Merge branch 'master' of github.com:vyos/vyos-documentation

2025-10-26 08:41:46 +01:00 · 2023-09-12 22:16:59 +02:00 · 2023-09-12 22:16:59 +02:00 · 686a2597f4
commit 686a2597f4
parent 975df76734 4533a8f8ff
36 changed files with 26876 additions and 2052 deletions
--- a/.github/workflows/update-translations.yml
+++ b/.github/workflows/update-translations.yml
@ -1,6 +1,9 @@
 name: "translation: generate, upload, download"
 on:
  workflow_dispatch:
  schedule:
  # 06:00 UTC on Monday
    - cron:  '0 6 * * 1'
 jobs:
  main:
--- a/README.md
+++ b/README.md
@ -29,7 +29,8 @@ largest. There are 88 of them, here's the
 ### Sphinx
 Debian requires some extra steps for
-installing `sphinx`, `sphinx-autobuild` and `sphinx-rtd-theme` packages:
+installing `sphinx`, `sphinx-autobuild`, `sphinx-notfound-page`, `sphinx-panels`,
 `sphinx-rtd-theme`, `lxml`, and `myst-parser` packages:
 First ensure that Python 2 & Python 3 are installed and Python 3 is the default:
 ```bash
@ -58,7 +59,7 @@ python --version
 Then run:
 ```bash
-sudo pip install sphinx-rtd-theme
+sudo pip install sphinx-autobuild sphinx-notfound-page sphinx-panels sphinx-rtd-theme lxml myst-parser
 ```
 Do the following to build the HTML and start a web server:
--- a/docs/_include/vyos-1x
+++ b/docs/_include/vyos-1x
@ -1 +0,0 @@
 Subproject commit c8ba6bc59d981309552c90e845c560ec2bd9b21c
--- a/docs/_locale/de/404.pot
+++ b/docs/_locale/de/404.pot
@ -4,7 +4,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "X-Generator: Localazy (https://localazy.com)\n"
-"Project-Id-Version: vyos-documentation\n"
+"Project-Id-Version: VyOS Documentation\n"
 "Language: de\n"
 "Plural-Forms: nplurals=2; plural=(n==1) ? 0 : 1;\n"
@ -14,7 +14,7 @@ msgstr "Seite nicht gefunden"
 #: ../../404.rst:6
 msgid "Sorry, We could not find a page. Try using the search box or go to the release homepage:"
-msgstr "Sorry, We could not find a page. Try using the search box or go to the release homepage:"
+msgstr "Entschuldigung, wir konnten keine Seite finden. Versuchen Sie es mit dem Suchfeld oder gehen Sie auf die Homepage der Veröffentlichung:"
 #: ../../404.rst:9
 msgid "`1.2.x (crux) <https://docs.vyos.io/en/crux/>`_"
@ -26,4 +26,4 @@ msgstr "`1.3.x (equuleus) <https://docs.vyos.io/en/equuleus/>`_"
 #: ../../404.rst:11
 msgid "`rolling release (sagitta) <https://docs.vyos.io/en/latest/>`_"
-msgstr "`rolling release (sagitta) <https://docs.vyos.io/en/latest/>`_"
+msgstr "`Rolling Release (Sagitta) <https://docs.vyos.io/en/latest/>`_"
--- a/docs/_locale/de/LC_MESSAGES/404.mo
+++ b/docs/_locale/de/LC_MESSAGES/404.mo
--- a/docs/_locale/de/LC_MESSAGES/configexamples.mo
+++ b/docs/_locale/de/LC_MESSAGES/configexamples.mo
--- a/docs/_locale/de/LC_MESSAGES/configuration.mo
+++ b/docs/_locale/de/LC_MESSAGES/configuration.mo
--- a/docs/_locale/de/LC_MESSAGES/contributing.mo
+++ b/docs/_locale/de/LC_MESSAGES/contributing.mo
--- a/docs/_locale/de/configexamples.pot
+++ b/docs/_locale/de/configexamples.pot
--- a/docs/_locale/de/configuration.pot
+++ b/docs/_locale/de/configuration.pot
--- a/docs/_locale/de/contributing.pot
+++ b/docs/_locale/de/contributing.pot
--- a/docs/_locale/en/LC_MESSAGES/configexamples.mo
+++ b/docs/_locale/en/LC_MESSAGES/configexamples.mo
--- a/docs/_locale/en/LC_MESSAGES/configuration.mo
+++ b/docs/_locale/en/LC_MESSAGES/configuration.mo
--- a/docs/_locale/en/LC_MESSAGES/introducing.mo
+++ b/docs/_locale/en/LC_MESSAGES/introducing.mo
--- a/docs/changelog/1.3.rst
+++ b/docs/changelog/1.3.rst
@ -8,6 +8,90 @@
   _ext/releasenotes.py
 2023-09-11
 ==========
 * :vytask:`T5557` ``(bug): bgp: Use treat-as-withdraw for tunnel encapsulation attribute CVE-2023-38802``
 * :vytask:`T3424` ``(default): PPPoE IA-PD doesn't work in VRF``
 2023-09-10
 ==========
 * :vytask:`T5555` ``(bug): Fix timezone migrator (system 13-to-14)``
 * :vytask:`T5545` ``(bug): sflow is not working``
 2023-09-08
 ==========
 * :vytask:`T4426` ``(default): Add arpwatch to the image``
 2023-09-05
 ==========
 * :vytask:`T5524` ``(feature): Add config directory to liveCD``
 * :vytask:`T2958` ``(bug): DHCP server doesn't work from a live CD``
 * :vytask:`T5428` ``(bug): dhcp: client renewal fails when running inside VRF``
 2023-09-04
 ==========
 * :vytask:`T5506` ``(bug): Container bridge interfaces do not have a link-local address``
 2023-08-31
 ==========
 * :vytask:`T5190` ``(feature): Cloud-Init cannot fetch Meta-data on machines where the main Ethernet interface is not eth0``
 * :vytask:`T5140` ``(bug): Firewall network-group problems``
 * :vytask:`T4895` ``(bug): Tag nodes are overwritten when configured by Cloud-Init from User-Data``
 * :vytask:`T4874` ``(default): Add Warning message to Equuleus``
 * :vytask:`T4855` ``(bug): Trying to create more than one tunnel of the same type to the same address causes unhandled exception``
 * :vytask:`T4776` ``(bug): NVME storage is not detected properly during installation``
 * :vytask:`T3546` ``(feature): Add pppoe-server CLI custom script feature``
 * :vytask:`T738` ``(feature): Add local-port and resolver port options for powerdns in CLI configuration tree``
 2023-08-30
 ==========
 * :vytask:`T5221` ``(bug): BGP as-override behavior differs from new FRR and other vendors``
 * :vytask:`T4933` ``(default): Malformed lines cause vyos.util.colon_separated_to_dict fail with a nondescript error``
 * :vytask:`T4790` ``(bug): RADIUS login does not work if sum of timeouts more than 50s``
 * :vytask:`T4475` ``(bug): route-map does not support ipv6 peer``
 * :vytask:`T4459` ``(bug): API service with VRF doesn't work in 1.3.1``
 * :vytask:`T4407` ``(bug): Network-config v2 is broken in Cloud-init 22.1 and VyOS 1.3``
 * :vytask:`T4113` ``(bug): Incorrect GRUB configuration parsing``
 * :vytask:`T1764` ``(bug): Use lists instead of whitespace-separated strings in vyos.config``
 * :vytask:`T4121` ``(bug): Nameservers from DHCP client cannot be used in specific cases``
 * :vytask:`T4151` ``(feature): IPV6 local PBR Support``
 * :vytask:`T4306` ``(default): Do not check for ditry repository when building release images``
