diff --git a/docs/_locale/de/404.pot b/docs/_locale/de/404.pot
index 7ef03f50..57b3b68d 100644
--- a/docs/_locale/de/404.pot
+++ b/docs/_locale/de/404.pot
@@ -24,6 +24,14 @@ msgstr "`1.2.x (crux) :@/``"
msgstr "``ftp://:@/``"
+#: ../../cli.rst:870
+msgid "``git+https://:@/``"
+msgstr "``git+https://:@/``"
+
+#: ../../cli.rst:864
+msgid "``http://:@:/``"
+msgstr "``http://:@:/``"
+
+#: ../../cli.rst:865
+msgid "``https://:@:/``"
+msgstr "``https://:@:/``"
+
#: ../../cli.rst:71
msgid "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size."
msgstr "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size."
@@ -416,11 +436,11 @@ msgstr "``q`` key can be used to cancel output"
msgid "``return`` will scroll down one line"
msgstr "``return`` will scroll down one line"
-#: ../../cli.rst:864
+#: ../../cli.rst:868
msgid "``scp://:@:/``"
msgstr "``scp://:@:/``"
-#: ../../cli.rst:865
+#: ../../cli.rst:867
msgid "``sftp://:@/``"
msgstr "``sftp://:@/``"
@@ -428,7 +448,7 @@ msgstr "``sftp://:@/``"
msgid "``space`` will scroll down one page"
msgstr "``space`` will scroll down one page"
-#: ../../cli.rst:867
+#: ../../cli.rst:869
msgid "``tftp:///``"
msgstr "``tftp:///``"
diff --git a/docs/_locale/de/configexamples.pot b/docs/_locale/de/configexamples.pot
index 22c08587..d7dd346f 100644
--- a/docs/_locale/de/configexamples.pot
+++ b/docs/_locale/de/configexamples.pot
@@ -210,22 +210,18 @@ msgstr "4 x Provider routers (VyOS-Px)"
msgid "50: Upstream, using the 192.0.2.0/24 network allocated by them."
msgstr "50: Upstream, using the 192.0.2.0/24 network allocated by them."
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:102
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:102
msgid "64496:1"
msgstr "64496:1"
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:108
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:108
msgid "64496:100"
msgstr "64496:100"
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:104
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:104
msgid "64496:2"
msgstr "64496:2"
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:106
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:106
msgid "64496:50"
msgstr "64496:50"
@@ -276,7 +272,7 @@ msgstr "A brief excursion into VRFs: This has been one of the longest-standing f
msgid "A connection resource deployed in Azure linking the Azure VNet gateway and the local network gateway representing the Vyos device."
msgstr "A connection resource deployed in Azure linking the Azure VNet gateway and the local network gateway representing the Vyos device."
-#: ../../configexamples/index.rst:35
+#: ../../configexamples/index.rst:37
msgid "A host ``vyos-oobm`` will use as a ssh proxy. This host is just necessary for the Lab test."
msgstr "A host ``vyos-oobm`` will use as a ssh proxy. This host is just necessary for the Lab test."
@@ -322,10 +318,22 @@ msgstr "Active Directory on Windows server"
msgid "Add (temporary) default route"
msgstr "Add (temporary) default route"
+#: ../../configexamples/ansible.rst:73
+msgid "Add all the hosts of VyOS:"
+msgstr "Add all the hosts of VyOS:"
+
+#: ../../configexamples/ansible.rst:85
+msgid "Add general variables:"
+msgstr "Add general variables:"
+
#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:47
msgid "Add the LDAP plugin configuration file `/config/auth/ldap-auth.config`"
msgstr "Add the LDAP plugin configuration file `/config/auth/ldap-auth.config`"
+#: ../../configexamples/ansible.rst:99
+msgid "Add the simple playbook with the tasks for each router:"
+msgstr "Add the simple playbook with the tasks for each router:"
+
#: ../../configexamples/wan-load-balancing.rst:167
msgid "Adding a rule for the second interface"
msgstr "Adding a rule for the second interface"
@@ -426,11 +434,15 @@ msgstr "And show all DHCP Leases"
msgid "And the ``client`` to receive an IPv6 address with stateless autoconfig."
msgstr "And the ``client`` to receive an IPv6 address with stateless autoconfig."
