summaryrefslogtreecommitdiff
path: root/src/conf_mode
AgeCommit message (Collapse)Author
2024-12-02config-mgmt: T6925: return from verify function on config object None (#4213)John Estabrook
2024-11-29Merge pull request #4204 from sarthurdev/T6809Simon
2024-11-28multicast: T6920: static multicast routing throws TypeError (#4210)Nataliia S.
2024-11-26Merge pull request #4196 from natali-rs1985/T6872Christian Breunig
ipoe_server: T6872: Add the ability to configure LUA scripts and username
2024-11-25Merge pull request #4203 from sarthurdev/T6692Simon
dhcp: T6692: Fix range options not present when `exclude` is used
2024-11-22pki: T6809: Support system install of CA certificatessarthurdev
2024-11-21pki: T3642: Minimize `node_changed` codesarthurdev
2024-11-21dhcp: T6692: Fix range options not present when `exclude` is usedsarthurdev
Add smoketest to verify range options are present with `exclude`
2024-11-21ipoe_server: T6872: Add the ability to configure LUA scripts and usernameNataliia Solomko
2024-11-21T6806: Rework QoS Policy for HFSC Shaper (#4181)Roman Khramshin
- Removed default `m1` and `m2` values from interface definitions - Adjusted filter priorities for shapers - Fixed SFQ qdisc and HFSC class creation to fully support `m1`, `d`, and `m2` parameters - Added validation logic similar to VyOS 1.3 to improve error handling and user experience
2024-11-21T6796: QoS: match filter by interface(iif) (#4188)Roman Khramshin
2024-11-19T6490: Allow creation of wireguard interfaces without requiring peers (#4194)sskaje
* T6490: Allow creation of wireguard interfaces without requiring peers
2024-11-18T6884: adds mtu option for container networksNicolas Vollmar
2024-11-15Merge pull request #4191 from HollyGurza/T6801Christian Breunig
T6801: QoS: Policy rate-control is broken by default
2024-11-15T6878: Stop conntrack logging servicekhramshinr
2024-11-14T6801: QoS: Policy rate-control is broken by defaultkhramshinr
- Fixed unhandled exception for policy rate-control without params
2024-11-07T3501: Allow using more than one tuned profileNataliia Solomko
2024-10-17T973: add basic frr_exporter implementation (#4150)Robert Göhler
2024-10-11T6712: Add nonproduction banner (#4149)mergify[bot]
(cherry picked from commit 3abe7c72c95c3d9b825db08b092c555786e9fbcf) Co-authored-by: Viacheslav Hletenko <v.gletenko@vyos.io>
2024-10-09haproxy: T6745: Rename `reverse-proxy` to `haproxy`sarthurdev
2024-10-08Merge pull request #4128 from jestabro/commit-confirm-soft-rollbackJohn Estabrook
config-mgmt: T5976: add option for commit-confirm to use 'soft' rollback
2024-10-07config-mgmt: T5976: move commit-confirm revert action to subnodeJohn Estabrook
2024-10-07Merge pull request #3938 from talmakion/feature/T6430-local-pbrChristian Breunig
pbr: T6430: Local IP rules targeting VRFs by name as well as route table IDs
2024-10-07pbr: T6430: Local IP rules routing into VRFs by nameAndrew Topp
* This is the `policy local-route*` part of T6430, manipulating ip rules, another PR covers firewall-backed `policy route*` for similar functionality * Local PBR (policy local-route*) can only target table IDs up to 200 and the previous PR to extend the range was rejected * PBR with this PR can now also target VRFs directly by name, working around targeting problems for VRF table IDs outside the overlapping 100-200 range * Validation ensures rules can't target both a table ID and a VRF name (internally they are handled the same) * Relocated TestPolicyRoute.verify_rules() into VyOSUnitTestSHIM.TestCase, extended to allow lookups in other address families (IPv6 in the new tests). verify_rules() is used by original pbr and new lpbr smoketests in this PR.
