summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2022-06-25firewall: T4484: Fix op-mode summary for address groups with ranges.sarthurdev
2022-06-25Merge pull request #1360 from sever-sever/T1375Christian Poessinger
op-mode: T1375: Allow to clear dhcp-server lease
2022-06-25Merge pull request #1362 from sarthurdev/T4435Christian Poessinger
firewall: T4435: Verify parent config applied successfully
2022-06-16dhclient: T2393: introduce 20 seconds stop timeout - required for ↵Christian Poessinger
smoketesting on Qemu
2022-06-16op-mode: T1375: Allow to clear dhcp-server leaseViacheslav Hletenko
Allow to reset dhcp-leases per ip Parse file '/config/dhcpd.leases' find match section 'lease x.x.x.x {}' And remove this section clear dhcp-server lease 192.0.2.21
2022-06-15firewall: T4435: Verify parent config applied successfullysarthurdev
2022-06-14firewall: T970: Use set prefix to domain groupssarthurdev
2022-06-14firewall: T4147: Use named sets for firewall groupssarthurdev
* Refactor nftables clean-up code * Adds policy route test for using firewall groups
2022-06-11firewall: T4299: Add support for GeoIP filteringsarthurdev
2022-06-10Merge pull request #1356 from sarthurdev/nested_groupsChristian Poessinger
firewall: T478: Add support for nesting groups
2022-06-10firewall: T478: Add support for nesting groupssarthurdev
2022-06-10Merge pull request #1326 from sever-sever/T4429Christian Poessinger
op-mode: T4429: Ability to detect external IP address
2022-06-10Revert "dmvpn: nhrp: T4434: secret length can not exceed 8 characters"Christian Poessinger
This reverts commit 6f818ee9033ee3abeedbed73eb44331dc27e7408.
2022-06-10firewall: T970: Fix for Regex for domain and check empty groupViacheslav Hletenko
It can be more then 5 symbols in top-level-domain address for example '.photography' and '.accountants' Firewall group can be added without address: * set firewall group domain-group DOMAIN Check if 'address' exists in group_config
2022-06-09sstp: T4444: merge of defaultValue already done in get_accel_dict()Christian Poessinger
2022-06-09Merge branch 'sstp_port' of https://github.com/goodNETnick/vyos-1x into currentChristian Poessinger
* 'sstp_port' of https://github.com/goodNETnick/vyos-1x: sstp: T4444. Port number changing support
2022-06-09Merge pull request #1327 from sever-sever/T970Christian Poessinger
firewall: T970: Add firewall group domain-group
2022-06-08arp: T4397: bugfix on address iteration - ARP is IPv4 onlyChristian Poessinger
2022-06-08Merge pull request #1340 from sever-sever/T3083Christian Poessinger
event-handler: T3083: Add simple event-handler
2022-06-08event-handler: Change tagNode event-handler to nodeViacheslav Hletenko
Before: set service event-handler Foo After: set service event-handler event Foo
2022-06-07event-handler: T3083: Extended event-handler featureszsdc
* Added the ability to filter by a syslog identifier * Added the ability to pass arguments to a script * Added the ability to pass preconfigured environment variables to a script * A message that triggered a script is now passed in the `message` variable and can be used in a script * Replaced `call()` to `run()`, since stdout are not need to be printed
2022-06-07event-handler: T3083: Move system to service event-handlerViacheslav Hletenko
Move 'system event-handler' to 'service event-handler'
2022-06-06event-handler: T3083: Optimized event-handlerzsdc
* Removed dynamic generating for systemd unit * Optimized configuration file deleting process * Added exceptions handlers to event-handler script to protect service from most obvious potential troubles * Improved logging * Moved pattern compilation outside a messages loop to avoid extra operations * Added signal handlers for proper systemd integration
2022-06-06event-handler: T3083: Add simple event-handlerViacheslav Hletenko
Event-handler allows executing a custom script when in logs it detects configured "pattern" A simple implemenation set system event-handler first pattern '.*ssh2.*' set system event-handler first script '/config/scripts/hello.sh'
2022-06-06T4446: use format strings instead of old-fasionhed format methodDaniil Baturin
2022-06-05firewall: T970: Maintain a domain state to fallback if resolution failssarthurdev
2022-06-02T4446: use a unified neighbor display scriptDaniil Baturin
2022-06-02sla: T4222: Add OWAMP and TWAMP for service slaViacheslav Hletenko
OWAMP is a command line client application and a policy daemon used to determine one way latencies between hosts. OWAMP session control uses traditional client-server communication between a control-client and a server, TWAMP (two-way active measurement protocol) Add configuration and operation modes set service sla owamp-server set service sla twamp-server run force owping 192.0.2.120 run force twping 192.0.2.190
2022-05-31Merge pull request #1344 from sarthurdev/pki_updateChristian Poessinger
pki: T3642: Update conf scripts using changed PKI objects
2022-05-31pki: T3642: Update conf scripts using changed PKI objectssarthurdev
2022-05-31policy: T3976: fix SyntaxError: invalid non-printable characterChristian Poessinger
2022-05-31IPv6: T3976: add prefix-list and access-list option from ipv6 route-mapfett0
2022-05-31pki: T3642: Enable `generate pki openvpn ...` to install into configsarthurdev
2022-05-30pki: T3642: Add ability to import files into PKi configurationsarthurdev
2022-05-29eigrp: T2472: add basic template rendering and FRR communicationChristian Poessinger
2022-05-29rip: T4448: remove default version for RIPChristian Poessinger
Commit f9e38622 ("rip: T4448: add support to set protocol version on an interface level") also added the versionspecified on a per interface level. the RIp version carried a default value of 2 which makes RIPv1 and RIPv2 no longer working which is dthe default for FRR. Remove the default "2" from the RIP version specifier to make this behavior work again.