-#: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:None
-#: ../../configexamples/autotest/Wireguard/Wireguard.rst:None
+#: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:-1
+#: ../../configexamples/autotest/Wireguard/Wireguard.rst:-1
msgid "Ansible Example topology image"
msgstr "Ansible Example topology image"
+#: ../../configexamples/ansible.rst:7
+msgid "Ansible example"
+msgstr "Ansible example"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:10
msgid "Any information related to a VRF is not exchanged between devices -or in the same device- by default, this is a technique called **VRF-Lite**."
msgstr "Any information related to a VRF is not exchanged between devices -or in the same device- by default, this is a technique called **VRF-Lite**."
@@ -559,6 +571,10 @@ msgstr "Basic Firewall"
msgid "Basic Setup (via console)"
msgstr "Basic Setup (via console)"
+#: ../../configexamples/ansible.rst:64
+msgid "Basik configuration of the ansible.cfg:"
+msgstr "Basik configuration of the ansible.cfg:"
+
#: ../../configexamples/qos.rst:74
msgid "Before the interface eth0 on router VyOS3"
msgstr "Before the interface eth0 on router VyOS3"
@@ -611,6 +627,14 @@ msgstr "Check the result"
msgid "Check the result."
msgstr "Check the result."
+#: ../../configexamples/ansible.rst:142
+msgid "Check the result on the vyos10 router:"
+msgstr "Check the result on the vyos10 router:"
+
+#: ../../configexamples/ansible.rst:51
+msgid "Check the version:"
+msgstr "Check the version:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:164
msgid "Checking the routing table of the VRF should reveal both static and connected entries active. A PING test between the Core and remote router is a way to validate connectivity within the VRF."
msgstr "Checking the routing table of the VRF should reveal both static and connected entries active. A PING test between the Core and remote router is a way to validate connectivity within the VRF."
@@ -619,6 +643,10 @@ msgstr "Checking the routing table of the VRF should reveal both static and conn
msgid "Checking through op-mode commands"
msgstr "Checking through op-mode commands"
+#: ../../configexamples/site-2-site-cisco.rst:71
+msgid "Cisco"
+msgstr "Cisco"
+
#: ../../configexamples/ha.rst:90
msgid "Cisco VPC Crossconnect - Ports 39 and 40 bonded between each switch"
msgstr "Cisco VPC Crossconnect - Ports 39 and 40 bonded between each switch"
@@ -652,6 +680,7 @@ msgstr "Conclusions"
#: ../../configexamples/ospf-unnumbered.rst:12
#: ../../configexamples/policy-based-ipsec-and-firewall.rst:47
#: ../../configexamples/segment-routing-isis.rst:24
+#: ../../configexamples/site-2-site-cisco.rst:18
msgid "Configuration"
msgstr "Configuration"
@@ -675,7 +704,7 @@ msgstr "Configuration 'dcsp' and shaper using QoS"
msgid "Configuration Blueprints"
msgstr "Configuration Blueprints"
-#: ../../configexamples/index.rst:28
+#: ../../configexamples/index.rst:30
msgid "Configuration Blueprints (autotest)"
msgstr "Configuration Blueprints (autotest)"
@@ -856,7 +885,7 @@ msgstr "Dynamic routing used between CE and PE nodes and eBGP peering establishe
msgid "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same."
msgstr "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same."
-#: ../../configexamples/index.rst:32
+#: ../../configexamples/index.rst:34
msgid "Each lab will build an test from an external script. The page content will generate, so changes will not take an effect."
msgstr "Each lab will build an test from an external script. The page content will generate, so changes will not take an effect."
@@ -962,6 +991,10 @@ msgstr "First a CA, a signed server and client ceftificate and a Diffie-Hellman
msgid "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP."
msgstr "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP."
+#: ../../configexamples/site-2-site-cisco.rst:9
+msgid "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES."
+msgstr "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES."
+
#: ../../configexamples/ha.rst:60
msgid "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16"
msgstr "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16"
@@ -998,6 +1031,10 @@ msgstr "From Management to Outside (fails as intended)"
msgid "Full configuration from all devices"
msgstr "Full configuration from all devices"
+#: ../../configexamples/site-2-site-cisco.rst:23
+msgid "GRE:"
+msgstr "GRE:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:19
msgid "General information about L3VPNs can be found in the :ref:`configuration/vrf/index:L3VPN VRFs` chapter."
msgstr "General information about L3VPNs can be found in the :ref:`configuration/vrf/index:L3VPN VRFs` chapter."
@@ -1062,6 +1099,10 @@ msgstr "IPSec configuration:"
msgid "IP Schema"
msgstr "IP Schema"
+#: ../../configexamples/site-2-site-cisco.rst:34
+msgid "IPsec:"
+msgstr "IPsec:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:85
msgid "IPv4 Network"
msgstr "IPv4 Network"
@@ -1171,6 +1212,10 @@ msgstr "In the end, you'll get a powerful instrument for monitoring the VyOS sys
msgid "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is."
msgstr "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is."
