| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2022-01-21 | policy: T4151: Bugfix policy ipv6-local-route | Henning Surmeier | |
| 2022-01-20 | interface-names: T3871: use tempfile during virtual migration | John Estabrook | |
| Use tempfile to avoid race conditions during virtual migration. | |||
| 2022-01-20 | Merge pull request #1144 from hensur/current-ipv6-local-route | Christian Poessinger | |
| policy: T4151: Add policy ipv6-local-route | |||
| 2022-01-19 | Merge pull request #1177 from sarthurdev/mac_groups | Christian Poessinger | |
| firewall: T3560: Add support for MAC address groups | |||
| 2022-01-18 | firewall: T2199: Raise ConfigError if deleted node is used in zone-policy | sarthurdev | |
| 2022-01-18 | firewall: policy: T1292: Clean up any rules required to delete a chain | sarthurdev | |
| 2022-01-18 | firewall: T3560: Add support for MAC address groups | sarthurdev | |
| 2022-01-17 | bgp: T3741: bugfix migrator - exit() was called without saving | Christian Poessinger | |
| 2022-01-17 | Merge pull request #1174 from sarthurdev/firewall | Christian Poessinger | |
| firewall: T4178: T3873: tcp flags syntax refactor, intra-zone-filtering fix | |||
| 2022-01-17 | firewall: T2199: Fix `port-range` validator to accept service names | sarthurdev | |
| 2022-01-17 | firewall: policy: T4178: Migrate and refactor tcp flags | sarthurdev | |
| * Add support for ECN and CWR flags | |||
| 2022-01-16 | Revert "migrator: interfaces: T4171: bugfix ConfigTreeError" | Christian Poessinger | |
| This reverts commit 29efbf51efea559773f61703f11a77a8aee6de36. | |||
| 2022-01-16 | Revert "migrator: interfaces: T4171: bugfix ConfigTreeError" | Christian Poessinger | |
| This reverts commit 391ce22b76190309f81e048ebffab778b0fdee1d. | |||
| 2022-01-16 | dns-forwarding: T1595: remove unnecessary nesting in migration script 1 -> 2 | Christian Poessinger | |
| 2022-01-16 | bgp: T3741: remove unnecessary exit() in migration script 1 -> 2 | Christian Poessinger | |
| 2022-01-14 | Merge pull request #1164 from sever-sever/T4179 | Christian Poessinger | |
| op-mode: T4179: Add op-mode CLI show virtual-server | |||
| 2022-01-14 | Merge pull request #1167 from sarthurdev/firewall | Christian Poessinger | |
| firewall: T4178: Use lowercase for TCP flags and add an validator | |||
| 2022-01-14 | firewall: T4178: Use lowercase for TCP flags and add an validator | sarthurdev | |
| 2022-01-14 | policy: T4151: Add policy ipv6-local-route | Henning Surmeier | |
| Adds support for `ip -6 rule` policy based routing. Also, extends the existing ipv4 implemenation with a `destination` key, which is translated as `ip rule add to x.x.x.x/x` rules. https://phabricator.vyos.net/T4151 | |||
| 2022-01-13 | op-mode: T4179: Add op-mode CLI show virtual-server | Viacheslav | |
| 2022-01-13 | vrrp: T4182: Check if VRRP configured in op mode | Viacheslav | |
| There is a situation when service keepalived is active but there a no any "vrrp" configuration. In that case "show vrrp" hangs up because it expect data from keepalived daemon which can't get Check if "vrrp" exists in configuration and only then check if pid is active | |||
| 2022-01-13 | strip-private: T4177: Fix for hiding private data token/url/bucket | Viacheslav | |
| Add URL, token and bucket hidind data when is used function "strip-private" | |||
| 2022-01-13 | monitoring: T3872: Add just required interfaces for ethtool | Viacheslav | |
| Telegraf ethtool input filter expected ethX interfaces and not other interfaces like vlans/tunnels/dummy Add "interface_include" option to telegraf template. | |||
| 2022-01-13 | monitoring: T3872: Rewrite input filter custom_script | Viacheslav | |
| Rewrite and improve the custom input filter telegraf script "show_interfaces_input_filter.py" to more readable and clear format Fix bug when it failed with configured tunnel "tunX" interfaces | |||
| 2022-01-12 | firewall: T4160: Fix support for inverse matches | sarthurdev | |
| 2022-01-11 | migrator: interfaces: T4171: bugfix ConfigTreeError | Christian Poessinger | |
| 2022-01-11 | Merge pull request #1160 from bjw-s/T4174 | Christian Poessinger | |
| firewall: validators: T4174: Correct upper port range boundary | |||
| 2022-01-11 | Merge pull request #1159 from sarthurdev/firewall | Christian Poessinger | |
| policy: T2199: Update op-mode syntax to `route6` | |||
| 2022-01-11 | firewall: validators: T4174: Correct upper port range boundary | Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs | |
| 2022-01-11 | policy: T2199: Update op-mode syntax to `route6` | sarthurdev | |
| 2022-01-11 | Merge pull request #1158 from sarthurdev/firewall | Christian Poessinger | |
| firewall: policy: T4131: T4144: T4159: T4164: Fix reported firewall issues, policy-route refactor | |||