 2023-08-29
 ==========
 * :vytask:`T3940` ``(bug): DHCP client does not remove IP address when stopped by the 02-vyos-stopdhclient hook``
 * :vytask:`T3713` ``(default): Create a meta-package for user utilities``
 * :vytask:`T3339` ``(bug): Cloud-Init domain search setting not applied``
 * :vytask:`T3144` ``(feature): Support op-mode command to release DHCP leases``
 * :vytask:`T2640` ``(feature): Running VyOS inside Docker containers``
 * :vytask:`T3577` ``(bug): Generating vpn x509 key pair fails with command not found``
 2023-08-28
 ==========
 * :vytask:`T4745` ``(bug): CLI TAB issue with values with '-' at the beginning in conf mode``
 * :vytask:`T2611` ``(bug): Prefix list names are shared between ipv4 and ipv6``
 * :vytask:`T2296` ``(default): Upgrade WALinux to 2.2.41``
 * :vytask:`T2123` ``(default): Configure 3 NTP servers``
 * :vytask:`T469` ``(bug): Problem after commit with errors``
 2023-08-25
 ==========
@ -76,7 +160,6 @@
 2023-07-13
 ==========
 * :vytask:`T2315` ``(feature): Ability to have right address-family for BGP peers.``
 * :vytask:`T3045` ``(bug): Changes to Conntrack-Sync don't apply correctly (Mutlicast->UDP)``
 * :vytask:`T971` ``(bug): authentication public-keys options quoting issue``
--- a/docs/changelog/1.4.rst
+++ b/docs/changelog/1.4.rst
@ -8,6 +8,116 @@
   _ext/releasenotes.py
 2023-09-11
 ==========
 * :vytask:`T3424` ``(default): PPPoE IA-PD doesn't work in VRF``
 * :vytask:`T2773` ``(feature): EIGRP support for VRF``
 2023-09-10
 ==========
 * :vytask:`T5565` ``(bug): Builds as vyos-999-timestamp instead of vyos-1.4-rolling-timestamp``
 * :vytask:`T5555` ``(bug): Fix timezone migrator (system 13-to-14)``
 * :vytask:`T5529` ``(bug): Missing symbolic link in linux-firmware package.``
 2023-09-09
 ==========
 * :vytask:`T5540` ``(bug): vyos-1x: Wrong VHT configuration for WiFi 802.11ac``
 * :vytask:`T5423` ``(bug): ipsec: no output for op-cmd "show vpn ike secrets"``
 * :vytask:`T3700` ``(feature): Support VLAN tunnel mapping of VLAN aware bridges``
 2023-09-08
 ==========
 * :vytask:`T5502` ``(bug): Firewall - wrong parser for inbound and/or outbound interface``
 * :vytask:`T5460` ``(feature): Firewall - remove config-trap``
 * :vytask:`T5450` ``(feature): Firewall interface group - Allow inverted matcher``
 * :vytask:`T4426` ``(default): Add arpwatch to the image``
 * :vytask:`T4356` ``(bug): DHCP v6 client only supports single interface configuration``
 2023-09-07
 ==========
 * :vytask:`T5489` ``(feature): Change to BBR as TCP congestion control, or at least make it an config option``
 * :vytask:`T5510` ``(feature): Shrink imagesize and improve read performance by changing mksquashfs syntax``
 2023-09-06
 ==========
 * :vytask:`T5542` ``(bug): ipoe-server: external-dhcp(dhcp-relay) not woking / not implemented``
 * :vytask:`T5548` ``(bug): HAProxy renders timeouts incorrectly``
 * :vytask:`T5544` ``(feature): Allow CAP_SYS_MODULE to be set on containers``
 2023-09-05
 ==========
 * :vytask:`T5524` ``(feature): Add config directory to liveCD``
 * :vytask:`T5519` ``(bug): Function `call` sometimes hangs``
 * :vytask:`T5508` ``(bug): Configuration Migration Fails to New Netfilter Firewall Syntax``
 * :vytask:`T5495` ``(feature): Enable snmp module also for frr/ldpd``
 * :vytask:`T2958` ``(bug): DHCP server doesn't work from a live CD``
 * :vytask:`T5428` ``(bug): dhcp: client renewal fails when running inside VRF``
 2023-09-04
 ==========
 * :vytask:`T5536` ``(bug): show dhcp client leases caues No module named 'vyos.validate'``
 * :vytask:`T5506` ``(bug): Container bridge interfaces do not have a link-local address``
 2023-09-03
 ==========
 * :vytask:`T5538` ``(bug): Change order within variable lb_config_tmpl to fit order of manpage and fix some typos``
 * :vytask:`T4612` ``(feature): Support arbitrary netmasks in firewall rules``
 2023-08-31
 ==========
 * :vytask:`T5190` ``(feature): Cloud-Init cannot fetch Meta-data on machines where the main Ethernet interface is not eth0``
 * :vytask:`T4895` ``(bug): Tag nodes are overwritten when configured by Cloud-Init from User-Data``
 * :vytask:`T4776` ``(bug): NVME storage is not detected properly during installation``
 * :vytask:`T5531` ``(feature): Containers add label option``
 * :vytask:`T5525` ``(default): Change dev.packages.vyos.net repo to rolling-packages.vyos.net vyos-build:current uses``
 2023-08-30
 ==========
 * :vytask:`T4933` ``(default): Malformed lines cause vyos.util.colon_separated_to_dict fail with a nondescript error``
 * :vytask:`T4790` ``(bug): RADIUS login does not work if sum of timeouts more than 50s``
 * :vytask:`T4113` ``(bug): Incorrect GRUB configuration parsing``
 * :vytask:`T5520` ``(bug): Likely source of corruption on system update exposed by change in coreutils for Bookworm``
 * :vytask:`T4151` ``(feature): IPV6 local PBR Support``
 * :vytask:`T4485` ``(default): OpenVPN: Allow multiple CAs certificates``
 2023-08-29
 ==========
 * :vytask:`T3940` ``(bug): DHCP client does not remove IP address when stopped by the 02-vyos-stopdhclient hook``
 * :vytask:`T3713` ``(default): Create a meta-package for user utilities``
 * :vytask:`T3339` ``(bug): Cloud-Init domain search setting not applied``
 * :vytask:`T3577` ``(bug): Generating vpn x509 key pair fails with command not found``
 2023-08-28
 ==========
 * :vytask:`T4745` ``(bug): CLI TAB issue with values with '-' at the beginning in conf mode``
 * :vytask:`T5472` ``(bug): NAT redirect should not require port``
 2023-08-27
 ==========
--- a/docs/configexamples/autotest/Wireguard/Wireguard.log
+++ b/docs/configexamples/autotest/Wireguard/Wireguard.log
--- a/docs/configexamples/autotest/Wireguard/Wireguard.rst
+++ b/docs/configexamples/autotest/Wireguard/Wireguard.rst
@ -3,8 +3,8 @@ Wireguard
 #########
-| Testdate: 2023-02-24
+| Testdate: 2023-08-31
-| Version: vyos-1.4-rolling-202302150317
+| Version: 1.4-rolling-202308240020
 This simple structure show how to connect two offices. One remote branch and the
@ -45,8 +45,8 @@ After this, the public key can be displayed, to save for later.