+#: ../../configexamples/ansible.rst:216
+msgid "In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables."
+msgstr "In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables."
+
#: ../../configexamples/ha.rst:154
msgid "In this case, the hardware router has a different IP, so it would be"
msgstr "In this case, the hardware router has a different IP, so it would be"
@@ -1191,6 +1236,10 @@ msgstr "In this document, we have been allocated 203.0.113.0/24 by our upstream
msgid "In this example, eth0 is the primary interface and eth1 is the secondary interface. To provide simple failover functionality. If eth0 fails, eth1 takes over."
msgstr "In this example, eth0 is the primary interface and eth1 is the secondary interface. To provide simple failover functionality. If eth0 fails, eth1 takes over."
+#: ../../configexamples/ansible.rst:12
+msgid "In this example, we will set up a simple use of Ansible to configure multiple VyoS routers. We have four pre-configured routers with this configuration:"
+msgstr "In this example, we will set up a simple use of Ansible to configure multiple VyoS routers. We have four pre-configured routers with this configuration:"
+
#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:42
msgid "In this example OpenVPN will be setup with a client certificate and username / password authentication."
msgstr "In this example OpenVPN will be setup with a client certificate and username / password authentication."
@@ -1215,6 +1264,14 @@ msgstr "Information about Ethernet Virtual Private Networks"
msgid "Information about prefix-sid and label-operation from VyOS"
msgstr "Information about prefix-sid and label-operation from VyOS"
+#: ../../configexamples/ansible.rst:37
+msgid "Install the Ansible:"
+msgstr "Install the Ansible:"
+
+#: ../../configexamples/ansible.rst:44
+msgid "Install the paramiko:"
+msgstr "Install the paramiko:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:3
msgid "Inter-VRF Routing over VRF Lite"
msgstr "Inter-VRF Routing over VRF Lite"
@@ -1276,7 +1333,7 @@ msgstr "Keep networks isolated is -in general- a good principle, but there are c
msgid "L3VPN EVPN with VyOS"
msgstr "L3VPN EVPN with VyOS"
-#: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:None
+#: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:-1
msgid "L3VPN EVPN with VyOS topology image"
msgstr "L3VPN EVPN with VyOS topology image"
@@ -1403,29 +1460,14 @@ msgstr "Network Cabling"
msgid "Network Topology"
msgstr "Network Topology"
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:None
-#: ../../configexamples/l3vpn-hub-and-spoke.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/pppoe-ipv6-basic.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/wan-load-balancing.rst:None
-#: ../../configexamples/wan-load-balancing.rst:None
-#: ../../configexamples/zone-policy.rst:None
+#: ../../configexamples/ansible.rst:-1
+#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:-1
+#: ../../configexamples/l3vpn-hub-and-spoke.rst:-1
+#: ../../configexamples/nmp.rst:-1
+#: ../../configexamples/pppoe-ipv6-basic.rst:-1
+#: ../../configexamples/qos.rst:-1
+#: ../../configexamples/wan-load-balancing.rst:-1
+#: ../../configexamples/zone-policy.rst:-1
msgid "Network Topology Diagram"
msgstr "Network Topology Diagram"
@@ -1457,7 +1499,7 @@ msgstr "Node"
msgid "Note that router1 is a VM that runs on one of the compute nodes."
msgstr "Note that router1 is a VM that runs on one of the compute nodes."
-#: ../../configexamples/pppoe-ipv6-basic.rst:111
+#: ../../configexamples/pppoe-ipv6-basic.rst:115
msgid "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)."
msgstr "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)."
@@ -1554,7 +1596,7 @@ msgstr "One cable/logical connection between LAN2 and Management"
msgid "OpenVPN with LDAP"
msgstr "OpenVPN with LDAP"
-#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:None
+#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:-1
msgid "OpenVPN with LDAP topology image"
msgstr "OpenVPN with LDAP topology image"
@@ -1793,6 +1835,10 @@ msgstr "Sets your LAN interface's IP address"
msgid "Setting BGP global local-as as well inside the VRF. Redistribute static routes to inject configured networks into the BGP process but still inside the VRF."
msgstr "Setting BGP global local-as as well inside the VRF. Redistribute static routes to inject configured networks into the BGP process but still inside the VRF."
+#: ../../configexamples/ansible.rst:10
+msgid "Setting up Ansible on a server running the Debian operating system."
