Merge pull request #1154 from blex2/patch-1

Update quick-start.rst
2025-10-26 08:41:46 +01:00 · 2023-11-16 21:56:24 +01:00 · 2023-11-16 21:56:24 +01:00 · 403bca3bad
commit 403bca3bad
parent 1ea74f4d9b 71e2bb0871
1 changed files with 16 additions and 16 deletions
--- a/docs/quick-start.rst
+++ b/docs/quick-start.rst
@ -185,11 +185,11 @@ The chain we will create is called ``CONN_FILTER`` and has three rules:
  set firewall ipv4 name CONN_FILTER default-action 'return'

  set firewall ipv4 name CONN_FILTER rule 10 action 'accept'
-  set firewall ipv4 name CONN_FILTER rule 10 state established 'enable'
-  set firewall ipv4 name CONN_FILTER rule 10 state related 'enable'
+  set firewall ipv4 name CONN_FILTER rule 10 state established 
+  set firewall ipv4 name CONN_FILTER rule 10 state related 

  set firewall ipv4 name CONN_FILTER rule 20 action 'drop'
-  set firewall ipv4 name CONN_FILTER rule 20 state invalid 'enable'
+  set firewall ipv4 name CONN_FILTER rule 20 state invalid 

 Then, we can jump to the common chain from both the ``forward`` and ``input``
 hooks as the first filtering rule in the respective chains:
@ -212,16 +212,16 @@ creating rules on each hook's chain:
 .. code-block:: none

  set firewall ipv4 forward filter rule 5 action 'accept'
-  set firewall ipv4 forward filter rule 5 state established 'enable'
-  set firewall ipv4 forward filter rule 5 state related 'enable'
+  set firewall ipv4 forward filter rule 5 state established 
+  set firewall ipv4 forward filter rule 5 state related 
  set firewall ipv4 forward filter rule 10 action 'drop'
-  set firewall ipv4 forward filter rule 10 state invalid 'enable'
+  set firewall ipv4 forward filter rule 10 state invalid 

  set firewall ipv4 input filter rule 5 action 'accept'
-  set firewall ipv4 input filter rule 5 state established 'enable'
-  set firewall ipv4 input filter rule 5 state related 'enable'
+  set firewall ipv4 input filter rule 5 state established 
+  set firewall ipv4 input filter rule 5 state related 
  set firewall ipv4 input filter rule 10 action 'drop'
-  set firewall ipv4 input filter rule 10 state invalid 'enable'
+  set firewall ipv4 input filter rule 10 state invalid 

 Block Incoming Traffic
 ----------------------
@ -241,7 +241,7 @@ group and is addressed to our local network.

  set firewall ipv4 forward filter rule 100 action jump
  set firewall ipv4 forward filter rule 100 jump-target OUTSIDE-IN
-  set firewall ipv4 forward filter rule 100 inbound-interface interface-group WAN
+  set firewall ipv4 forward filter rule 100 inbound-interface group WAN
  set firewall ipv4 forward filter rule 100 destination group network-group NET-INSIDE-v4

 We should also block all traffic destinated to the router itself that isn't
@ -285,17 +285,17 @@ interface group to 4 per minute:
 .. code-block:: none

  set firewall ipv4 name VyOS_MANAGEMENT rule 15 action 'accept'
-  set firewall ipv4 name VyOS_MANAGEMENT rule 15 inbound-interface interface-group 'LAN'
+  set firewall ipv4 name VyOS_MANAGEMENT rule 15 inbound-interface group 'LAN'

  set firewall ipv4 name VyOS_MANAGEMENT rule 20 action 'drop'
  set firewall ipv4 name VyOS_MANAGEMENT rule 20 recent count 4
  set firewall ipv4 name VyOS_MANAGEMENT rule 20 recent time minute
-  set firewall ipv4 name VyOS_MANAGEMENT rule 20 state new enable
-  set firewall ipv4 name VyOS_MANAGEMENT rule 20 inbound-interface interface-group 'WAN'
+  set firewall ipv4 name VyOS_MANAGEMENT rule 20 state new 
+  set firewall ipv4 name VyOS_MANAGEMENT rule 20 inbound-interface group 'WAN'

  set firewall ipv4 name VyOS_MANAGEMENT rule 21 action 'accept'
-  set firewall ipv4 name VyOS_MANAGEMENT rule 21 state new enable
-  set firewall ipv4 name VyOS_MANAGEMENT rule 21 inbound-interface interface-group 'WAN'
+  set firewall ipv4 name VyOS_MANAGEMENT rule 21 state new 
+  set firewall ipv4 name VyOS_MANAGEMENT rule 21 inbound-interface group 'WAN'

 Allow Access to Services
 ------------------------
@ -309,7 +309,7 @@ all hosts on the ``NET-INSIDE-v4`` network:
  set firewall ipv4 input filter rule 30 action 'accept'
  set firewall ipv4 input filter rule 30 icmp type-name 'echo-request'
  set firewall ipv4 input filter rule 30 protocol 'icmp'
-  set firewall ipv4 input filter rule 30 state new 'enable'
+  set firewall ipv4 input filter rule 30 state new 

  set firewall ipv4 input filter rule 40 action 'accept'
  set firewall ipv4 input filter rule 40 destination port '53'