 .. code-block:: none
   vyos@central:~$ generate pki wireguard
-   Private key: oLycRx83P2BZ7eMqi4ysay2AETX318JJ9wE9rPIn/VI=
+   Private key: cMNGHtb5dW92ORG3HS8JJlvQF8pmVGt2Ydny8hTBLnY=
-   Public key: iuXAfobnPkFq60hQbBn13OX6xi7VymSzV1up/XmW8WI=
+   Public key: WyfLCTXi31gL+YbYOwoAHCl2RgS+y56cYHEK6pQsTQ8=
 After you have each public key. The wireguard interfaces can be setup.
@ -102,11 +102,11 @@ And ping the Branch PC from your central router to check the response.
   vyos@central:~$ ping 10.0.2.100 count 4
   PING 10.0.2.100 (10.0.2.100) 56(84) bytes of data.
-   64 bytes from 10.0.2.100: icmp_seq=1 ttl=63 time=0.865 ms
+   64 bytes from 10.0.2.100: icmp_seq=1 ttl=63 time=0.641 ms
-   64 bytes from 10.0.2.100: icmp_seq=2 ttl=63 time=0.769 ms
+   64 bytes from 10.0.2.100: icmp_seq=2 ttl=63 time=0.836 ms
-   64 bytes from 10.0.2.100: icmp_seq=3 ttl=63 time=0.705 ms
+   64 bytes from 10.0.2.100: icmp_seq=3 ttl=63 time=0.792 ms
-   64 bytes from 10.0.2.100: icmp_seq=4 ttl=63 time=0.791 ms
+   64 bytes from 10.0.2.100: icmp_seq=4 ttl=63 time=1.09 ms
   --- 10.0.2.100 ping statistics ---
-   4 packets transmitted, 4 received, 0% packet loss, time 3074ms
+   4 packets transmitted, 4 received, 0% packet loss, time 3013ms
-   rtt min/avg/max/mdev = 0.705/0.782/0.865/0.057 ms
+   rtt min/avg/max/mdev = 0.641/0.838/1.086/0.160 ms
--- a/docs/configexamples/autotest/Wireguard/_include/branch.conf
+++ b/docs/configexamples/autotest/Wireguard/_include/branch.conf
@ -1,14 +1,14 @@
 set interface ethernet eth2 address 10.0.2.254/24
 set interface ethernet eth1 address 198.51.100.2/24
-set interfaces wireguard wg01 private-key 'KNJLycAZ5UT7grd7UDB3gfAvPfqnlOW/3cV6I+Vrwls='
+set interfaces wireguard wg01 private-key 'oDZ2S/4S6UEuhOyk0MvNSQTebugihX5RKCrI3exmHV8='
 set interfaces wireguard wg01 address 192.168.0.2/24
 set interfaces wireguard wg01 description 'VPN-to-central'
 set interfaces wireguard wg01 peer central allowed-ips 10.0.1.0/24
 set interfaces wireguard wg01 peer central allowed-ips 192.168.0.0/24
 set interfaces wireguard wg01 peer central address 198.51.100.1
 set interfaces wireguard wg01 peer central port 51820
-set interfaces wireguard wg01 peer central public-key 'iuXAfobnPkFq60hQbBn13OX6xi7VymSzV1up/XmW8WI='
+set interfaces wireguard wg01 peer central public-key 'WyfLCTXi31gL+YbYOwoAHCl2RgS+y56cYHEK6pQsTQ8='
 set interfaces wireguard wg01 port 51820
 set protocols static route 10.0.1.0/24 interface wg01
--- a/docs/configexamples/autotest/Wireguard/_include/central.conf
+++ b/docs/configexamples/autotest/Wireguard/_include/central.conf
@ -1,14 +1,14 @@
 set interface ethernet eth2 address 10.0.1.254/24
 set interface ethernet eth1 address 198.51.100.1/24
-set interfaces wireguard wg01 private-key 'oLycRx83P2BZ7eMqi4ysay2AETX318JJ9wE9rPIn/VI='
+set interfaces wireguard wg01 private-key 'cMNGHtb5dW92ORG3HS8JJlvQF8pmVGt2Ydny8hTBLnY='
 set interfaces wireguard wg01 address 192.168.0.1/24
 set interfaces wireguard wg01 description 'VPN-to-Branch'
 set interfaces wireguard wg01 peer branch allowed-ips 10.0.2.0/24
 set interfaces wireguard wg01 peer branch allowed-ips 192.168.0.0/24
 set interfaces wireguard wg01 peer branch address 198.51.100.2
 set interfaces wireguard wg01 peer branch port 51820
-set interfaces wireguard wg01 peer branch public-key '3a7p6bSMD/x5LvgGGFUT9oqXbsuK9Prp3R0090Fy41E='
+set interfaces wireguard wg01 peer branch public-key '9ySVcjER2cY1tG/L7598zHg8g1xyggjxALqzeCxLgw4='
 set interfaces wireguard wg01 port 51820
 set protocols static route 10.0.2.0/24 interface wg01
--- a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.log
+++ b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.log
--- a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst
+++ b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst
@ -4,8 +4,8 @@
 Tunnelbroker.net (IPv6)
 #######################
-| Testdate: 2023-05-11
+| Testdate: 2023-08-31
-| Version: 1.4-rolling-202305100734
+| Version: 1.4-rolling-202308240020
 This guide walks through the setup of https://www.tunnelbroker.net/ for an
 IPv6 Tunnel.
