summaryrefslogtreecommitdiff
path: root/src/conf_mode
AgeCommit message (Collapse)Author
2024-06-09pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s)Christian Breunig
The haproxy reverse proxy was not reloaded/restarted with the new SSL certificate(s) after a change in the PKI subsystem. This was due to missing dependencies.
2024-06-06T6412: CGNAT fix allocation calcluation for verify (#3585)Viacheslav Hletenko
Fix external address/port allocation for CGN. It fixes some cases where external address/ports can be allocated again to another user.
2024-06-06Merge pull request #3578 from nicolas-fort/raw-hookDaniil Baturin
T3900: Add support for raw tables in firewall
2024-06-04T3900: T6394: extend functionalities in firewall; move netfilter sysctl ↵Nicolas Fort
timeout parameters defined in conntrack to firewall global-opton section.
2024-06-03Merge pull request #3572 from talmakion/bugfix/T6403Daniil Baturin
nat64: T6403: validate source prefix for RFC compliance
2024-06-03bfd: T6440: BFD peer length typoHannes Tamme
2024-06-03reverse-proxy: T6434: Support additional healthcheck options (#3574)Alex W
2024-06-01nat64: T6403: validate source prefix for RFC complianceAndrew Topp
Simplest fix is to comply with RFC6052. The code change is just masking out the relevant bits and ensuring they're zeroed.
2024-05-31tunnel: T6157: fixing GRE tunnel uniqueness checksAndrew Topp
Unset params would mistakenly match when None and trigger a validation error even when used params were unique. Updated check to ensure unique source-addresses if not None, and that (source-interfaces, source-addresses) are unique together appropriately.
2024-05-31Merge pull request #3557 from haimgel/T6422/allow-multiple-ns-recordsChristian Breunig
dns: T6422: allow multiple redundant NS records
2024-05-31T5307: QoS - traffic-class-map services (#3492)Roman Khramshin
added new syntax to work with class match filters in QoS policy
2024-05-30T6422: Smoke test for NS record configration in authoritative DNS, typo & ↵Haim Gelfenbeyn
style fixes
2024-05-30dns: T6422: allow multiple redundant NS recordsHaim Gelfenbeyn
NS is unlike CNAME or PTR, multiple NS records are perfectly valid and is a common use case: multiple redundant DNS servers is a common configuration and should be supported.
2024-05-30Merge pull request #3546 from c-po/haproxyChristian Breunig
reverse-proxy: T6419: build full CA chain when verifying backend server
2024-05-29container: T6406: fix NameError: name 'vyos' is not definedChristian Breunig
Commit 74910564f ("T6406: rename cpus to cpu") did not import the function from the Python module.
2024-05-29reverse-proxy: T6419: build full CA chain for frontend SSL certificateChristian Breunig
2024-05-29reverse-proxy: T6419: build full CA chain when verifying backend serverChristian Breunig
2024-05-29reverse-proxy: T5231: remove frontend ca-certificate code pathChristian Breunig
The code path to handle the ca certificate used for the frontend service is removed, as there is no way on the XLI to define the CA certificate used for the frontend service.
2024-05-29openvpn: T6374: only check TLS role for s2s if TLS is configuredDaniil Baturin
2024-05-29Merge pull request #3534 from sever-sever/T6411Daniil Baturin
T6411: CGNAT fix sequences for external address ranges
2024-05-28Merge pull request #3528 from dmbaturin/T6374-openvpn-s2s-tls-validationChristian Breunig
openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS
2024-05-28T6411: CGNAT fix sequences for external address rangesViacheslav Hletenko
Fix the bug where address external alocation was not rely on sequences of the external IP addresses (if set)
2024-05-28T6406: rename cpus to cpuNicolas Vollmar
2024-05-28T6406: add container cpu limit optionNicolas Vollmar
2024-05-27openvpn: T6374: ensure that TLS role is configured for site-to-site with TLSDaniil Baturin
2024-05-26reverse-proxy: T6402: Fix invalid checks in validation scriptAlex W
2024-05-23Merge pull request #3399 from 0xThiebaut/suricataChristian Breunig
suricata: T751: Initial support for suricata
2024-05-23suricata: T751: use key_mangling in get_config_dict()Christian Breunig
2024-05-23suricata: T751: remove implicit default dictionaryChristian Breunig
2024-05-23suricata: T751: move CLI from "service ids suricata" -> "service suricata"Christian Breunig
2024-05-23Merge pull request #3487 from Embezzle/T6370Christian Breunig
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses
2024-05-23Merge pull request #3505 from c-po/nat66-T6365Daniil Baturin
nat66: T6365: remove warnings for negated interface selections by name
2024-05-23dhcpv6-server: T6381: fix typos in select ConfigError messages in VyOS ↵Ginko
current (#3508)
2024-05-22nat66: T6365: remove warnings for negated interface selections by nameChristian Breunig
2024-05-22Merge pull request #3482 from alryaz/patch-1Christian Breunig
nat: T6365: remove warnings for negated interface selections by name
2024-05-22nat: T6365: use interface_exists() over netifaces.interfaces()Christian Breunig
2024-05-22nat: T6365: use string startswith() over [0] index accessChristian Breunig
2024-05-22nat: T6365: remove warnings for negated interface selections by nameRyazanov Alexander Mihailovich
2024-05-21reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responsesAlex W
2024-05-18T5169: Allow to set CGNAT multiple internal poolsViacheslav Hletenko
Allow to set multiple CGNAT internal pools ``` set nat cgnat pool internal int-01 range '100.64.0.0/28' set nat cgnat pool internal int-01 range '100.64.222.11-100.64.222.14' ```
2024-05-18T6364: CGNAT drop hard limit that allows only one translation ruleViacheslav Hletenko
As PoC for CGNAT had a hard limit of using only one translation rule for one internal pool. Drop this limit and extend the usage number of the rules. ``` set nat cgnat rule 100 source pool 'int-01' set nat cgnat rule 100 translation pool 'ext-01' set nat cgnat rule 120 source pool 'vyos-int-02' set nat cgnat rule 120 translation pool 'vyos-ext-02' ```
2024-05-17Merge pull request #3472 from nvollmar/T6358Christian Breunig
T6358: Container config option to enable host pid
2024-05-17T6358: Add config option for host process namespaceNicolas Vollmar
2024-05-17T6358: Remove duplicate host name handlingNicolas Vollmar
2024-05-17Merge pull request #3464 from sever-sever/T6351Daniil Baturin
T6351: CGNAT add verification if the pool exists
2024-05-16T6351: CGNAT add verification if the pool existsViacheslav Hletenko
Add verification if the external/internal pools are exists before we can use them in the source and translation rules
2024-05-16T6347: CGNAT fix error if pool contain dashes in the nameViacheslav Hletenko
2024-05-15T3900: add support for raw table in firewall.Nicolas Fort
2024-05-14T3420: Remove service upnpViacheslav Hletenko
Remove `service upnp` as it never worked as expected, nft rules do not integrated and custom patches do not seem like a suitable solution for now. Security: UPnP has been historically associated with security risks due to its automatic and potentially unauthenticated nature. UPnP devices might be vulnerable to unauthorized access or exploitation.
2024-05-12Merge pull request #3447 from c-po/evpn-uplink-t6306Daniil Baturin
ethernet: T6306: add support for EVPN MH uplink/core tracking
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-21 08:37:25 +0000