summaryrefslogtreecommitdiff
path: root/src/conf_mode
AgeCommit message (Collapse)Author
2022-06-15firewall: T4435: Verify parent config applied successfullysarthurdev
2022-06-14firewall: T970: Use set prefix to domain groupssarthurdev
2022-06-14firewall: T4147: Use named sets for firewall groupssarthurdev
* Refactor nftables clean-up code * Adds policy route test for using firewall groups
2022-06-11firewall: T4299: Add support for GeoIP filteringsarthurdev
2022-06-10Merge pull request #1356 from sarthurdev/nested_groupsChristian Poessinger
firewall: T478: Add support for nesting groups
2022-06-10firewall: T478: Add support for nesting groupssarthurdev
2022-06-10Revert "dmvpn: nhrp: T4434: secret length can not exceed 8 characters"Christian Poessinger
This reverts commit 6f818ee9033ee3abeedbed73eb44331dc27e7408.
2022-06-10firewall: T970: Fix for Regex for domain and check empty groupViacheslav Hletenko
It can be more then 5 symbols in top-level-domain address for example '.photography' and '.accountants' Firewall group can be added without address: * set firewall group domain-group DOMAIN Check if 'address' exists in group_config
2022-06-09sstp: T4444: merge of defaultValue already done in get_accel_dict()Christian Poessinger
2022-06-09Merge branch 'sstp_port' of https://github.com/goodNETnick/vyos-1x into currentChristian Poessinger
* 'sstp_port' of https://github.com/goodNETnick/vyos-1x: sstp: T4444. Port number changing support
2022-06-09Merge pull request #1327 from sever-sever/T970Christian Poessinger
firewall: T970: Add firewall group domain-group
2022-06-08Merge pull request #1340 from sever-sever/T3083Christian Poessinger
event-handler: T3083: Add simple event-handler
2022-06-08event-handler: Change tagNode event-handler to nodeViacheslav Hletenko
Before: set service event-handler Foo After: set service event-handler event Foo
2022-06-07event-handler: T3083: Extended event-handler featureszsdc
* Added the ability to filter by a syslog identifier * Added the ability to pass arguments to a script * Added the ability to pass preconfigured environment variables to a script * A message that triggered a script is now passed in the `message` variable and can be used in a script * Replaced `call()` to `run()`, since stdout are not need to be printed
2022-06-07event-handler: T3083: Move system to service event-handlerViacheslav Hletenko
Move 'system event-handler' to 'service event-handler'
2022-06-06event-handler: T3083: Optimized event-handlerzsdc
* Removed dynamic generating for systemd unit * Optimized configuration file deleting process * Added exceptions handlers to event-handler script to protect service from most obvious potential troubles * Improved logging * Moved pattern compilation outside a messages loop to avoid extra operations * Added signal handlers for proper systemd integration
2022-06-06event-handler: T3083: Add simple event-handlerViacheslav Hletenko
Event-handler allows executing a custom script when in logs it detects configured "pattern" A simple implemenation set system event-handler first pattern '.*ssh2.*' set system event-handler first script '/config/scripts/hello.sh'
2022-06-05firewall: T970: Maintain a domain state to fallback if resolution failssarthurdev
2022-06-02sla: T4222: Add OWAMP and TWAMP for service slaViacheslav Hletenko
OWAMP is a command line client application and a policy daemon used to determine one way latencies between hosts. OWAMP session control uses traditional client-server communication between a control-client and a server, TWAMP (two-way active measurement protocol) Add configuration and operation modes set service sla owamp-server set service sla twamp-server run force owping 192.0.2.120 run force twping 192.0.2.190
2022-05-31pki: T3642: Update conf scripts using changed PKI objectssarthurdev
2022-05-31IPv6: T3976: add prefix-list and access-list option from ipv6 route-mapfett0
2022-05-29eigrp: T2472: add basic template rendering and FRR communicationChristian Poessinger
2022-05-29rip: T4448: remove default version for RIPChristian Poessinger
Commit f9e38622 ("rip: T4448: add support to set protocol version on an interface level") also added the versionspecified on a per interface level. the RIp version carried a default value of 2 which makes RIPv1 and RIPv2 no longer working which is dthe default for FRR. Remove the default "2" from the RIP version specifier to make this behavior work again.