@ -61,14 +61,14 @@ Now you should be able to ping a public IPv6 Address
   vyos@vyos-wan:~$ ping 2001:470:20::2 count 4
   PING 2001:470:20::2(2001:470:20::2) 56 data bytes
-   64 bytes from 2001:470:20::2: icmp_seq=1 ttl=64 time=30.7 ms
+   64 bytes from 2001:470:20::2: icmp_seq=1 ttl=64 time=39.4 ms
-   64 bytes from 2001:470:20::2: icmp_seq=2 ttl=64 time=30.3 ms
+   64 bytes from 2001:470:20::2: icmp_seq=2 ttl=64 time=29.9 ms
-   64 bytes from 2001:470:20::2: icmp_seq=3 ttl=64 time=29.8 ms
+   64 bytes from 2001:470:20::2: icmp_seq=3 ttl=64 time=30.0 ms
-   64 bytes from 2001:470:20::2: icmp_seq=4 ttl=64 time=153 ms
+   64 bytes from 2001:470:20::2: icmp_seq=4 ttl=64 time=29.9 ms
   --- 2001:470:20::2 ping statistics ---
-   4 packets transmitted, 4 received, 0% packet loss, time 3001ms
+   4 packets transmitted, 4 received, 0% packet loss, time 3005ms
-   rtt min/avg/max/mdev = 29.843/61.032/153.298/53.270 ms
+   rtt min/avg/max/mdev = 29.885/32.293/39.371/4.086 ms
 Assuming the pings are successful, you need to add some DNS servers.
@ -85,14 +85,14 @@ You should now be able to ping something by IPv6 DNS name:
   vyos@vyos-wan:~$ ping tunnelbroker.net count 4
   PING tunnelbroker.net(tunnelbroker.net (2001:470:0:63::2)) 56 data bytes
-   64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=1 ttl=46 time=176 ms
+   64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=1 ttl=46 time=200 ms
-   64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=2 ttl=46 time=179 ms
+   64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=2 ttl=46 time=176 ms
-   64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=3 ttl=46 time=176 ms
+   64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=3 ttl=46 time=244 ms
-   64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=4 ttl=46 time=193 ms
+   64 bytes from tunnelbroker.net (2001:470:0:63::2): icmp_seq=4 ttl=46 time=176 ms
   --- tunnelbroker.net ping statistics ---
-   4 packets transmitted, 4 received, 0% packet loss, time 3004ms
+   4 packets transmitted, 4 received, 0% packet loss, time 3002ms
-   rtt min/avg/max/mdev = 175.558/180.981/193.109/7.153 ms
+   rtt min/avg/max/mdev = 175.737/198.653/243.621/27.714 ms
 *****************
@ -148,14 +148,14 @@ Now the Client is able to ping a public IPv6 address
   vyos@client:~$ ping 2001:470:20::2 count 4
   PING 2001:470:20::2(2001:470:20::2) 56 data bytes
-   64 bytes from 2001:470:20::2: icmp_seq=1 ttl=63 time=30.9 ms
+   64 bytes from 2001:470:20::2: icmp_seq=1 ttl=63 time=30.5 ms
-   64 bytes from 2001:470:20::2: icmp_seq=2 ttl=63 time=30.5 ms
+   64 bytes from 2001:470:20::2: icmp_seq=2 ttl=63 time=29.6 ms
-   64 bytes from 2001:470:20::2: icmp_seq=3 ttl=63 time=30.8 ms
+   64 bytes from 2001:470:20::2: icmp_seq=3 ttl=63 time=29.9 ms
-   64 bytes from 2001:470:20::2: icmp_seq=4 ttl=63 time=94.9 ms
+   64 bytes from 2001:470:20::2: icmp_seq=4 ttl=63 time=29.8 ms
   --- 2001:470:20::2 ping statistics ---
-   4 packets transmitted, 4 received, 0% packet loss, time 3004ms
+   4 packets transmitted, 4 received, 0% packet loss, time 3005ms
-   rtt min/avg/max/mdev = 30.455/46.775/94.917/27.795 ms
+   rtt min/avg/max/mdev = 29.578/29.959/30.490/0.333 ms
 Multiple LAN/DMZ Setup
--- a/docs/configexamples/azure-vpn-bgp.rst
+++ b/docs/configexamples/azure-vpn-bgp.rst
@ -60,7 +60,6 @@ Vyos configuration
 .. code-block:: none
  set vpn ipsec esp-group AZURE compression 'disable'
  set vpn ipsec esp-group AZURE lifetime '3600'
  set vpn ipsec esp-group AZURE mode 'tunnel'
  set vpn ipsec esp-group AZURE pfs 'dh-group2'
@ -70,7 +69,7 @@ Vyos configuration
  set vpn ipsec ike-group AZURE dead-peer-detection action 'restart'
  set vpn ipsec ike-group AZURE dead-peer-detection interval '15'
  set vpn ipsec ike-group AZURE dead-peer-detection timeout '30'
-  set vpn ipsec ike-group AZURE ikev2-reauth 'yes'
+  set vpn ipsec ike-group AZURE ikev2-reauth
  set vpn ipsec ike-group AZURE key-exchange 'ikev2'
  set vpn ipsec ike-group AZURE lifetime '28800'
  set vpn ipsec ike-group AZURE proposal 1 dh-group '2'
@ -94,7 +93,7 @@ Vyos configuration
 .. code-block:: none
-  set firewall options interface vti1 adjust-mss 1350
+  set interfaces vti vti1 ip adjust-mss 1350
 - Configure the VPN tunnel
--- a/docs/configexamples/azure-vpn-dual-bgp.rst
+++ b/docs/configexamples/azure-vpn-dual-bgp.rst
@ -59,7 +59,6 @@ Vyos configuration
 .. code-block:: none
  set vpn ipsec esp-group AZURE compression 'disable'
  set vpn ipsec esp-group AZURE lifetime '3600'
  set vpn ipsec esp-group AZURE mode 'tunnel'
  set vpn ipsec esp-group AZURE pfs 'dh-group2'
@ -69,7 +68,7 @@ Vyos configuration
  set vpn ipsec ike-group AZURE dead-peer-detection action 'restart'
  set vpn ipsec ike-group AZURE dead-peer-detection interval '15'
  set vpn ipsec ike-group AZURE dead-peer-detection timeout '30'
-  set vpn ipsec ike-group AZURE ikev2-reauth 'yes'
+  set vpn ipsec ike-group AZURE ikev2-reauth
  set vpn ipsec ike-group AZURE key-exchange 'ikev2'
  set vpn ipsec ike-group AZURE lifetime '28800'
  set vpn ipsec ike-group AZURE proposal 1 dh-group '2'
@ -96,8 +95,8 @@ Vyos configuration
 .. code-block:: none
-  set firewall options interface vti1 adjust-mss 1350
+  set interfaces vti vti1 ip adjust-mss 1350
-  set firewall options interface vti2 adjust-mss 1350
+  set interfaces vti vti2 ip adjust-mss 1350
 - Configure the VPN tunnels
--- a/docs/configexamples/zone-policy.rst
+++ b/docs/configexamples/zone-policy.rst
@ -5,6 +5,16 @@
 Zone-Policy example
 -------------------
