summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2022-07-01bgp: T4490: use common vyos.base.Warning() wrapperChristian Poessinger
2022-07-01Merge branch 'T4490' of https://github.com/sever-sever/vyos-1x into currentChristian Poessinger
* 'T4490' of https://github.com/sever-sever/vyos-1x: bgp: T4490: Add informational message for peer withour AFI
2022-07-01Merge pull request #1380 from sarthurdev/ovpn-multi-caChristian Poessinger
openvpn: T4485: Accept multiple tls ca-certificate values
2022-06-29router-advert: T4477: support RDNSS lifetime optionChristian Poessinger
set service router-advert interface eth0 name-server-lifetime <value>
2022-06-29openvpn: T4485: Update PKI migrator to handle full CA chain migrationsarthurdev
* Also determines and maps to correct CA for migrated CRL
2022-06-29openvpn: T4485: Accept multiple `tls ca-certificate` valuessarthurdev
2022-06-28Merge pull request #1376 from sever-sever/T4473Christian Poessinger
containers: T4473: Fix create container with not exist network
2022-06-28containers: T4486: Fix path for removing containersViacheslav Hletenko
Fix correct path for removing containers and container networks Reduce timoute from 10 (default) to 3 seconds for stopping containers
2022-06-28containers: T4473: Fix create container with not exist networkViacheslav Hletenko
Fix for setting container without or wrong network decalaration
2022-06-28bgp: T4490: Add informational message for peer withour AFIViacheslav Hletenko
As we don't use addresss-family ipv4-unicast by default we should to send informational message about AFI for peer is required
2022-06-25firewall: T4484: Fix op-mode summary for address groups with ranges.sarthurdev
2022-06-25Merge pull request #1360 from sever-sever/T1375Christian Poessinger
op-mode: T1375: Allow to clear dhcp-server lease
2022-06-25Merge pull request #1362 from sarthurdev/T4435Christian Poessinger
firewall: T4435: Verify parent config applied successfully
2022-06-16dhclient: T2393: introduce 20 seconds stop timeout - required for ↵Christian Poessinger
smoketesting on Qemu
2022-06-16op-mode: T1375: Allow to clear dhcp-server leaseViacheslav Hletenko
Allow to reset dhcp-leases per ip Parse file '/config/dhcpd.leases' find match section 'lease x.x.x.x {}' And remove this section clear dhcp-server lease 192.0.2.21
2022-06-15firewall: T4435: Verify parent config applied successfullysarthurdev
2022-06-14firewall: T970: Use set prefix to domain groupssarthurdev
2022-06-14firewall: T4147: Use named sets for firewall groupssarthurdev
* Refactor nftables clean-up code * Adds policy route test for using firewall groups
2022-06-11firewall: T4299: Add support for GeoIP filteringsarthurdev
2022-06-10Merge pull request #1356 from sarthurdev/nested_groupsChristian Poessinger
firewall: T478: Add support for nesting groups
2022-06-10firewall: T478: Add support for nesting groupssarthurdev
2022-06-10Merge pull request #1326 from sever-sever/T4429Christian Poessinger
op-mode: T4429: Ability to detect external IP address
2022-06-10Revert "dmvpn: nhrp: T4434: secret length can not exceed 8 characters"Christian Poessinger
This reverts commit 6f818ee9033ee3abeedbed73eb44331dc27e7408.