+msgstr "Setting up Ansible on a server running the Debian operating system."
+
#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51
msgid "Setup the ipv6 default route to the tunnel interface"
msgstr "Setup the ipv6 default route to the tunnel interface"
@@ -1809,6 +1855,10 @@ msgstr "Similarly, to attach the firewall, you would use `set interfaces etherne
msgid "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address."
msgstr "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address."
+#: ../../configexamples/site-2-site-cisco.rst:128
+msgid "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information"
+msgstr "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information"
+
#: ../../configexamples/zone-policy.rst:236
msgid "Since we have 4 zones, we need to setup the following rulesets."
msgstr "Since we have 4 zones, we need to setup the following rulesets."
@@ -1821,6 +1871,10 @@ msgstr "Single LAN Setup"
msgid "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:"
msgstr "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:"
+#: ../../configexamples/site-2-site-cisco.rst:4
+msgid "Site-to-Site IPSec VPN to Cisco using FlexVPN"
+msgstr "Site-to-Site IPSec VPN to Cisco using FlexVPN"
+
#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179
msgid "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:"
msgstr "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:"
@@ -1838,6 +1892,10 @@ msgstr "Spoke"
msgid "Start by setting the interface and default action for each zone."
msgstr "Start by setting the interface and default action for each zone."
+#: ../../configexamples/ansible.rst:122
+msgid "Start the playbook:"
+msgstr "Start the playbook:"
+
#: ../../configexamples/zone-policy.rst:8
msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall `_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall `_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
@@ -1909,6 +1967,11 @@ msgstr "Testdate: 2023-05-11"
msgid "Testdate: 2023-08-31"
msgstr "Testdate: 2023-08-31"
+#: ../../configexamples/autotest/Wireguard/Wireguard.rst:6
+#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:7
+msgid "Testdate: 2024-01-13"
+msgstr "Testdate: 2024-01-13"
+
#: ../../configexamples/ha.rst:276
#: ../../configexamples/ha.rst:337
msgid "Testing"
@@ -1979,7 +2042,11 @@ msgstr "The format of these addresses:"
msgid "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers."
msgstr "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers."
-#: ../../configexamples/index.rst:30
+#: ../../configexamples/site-2-site-cisco.rst:14
+msgid "The lab was built using EVE-NG."
+msgstr "The lab was built using EVE-NG."
+
+#: ../../configexamples/index.rst:32
msgid "The next pages contains automatic full tested configuration examples."
msgstr "The next pages contains automatic full tested configuration examples."
@@ -1987,7 +2054,7 @@ msgstr "The next pages contains automatic full tested configuration examples."
msgid "The previous example used the failover command to send traffic through eth1 if eth0 fails. In this example, failover functionality is provided by rule order."
msgstr "The previous example used the failover command to send traffic through eth1 if eth0 fails. In this example, failover functionality is provided by rule order."
-#: ../../configexamples/index.rst:38
+#: ../../configexamples/index.rst:40
msgid "The process will do the following steps:"
msgstr "The process will do the following steps:"
@@ -1999,6 +2066,10 @@ msgstr "The scope of this document is to cover such cases in a dynamic way witho
msgid "The setup used in this example is shown in the following diagram:"
msgstr "The setup used in this example is shown in the following diagram:"
+#: ../../configexamples/ansible.rst:161
+msgid "The simple way without configuration of the hostname (one task for all routers):"
+msgstr "The simple way without configuration of the hostname (one task for all routers):"
+
#: ../../configexamples/ha.rst:339
msgid "The simplest way to test is to look at the connection tracking stats on the standby hardware router with the command ``show conntrack-sync statistics``. The numbers should be very close to the numbers on the primary router."
msgstr "The simplest way to test is to look at the connection tracking stats on the standby hardware router with the command ``show conntrack-sync statistics``. The numbers should be very close to the numbers on the primary router."
@@ -2079,6 +2150,10 @@ msgstr "This example uses the failover mode."
msgid "This gives us MPLS segment routing enabled and labels forwarding :"
msgstr "This gives us MPLS segment routing enabled and labels forwarding :"
+#: ../../configexamples/site-2-site-cisco.rst:6
+msgid "This guide shows a sample configuration for FlexVPN site-to-site Internet Protocol Security (IPsec)/Generic Routing Encapsulation (GRE) tunnel."
+msgstr "This guide shows a sample configuration for FlexVPN site-to-site Internet Protocol Security (IPsec)/Generic Routing Encapsulation (GRE) tunnel."