| 2022-01-11 | policy: T2199: Refactor policy route script for better error handling | sarthurdev | |
| * Migrates all policy route references from `ipv6-route` to `route6` * Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6` | |||
| 2022-01-11 | migrator: interfaces: T4171: bugfix ConfigTreeError | Christian Poessinger | |
| Migrating 1.2.8 -> 1.4-rolling-202201110811 vyos-router[970]: Waiting for NICs to settle down: settled in 0sec.. vyos-router[1085]: Started watchfrr. vyos-router[970]: Mounting VyOS Config...done. vyos-router[970]: Starting VyOS router: migrate vyos-router[1490]: Traceback (most recent call last): vyos-router[1490]: File "/opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6", line 112, in <module> vyos-router[1490]: for if_type in config.list_nodes(['interfaces']): vyos-router[1490]: File "/usr/lib/python3/dist-packages/vyos/configtree.py", line 236, in list_nodes vyos-router[1490]: raise ConfigTreeError("Path [{}] doesn't exist".format(path_str)) vyos-router[1490]: vyos.configtree.ConfigTreeError: Path [b'interfaces'] doesn't exist vyos-router[1455]: Migration script error: /opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6: Command '['/opt/vyatta/etc/config-migrate/migrate/interfaces/5-to-6', '/opt/vyatta/etc/config/config.boot']' returned non-zero exit status 1.. vyos-router[970]: configure. vyos-config[979]: Configuration success | |||
| 2022-01-11 | firewall: T4159: Add warning when an empty group is applied to a rule | sarthurdev | |
| 2022-01-11 | firewall: policy: T2199: Reload policy route script if `firewall group` node ↵ | sarthurdev | |
| is changed | |||
| 2022-01-11 | firewall: op-mode: T4131: Display `show firewall group` reference and member ↵ | sarthurdev | |
| items sorted and one per line | |||
| 2022-01-11 | validators: T4144: Add error messages to the majority of IP validators | sarthurdev | |
| 2022-01-11 | firewall: policy: T4159: T4164: Fix empty firewall groups, create separate ↵ | sarthurdev | |
| file for group definitions. | |||
| 2022-01-11 | policy: T4170: rename "policy ipv6-route" -> "policy route6" | Christian Poessinger | |
| In order to have a consistent looking CLI we should rename this CLI node. There is: * access-list and access-list6 (policy) * prefix-list and prefix-list6 (policy) * route and route6 (static routes) | |||
| 2022-01-11 | containers: T2216: bugfix host networking on image upgrade | Mathew Inkson | |
| The bug was partially fixed with this commit: https://github.com/vyos/vyos-1x/commit/358f0b481d8620cad4954e3fe418054b9a8c3ecd The earlier commit introduced a startup retry (up to 10 times) to allow the OS to settle before the container is started. However, it only applies if host networking is NOT used. This change applies the same for containers where host networking is employed. Since the retry portion of the code (written in the earlier commit) is now referenced twice, it has been moved to its own function. | |||
| 2022-01-10 | nat: T2199: dry-run newly generated config before install | Christian Poessinger | |
| Before installing a new conntrack policy into the OS Kernel, the new policy should be verified by nftables if it can be loaded at all or if it will fail to load. There is no need to load a "bad" configuration if we can pre-test it. | |||
| 2022-01-10 | conntrack: T3579: dry-run newly generated config before install | Christian Poessinger | |
| Before installing a new conntrack policy into the OS Kernel, the new policy should be verified by nftables if it can be loaded at all or if it will fail to load. There is no need to load a "bad" configuration if we can pre-test it. | |||
| 2022-01-10 | conntrack: T3579: prepare for "conntrack timeout custom rule" CLI commands | Christian Poessinger | |
| 2022-01-10 | Merge pull request #1152 from sarthurdev/firewall_validators | Christian Poessinger | |
| firewall: validators: T4148: Improve validators and firewall validator usage | |||
| 2022-01-10 | conntrack: T3579: migrate "conntrack ignore" tree to vyos-1x and nftables | Christian Poessinger | |
| 2022-01-10 | validators: Stricter checking on port-range validator | sarthurdev | |
| 2022-01-10 | validators: T4148: Add text output when validators fail | sarthurdev | |
| 2022-01-10 | firewall: validators: T2199: Improve port validation | sarthurdev | |
| 2022-01-10 | firewall: 4149: Fix verify steps being bypassed when base node is removed | sarthurdev | |
| 2022-01-05 | firewall: zone-policy: T4133: Prevent firewall from trying to clean-up ↵ | sarthurdev | |
| zone-policy chains * Prevent firewall names from using the reserved VZONE prefix | |||
 |
index : vyos-1x.git | |
| VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) |
| summaryrefslogtreecommitdiff |