Age | Commit message (Collapse) | Author |
|
Commit 770edf016838523 ("T3900: T6394: extend functionalities in firewall")
changed the position in the CLI for conntrack timeout. This lead to failing
smoketests because of a regression in the migrator.
|
|
T3900: Add support for raw tables in firewall
|
|
timeout parameters defined in conntrack to firewall global-opton section.
|
|
|
|
|
|
>=5.0
random - In kernel 5.0 and newer this is the same as fully-random. In earlier
kernels the port mapping will be randomized using a seeded MD5 hash mix using
source and destination address and destination port.
https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454
|
|
|
|
pppoe-server: T6234: PPPoE-server pado-delay refactoring
|
|
|
|
|
|
to firewall global-optinos
|
|
T6100: Added NAT migration from IP/Netmask to Network/Netmask
|
|
Added NAT migration from IP/Netmask to Network/Netmask.
In 1.3 allowed using IP/Netmask in Nat rules.
In 1.4 and 1.5 it is prohibited. Allowed Network/Netmask.
|
|
errors when using character <+> in 1.3 in firewall groups and custom firewall chains.
|
|
Commit a5ccc06c0 ("ipoe: T6205: error in migration script logic while renaming
mac-address to mac node") added a conditional path into the config which could
result in the migrated config not beeing written if precondition was not met.
|
|
Containers have the ability to add Linux system capabilities to them, this is
done using the "set container name <name> cap-add" command.
The CLI node sounds off and rather should be "set container name <name>
capability" instead as we use and pass a capability to a container and not
add/invent new ones.
|
|
mac node
The problem was introduced in [1] but the config migrator part unfortunately
was added to the wrong version [2]. As IPoE config version 0 was only active
during the 1.3 development cycle and VyOS 1.3.0 was already released with config
version 1 we can safely drop the migrator 0-to-1 and move the code to 1-to-2 to
properly support upgrades from VyOS 1.3 -> 1.4 or newer.
1: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-08291bf77870abe3af8bbe3e8ce4bbf344fd0498b2c5c75a75aa7235d381c88eL168
2: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-b8bb58b75607d3653e74d82eff02442f9f3ab82698f160ba37858f7cdf6c79ccR44-R46
|
|
|
|
The option "passive-interface default" was set even if it was not present in
the previous version we are migrating from. Fix migration script to handle this
with a conditional path.
|
|
dhcp-server high-availability>.
|
|
This reverts commit 960cace189d7ace2bea0968646b1348b415e0363.
All community rules syntax was changed.
T5357 is invalid bug report.
VyOS cannot use new configuration syntax in the previous versions.
|
|
occurs also if only <policy route> is defined.
|
|
|
|
|
|
|
|
|
|
|
|
dhcpv6-server: T5993: Extend interface migrator to check VLAN/QinQ
|
|
T6029: Rewritten Accel-PPP services to an identical feature set
|
|
Removed dhcp-interface option (l2tp)
Added wins-server (sstp)
Added description (ipoe, pppoe, sstp, pptp)
Added exteded-script (l2tp, sstp, pptp)
Added shaper (ipoe, pptp, sstp, l2tp)
Added limits (ipoe, pptp, sstp, l2tp)
Added snmp ( ipoe, pptp,sstp, l2tp)
Refactoring and reformated code.
|
|
Updates smoketest config to test migrator change
|
|
rpki: T6034: move file based SSH keys for authentication to PKI subsystem
|
|
dhcpv6-server: T5993: Add subnet `interface` node, link subnet to locally connected interfaces
|
|
connected interfaces
Prior dhcpd behaviour implicitly handled requests for locally connected subnets. Kea requires an explicit link between subnets and an interface.
|
|
|
|
|
|
https: T5902: fix migration of virtual-host port
|
|
CLI source node is port and not listen-port.
|
|
T5960: Rewritten authentication node in PPTP to a single view
|
|
Rewritten authentication node in accel-ppp services
to a single view. In particular - PPTP authentication.
|
|
|
|
T5971: Rewritten ppp options in accel-ppp services
|
|
ddclient: T5966: Adjust dynamic dns config address subpath
|
|
T5941: Migration policy delete orphaned interface policy
|
|
T5941: Migration QoS delete orphaned interface traffic-policy
|
|
Denied using command 'route-target vpn export/import'
with 'both' together in bgp configuration.
|
|
|
|
Rewritten 'ppp-options' to the same view in all accel-ppp services.
Adding IPv6 support to PPTP.
|
|
We can get an orphaned interface traffic-policy when the traffic-policy
name is removed from the interface, but the node `trffic-policy`
is still attached to the interface
For exmaple we have orphaned node traffic-policy on an interface:
```
set interfaces bonding bond0 vif 995 traffic-policy
```
This causes of incorrect migration and we do not see VLANs on
the bonding interface after update.
Delete traffic-policy from all interfaces if traffic-policy does not exist
|
|
We can get orphaned interface policy when the policy name was
removed from the interface but the node `policy` still attached
to the interface
For exmaple we have orphaned node policy on interface:
```
set interfaces bonding bond0 vif 995 policy
```
This causes of incorrect migration and we do not see VLANs on
the bonding interface after update.
Delete policy from all interfaces if policy does not exist
|