Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-11-03 | nat: T1877: T970: Add firewall groups to NAT | sarthurdev | |
2022-11-03 | firewall: T970: Refactor domain resolver, add firewall source/destination ↵ | sarthurdev | |
`fqdn` node | |||
2022-10-28 | T4291: consolidate component version string read/write functions | John Estabrook | |
2022-06-14 | firewall: T970: Use set prefix to domain groups | sarthurdev | |
2022-06-11 | firewall: T4299: Add support for GeoIP filtering | sarthurdev | |
2022-06-05 | firewall: T970: Maintain a domain state to fallback if resolution fails | sarthurdev | |
2022-05-28 | firewall: T970: Add firewall group domain-group | Viacheslav Hletenko | |
Domain group allows to filter addresses by domain main Resolved addresses as elements are stored to named "nft set" that used in the nftables rules Also added a dynamic "resolver" systemd daemon vyos-domain-group-resolve.service which starts python script for the domain-group addresses resolving by timeout 300 sec set firewall group domain-group DOMAINS address 'example.com' set firewall group domain-group DOMAINS address 'example.org' set firewall name FOO rule 10 action 'drop' set firewall name FOO rule 10 source group domain-group 'DOMAINS' set interfaces ethernet eth0 firewall local name 'FOO' nft list table ip filter table ip filter { set DOMAINS { type ipv4_addr flags interval elements = { 192.0.2.1, 192.0.2.85, 203.0.113.55, 203.0.113.58 } } chain NAME_FOO { ip saddr @DOMAINS counter packets 0 bytes 0 drop comment "FOO-10" counter packets 0 bytes 0 return comment "FOO default-action accept" } } | |||
2022-03-10 | Revert "component_version: T4291: consolidate read/write functions" | John Estabrook | |
This reverts commit 534f677d36285863decb2cdff179687b4fd690cb. Revert while investigating failure in vyos-configtest. | |||
2022-03-10 | Revert "save-config: T4292: rewrite vyatta-save-config.pl to Python" | John Estabrook | |
This reverts commit c4d389488970c8510200cac96a67182e9333b891. Revert while investigating failure in vyos-configtest. | |||
2022-03-10 | Revert "load-config: T4295: use config_tree instead of legacy loadFile" | John Estabrook | |
This reverts commit 2a4b45ba7fa4dabf7e592f499cfb06a7ae38cdea. Revert while investigating failure in vyos-configtest. | |||
2022-03-09 | load-config: T4295: use config_tree instead of legacy loadFile | John Estabrook | |
2022-03-08 | save-config: T4292: rewrite vyatta-save-config.pl to Python | John Estabrook | |
2022-03-08 | component_version: T4291: consolidate read/write functions | John Estabrook | |
2022-03-05 | conntrackd: T4259: fix daemon configuration path | Christian Poessinger | |
2022-02-16 | xml: T3474: get component version dictionary from xml cache, not legacy | John Estabrook | |
2022-01-20 | interface-names: T3871: use tempfile during virtual migration | John Estabrook | |
Use tempfile to avoid race conditions during virtual migration. | |||
2022-01-13 | strip-private: T4177: Fix for hiding private data token/url/bucket | Viacheslav | |
Add URL, token and bucket hidind data when is used function "strip-private" | |||
2021-12-08 | vyos.util: T4061: add function to check for completion of boot config | John Estabrook | |
2021-12-04 | wwan: T3795: move implementation to VbashOpRun() | Christian Poessinger | |
After commit ae16a51506c ("configquery: T3402: use vyatta-op-cmd-wrapper to provide environment") we can now call VyOS op-mode commands from arbitrary Python scripts. | |||
2021-11-18 | wwan: T3795: periodically check if WWAN connection needs a reconnect | Christian Poessinger | |
(cherry picked from commit eb6247e4b464c36fa7441627b221d0db39429251) | |||
2021-11-18 | interface-names: T3871: 'migrate' component string syntax as needed | John Estabrook | |
With the rewrite of vyatta_net_name to Python using ConfigTree, one runs into the change in the syntax of the component version string when updating 1.2 --> 1.3/1.4, since the udev rule is run before the migration of the config file; add an explicit 'virtual' migration on configtree error. | |||
2021-11-12 | interface-names: T3871: shift index to accommodate KVM behaviour | John Estabrook | |
(on behalf of Dmitriy Eshenko) | |||
2021-11-09 | interface-names: T3871: Add temporary interface names to properly renaming | DmitriyEshenko | |
2021-10-21 | strip-private: T3926: strip cisco-authentication key | Christian Poessinger | |
2021-09-27 | interface-names: T3869: add vyos_net_name | John Estabrook | |
2021-09-27 | interface-names: T3869: add vyos_interface_rescan | John Estabrook | |
2021-09-17 | T3823: Stop strip-private regexp from swallowing quotes | erkin | |
2021-08-10 | pki: wireguard: T3642: strip private key | Christian Poessinger | |
Extend regex used by the "| strip-private" modifier to remove the WireGuard private key portion from stdout. | |||
2021-07-18 | bridge: remove obsolete helper script | Christian Poessinger | |
2021-05-15 | conntrack: T3535: add keepalived notifications for node transitions | Christian Poessinger | |
2021-04-17 | T3472: Move over commit-confirm-notify.py from vyatta-config-mgmt | erkin | |
2021-03-30 | T3354: Handle user break and prematurely closed stdin | erkin | |
2021-03-22 | util: T3419: Handle IP addresses with netmasks and subnet prefixes in ↵ | erkin | |
strip-private | |||
2021-03-15 | Add shebang line to strip-private | erkin | |
2021-03-15 | T3354: Add strip-private script in Python | erkin | |
2020-10-21 | load-config: T2138: support loading gzipped (local) config files | John Estabrook | |
2020-07-22 | load-config: subclass ConfigSourceSession instead of Config | John Estabrook | |
2020-05-07 | T2431: use native versions of validate-value and numeric validator. | Daniil Baturin | |
2020-04-10 | util: T2253: fix translation to cmd | John Estabrook | |
2020-04-10 | Revert "Revert "util: T2226: rewrite merge config to use cmd"" | John Estabrook | |
This reverts commit 6086b7fa718f502563a17569abc81d4ccb94818c. | |||
2020-04-09 | util: T2226: os.system was wrongly converted to run | Thomas Mangin | |
os.system does print the ouput of the command, run() does not. A new function called call() does the printing and return the error code. | |||
2020-04-08 | Revert "util: T2226: rewrite merge config to use cmd" | John Estabrook | |
This reverts commit 9664e7d685307f5f9736929731e759ff7bad7353. | |||
2020-04-06 | util: T2226: rewrite merge config to use cmd | Thomas Mangin | |
2020-04-06 | util: T2226: rewrite load config to use cmd | Thomas Mangin | |
2020-04-06 | util: T2226: rewrite bridge to use cmd (see comment in code) | Thomas Mangin | |
2020-04-06 | util: T2226: rewrite boot config loader to use cmd | Thomas Mangin | |
2020-04-06 | util: T2226: rewrite config migration to use cmd | Thomas Mangin | |
2020-04-06 | util: T2226: covert most calls from os.system to util | Thomas Mangin | |
As little change a possible but the function call The behaviour should be totally unchanged. | |||
2020-03-30 | config load: T2053: update for version string syntax change | John Estabrook | |
2020-03-30 | config merge: T2052: update for version string syntax change | John Estabrook | |