 .. note:: Starting from VyOS 1.4-rolling-202308040557, a new firewall
   structure can be found on all vyos instalations, and zone based firewall is
   no longer supported. Documentation for most of the new firewall CLI can be
   found in the `firewall
   <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_
   chapter. The legacy firewall is still available for versions before
   1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy`
   chapter. The examples in this section use the legacy firewall configuration
   commands, since this feature has been removed in earlier releases.
 .. note:: In :vytask:`T2199` the syntax of the zone configuration was changed.
   The zone configuration moved from ``zone-policy zone <name>`` to ``firewall
   zone <name>``.
--- a/docs/configuration/firewall/general-legacy.rst
+++ b/docs/configuration/firewall/general-legacy.rst
@ -1,6 +1,6 @@
 :lastproofread: 2021-06-29
-.. _firewall:
+.. _firewall-legacy:
 ###############
 Firewall-Legacy
@ -8,7 +8,7 @@ Firewall-Legacy
 .. note:: **Important note:**
   This documentation is valid only for VyOS Sagitta prior to
-   1.4-rolling-YYYYMMDDHHmm
+   1.4-rolling-202308040557
 ********
 Overview
@ -153,7 +153,7 @@ Groups
 ******
 Firewall groups represent collections of IP addresses, networks, ports,
-mac addresses or domains. Once created, a group can be referenced by 
+mac addresses or domains. Once created, a group can be referenced by
 firewall, nat and policy route rules as either a source or destination
 matcher. Members can be added or removed from a group without changes to,
 or the need to reload, individual firewall rules.
--- a/docs/configuration/firewall/zone.rst
+++ b/docs/configuration/firewall/zone.rst
@ -6,13 +6,24 @@
 Zone Based Firewall
 ###################
-.. note:: **Important note:**
+.. note:: Starting from VyOS 1.4-rolling-202308040557, a new firewall
-   This documentation is valid only for VyOS Sagitta prior to
+   structure can be found on all vyos instalations, and zone based firewall is
-   1.4-rolling-YYYYMMDDHHmm
+   no longer supported. Documentation for most of the new firewall CLI can be
   found in the `firewall
   <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_
   chapter. The legacy firewall is still available for versions before
   1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy`
   chapter. The examples in this section use the legacy firewall configuration
   commands, since this feature has been removed in earlier releases.
 .. note:: For latest releases, refer the `firewall 
   <https://docs.vyos.io/en/latest/configuration/firewall/general.html#interface-groups>`_ 
   main page to configure zone based rules. New syntax was introduced here 
   :vytask:`T5160`
 In zone-based policy, interfaces are assigned to zones, and inspection policy
 is applied to traffic moving between the zones and acted on according to
-firewall rules. A Zone is a group of interfaces that have similar functions or
+firewall rules. A zone is a group of interfaces that have similar functions or
 features. It establishes the security borders of a network. A zone defines a
 boundary where traffic is subjected to policy restrictions as it crosses to
 another region of a network.
@ -40,7 +51,7 @@ firewall can be created to simplify configuration when multiple interfaces
 belong to the same security zone. Instead of applying rule-sets to interfaces,
 they are applied to source zone-destination zone pairs.
-An basic introduction to zone-based firewalls can be found `here
+A basic introduction to zone-based firewalls can be found `here
 <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_,
 and an example at :ref:`examples-zone-policy`.
--- a/docs/configuration/interfaces/vxlan.rst
+++ b/docs/configuration/interfaces/vxlan.rst
@ -132,6 +132,36 @@ For optimal scalability, Multicast shouldn't be used at all, but instead use BGP
 to signal all connected devices between leaves. Unfortunately, VyOS does not yet
 support this.
 Single VXLAN device (SVD)
 =========================
 FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when
 working with the Linux kernel. In this new way, the mapping of a VLAN to a
 :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured
 against a container VXLAN interface which is referred to as a
 :abbr:`SVD (Single VXLAN device)`.
 Multiple VLAN to VNI mappings can be configured against the same SVD. This
 allows for a significant scaling of the number of VNIs since a separate VXLAN
 interface is no longer required for each VNI.
 .. cfgcmd:: set interfaces vxlan <interface> vlan-to-vni <vlan> vni <vni>
   Maps the VNI to the specified VLAN id. The VLAN can then be consumed by
   a bridge.
   Sample configuration of SVD with VLAN to VNI mappings is shown below.
   .. code-block:: none
    set interfaces bridge br0 member interface vxlan0
    set interfaces vxlan vxlan0 external
    set interfaces vxlan vxlan0 source-interface 'dum0'
    set interfaces vxlan vxlan0 vlan-to-vni 10 vni '10010'
    set interfaces vxlan vxlan0 vlan-to-vni 11 vni '10011'
    set interfaces vxlan vxlan0 vlan-to-vni 30 vni '10030'
    set interfaces vxlan vxlan0 vlan-to-vni 31 vni '10031'
 Example
 -------
@ -252,7 +282,7 @@ advertised.
  set interfaces bridge br241 member interface 'eth1.241'
  set interfaces bridge br241 member interface 'vxlan241'
-Binds eth1.241 and vxlan241 to each other by making them both member 
+Binds eth1.241 and vxlan241 to each other by making them both member
 interfaces of the same bridge.