2022-05-29eigrp: T2472: add initial python helperChristian Poessinger
2022-05-28rip: T4448: add support to set protocol version on an interface levelChristian Poessinger
2022-05-28xml: rip: T4448: rename include files to match schemaChristian Poessinger
2022-05-28firewall: T970: Add firewall group domain-groupViacheslav Hletenko
Domain group allows to filter addresses by domain main Resolved addresses as elements are stored to named "nft set" that used in the nftables rules Also added a dynamic "resolver" systemd daemon vyos-domain-group-resolve.service which starts python script for the domain-group addresses resolving by timeout 300 sec set firewall group domain-group DOMAINS address 'example.com' set firewall group domain-group DOMAINS address 'example.org' set firewall name FOO rule 10 action 'drop' set firewall name FOO rule 10 source group domain-group 'DOMAINS' set interfaces ethernet eth0 firewall local name 'FOO' nft list table ip filter table ip filter { set DOMAINS { type ipv4_addr flags interval elements = { 192.0.2.1, 192.0.2.85, 203.0.113.55, 203.0.113.58 } } chain NAME_FOO { ip saddr @DOMAINS counter packets 0 bytes 0 drop comment "FOO-10" counter packets 0 bytes 0 return comment "FOO default-action accept" } }
2022-05-26sstp: T4444. Port number changing supportgoodNETnick
2022-05-25Merge pull request #1333 from sever-sever/T4442John Estabrook
http-api: T4442: Add action reset
2022-05-26http-api: T4442: Add action resetViacheslav Hletenko
Add action 'reset' (op-mode) for HTTP-API http://localhost/reset curl --unix-socket /run/api.sock -X POST -Fkey=mykey \ -Fdata='{"op": "reset", "path": ["ip", "bgp", "192.0.2.14"]}' \ http://localhost/reset
2022-05-25configtest: T4382: missing block in migration script vrf/0-to-1John Estabrook
The config vrf-basic reveals a missing block in the migration script vrf/0-to-1, moving 'next-hop-vrf' to 'vrf'. As this only exists in Sagitta, modify script 0-to-1. Also, fix the 'system nt' typo seen in vrf-ospf.
2022-05-25configtest: T4382: fix missing delete of 'ipsec-interfaces' nodeJohn Estabrook
Migration of bgp-azure-ipsec-gateway and bgp_dmvpn_hub reveals that migration script ipsec/5-to-6 leaves the empty node 'ipsec-interfaces' after moving the interface; fix the migration script, as it is not yet in 1.3.
2022-05-25Merge pull request #1319 from goodNETnick/ocserv_sh_otp_keyViacheslav Hletenko
ocserv: T4420: show configured 2FA OTP key
2022-05-25Merge pull request #1088 from zdc/T4020-sagittaDaniil Baturin
FRR: T4020: Added CLI options for FRR daemons
2022-05-21flow-accounting: T4099: "source-address" must exist locallyChristian Poessinger
2022-05-21nhrp: T4353: use ".service" suffix on systemd nameChristian Poessinger
2022-05-21flow-accounting: T4437: also install rule to IPv6 VYOS_CT_PREROUTING_HOOKChristian Poessinger