2022-05-29eigrp: T2472: add initial python helperChristian Poessinger
2022-05-28rip: T4448: add support to set protocol version on an interface levelChristian Poessinger
2022-05-28xml: rip: T4448: rename include files to match schemaChristian Poessinger
2022-05-28firewall: T970: Add firewall group domain-groupViacheslav Hletenko
Domain group allows to filter addresses by domain main Resolved addresses as elements are stored to named "nft set" that used in the nftables rules Also added a dynamic "resolver" systemd daemon vyos-domain-group-resolve.service which starts python script for the domain-group addresses resolving by timeout 300 sec set firewall group domain-group DOMAINS address 'example.com' set firewall group domain-group DOMAINS address 'example.org' set firewall name FOO rule 10 action 'drop' set firewall name FOO rule 10 source group domain-group 'DOMAINS' set interfaces ethernet eth0 firewall local name 'FOO' nft list table ip filter table ip filter { set DOMAINS { type ipv4_addr flags interval elements = { 192.0.2.1, 192.0.2.85, 203.0.113.55, 203.0.113.58 } } chain NAME_FOO { ip saddr @DOMAINS counter packets 0 bytes 0 drop comment "FOO-10" counter packets 0 bytes 0 return comment "FOO default-action accept" } }
2022-05-26sstp: T4444. Port number changing supportgoodNETnick
2022-05-25Merge pull request #1088 from zdc/T4020-sagittaDaniil Baturin
FRR: T4020: Added CLI options for FRR daemons
2022-05-21flow-accounting: T4099: "source-address" must exist locallyChristian Poessinger
2022-05-21nhrp: T4353: use ".service" suffix on systemd nameChristian Poessinger
2022-05-21flow-accounting: T4437: also install rule to IPv6 VYOS_CT_PREROUTING_HOOKChristian Poessinger
2022-05-20Merge pull request #1317 from sever-sever/T4418Christian Poessinger
monitoring: T4418: Add output plugin azure-data-explorer
2022-05-20monitoring: T4418: Add output plugin azure-data-explorerViacheslav Hletenko
Add output telegraf Plugin Azure Data Explorer set service monitoring telegraf azure-data-explorer authentication client-id 'x' set service monitoring telegraf azure-data-explorer authentication client-secret 'x' set service monitoring telegraf azure-data-explorer authentication tenant-id 'x' set service monitoring telegraf azure-data-explorer database 'x' set service monitoring telegraf azure-data-explorer group-metrics 'single-table' set service monitoring telegraf azure-data-explorer url 'http://localhost.loc'
2022-05-19dmvpn: nhrp: T4434: secret length can not exceed 8 charactersChristian Poessinger
2022-05-13Merge pull request #1320 from sever-sever/T4408Christian Poessinger
sshguard: T4408: Add service ssh dynamic-protection
2022-05-12sshguard: T4408: Add service ssh dynamic-protectionViacheslav Hletenko
Sshguard protects hosts from brute-force attacks Can inspect logs and block "bad" addresses by threshold Auto-generate rules for nftables When service stopped all generated rules are deleted nft "type filter hook input priority filter - 10" set service ssh dynamic-protection set service ssh dynamic-protection block-time 120 set service ssh dynamic-protection detect-time 1800 set service ssh dynamic-protection threshold 30 set service ssh dynamic-protection whitelist-address 192.0.2.1
2022-05-12conntrack: T3535: use "reload-or-restart" from systemdChristian Poessinger
2022-05-12vrrp: T3944: use "reload-or-restart" over individual code pathsChristian Poessinger
systemd has its internal reload or restart logic - we do not need to programm it on our own.
2022-05-12container: T2216: use warning over exception when container image does not existChristian Poessinger
2022-05-12Revert "NHRP : T4399: fix issues restart nhrp when add or del tunnel"Viacheslav Hletenko
This reverts commit d1455f936ca721633fcc04d5c84169b4ccf2f447. New spokes can't register on hub with 'reload-or-restart' option And requires option 'restart' for opennhrp.service
2022-05-07vrf: T4419: support to disable IP forwarding within a given VRFChristian Poessinger
2022-05-06bgp: T4385: verify() peer-group in interface based neighborsChristian Poessinger
2022-05-05monitoring: T4410: Add telegraf output Plugin http for SplunkViacheslav Hletenko
Ability to send HTTP output to Splunk via telegraf set service monitoring telegraf splunk authentication insecure set service monitoring telegraf splunk authentication token 'xxx' set service monitoring telegraf splunk url 'https://x.x.x.x'
2022-05-03monitoring: T4315: Add telegraf output plugin prometheus-clientViacheslav Hletenko
Add output Plugin "prometheus-client" for telegraf: set service monitoring telegraf prometheus-client
2022-05-01accel-ppp: T4353: fix Jinja2 linting errorsChristian Poessinger
2022-05-01http: api: T4353: fix Jinja2 linting errorsChristian Poessinger
2022-05-01system-logs: T4353: fix Jinja2 linting errorsChristian Poessinger
2022-05-01openconnect: T4353: fix Jinja2 linting errorsChristian Poessinger
2022-05-01syslog: T4353: fix Jinja2 linting errorsChristian Poessinger
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-05 22:26:18 +0000