 .. code-block:: none
--- a/docs/configuration/nat/nat44.rst
+++ b/docs/configuration/nat/nat44.rst
@ -740,14 +740,12 @@ external interface in the image above)
 .. code-block:: none
  set vpn ipsec ike-group my-ike ikev2-reauth 'no'
  set vpn ipsec ike-group my-ike key-exchange 'ikev1'
  set vpn ipsec ike-group my-ike lifetime '7800'
  set vpn ipsec ike-group my-ike proposal 1 dh-group '14'
  set vpn ipsec ike-group my-ike proposal 1 encryption 'aes256'
  set vpn ipsec ike-group my-ike proposal 1 hash 'sha256'
  set vpn ipsec esp-group my-esp compression 'disable'
  set vpn ipsec esp-group my-esp lifetime '3600'
  set vpn ipsec esp-group my-esp mode 'tunnel'
  set vpn ipsec esp-group my-esp pfs 'disable'
--- a/docs/configuration/protocols/index.rst
+++ b/docs/configuration/protocols/index.rst
@ -16,6 +16,7 @@ Protocols
   mpls
   segment-routing
   ospf
   pim6
   rip
   rpki
   static
--- a/docs/configuration/protocols/pim6.rst
+++ b/docs/configuration/protocols/pim6.rst
@ -0,0 +1,94 @@
 .. _pim6:
 ##############
 IPv6 Multicast
 ##############
 VyOS facilitates IPv6 Multicast by supporting **PIMv6** and **MLD**.
 PIMv6 (Protocol Independent Multicast for IPv6) must be configured in every
 interface of every participating router. Every router must also have the
 location of the Rendevouz Point manually configured.
 Then, unidirectional shared trees rooted at the Rendevouz Point will
 automatically be built for multicast distribution.
 Traffic from multicast sources will go to the Rendezvous Point, and receivers
 will pull it from a shared tree using MLD (Multicast Listener Discovery).
 Multicast receivers will talk MLD to their local router, so, besides having
 PIMv6 configured in every router, MLD must also be configured in any router
 where there could be a multicast receiver locally connected.
 VyOS supports both MLD version 1 and version 2
 (which allows source-specific multicast).
 Basic commands
 ==============
 These are the commands for a basic setup.
 .. cfgcmd:: set protocols pim6 interface <interface-name>
   Use this command to enable PIMv6 in the selected interface so that it
   can communicate with PIMv6 neighbors. This command also enables MLD reports
   and query on the interface unless :cfgcmd:`mld disable` is configured.
 .. cfgcmd:: set protocols pim6 interface <interface-name> mld disable
   Disable MLD reports and query on the interface.
 Tuning commands
 ===============
 You can also tune multicast with the following commands.
 .. cfgcmd:: set protocols pim6 interface <interface-name> mld interval <seconds>
   Use this command to configure in the selected interface the MLD
   host query interval (1-65535) in seconds that PIM will use.
   The default value is 125 seconds.
 .. cfgcmd:: set protocols pim6 interface <interface-name> mld join <multicast-address>
   Use this command to allow the selected interface to join a multicast group.
 .. cfgcmd:: set protocols pim6 interface <interface-name> mld join <multicast-address> source <source-address>
   Use this command to allow the selected interface to join a source-specific multicast
   group.
 .. cfgcmd:: set protocols pim6 interface <interface-name> mld last-member-query-count <count>
   Set the MLD last member query count. The default value is 2.
 .. cfgcmd:: set protocols pim6 interface <interface-name> mld last-member-query-interval <milliseconds>
   Set the MLD last member query interval in milliseconds (100-6553500). The default value is 1000 milliseconds.
 .. cfgcmd:: set protocols pim6 interface <interface-name> mld max-response-time <milliseconds>
   Set the MLD query response timeout in milliseconds (100-6553500). The default value is 10000 milliseconds.
 .. cfgcmd:: set protocols pim6 interface <interface-name> mld version <version-number>
   Set the MLD version used on this interface. The default value is 2.
 *********************
 Configuration Example
 *********************
 To enable MLD reports and query on interfaces `eth0` and `eth1`:
 .. code-block:: none
  set protocols pim6 interface eth0
  set protocols pim6 interface eth1
 The following configuration explicitly joins multicast group `ff15::1234` on interface `eth1`
 and source-specific multicast group `ff15::5678` with source address `2001:db8::1` on interface
 `eth1`:
 .. code-block:: none
  set protocols pim6 interface eth0 mld join ff15::1234
  set protocols pim6 interface eth1 mld join ff15::5678 source 2001:db8::1
--- a/docs/configuration/vpn/dmvpn.rst
+++ b/docs/configuration/vpn/dmvpn.rst
@ -200,7 +200,6 @@ Hub
  set protocols nhrp tunnel tun100 redirect
  set protocols nhrp tunnel tun100 shortcut
  set vpn ipsec esp-group ESP-HUB compression 'disable'
  set vpn ipsec esp-group ESP-HUB lifetime '1800'
  set vpn ipsec esp-group ESP-HUB mode 'transport'
  set vpn ipsec esp-group ESP-HUB pfs 'dh-group2'
@ -208,7 +207,6 @@ Hub
  set vpn ipsec esp-group ESP-HUB proposal 1 hash 'sha1'
  set vpn ipsec esp-group ESP-HUB proposal 2 encryption '3des'
  set vpn ipsec esp-group ESP-HUB proposal 2 hash 'md5'
  set vpn ipsec ike-group IKE-HUB ikev2-reauth 'no'
  set vpn ipsec ike-group IKE-HUB key-exchange 'ikev1'
  set vpn ipsec ike-group IKE-HUB lifetime '3600'
  set vpn ipsec ike-group IKE-HUB proposal 1 dh-group '2'
@ -309,7 +307,6 @@ VyOS can also run in DMVPN spoke mode.
  set protocols nhrp tunnel tun100 redirect
  set protocols nhrp tunnel tun100 shortcut
  set vpn ipsec esp-group ESP-HUB compression 'disable'
  set vpn ipsec esp-group ESP-HUB lifetime '1800'
  set vpn ipsec esp-group ESP-HUB mode 'transport'
  set vpn ipsec esp-group ESP-HUB pfs 'dh-group2'
@ -318,7 +315,6 @@ VyOS can also run in DMVPN spoke mode.
