vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

chore: fix formatting and add linter comments

Browse Source
This commit is contained in:
Nick Anderegg 2023-09-12 21:36:25 -04:00
parent 101c6e1a64
commit 1e8c862c55
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/configuration/firewall/general-legacy.rst
View File

@ -424,11 +424,13 @@ There are a lot of matching criteria against which the package can be tested.
An arbitrary netmask can be applied to mask addresses to only match against
a specific portion. This is particularly useful with IPv6 and a zone-based
firewall as rules will remain valid if the IPv6 prefix changes and the host
portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses
<https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)
portion of systems IPv6 address is static (for example, with SLAAC or
`tokenised IPv6 addresses
<https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_).
This functions for both individual addresses and address groups.
.. stop_vyoslinter
.. code-block:: none
# Match any IPv6 address with the suffix ::0000:0000:0000:beef
@ -442,6 +444,7 @@ There are a lot of matching criteria against which the package can be tested.
set firewall group ipv6-address-group WEBSERVERS address ::2000
set firewall name WAN-LAN-v6 rule 200 source group address-group WEBSERVERS
set firewall name WAN-LAN-v6 rule 200 source address-mask ::ffff:ffff:ffff:ffff
.. start_vyoslinter
.. cfgcmd:: set firewall name <name> rule <1-999999> source fqdn <fqdn>
.. cfgcmd:: set firewall name <name> rule <1-999999> destination fqdn <fqdn>

4
docs/quick-start.rst
View File

@ -124,8 +124,8 @@ Firewall
A new firewall structure—which uses the ``nftables`` backend, rather
than ``iptables``—is available on all installations starting from
VyOS ``1.4-rolling-202308040557``. The firewall supports creation of distinct,
interlinked chains for each
`Netfilter hook <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_
interlinked chains for each `Netfilter hook
<https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_
and allows for more granular control over the packet filtering process.
.. note:: Documentation for most of the new firewall CLI can be found in