Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-06-10 | Merge pull request #3612 from c-po/haproxy-pki-T6463 | Christian Breunig | |
pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s) | |||
2024-06-10 | Merge pull request #3607 from c-po/firewall-unused-import | Christian Breunig | |
firewall: T3900: T6394: remove unused import | |||
2024-06-09 | pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s) | Christian Breunig | |
The haproxy reverse proxy was not reloaded/restarted with the new SSL certificate(s) after a change in the PKI subsystem. This was due to missing dependencies. | |||
2024-06-09 | firewall: T3900: T6394: remove unused import | Christian Breunig | |
With commit 770edf016838 ("T3900: T6394: extend functionalities in firewall; move netfilter sysctl timeout parameters defined in conntrack to firewall global-opton section.") the import of the glob module is no longer required. Found my running: make unused-imports | |||
2024-06-07 | reverse-proxy: T6454: Set default value of http for haproxy mode | Alex W | |
2024-06-06 | T6412: CGNAT fix allocation calcluation for verify (#3585) | Viacheslav Hletenko | |
Fix external address/port allocation for CGN. It fixes some cases where external address/ports can be allocated again to another user. | |||
2024-06-06 | Merge pull request #3578 from nicolas-fort/raw-hook | Daniil Baturin | |
T3900: Add support for raw tables in firewall | |||
2024-06-04 | T3900: T6394: extend functionalities in firewall; move netfilter sysctl ↵ | Nicolas Fort | |
timeout parameters defined in conntrack to firewall global-opton section. | |||
2024-06-03 | Merge pull request #3572 from talmakion/bugfix/T6403 | Daniil Baturin | |
nat64: T6403: validate source prefix for RFC compliance | |||
2024-06-03 | bfd: T6440: BFD peer length typo | Hannes Tamme | |
2024-06-03 | reverse-proxy: T6434: Support additional healthcheck options (#3574) | Alex W | |
2024-06-01 | nat64: T6403: validate source prefix for RFC compliance | Andrew Topp | |
Simplest fix is to comply with RFC6052. The code change is just masking out the relevant bits and ensuring they're zeroed. | |||
2024-05-31 | tunnel: T6157: fixing GRE tunnel uniqueness checks | Andrew Topp | |
Unset params would mistakenly match when None and trigger a validation error even when used params were unique. Updated check to ensure unique source-addresses if not None, and that (source-interfaces, source-addresses) are unique together appropriately. | |||
2024-05-31 | Merge pull request #3557 from haimgel/T6422/allow-multiple-ns-records | Christian Breunig | |
dns: T6422: allow multiple redundant NS records | |||
2024-05-31 | T5307: QoS - traffic-class-map services (#3492) | Roman Khramshin | |
added new syntax to work with class match filters in QoS policy | |||
2024-05-30 | T6422: Smoke test for NS record configration in authoritative DNS, typo & ↵ | Haim Gelfenbeyn | |
style fixes | |||
2024-05-30 | dns: T6422: allow multiple redundant NS records | Haim Gelfenbeyn | |
NS is unlike CNAME or PTR, multiple NS records are perfectly valid and is a common use case: multiple redundant DNS servers is a common configuration and should be supported. | |||
2024-05-30 | Merge pull request #3546 from c-po/haproxy | Christian Breunig | |
reverse-proxy: T6419: build full CA chain when verifying backend server | |||
2024-05-29 | container: T6406: fix NameError: name 'vyos' is not defined | Christian Breunig | |
Commit 74910564f ("T6406: rename cpus to cpu") did not import the function from the Python module. | |||
2024-05-29 | reverse-proxy: T6419: build full CA chain for frontend SSL certificate | Christian Breunig | |
2024-05-29 | reverse-proxy: T6419: build full CA chain when verifying backend server | Christian Breunig | |
2024-05-29 | reverse-proxy: T5231: remove frontend ca-certificate code path | Christian Breunig | |