  set vpn ipsec esp-group ESP-HUB proposal 2 encryption '3des'
  set vpn ipsec esp-group ESP-HUB proposal 2 hash 'md5'
  set vpn ipsec ike-group IKE-HUB close-action 'none'
  set vpn ipsec ike-group IKE-HUB ikev2-reauth 'no'
  set vpn ipsec ike-group IKE-HUB key-exchange 'ikev1'
  set vpn ipsec ike-group IKE-HUB lifetime '3600'
  set vpn ipsec ike-group IKE-HUB proposal 1 dh-group '2'
--- a/docs/configuration/vpn/ipsec.rst
+++ b/docs/configuration/vpn/ipsec.rst
@ -51,8 +51,6 @@ VyOS IKE group has the next options:
 * ``hold`` set action to hold;
 * ``clear`` set action to clear;
 * ``restart`` set action to restart;
 * ``dead-peer-detection`` controls the use of the Dead Peer Detection protocol 
@ -73,11 +71,9 @@ VyOS IKE group has the next options:
 * ``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only
 * ``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate 
-  the peer. In IKEv1, reauthentication is always done:
+  the peer. In IKEv1, reauthentication is always done.
-  
+  Setting this parameter enables remote host re-authentication during an IKE 
- * ``yes`` enable remote host re-authentication during an IKE rekey;
+  rekey.
 * ``no`` disable remote host re-authenticaton during an IKE rekey;
 * ``key-exchange`` which protocol should be used to initialize the connection
  If not set both protocols are handled and connections will use IKEv2 when 
@ -87,13 +83,10 @@ VyOS IKE group has the next options:
 * ``ikev2`` use IKEv2 for Key Exchange;
-* ``lifetime`` IKE lifetime in seconds <30-86400> (default 28800);
+* ``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);
-* ``mobike`` enable MOBIKE Support. MOBIKE is only available for IKEv2:
+* ``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2
-
+  and enabled by default.
 * ``enable`` enable MOBIKE (default for IKEv2);
 * ``disable`` disable MOBIKE;
 * ``mode`` IKEv1 Phase 1 Mode Selection:
@ -126,12 +119,8 @@ Multiple proposals can be specified in a single group.
 VyOS ESP group has the next options:
-* ``compression`` whether IPComp compression of content is proposed 
+* ``compression``  Enables the  IPComp(IP Payload Compression) protocol which
-  on the connection:
+  allows compressing the content of IP packets.  
 * ``disable`` disable IPComp compression (default);
 * ``enable`` enable IPComp compression;
 * ``life-bytes`` ESP life in bytes <1024-26843545600000>. 
  Number of bytes transmitted over an IPsec SA before it expires;
--- a/docs/contributing/build-vyos.rst
+++ b/docs/contributing/build-vyos.rst
@ -77,6 +77,8 @@ To manually download the container from DockerHub, run:
 .. code-block:: none
  $ docker pull vyos/vyos-build:crux     # For VyOS 1.2
  $ docker pull vyos/vyos-build:equuleus # For VyOS 1.3
  $ docker pull vyos/vyos-build:sagitta  # For VyOS 1.4
  $ docker pull vyos/vyos-build:current  # For rolling release
 Build from source
@ -396,14 +398,8 @@ system:
 .. code-block:: none
  vyos@vyos:~$ uname -r
-  4.19.146-amd64-vyos
+  6.1.52-amd64-vyos
 Other packages (e.g. vyos-1x) add dependencies to the ISO build procedure on
 e.g. the wireguard-modules package which itself adds a dependency on the kernel
 version used due to the module it ships. This may change (for WireGuard) in
 future kernel releases but as long as we have out-of-tree modules.
 * WireGuard
 * Accel-PPP
 * Intel NIC drivers
 * Inter QAT
@ -414,7 +410,7 @@ lucky enough to receive an ISO build error which sounds like:
 .. code-block:: none
  I: Create initramfs if it does not exist.
-  Extra argument '4.19.146-amd64-vyos'
+  Extra argument '6.1.52-amd64-vyos'
  Usage: update-initramfs {-c|-d|-u} [-k version] [-v] [-b directory]
  Options:
   -k version     Specify kernel version or 'all'
@ -432,8 +428,8 @@ The most obvious reasons could be:
  release kernel version from us.
 * You have your own custom kernel `*.deb` packages in the `packages` folder but
-  neglected to create all required out-of tree modules like Accel-PPP,
+  neglected to create all required out-of tree modules like Accel-PPP, Intel
-  WireGuard, Intel QAT, Intel NIC
+  QAT or Intel NIC drivers
 Building The Kernel
 -------------------
@ -591,54 +587,6 @@ you can again take a look at ``vyos-build/packages/linux-kernel/Jenkinsfile``
 to see all of the required modules and their selected versions. We will show
 you how to build all the current required modules.
 WireGuard
 ^^^^^^^^^
 First, clone the source code and check out the appropriate version by running:
 .. code-block:: none
  $ cd vyos-build/packages/linux-kernel
  $ git clone https://salsa.debian.org/debian/wireguard-linux-compat.git
  $ cd wireguard-linux-compat
  $ git checkout debian/1.0.20200712-1_bpo10+1
 We again make use of a helper script and some patches to make the build work.
 Just run the following command:
 .. code-block:: none
  $ cd vyos-build/packages/linux-kernel
  $ ./build-wireguard-modules.sh
  I: Apply WireGuard patch: /vyos/packages/linux-kernel/patches/wireguard-linux-compat/0001-Debian-build-wireguard-modules-package.patch
  patching file debian/control
  patching file debian/rules
  I: Build Debian WireGuard package
  dpkg-buildpackage: info: source package wireguard-linux-compat
  dpkg-buildpackage: info: source version 1.0.20200712-1~bpo10+1
  dpkg-buildpackage: info: source distribution buster-backports
  dpkg-buildpackage: info: source changed by Unit 193 <unit193@debian.org>
  dpkg-buildpackage: info: host architecture amd64
   dpkg-source --before-build .
  dpkg-source: info: using patch list from debian/patches/series
  dpkg-source: info: applying 0001-Makefile-do-not-use-git-to-get-version-number.patch
  dpkg-source: info: applying 0002-Avoid-trying-to-compile-on-debian-5.5-kernels-Closes.patch
  ...
  dpkg-genchanges: info: binary-only upload (no source code included)
   debian/rules clean
  dh clean
     dh_clean
   dpkg-source --after-build .
  dpkg-source: info: unapplying 0002-Avoid-trying-to-compile-on-debian-5.5-kernels-Closes.patch
  dpkg-source: info: unapplying 0001-Makefile-do-not-use-git-to-get-version-number.patch
  dpkg-buildpackage: info: binary-only upload (no source included)
 After compiling the packages you will find yourself the newly generated `*.deb`
 binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them
 to the ``vyos-build/packages`` folder for inclusion during the ISO build.
