vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1619 from Embezzle/T5493

Browse Source 
firewall: T5493: Document remote-group
This commit is contained in:
Christian Breunig 2025-03-30 15:02:18 +02:00 committed by GitHub
commit 9ede5eee5c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
docs/configuration/firewall/groups.rst
View File

@ -37,6 +37,33 @@ In an **address group** a single IP address or IP address range is defined.
Provide a IPv4 or IPv6 address group description
Remote Groups
==============
A **remote-group** takes an argument of a URL hosting a linebreak-deliminated
list of IPv4s addresses, CIDRs and ranges. VyOS will pull this list periodicity
according to the frequency defined in the firewall **resolver-interval** and load
matching entries into the group for use in rules. The list will be cached in
persistent storage, so in cases of update failure rules will still function.
.. cfgcmd:: set firewall group remote-group <name> url <http(s) url>
Define remote list of IPv4 addresses/ranges/CIDRs to fetch
.. cfgcmd:: set firewall group remote-group <name> description <text>
Set a description for a remote group
The format of the remote list is very flexible. VyOS will attempt to parse the
first word of each line as an entry, and will skip if it cannot find a valid
match. Below is a list of acceptable matches that would be parsed correctly:
.. code-block:: none
127.0.0.1
127.0.0.0/24
127.0.0.1-127.0.0.254
Network Groups
==============