always determine the full certificate chain in the background and add the necessary SSL certificates (cherry picked from commit 973f06c00b902c43dfea34bdf01bdec7c599c452) Co-authored-by: Christian Breunig <christian@breunig.cc>
2024-06-19macsec: T5447: fix error message syntax - there is no tx and rx key, only keyChristian Breunig
(cherry picked from commit f29caa824c02c833a3978b9236391e4277c1a6ba)
2024-06-17pki: T6241: remove debug print statement about updated subsystems (#3672)mergify[bot]
Commit 9f9891a2099 ("pki: T6241: Fix dependency updates on PKI changes") added a print() statement which notified the users about the subsystems which got supplied with an updated certificate. Example: > PKI: Updating config: interfaces openvpn vtun0 tls certificate openvpn_vtun0 > PKI: Updating config: interfaces openvpn vtun0 tls ca_certificate openvpn_vtun0_1 This is an informational message which should maybe (if needed) be sent to syslog. But the main issue is that CLI paths are mangled (- to _) which makes the about print output wrong and could potentially confuse users. Statement has been commented to be re-enabled for debugging. (cherry picked from commit a4d49a96918c0f0dac3d17f9cf3a5b8f3a9505c0) Co-authored-by: Christian Breunig <christian@breunig.cc>
2024-06-13Merge pull request #3639 from natali-rs1985/T5487-currentDaniil Baturin
openvpn: T5487: Remove deprecated option --cipher for server and client mode
2024-06-11openvpn: T5487: Remove eprecated option --cipher for server and client modeNataliia Solomko
2024-06-10Merge pull request #3621 from sever-sever/T6442Christian Breunig
T6442: CGNAT add log for address allocation
2024-06-10Merge pull request #3606 from c-po/utils-cpu-T5195Christian Breunig
vyos.utils: T5195: import vyos.cpu to this package
2024-06-10T6442: CGNAT add log for address allocationViacheslav Hletenko
Add the configuration command to log current CGNAT allocation set nat cgnat log-allocation
2024-06-10T6219: align with system sysctl and limit parameters to supportedNicolas Vollmar
2024-06-10T751: Remove ids suricataViacheslav Hletenko
2024-06-10container: T6219: Add support for container sysctl / kernel parametersBen Pilgrim
2024-06-10vyos.utils: T5195: import vyos.cpu to this packageChristian Breunig
The intention of vyos.utils package is to have a common ground for repeating actions/helpers. This is also true for number of CPUs and their respective core count. Move vyos.cpu to vyos.utils.cpu
2024-06-10Merge pull request #3612 from c-po/haproxy-pki-T6463Christian Breunig
pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s)
2024-06-10Merge pull request #3607 from c-po/firewall-unused-importChristian Breunig
firewall: T3900: T6394: remove unused import
2024-06-09pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s)Christian Breunig
The haproxy reverse proxy was not reloaded/restarted with the new SSL certificate(s) after a change in the PKI subsystem. This was due to missing dependencies.
2024-06-09firewall: T3900: T6394: remove unused importChristian Breunig
With commit 770edf016838 ("T3900: T6394: extend functionalities in firewall; move netfilter sysctl timeout parameters defined in conntrack to firewall global-opton section.") the import of the glob module is no longer required. Found my running: make unused-imports
2024-06-07reverse-proxy: T6454: Set default value of http for haproxy modeAlex W
2024-06-06T6412: CGNAT fix allocation calcluation for verify (#3585)Viacheslav Hletenko
Fix external address/port allocation for CGN. It fixes some cases where external address/ports can be allocated again to another user.
2024-06-06Merge pull request #3578 from nicolas-fort/raw-hookDaniil Baturin
T3900: Add support for raw tables in firewall
2024-06-04T3900: T6394: extend functionalities in firewall; move netfilter sysctl ↵Nicolas Fort
timeout parameters defined in conntrack to firewall global-opton section.
2024-06-03Merge pull request #3572 from talmakion/bugfix/T6403Daniil Baturin
nat64: T6403: validate source prefix for RFC compliance
2024-06-03bfd: T6440: BFD peer length typoHannes Tamme
2024-06-03reverse-proxy: T6434: Support additional healthcheck options (#3574)Alex W
2024-06-01nat64: T6403: validate source prefix for RFC complianceAndrew Topp
Simplest fix is to comply with RFC6052. The code change is just masking out the relevant bits and ensuring they're zeroed.
2024-05-31tunnel: T6157: fixing GRE tunnel uniqueness checksAndrew Topp
Unset params would mistakenly match when None and trigger a validation error even when used params were unique. Updated check to ensure unique source-addresses if not None, and that (source-interfaces, source-addresses) are unique together appropriately.
2024-05-31Merge pull request #3557 from haimgel/T6422/allow-multiple-ns-recordsChristian Breunig
dns: T6422: allow multiple redundant NS records
2024-05-31T5307: QoS - traffic-class-map services (#3492)Roman Khramshin
added new syntax to work with class match filters in QoS policy
2024-05-30T6422: Smoke test for NS record configration in authoritative DNS, typo & ↵Haim Gelfenbeyn
style fixes
2024-05-30dns: T6422: allow multiple redundant NS recordsHaim Gelfenbeyn
NS is unlike CNAME or PTR, multiple NS records are perfectly valid and is a common use case: multiple redundant DNS servers is a common configuration and should be supported.
2024-05-30Merge pull request #3546 from c-po/haproxyChristian Breunig
reverse-proxy: T6419: build full CA chain when verifying backend server
2024-05-29container: T6406: fix NameError: name 'vyos' is not definedChristian Breunig
Commit 74910564f ("T6406: rename cpus to cpu") did not import the function from the Python module.
2024-05-29reverse-proxy: T6419: build full CA chain for frontend SSL certificateChristian Breunig
2024-05-29reverse-proxy: T6419: build full CA chain when verifying backend serverChristian Breunig
2024-05-29reverse-proxy: T5231: remove frontend ca-certificate code pathChristian Breunig
The code path to handle the ca certificate used for the frontend service is removed, as there is no way on the XLI to define the CA certificate used for the frontend service.
2024-05-29openvpn: T6374: only check TLS role for s2s if TLS is configuredDaniil Baturin
2024-05-29Merge pull request #3534 from sever-sever/T6411Daniil Baturin
T6411: CGNAT fix sequences for external address ranges
2024-05-28Merge pull request #3528 from dmbaturin/T6374-openvpn-s2s-tls-validationChristian Breunig
openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 04:43:43 +0000