 Accel-PPP
 ^^^^^^^^^
--- a/docs/introducing/history.rst
+++ b/docs/introducing/history.rst
@ -41,8 +41,9 @@ Major releases
 VyOS major versions used to be named after elements in order of atomic
 numbers. With 1.2, this naming scheme was replaced with the much
-cooler scheme of Latin names of IAU designated constellations by solid
+cooler scheme of Latin names of `IAU
-angle area, starting from the smallest.
+<https://en.wikipedia.org/wiki/IAU_designated_constellations_by_area>`_
 designated constellations by solid angle area, starting from the smallest.
 Hydrogen (1.0)
 --------------
@ -108,6 +109,12 @@ Sagitta (1.4)
 Sagitta (the Arrow) is the codename of the current development
 branch, so there's no VyOS 1.4 yet.
 Circinus (1.5)
 -------------
 Circinus (the Compass) is the codename of the upcoming development
 branch, so there's no VyOS 1.5 yet.
 A note on copyright
 ===================
--- a/docs/quick-start.rst
+++ b/docs/quick-start.rst
@ -122,6 +122,15 @@ network via IP masquerade.
 Firewall
 ########
 .. note:: Starting from VyOS 1.4-rolling-202308040557, a new firewall
   structure can be found on all vyos instalations. Documentation for most
   of the new firewall CLI can be found in the `firewall
   <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_
   chapter. The legacy firewall is still available for versions before
   1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy`
   chapter. The examples in this section use the new firewall configuration
   commands.
 Add a set of firewall policies for our outside/WAN interface.
 This configuration creates a proper stateful firewall that blocks all traffic
@ -129,19 +138,25 @@ which was not initiated from the internal/LAN side first.
 .. code-block:: none
-  set firewall name OUTSIDE-IN default-action 'drop'
+  set firewall ipv4 forward filter default-action 'drop'
-  set firewall name OUTSIDE-IN rule 10 action 'accept'
+  set firewall ipv4 forward filter rule 10 action 'accept'
-  set firewall name OUTSIDE-IN rule 10 state established 'enable'
+  set firewall ipv4 forward filter rule 10 state established 'enable'
-  set firewall name OUTSIDE-IN rule 10 state related 'enable'
+  set firewall ipv4 forward filter rule 10 state related 'enable'
  set firewall ipv4 forward filter rule 20 action 'drop'
  set firewall ipv4 forward filter rule 20 state invalid 'enable'
  set firewall ipv4 forward filter rule 30 inbound-interface interface-name 'eth1'
  set firewall ipv4 forward filter rule 30 action 'accept'
-  set firewall name OUTSIDE-LOCAL default-action 'drop'
+  set firewall ipv4 input filter default-action drop
-  set firewall name OUTSIDE-LOCAL rule 10 action 'accept'
+  set firewall ipv4 input filter rule 10 action 'accept'
-  set firewall name OUTSIDE-LOCAL rule 10 state established 'enable'
+  set firewall ipv4 input filter rule 10 state established 'enable'
-  set firewall name OUTSIDE-LOCAL rule 10 state related 'enable'
+  set firewall ipv4 input filter rule 10 state related 'enable'
-  set firewall name OUTSIDE-LOCAL rule 20 action 'accept'
+  set firewall ipv4 input filter rule 20 action 'drop'
-  set firewall name OUTSIDE-LOCAL rule 20 icmp type-name 'echo-request'
+  set firewall ipv4 input filter rule 20 state invalid 'enable'
-  set firewall name OUTSIDE-LOCAL rule 20 protocol 'icmp'
+  set firewall ipv4 input filter rule 30 action 'accept'
-  set firewall name OUTSIDE-LOCAL rule 20 state new 'enable'
+  set firewall ipv4 input filter rule 30 icmp type-name 'echo-request'
  set firewall ipv4 input filter rule 30 protocol 'icmp'
  set firewall ipv4 input filter rule 30 state new 'enable'
 If you wanted to enable SSH access to your firewall from the outside/WAN
 interface, you could create some additional rules to allow that kind of
@ -152,24 +167,19 @@ blocks brute-forcing attempts:
 .. code-block:: none
-  set firewall name OUTSIDE-LOCAL rule 30 action 'drop'
+  set firewall ipv4 input filter rule 40 action 'drop'
-  set firewall name OUTSIDE-LOCAL rule 30 destination port '22'
+  set firewall ipv4 input filter rule 40 inbound-interface interface-name 'eth0'
-  set firewall name OUTSIDE-LOCAL rule 30 protocol 'tcp'
+  set firewall ipv4 input filter rule 40 destination port '22'
-  set firewall name OUTSIDE-LOCAL rule 30 recent count '4'
+  set firewall ipv4 input filter rule 40 protocol 'tcp'
-  set firewall name OUTSIDE-LOCAL rule 30 recent time 'minute'
+  set firewall ipv4 input filter rule 40 recent count '4'
-  set firewall name OUTSIDE-LOCAL rule 30 state new 'enable'
+  set firewall ipv4 input filter rule 40 recent time 'minute'
  set firewall ipv4 input filter rule 40 state new 'enable'
-  set firewall name OUTSIDE-LOCAL rule 31 action 'accept'
+  set firewall ipv4 input filter rule 41 action 'accept'
-  set firewall name OUTSIDE-LOCAL rule 31 destination port '22'
+  set firewall ipv4 input filter rule 41 destination port '22'
-  set firewall name OUTSIDE-LOCAL rule 31 protocol 'tcp'
+  set firewall ipv4 input filter rule 41 protocol 'tcp'
-  set firewall name OUTSIDE-LOCAL rule 31 state new 'enable'
+  set firewall ipv4 input filter rule 41 state new 'enable'
 Apply the firewall policies:
 .. code-block:: none
  set firewall interface eth0 in name 'OUTSIDE-IN'
  set firewall interface eth0 local name 'OUTSIDE-LOCAL'
 Commit changes, save the configuration, and exit configuration mode:
		`@ -1 +0,0 @@`
			`Subproject commit c8ba6bc59d981309552c90e845c560ec2bd9b21c`