vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-11-04 00:02:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

chore: fix formatting and add linter comments

Browse Source
This commit is contained in:
Nick Anderegg 2023-09-12 21:36:25 -04:00
parent 101c6e1a64
commit 1e8c862c55
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/configuration/firewall/general-legacy.rst
View File

@ -424,11 +424,13 @@ There are a lot of matching criteria against which the package can be tested.
An arbitrary netmask can be applied to mask addresses to only match against An arbitrary netmask can be applied to mask addresses to only match against
a specific portion. This is particularly useful with IPv6 and a zone-based a specific portion. This is particularly useful with IPv6 and a zone-based
firewall as rules will remain valid if the IPv6 prefix changes and the host firewall as rules will remain valid if the IPv6 prefix changes and the host
portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses portion of systems IPv6 address is static (for example, with SLAAC or
<https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_) `tokenised IPv6 addresses
<https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_).
This functions for both individual addresses and address groups. This functions for both individual addresses and address groups.
.. stop_vyoslinter
.. code-block:: none .. code-block:: none
# Match any IPv6 address with the suffix ::0000:0000:0000:beef # Match any IPv6 address with the suffix ::0000:0000:0000:beef
@ -442,6 +444,7 @@ There are a lot of matching criteria against which the package can be tested.
set firewall group ipv6-address-group WEBSERVERS address ::2000 set firewall group ipv6-address-group WEBSERVERS address ::2000
set firewall name WAN-LAN-v6 rule 200 source group address-group WEBSERVERS set firewall name WAN-LAN-v6 rule 200 source group address-group WEBSERVERS
set firewall name WAN-LAN-v6 rule 200 source address-mask ::ffff:ffff:ffff:ffff set firewall name WAN-LAN-v6 rule 200 source address-mask ::ffff:ffff:ffff:ffff
.. start_vyoslinter
.. cfgcmd:: set firewall name <name> rule <1-999999> source fqdn <fqdn> .. cfgcmd:: set firewall name <name> rule <1-999999> source fqdn <fqdn>
.. cfgcmd:: set firewall name <name> rule <1-999999> destination fqdn <fqdn> .. cfgcmd:: set firewall name <name> rule <1-999999> destination fqdn <fqdn>

4
docs/quick-start.rst
View File

@ -124,8 +124,8 @@ Firewall
A new firewall structure—which uses the ``nftables`` backend, rather A new firewall structure—which uses the ``nftables`` backend, rather
than ``iptables``—is available on all installations starting from than ``iptables``—is available on all installations starting from
VyOS ``1.4-rolling-202308040557``. The firewall supports creation of distinct, VyOS ``1.4-rolling-202308040557``. The firewall supports creation of distinct,
interlinked chains for each interlinked chains for each `Netfilter hook
`Netfilter hook <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_ <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_
and allows for more granular control over the packet filtering process. and allows for more granular control over the packet filtering process.
.. note:: Documentation for most of the new firewall CLI can be found in .. note:: Documentation for most of the new firewall CLI can be found in