2024-10-07Merge pull request #4118 from c-po/acme-ca-certDaniil Baturin
pki: T6481: auto import ACME certificate chain into CLI
2024-10-06pki: T6481: auto import ACME certificate chain into CLIChristian Breunig
When using an ACME based certificate with VyOS we provide the necessary PEM files opaque in the background when using the internal tools. This however will not properly work with the CA chain portion, as the system is based on the "pki certificate <name> acme" CLI node of a certificate but CA chains reside under "pki ca". This adds support for importing the PEM data of a CA chain issued via ACME into the "pki ca AUTOCHAIN_<name> certificate" subsystem so it can be queried by other daemons. Importing the chain only happens, when the chain was not already added manually by the user. ACME certificate chains that are automatically added to the CLI are all prefixed using AUTOCHAIN_certname so they can be consumed by any daemon. This also adds a safeguard when the intermediate CA changes, the referenced name on the CLI stays consitent for any pending daemon updates.
2024-10-05static: T4283: fix missing f'ormat stringChristian Breunig
This fixes the error message: Can not use both blackhole and reject for prefix "{prefix}"! Added in commit bb78f3a9ad28 ("static: T4283: support "reject" routes - emit an ICMP unreachable when matched")
2024-10-05config-mgmt: T5976: add option for commit-confirm to use 'soft' rollbackJohn Estabrook
Commit-confirm will restore a previous configuration if a confirmation is not received in N minutes. Traditionally, this was restored by a reboot into the last configuration on disk; add a configurable option to reload the last completed commit without a reboot. The default setting is to reboot.
2024-10-05config-mgmt: T5976: normalize formattingJohn Estabrook
2024-10-04Merge pull request #4121 from natali-rs1985/T6101-currentChristian Breunig
ipsec: T6101: Add validation for proposal option used in IKE group
2024-10-04Merge pull request #4048 from rebortg/node_exporterChristian Breunig
T973: add basic node_exporter implementation
2024-10-03T973: remove irrelevant standard valuesrebortg
2024-10-02ipsec: T6101: Add validation for proposal option used in IKE groupNataliia Solomko
2024-09-30Merge pull request #4024 from nicolas-fort/T6687Daniil Baturin
T6687: add fqdn support to nat rules.
2024-09-24syslog: T6719: fix the behavior of "syslog global preserve-fqdn"Nicolas Vollmar
2024-09-24Merge pull request #4086 from natali-rs1985/T6675-currentChristian Breunig
bridge: T6675: VXLAN Interface configuration lost due to improper bridge detachment
2024-09-21T6630: ntp: rename ptp-transport to ptp and use defaultValue for portChristian Breunig
2024-09-21T6630: ntp: add chrony "ntp over ptp" transportLucas Christian
2024-09-20bridge: T6675: VXLAN Interface configuration lost due to improper bridge ↵Nataliia Solomko
detachment
2024-09-19Merge pull request #4061 from c-po/syslog-T5367Daniil Baturin
syslog: T5367: add format option to include timezone in message
2024-09-18T973: add basic node_exporter implementationrebortg
2024-09-16T6687: add fqdn support to nat rules.Nicolas Fort
2024-09-15bond: T6709: add EAPoL supportChristian Breunig
2024-09-14ethernet: T6709: move EAPoL support to common frameworkChristian Breunig
Instead of having EAPoL (Extensible Authentication Protocol over Local Area Network) support only available for ethernet interfaces, move this to common ground at vyos.ifconfig.interface making it available for all sorts of interfaces by simply including the XML portion #include <include/interface/eapol.xml.i>
2024-09-12syslog: T5367: add format option to include timezone in messageChristian Breunig
Add CLI option to include the systems timezone in the syslog message sent to a collector. This can be enabled using: set system syslog host <hostname> format include-timezone
2024-09-12Merge pull request #4047 from natali-rs1985/T6676-currentChristian Breunig
policy: T6676: Invalid route-map caused bgpd to crash
2024-09-12Merge pull request #4046 from nvollmar/T6703Christian Breunig
T6703: Adds option to configure AMD pstate driver
2024-09-12Merge pull request #4021 from natali-rs1985/T6652-currentDaniil Baturin
openfabric: T6652: Add support for OpenFabric protocol
2024-09-12Merge pull request #4032 from dvlogic/Allow_Container_DNS_DisableChristian Breunig
T6701: Added ability to disable the container DNS plugin
2024-09-11policy: T6676: Invalid route-map caused bgpd to crashNataliia Solomko