Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-09-01 | Firewall: T4651: Change proposed cli from ip-length to packet-length | Nicolas Fort | |
2022-08-27 | Firewall: T4651: Add options to match packet size on firewall rules. | Nicolas Fort | |
2022-08-03 | validators: T4586: Add IPv6 exclude validators for address/prefix | Viacheslav Hletenko | |
Add IPV6 exclude validators: - ipv6-address-exclude - ipv6-prefix-exclude Will use in nat66 source/destination | |||
2022-05-05 | policy: T4414: add support for route-map "as-path prepend last-as x" | Christian Poessinger | |
2022-04-30 | firewall: T1230: fix validator for service alias names (e.g. ssmtp) | Christian Poessinger | |
2022-03-12 | Firewall: T4286: Correct ipv6-range validator | Nicolas Fort | |
2022-01-18 | firewall: T3560: Add support for MAC address groups | sarthurdev | |
2022-01-17 | firewall: T2199: Fix `port-range` validator to accept service names | sarthurdev | |
2022-01-17 | firewall: policy: T4178: Migrate and refactor tcp flags | sarthurdev | |
* Add support for ECN and CWR flags | |||
2022-01-14 | firewall: T4178: Use lowercase for TCP flags and add an validator | sarthurdev | |
2022-01-12 | firewall: T4160: Fix support for inverse matches | sarthurdev | |
2022-01-11 | firewall: validators: T4174: Correct upper port range boundary | Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs | |
2022-01-11 | validators: T4144: Add error messages to the majority of IP validators | sarthurdev | |
2022-01-10 | validators: Stricter checking on port-range validator | sarthurdev | |
2022-01-10 | validators: T4148: Add text output when validators fail | sarthurdev | |
2022-01-10 | firewall: validators: T2199: Improve port validation | sarthurdev | |
2022-01-03 | Merge pull request #1124 from sever-sever/T4110 | Christian Poessinger | |
listen-address: T4110: Ability to set IPv6 link-local addresses | |||
2022-01-03 | listen-address: T4110: Ability to set IPv6 link-local addresses | Viacheslav | |
Some services allows to set link-local IPv6 addresses as listen-address. Allow it and add a validator 'ipv6-link-local' and extend listen-address.xml.i to this validator | |||
2021-12-31 | Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into current | Christian Poessinger | |
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python | |||
2021-12-12 | validator: T4036: validate if multicast address is single (no netmask) | Christian Poessinger | |
2021-12-07 | T3006: add a range validator | Daniil Baturin | |
2021-12-06 | firewall: T2199: Migrate firewall to XML/Python | sarthurdev | |
2021-12-06 | validators: T4053: Fix exit code for script | Viacheslav | |
2021-12-06 | validators: T4052: Fix for warn message in the validator script | Viacheslav | |
Validator expects variable "script" for the Warning message But it gets undeclared "path" | |||
2021-12-04 | bgp: T4042: bugfix route-distinguisher value range | Christian Poessinger | |
2021-12-04 | validators: T4042: rename bgp-route-target -> bgp-rd-rt | Christian Poessinger | |
2021-10-12 | validators: T3868: Allow asterisk symbol in bgp-large-community-list | Viacheslav | |
2021-09-18 | validator: T2417: bugfix on Python3 f'ormat strings | Christian Poessinger | |
Commit 3639a5610b590a ("validator: T2417: try to make the code clearer") introduced Python3 f'ormatted strings but missed the "f" keyword. | |||
2021-08-31 | ssh: T3789: add custom validator for base64 encoded CLI data | Christian Poessinger | |
SSH keys used for remote login are supplied as base64 encoded data on the CLI. The key is not validated, thus an invalid copy/pasted key will render the login useless. This commit adds a custom and re-usable validator which check if the data is properly base64 encoded. | |||
2021-08-24 | bgp: T3759: "l2vpn evpn" and ipv4/ipv6 safi route-targets differ | Christian Poessinger | |
