vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-12-16 02:22:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Modified old option from 'enable-default-log' to new one 'default-log'

Browse Source
This commit is contained in:
srividya0208 2024-05-06 13:49:48 -04:00
parent 377ab20c2e
commit 0e98fdb641
5 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/configexamples/zone-policy.rst
View File

@ -145,7 +145,7 @@ To add logging to the default rule, do:
.. code-block:: none .. code-block:: none
set firewall name <ruleSet> enable-default-log set firewall name <ruleSet> default-log
By default, iptables does not allow traffic for established sessions to By default, iptables does not allow traffic for established sessions to
@ -251,7 +251,7 @@ Since we have 4 zones, we need to setup the following rulesets.
Dmz-local Dmz-local
Even if the two zones will never communicate, it is a good idea to Even if the two zones will never communicate, it is a good idea to
create the zone-pair-direction rulesets and set enable-default-log. This create the zone-pair-direction rulesets and set default-log. This
will allow you to log attempts to access the networks. Without it, you will allow you to log attempts to access the networks. Without it, you
will never see the connection attempts. will never see the connection attempts.
@ -261,7 +261,7 @@ This is an example of the three base rules.
name wan-lan { name wan-lan {
default-action drop default-action drop
enable-default-log default-log
rule 1 { rule 1 {
action accept action accept
state { state {
@ -285,7 +285,7 @@ Here is an example of an IPv6 DMZ-WAN ruleset.
ipv6-name dmz-wan-6 { ipv6-name dmz-wan-6 {
default-action drop default-action drop
enable-default-log default-log
rule 1 { rule 1 {
action accept action accept
state { state {

8
docs/configuration/firewall/bridge.rst
View File

@ -157,8 +157,8 @@ log options can be defined.
Enable logging for the matched packet. If this configuration command is not Enable logging for the matched packet. If this configuration command is not
present, then log is not enabled. present, then log is not enabled.
.. cfgcmd:: set firewall bridge forward filter enable-default-log .. cfgcmd:: set firewall bridge forward filter default-log
.. cfgcmd:: set firewall bridge name <name> enable-default-log .. cfgcmd:: set firewall bridge name <name> default-log
Use this command to enable the logging of the default action on Use this command to enable the logging of the default action on
the specified chain. the specified chain.
@ -325,7 +325,7 @@ Configuration example:
.. code-block:: none .. code-block:: none
set firewall bridge forward filter default-action 'drop' set firewall bridge forward filter default-action 'drop'
set firewall bridge forward filter enable-default-log set firewall bridge forward filter default-log
set firewall bridge forward filter rule 10 action 'continue' set firewall bridge forward filter rule 10 action 'continue'
set firewall bridge forward filter rule 10 inbound-interface name 'eth2' set firewall bridge forward filter rule 10 inbound-interface name 'eth2'
set firewall bridge forward filter rule 10 vlan id '22' set firewall bridge forward filter rule 10 vlan id '22'
@ -341,7 +341,7 @@ Configuration example:
set firewall bridge forward filter rule 40 destination mac-address '66:55:44:33:22:11' set firewall bridge forward filter rule 40 destination mac-address '66:55:44:33:22:11'
set firewall bridge forward filter rule 40 source mac-address '11:22:33:44:55:66' set firewall bridge forward filter rule 40 source mac-address '11:22:33:44:55:66'
set firewall bridge name TEST default-action 'accept' set firewall bridge name TEST default-action 'accept'
set firewall bridge name TEST enable-default-log set firewall bridge name TEST default-log
set firewall bridge name TEST rule 10 action 'continue' set firewall bridge name TEST rule 10 action 'continue'
set firewall bridge name TEST rule 10 log set firewall bridge name TEST rule 10 log
set firewall bridge name TEST rule 10 vlan priority '0' set firewall bridge name TEST rule 10 vlan priority '0'

8
docs/configuration/firewall/ipv4.rst
View File

@ -206,10 +206,10 @@ log options can be defined.
Enable logging for the matched packet. If this configuration command is not Enable logging for the matched packet. If this configuration command is not
present, then log is not enabled. present, then log is not enabled.
.. cfgcmd:: set firewall ipv4 forward filter enable-default-log .. cfgcmd:: set firewall ipv4 forward filter default-log
.. cfgcmd:: set firewall ipv4 input filter enable-default-log .. cfgcmd:: set firewall ipv4 input filter default-log
.. cfgcmd:: set firewall ipv4 output filter enable-default-log .. cfgcmd:: set firewall ipv4 output filter default-log
.. cfgcmd:: set firewall ipv4 name <name> enable-default-log .. cfgcmd:: set firewall ipv4 name <name> default-log
Use this command to enable the logging of the default action on Use this command to enable the logging of the default action on
the specified chain. the specified chain.

10
docs/configuration/firewall/ipv6.rst
View File

@ -206,10 +206,10 @@ log options can be defined.
Enable logging for the matched packet. If this configuration command is not Enable logging for the matched packet. If this configuration command is not
present, then log is not enabled. present, then log is not enabled.
.. cfgcmd:: set firewall ipv6 forward filter enable-default-log .. cfgcmd:: set firewall ipv6 forward filter default-log
.. cfgcmd:: set firewall ipv6 input filter enable-default-log .. cfgcmd:: set firewall ipv6 input filter default-log
.. cfgcmd:: set firewall ipv6 output filter enable-default-log .. cfgcmd:: set firewall ipv6 output filter default-log
.. cfgcmd:: set firewall ipv6 name <name> enable-default-log .. cfgcmd:: set firewall ipv6 name <name> default-log
Use this command to enable the logging of the default action on Use this command to enable the logging of the default action on
the specified chain. the specified chain.
@ -1177,7 +1177,7 @@ Example Partial Config
} }
name INP-ETH1 { name INP-ETH1 {
default-action drop default-action drop
enable-default-log default-log
rule 10 { rule 10 {
action accept action accept
protocol tcp_udp protocol tcp_udp

6
docs/configuration/policy/route.rst
View File

@ -19,8 +19,8 @@ from 1 - 999999, at the first match the action of the rule will be executed.
Provide a rule-set description. Provide a rule-set description.
.. cfgcmd:: set policy route <name> enable-default-log .. cfgcmd:: set policy route <name> default-log
.. cfgcmd:: set policy route6 <name> enable-default-log .. cfgcmd:: set policy route6 <name> default-log
Option to log packets hitting default-action. Option to log packets hitting default-action.
@ -271,4 +271,4 @@ setting a different routing table.
.. cfgcmd:: set policy route <name> rule <n> set tcp-mss <500-1460> .. cfgcmd:: set policy route <name> rule <n> set tcp-mss <500-1460>
.. cfgcmd:: set policy route6 <name> rule <n> set tcp-mss <500-1460> .. cfgcmd:: set policy route6 <name> rule <n> set tcp-mss <500-1460>
Set packet modifications: Explicitly set TCP Maximum segment size value. Set packet modifications: Explicitly set TCP Maximum segment size value.