2022-06-10firewall: T970: Fix for Regex for domain and check empty groupViacheslav Hletenko
It can be more then 5 symbols in top-level-domain address for example '.photography' and '.accountants' Firewall group can be added without address: * set firewall group domain-group DOMAIN Check if 'address' exists in group_config
2022-06-09sstp: T4444: merge of defaultValue already done in get_accel_dict()Christian Poessinger
2022-06-09Merge branch 'sstp_port' of https://github.com/goodNETnick/vyos-1x into currentChristian Poessinger
* 'sstp_port' of https://github.com/goodNETnick/vyos-1x: sstp: T4444. Port number changing support
2022-06-09Merge pull request #1327 from sever-sever/T970Christian Poessinger
firewall: T970: Add firewall group domain-group
2022-06-08arp: T4397: bugfix on address iteration - ARP is IPv4 onlyChristian Poessinger
2022-06-08Merge pull request #1340 from sever-sever/T3083Christian Poessinger
event-handler: T3083: Add simple event-handler
2022-06-08event-handler: Change tagNode event-handler to nodeViacheslav Hletenko
Before: set service event-handler Foo After: set service event-handler event Foo
2022-06-07event-handler: T3083: Extended event-handler featureszsdc
* Added the ability to filter by a syslog identifier * Added the ability to pass arguments to a script * Added the ability to pass preconfigured environment variables to a script * A message that triggered a script is now passed in the `message` variable and can be used in a script * Replaced `call()` to `run()`, since stdout are not need to be printed
2022-06-07event-handler: T3083: Move system to service event-handlerViacheslav Hletenko
Move 'system event-handler' to 'service event-handler'
2022-06-06event-handler: T3083: Optimized event-handlerzsdc
* Removed dynamic generating for systemd unit * Optimized configuration file deleting process * Added exceptions handlers to event-handler script to protect service from most obvious potential troubles * Improved logging * Moved pattern compilation outside a messages loop to avoid extra operations * Added signal handlers for proper systemd integration
2022-06-06event-handler: T3083: Add simple event-handlerViacheslav Hletenko
Event-handler allows executing a custom script when in logs it detects configured "pattern" A simple implemenation set system event-handler first pattern '.*ssh2.*' set system event-handler first script '/config/scripts/hello.sh'
2022-06-06T4446: use format strings instead of old-fasionhed format methodDaniil Baturin
2022-06-05firewall: T970: Maintain a domain state to fallback if resolution failssarthurdev
2022-06-02T4446: use a unified neighbor display scriptDaniil Baturin
2022-06-02sla: T4222: Add OWAMP and TWAMP for service slaViacheslav Hletenko
OWAMP is a command line client application and a policy daemon used to determine one way latencies between hosts. OWAMP session control uses traditional client-server communication between a control-client and a server, TWAMP (two-way active measurement protocol) Add configuration and operation modes set service sla owamp-server set service sla twamp-server run force owping 192.0.2.120 run force twping 192.0.2.190
2022-05-31Merge pull request #1344 from sarthurdev/pki_updateChristian Poessinger
pki: T3642: Update conf scripts using changed PKI objects
2022-05-31pki: T3642: Update conf scripts using changed PKI objectssarthurdev
2022-05-31policy: T3976: fix SyntaxError: invalid non-printable characterChristian Poessinger
2022-05-31IPv6: T3976: add prefix-list and access-list option from ipv6 route-mapfett0
2022-05-31pki: T3642: Enable `generate pki openvpn ...` to install into configsarthurdev
2022-05-30pki: T3642: Add ability to import files into PKi configurationsarthurdev
2022-05-29eigrp: T2472: add basic template rendering and FRR communicationChristian Poessinger
2022-05-29rip: T4448: remove default version for RIPChristian Poessinger
Commit f9e38622 ("rip: T4448: add support to set protocol version on an interface level") also added the versionspecified on a per interface level. the RIp version carried a default value of 2 which makes RIPv1 and RIPv2 no longer working which is dthe default for FRR. Remove the default "2" from the RIP version specifier to make this behavior work again.
2022-05-29eigrp: T2472: add initial python helperChristian Poessinger
2022-05-28rip: T4448: add support to set protocol version on an interface levelChristian Poessinger
2022-05-28xml: rip: T4448: rename include files to match schemaChristian Poessinger
2022-05-28firewall: T970: Add firewall group domain-groupViacheslav Hletenko
Domain group allows to filter addresses by domain main Resolved addresses as elements are stored to named "nft set" that used in the nftables rules Also added a dynamic "resolver" systemd daemon vyos-domain-group-resolve.service which starts python script for the domain-group addresses resolving by timeout 300 sec set firewall group domain-group DOMAINS address 'example.com' set firewall group domain-group DOMAINS address 'example.org' set firewall name FOO rule 10 action 'drop' set firewall name FOO rule 10 source group domain-group 'DOMAINS' set interfaces ethernet eth0 firewall local name 'FOO' nft list table ip filter table ip filter { set DOMAINS { type ipv4_addr flags interval elements = { 192.0.2.1, 192.0.2.85, 203.0.113.55, 203.0.113.58 } } chain NAME_FOO { ip saddr @DOMAINS counter packets 0 bytes 0 drop comment "FOO-10" counter packets 0 bytes 0 return comment "FOO default-action accept" } }