The "l2vpn evpn" address-family route-target command only accepts a single route-target value consisting of (A.B.C.D:MN|EF:OPQR|GHJK:MN). The "ipv4-unicast or ipv6-unicast" address-family route-target command for VPNs support multiple, whitespace separated route-target values. This commit adds a new custom validator named "bgp-route-target" with a --single and a --multi option to pass one or more route-target values. | |||
2021-08-24 | policy: T2425: rename validator large-community-list -> bgp-large-community-list | Christian Poessinger | |
... as we will get another bgp route-target validator soon. | |||
2021-08-18 | policy: T2425: import exact Perl match criteria for large-community-list | Christian Poessinger | |
2021-08-17 | policy: T2425: add missing validator for large-community-lists | Christian Poessinger | |
without the validators FRR commit errors would happen. | |||
2021-07-17 | VRF: T3655: proper connection tracking for VRFs | zsdc | |
Currently, all VRFs share the same connection tracking table, which can lead to problems: - traffic leaks to a wrong VRF - improper NAT rules handling when multiple VRFs contain the same IP networks - stateful firewall rules issues The commit implements connection tracking zones support. Each VRF utilizes its own zone, so connections will never mix up. It also adds some restrictions to VRF names and assigned table numbers, because of nftables and conntrack requirements: - VRF name should always start from a letter (interfaces that start from numbers are not supported in nftables rules) - table number must be in the 100-65535 range because conntrack supports only 65535 zones | |||
2021-06-13 | wwan: T3620: rename "wirelessmodem wlm" interfaces to new wwan interface tree | Christian Poessinger | |
2021-05-25 | firewall: T3568: add XML definitions for firewall | Viacheslav Hletenko | |
Add XML for configuration mode firewall. Used for future rewriting it to Python style. | |||
2021-05-20 | sysctl: T3565: initial implementation in XML and Python | Christian Poessinger | |
migrate from old vyatta-cfg-system / Perl implementation. | |||
2021-05-14 | conntrack: T3535: migrate codebase from vyatta-conntrack-sync | Christian Poessinger | |
2021-04-27 | container: T2216: Add binding for ports and volumes | sever-sever | |
2021-03-21 | validate: T3418: interface-name should also allow all local present interfaces | Christian Poessinger | |
The regex only validated interfaces according to the VyOS naming scheme, but third party interfacs that are legit (e.g. exists within the kernel) failed to validate. The validator now also supports any kind of local interfaces attached to the OS kernel. | |||
2021-03-17 | ipv6: eui64: T3413: add custom validator | Christian Poessinger | |
VyOS 1.2 (crux) rejected prefixes other then of site /64. [ interfaces ethernet eth0 ipv6 address eui64 2006:ab00:abe1::2/127 ] Error: Prefix lenght is 127. It must be 64. Same should be done on VyOS 1.3 and newer | |||
2021-02-28 | validators: fqdn: T3370: support "private" or "local" domain names | Christian Poessinger | |
2021-02-24 | validators: interface-name script must also support VLAN interfaces | Christian Poessinger | |
2021-02-18 | validator: T3326: add missing interfaces (e.g. ppp and l2tpv3) | Christian Poessinger | |
2021-02-05 | xml: add new common "interface-name" validator | Christian Poessinger | |
2021-01-22 | dhcpv6: T3240: support per-interface client DUIDs | Brandon Stepler | |
2021-01-16 | bridge: T3137: Improved verification logic | jack9603301 | |
2020-12-20 | Revert "dhcpv6: T3134: add missing duid support" | Christian Poessinger | |
This reverts commit 9541355433e202fade4692851bffa33ba9d48f44. | |||
2020-12-20 | dhcpv6: T3134: add missing duid support | Christian Poessinger | |
2020-11-06 | validator: ipv4-range: T3050: fix wrong exit code when no range was given | Christian Poessinger | |