Add Quick Start Guide

docs/ch03-quick-start.rst

@@ -0,0 +1,103 @@
+Quick Start Guide
+=================
+
+Below is a very basic configuration example that will provide a NAT gateway
+for a device with two interfaces.
+
+Enter configuration mode:
+
+.. code-block:: sh
+
+  vyos@vyos$ configure
+  vyos@vyos#
+
+Configure network interfaces:
+
+.. code-block:: sh
+
+  set interfaces ethernet eth0 address dhcp
+  set interfaces ethernet eth0 description 'OUTSIDE'
+  set interfaces ethernet eth1 address '192.168.0.1/24'
+  set interfaces ethernet eth1 description 'INSIDE'
+
+Enable SSH for remote management:
+
+.. code-block:: sh
+
+  set service ssh port '22'
+
+Configure Source NAT for our "Inside" network.
+
+.. code-block:: sh
+
+  set nat source rule 100 outbound-interface 'eth0'
+  set nat source rule 100 source address '192.168.0.0/24'
+  set nat source rule 100 translation address masquerade
+
+Configure a DHCP Server:
+
+.. code-block:: sh
+
+  set service dhcp-server disabled 'false'
+  set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router '192.168.0.1'
+  set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 dns-server '192.168.0.1'
+  set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 domain-name 'internal-network'
+  set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 lease '86400'
+  set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 start 192.168.0.9 stop '192.168.0.254'
+
+And a DNS forwarder:
+
+Please note that the `listen-on` statement is deprecated. Please use
+`listen-address` instead!
+
+.. code-block:: sh
+
+  set service dns forwarding cache-size '0'
+  set service dns forwarding listen-on 'eth1'
+  set service dns forwarding name-server '8.8.8.8'
+  set service dns forwarding name-server '8.8.4.4'
+
+Add a set of firewall policies for our "Outside" interface:
+
+.. code-block:: sh
+
+  set firewall name OUTSIDE-IN default-action 'drop'
+  set firewall name OUTSIDE-IN rule 10 action 'accept'
+  set firewall name OUTSIDE-IN rule 10 state established 'enable'
+  set firewall name OUTSIDE-IN rule 10 state related 'enable'
+  set firewall name OUTSIDE-LOCAL default-action 'drop'
+  set firewall name OUTSIDE-LOCAL rule 10 action 'accept'
+  set firewall name OUTSIDE-LOCAL rule 10 state established 'enable'
+  set firewall name OUTSIDE-LOCAL rule 10 state related 'enable'
+  set firewall name OUTSIDE-LOCAL rule 20 action 'accept'
+  set firewall name OUTSIDE-LOCAL rule 20 icmp type-name 'echo-request'
+  set firewall name OUTSIDE-LOCAL rule 20 protocol 'icmp'
+  set firewall name OUTSIDE-LOCAL rule 20 state new 'enable'
+  set firewall name OUTSIDE-LOCAL rule 30 action 'drop'
+  set firewall name OUTSIDE-LOCAL rule 30 destination port '22'
+  set firewall name OUTSIDE-LOCAL rule 30 protocol 'tcp'
+  set firewall name OUTSIDE-LOCAL rule 30 recent count '4'
+  set firewall name OUTSIDE-LOCAL rule 30 recent time '60'
+  set firewall name OUTSIDE-LOCAL rule 30 state new 'enable'
+  set firewall name OUTSIDE-LOCAL rule 31 action 'accept'
+  set firewall name OUTSIDE-LOCAL rule 31 destination port '22'
+  set firewall name OUTSIDE-LOCAL rule 31 protocol 'tcp'
+  set firewall name OUTSIDE-LOCAL rule 31 state new 'enable'
+
+Apply the firewall policies:
+
+.. code-block:: sh
+
+  set interfaces ethernet eth0 firewall in name 'OUTSIDE-IN'
+  set interfaces ethernet eth0 firewall local name 'OUTSIDE-LOCAL'
+
+Commit changes, save the configuration, and exit configuration mode:
+
+.. code-block:: sh
+
+  vyos@vyos# commit
+  vyos@vyos# save
+  Saving configuration to '/config/config.boot'...
+  Done
+  vyos@vyos# exit
+  vyos@vyos$

docs/index.rst

@@ -23,6 +23,8 @@ as a router and firewall platform for cloud deployments.
 
 .. include:: ch02-cli.rst
 
+.. include:: ch03-quick-start.rst
+
 Indices and tables
 ==================