The code path to handle the ca certificate used for the frontend service is removed, as there is no way on the XLI to define the CA certificate used for the frontend service. | |||
2024-05-29 | openvpn: T6374: only check TLS role for s2s if TLS is configured | Daniil Baturin | |
2024-05-29 | Merge pull request #3534 from sever-sever/T6411 | Daniil Baturin | |
T6411: CGNAT fix sequences for external address ranges | |||
2024-05-28 | Merge pull request #3528 from dmbaturin/T6374-openvpn-s2s-tls-validation | Christian Breunig | |
openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS | |||
2024-05-28 | T6411: CGNAT fix sequences for external address ranges | Viacheslav Hletenko | |
Fix the bug where address external alocation was not rely on sequences of the external IP addresses (if set) | |||
2024-05-28 | T6406: rename cpus to cpu | Nicolas Vollmar | |
2024-05-28 | T6406: add container cpu limit option | Nicolas Vollmar | |
2024-05-27 | openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS | Daniil Baturin | |
2024-05-26 | reverse-proxy: T6402: Fix invalid checks in validation script | Alex W | |
2024-05-23 | Merge pull request #3399 from 0xThiebaut/suricata | Christian Breunig | |
suricata: T751: Initial support for suricata | |||
2024-05-23 | suricata: T751: use key_mangling in get_config_dict() | Christian Breunig | |
2024-05-23 | suricata: T751: remove implicit default dictionary | Christian Breunig | |
2024-05-23 | suricata: T751: move CLI from "service ids suricata" -> "service suricata" | Christian Breunig | |
2024-05-23 | Merge pull request #3487 from Embezzle/T6370 | Christian Breunig | |
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses | |||
2024-05-23 | Merge pull request #3505 from c-po/nat66-T6365 | Daniil Baturin | |
nat66: T6365: remove warnings for negated interface selections by name | |||
2024-05-23 | dhcpv6-server: T6381: fix typos in select ConfigError messages in VyOS ↵ | Ginko | |
current (#3508) | |||
2024-05-22 | nat66: T6365: remove warnings for negated interface selections by name | Christian Breunig | |
2024-05-22 | Merge pull request #3482 from alryaz/patch-1 | Christian Breunig | |
nat: T6365: remove warnings for negated interface selections by name | |||
2024-05-22 | nat: T6365: use interface_exists() over netifaces.interfaces() | Christian Breunig | |
2024-05-22 | nat: T6365: use string startswith() over [0] index access | Christian Breunig | |
2024-05-22 | nat: T6365: remove warnings for negated interface selections by name | Ryazanov Alexander Mihailovich | |
2024-05-21 | reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses | Alex W | |
2024-05-18 | T5169: Allow to set CGNAT multiple internal pools | Viacheslav Hletenko | |
Allow to set multiple CGNAT internal pools ``` set nat cgnat pool internal int-01 range '100.64.0.0/28' set nat cgnat pool internal int-01 range '100.64.222.11-100.64.222.14' ``` | |||
2024-05-18 | T6364: CGNAT drop hard limit that allows only one translation rule | Viacheslav Hletenko | |
As PoC for CGNAT had a hard limit of using only one translation rule for one internal pool. Drop this limit and extend the usage number of the rules. ``` set nat cgnat rule 100 source pool 'int-01' set nat cgnat rule 100 translation pool 'ext-01' set nat cgnat rule 120 source pool 'vyos-int-02' set nat cgnat rule 120 translation pool 'vyos-ext-02' ``` | |||
2024-05-17 | Merge pull request #3472 from nvollmar/T6358 | Christian Breunig | |
T6358: Container config option to enable host pid | |||
2024-05-17 | T6358: Add config option for host process namespace | Nicolas Vollmar | |
2024-05-17 | T6358: Remove duplicate host name handling | Nicolas Vollmar | |
2024-05-17 | Merge pull request #3464 from sever-sever/T6351 | Daniil Baturin | |
T6351: CGNAT add verification if the pool exists | |||
2024-05-16 | T6351: CGNAT add verification if the pool exists | Viacheslav Hletenko | |
Add verification if the external/internal pools are exists before we can use them in the source and translation rules |