diff --git a/CHANGELOG.md b/CHANGELOG.md index 05502efd..fff13ae4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +## [1.17.0](https://github.com/terraform-routeros/terraform-provider-routeros/compare/v1.16.0...v1.17.0) (2023-09-22) + + +### Features + +* Ip firewall connection tracking ([#260](https://github.com/terraform-routeros/terraform-provider-routeros/issues/260)) ([9d39bf8](https://github.com/terraform-routeros/terraform-provider-routeros/commit/9d39bf82ebbff621888bb6535fe57148488f0215)) + ## [1.16.0](https://github.com/terraform-routeros/terraform-provider-routeros/compare/v1.15.0...v1.16.0) (2023-09-21) diff --git a/docs/resources/interface_bridge.md b/docs/resources/interface_bridge.md index 63e7256d..afe47bd2 100644 --- a/docs/resources/interface_bridge.md +++ b/docs/resources/interface_bridge.md @@ -24,11 +24,11 @@ resource "routeros_interface_bridge" "bridge" { - `admin_mac` (String) Static MAC address of the bridge. This property only has effect when auto-mac is set to no. - `ageing_time` (String) How long a host's information will be kept in the bridge database. - `arp` (String) Address Resolution Protocol mode: - disabled - the interface will not use ARP - enabled - the interface will use ARP - local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface - proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces - reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist. + * disabled - the interface will not use ARP + * enabled - the interface will use ARP + * local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface + * proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces + * reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist. - `arp_timeout` (String) ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in IP/Settings, default is 30s. Can use postfix ms, s, M, h, d for milliseconds, seconds, minutes, hours or days. If no postfix is set then seconds (s) is used. - `auto_mac` (Boolean) Automatically select one MAC address of bridge ports as a bridge MAC address, bridge MAC will be chosen from the first added bridge port. After a device reboot, the bridge MAC can change depending on the port-number. - `comment` (String) diff --git a/docs/resources/interface_ethernet.md b/docs/resources/interface_ethernet.md index 8c23b186..0f7dffd4 100644 --- a/docs/resources/interface_ethernet.md +++ b/docs/resources/interface_ethernet.md @@ -17,11 +17,11 @@ only applies when auto-negotiation is enabled. Advertising higher speeds than the actual interface supported speed will have no effect, multiple options are allowed. - `arp` (String) Address Resolution Protocol mode: - disabled - the interface will not use ARP - enabled - the interface will use ARP - local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface - proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces - reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist. + * disabled - the interface will not use ARP + * enabled - the interface will use ARP + * local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface + * proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces + * reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist. - `arp_timeout` (String) ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in IP/Settings, default is 30s. Can use postfix ms, s, M, h, d for milliseconds, seconds, minutes, hours or days. If no postfix is set then seconds (s) is used. - `auto_negotiation` (Boolean) When enabled, the interface "advertises" its maximum capabilities to achieve the best connection possible. Note1: Auto-negotiation should not be disabled on one end only, otherwise Ethernet Interfaces may not work properly. diff --git a/docs/resources/interface_vlan.md b/docs/resources/interface_vlan.md index 09cce061..5348755c 100644 --- a/docs/resources/interface_vlan.md +++ b/docs/resources/interface_vlan.md @@ -24,11 +24,11 @@ resource "routeros_interface_vlan" "interface_vlan" { ### Optional - `arp` (String) Address Resolution Protocol mode: - disabled - the interface will not use ARP - enabled - the interface will use ARP - local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface - proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces - reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist. + * disabled - the interface will not use ARP + * enabled - the interface will use ARP + * local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface + * proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces + * reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist. - `arp_timeout` (String) ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in IP/Settings, default is 30s. Can use postfix ms, s, M, h, d for milliseconds, seconds, minutes, hours or days. If no postfix is set then seconds (s) is used. - `comment` (String) - `disabled` (Boolean) diff --git a/docs/resources/interface_vrrp.md b/docs/resources/interface_vrrp.md index 0f462d2f..db75be06 100644 --- a/docs/resources/interface_vrrp.md +++ b/docs/resources/interface_vrrp.md @@ -22,11 +22,11 @@ resource "routeros_interface_vrrp" "interface_vrrp" { ### Optional - `arp` (String) Address Resolution Protocol mode: - disabled - the interface will not use ARP - enabled - the interface will use ARP - local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface - proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces - reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist. + * disabled - the interface will not use ARP + * enabled - the interface will use ARP + * local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface + * proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces + * reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist. - `arp_timeout` (String) ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in IP/Settings, default is 30s. Can use postfix ms, s, M, h, d for milliseconds, seconds, minutes, hours or days. If no postfix is set then seconds (s) is used. - `authentication` (String) Authentication method to use for VRRP advertisement packets. - `comment` (String) diff --git a/docs/resources/ip_firewall_connection_tracking.md b/docs/resources/ip_firewall_connection_tracking.md new file mode 100644 index 00000000..cadc8834 --- /dev/null +++ b/docs/resources/ip_firewall_connection_tracking.md @@ -0,0 +1,58 @@ +# routeros_ip_firewall_connection_tracking (Resource) + + +## Example Usage +```terraform +resource "routeros_ip_firewall_connection_tracking" "data" { + enabled = "yes" + generic_timeout = "3m" + icmp_timeout = "3m" + loose_tcp_tracking = "false" + tcp_close_timeout = "3m" + tcp_close_wait_timeout = "3m" + tcp_established_timeout = "3m" + tcp_fin_wait_timeout = "3m" + tcp_last_ack_timeout = "3m" + tcp_max_retrans_timeout = "3m" + tcp_syn_received_timeout = "3m" + tcp_syn_sent_timeout = "3m" + tcp_time_wait_timeout = "3m" + tcp_unacked_timeout = "3m" + udp_stream_timeout = "3m" + udp_timeout = "3m" +} +``` + + +## Schema + +### Optional + +- `enabled` (String) Allows to disable or enable connection tracking. Disabling connection tracking will cause several firewall features to stop working. + See the list of affected features. Starting from v6.0rc2 default value is auto. This means that connection tracing is disabled until at least one firewall rule is added. +- `generic_timeout` (String) Timeout for all other connection entries +- `icmp_timeout` (String) ICMP connection timeout +- `loose_tcp_tracking` (String) Disable picking up already established connections +- `tcp_close_timeout` (String) No documentation +- `tcp_close_wait_timeout` (String) No documentation +- `tcp_established_timeout` (String) Time when established TCP connection times out. +- `tcp_fin_wait_timeout` (String) No documentation +- `tcp_last_ack_timeout` (String) No documentation +- `tcp_max_retrans_timeout` (String) No documentation +- `tcp_syn_received_timeout` (String) TCP SYN timeout. +- `tcp_syn_sent_timeout` (String) TCP SYN timeout. +- `tcp_time_wait_timeout` (String) No documentation +- `tcp_unacked_timeout` (String) No documentation +- `udp_stream_timeout` (String) Specifies the timeout of UDP connections that has seen packets in both directions +- `udp_timeout` (String) Specifies the timeout for UDP connections that have seen packets in one direction + +### Read-Only + +- `active_ipv4` (Boolean) documentation is missing +- `active_ipv6` (Boolean) documentation is missing +- `id` (String) The ID of this resource. +- `max_entries` (String) Max amount of entries that the connection tracking table can hold. This value depends on the installed amount of RAM. + Note that the system does not create a maximum_size connection tracking table when it starts, it may increase if the situation demands it and the system still has free ram, but size will not exceed 1048576 +- `total_entries` (Number) Amount of connections that currently connection table holds. + + diff --git a/package.json b/package.json index 6a91c04a..eb1046a8 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "terraform-provider-routeros", - "version": "1.16.0", + "version": "1.17.0", "repository": { "type": "git", "url": "https://github.com/terraform-routeros/terraform-provider-routeros"