Age | Commit message (Collapse) | Author |
|
* Migrates all policy route references from `ipv6-route` to `route6`
* Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6`
|
|
|
|
is changed
|
|
file for group definitions.
|
|
In order to have a consistent looking CLI we should rename this CLI node.
There is:
* access-list and access-list6 (policy)
* prefix-list and prefix-list6 (policy)
* route and route6 (static routes)
|
|
The bug was partially fixed with this commit:
https://github.com/vyos/vyos-1x/commit/358f0b481d8620cad4954e3fe418054b9a8c3ecd
The earlier commit introduced a startup retry (up to 10 times) to allow the OS
to settle before the container is started. However, it only applies if
host networking is NOT used. This change applies the same for containers
where host networking is employed.
Since the retry portion of the code (written in the earlier commit) is now
referenced twice, it has been moved to its own function.
|
|
Before installing a new conntrack policy into the OS Kernel, the new policy
should be verified by nftables if it can be loaded at all or if it will fail
to load. There is no need to load a "bad" configuration if we can pre-test it.
|
|
Before installing a new conntrack policy into the OS Kernel, the new policy
should be verified by nftables if it can be loaded at all or if it will fail
to load. There is no need to load a "bad" configuration if we can pre-test it.
|
|
|
|
|
|
|
|
zone-policy chains
* Prevent firewall names from using the reserved VZONE prefix
|
|
zone-policy: T4135: Raise error when using an invalid "from" zone.
|
|
|
|
firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and zone-policy
|
|
zone-policy
|
|
keepalived: T4109: Add high-availability virtual-server
|
|
Add new feature, high-availability virtual-server
Change XML, python and templates
Move vrrp to root node 'high-availability' as all logic are
handler by root node 'high-availability'
|
|
firewall: T4130: Fix firewall state-policy errors
|
|
Also fixes:
* Issue with multiple state-policy rules being created on firewall updates
* Prevents interface rules being inserted before state-policy
|
|
monitoring: T3872: Add a new feature service monitoring
|
|
|
|
|
|
* 'firewall' of https://github.com/sarthurdev/vyos-1x:
zone_policy: T3873: Implement intra-zone-filtering
policy: T2199: Migrate policy route op-mode to XML/Python
policy: T2199: Migrate policy route to XML/Python
zone-policy: T2199: Migrate zone-policy op-mode to XML/Python
zone-policy: T2199: Migrate zone-policy to XML/Python
firewall: T2199: Migrate firewall op-mode to XML/Python
firewall: T2199: Migrate firewall to XML/Python
|
|
|
|
|
|
|
|
The script vrrp.py was moved to high-availability.py
As all logic are handle by root 'high-avalability' node
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The implementation of the "auto" option to specify the sflow/netflow
agent-address is very error prone. The current implementation will determine
the IP address used for the "auto" value as follow:
Get BGP router-id
1) If not found use OSPF router-id
2) If not found use OSPFv3 router-id
3) If not found use "the first IP address found on the system
Well, what is the "first IP address found"? Also this changes if DHCP is in use.
Also another disadvantage is when the BGP/OSPF/OSPFv3 router-id is changed,
the agent-address is not updated upon the next reboot of the system.
This task is about removing the "auto" keyword from the CLI at all and make it
either entirely configurable by the user and hardcode the value in CLI, or not
use this at all.
If "auto" is specified we will query the system in the above order and set the
proper router-id in the CLI. If none can be found the CLI node is removed.
|
|
sFlow uses the source-address CLI node and netflow uses source-ip this is just
confusing and should be synced to the common source-address CLI node.
|
|
|
|
|
|
|
|
|
|
logs: T3774: Added CLI options to control atop logs rotation
|
|
* Added proper handling of default values from CLI.
* Replaced rsyslog restart postrotate action to native `rsyslog-rotate`
script.
* Removed unnecessary checks for `None` instead `dict` - with
default values the situation becomes impossible.
* Fixed default value from 10 to 1 in the rsyslog CLI.
|
|
|
|
Added the ability to control the `/var/log/messages` rotation.
Renamed the option `maxsize` to `max-size`.
|
|
Switched to `vyos.util.dict_search()` to keep the style common with the
rest components.
Removed config file comparison - almost the same result may be reached
by removing a configuration file with each boot, we already have such a
feature in the `vyos-router`.
|
|
|
|
The BGP conditional advertisement feature uses the non-exist-map or the
exist-map and the advertise-map keywords of the neighbor advertise-map command
in order to track routes by the route prefix.
non-exist-map
=============
* If a route prefix is not present in the output of non-exist-map command, then
advertise the route specified by the advertise-map command.
* If a route prefix is present in the output of non-exist-map command, then do
not advertise the route specified by the addvertise-map command.
exist-map
=========
* If a route prefix is present in the output of exist-map command, then
advertise the route specified by the advertise-map command.
* If a route prefix is not present in the output of exist-map command, then do
not advertise the route specified by the advertise-map command.
This feature is useful when some prefixes are advertised to one of its peers
only if the information from the other peer is not present (due to failure in
peering session or partial reachability etc).
The conditional BGP announcements are sent in addition to the normal
announcements that a BGP router sends to its peer.
CLI nodes can be found under:
* set protocols bgp neighbor <ip> address-family <afi> conditional-advertisement
* set protocols bgp peer-group <p> address-family <afi> conditional-advertisement
|
|
expose OS
|