+
#: ../../configexamples/azure-vpn-dual-bgp.rst:8
msgid "This guide shows an example of a redundant (active-active) route-based IKEv2 site-to-site VPN to Azure using VTI and BGP for dynamic routing updates."
msgstr "This guide shows an example of a redundant (active-active) route-based IKEv2 site-to-site VPN to Azure using VTI and BGP for dynamic routing updates."
@@ -2196,7 +2271,7 @@ msgstr "Transport:"
msgid "Tunnelbroker.net (IPv6)"
msgstr "Tunnelbroker.net (IPv6)"
-#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:None
+#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:-1
msgid "Tunnelbroker topology image"
msgstr "Tunnelbroker topology image"
@@ -2212,6 +2287,7 @@ msgstr "Two rules will be created, the first rule directs traffic coming in from
msgid "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that."
msgstr "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that."
+#: ../../configexamples/ansible.rst:15
#: ../../configexamples/qos.rst:16
msgid "Using the general schema for example:"
msgstr "Using the general schema for example:"
@@ -2245,6 +2321,7 @@ msgstr "VRRP Configuration"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:248
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:320
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:829
+#: ../../configexamples/site-2-site-cisco.rst:134
msgid "Verification"
msgstr "Verification"
@@ -2263,10 +2340,19 @@ msgstr "Version: 1.4-rolling-202305100734"
msgid "Version: 1.4-rolling-202308240020"
msgstr "Version: 1.4-rolling-202308240020"
+#: ../../configexamples/autotest/Wireguard/Wireguard.rst:7
+#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:8
+msgid "Version: 1.5-rolling-202401121239"
+msgstr "Version: 1.5-rolling-202401121239"
+
#: ../../configexamples/autotest/Wireguard/Wireguard.rst:7
msgid "Version: vyos-1.4-rolling-202302150317"
msgstr "Version: vyos-1.4-rolling-202302150317"
+#: ../../configexamples/site-2-site-cisco.rst:21
+msgid "VyOS"
+msgstr "VyOS"
+
#: ../../configexamples/l3vpn-hub-and-spoke.rst:1025
msgid "VyOS-CE-HUB -------> VyOS-CE1-SPOKE"
msgstr "VyOS-CE-HUB -------> VyOS-CE1-SPOKE"
@@ -2434,6 +2520,10 @@ msgstr "We explicitly exclude the primary upstream network so that BGP or OSPF t
msgid "We have four hosts on the local network 172.17.1.0/24. All hosts are labeled CS0 by default. We need to replace labels on all hosts except vpc8. We will replace the labels on the nearest router “VyOS3” using the IP addresses of the sources."
msgstr "We have four hosts on the local network 172.17.1.0/24. All hosts are labeled CS0 by default. We need to replace labels on all hosts except vpc8. We will replace the labels on the nearest router “VyOS3” using the IP addresses of the sources."
+#: ../../configexamples/ansible.rst:22
+msgid "We have four pre-configured routers with this configuration:"
+msgstr "We have four pre-configured routers with this configuration:"
+
#: ../../configexamples/zone-policy.rst:25
msgid "We have three networks."
msgstr "We have three networks."
@@ -2623,15 +2713,15 @@ msgstr "compute3 - Port 11 of each switch"
msgid "compute3 (VMware ESXi 6.5)"
msgstr "compute3 (VMware ESXi 6.5)"
-#: ../../configexamples/index.rst:41
+#: ../../configexamples/index.rst:43
msgid "configure each host in the lab"
msgstr "configure each host in the lab"
-#: ../../configexamples/index.rst:40
+#: ../../configexamples/index.rst:42
msgid "create the lab on a eve-ng server"
msgstr "create the lab on a eve-ng server"
-#: ../../configexamples/index.rst:42
+#: ../../configexamples/index.rst:44
msgid "do some defined tests"
msgstr "do some defined tests"
@@ -2652,7 +2742,7 @@ msgstr "extended community and remote label of specific destination"
msgid "first the PCA"
msgstr "first the PCA"
-#: ../../configexamples/index.rst:44
+#: ../../configexamples/index.rst:46
msgid "generate the documentation and include files"
msgstr "generate the documentation and include files"
@@ -2664,7 +2754,7 @@ msgstr "green uses local routing table id and VNI 4000"
msgid "information between PE and CE:"
msgstr "information between PE and CE:"
-#: ../../configexamples/index.rst:43
+#: ../../configexamples/index.rst:45
msgid "optional do an upgrade to a higher version and do step 3 again."
msgstr "optional do an upgrade to a higher version and do step 3 again."
@@ -2680,7 +2770,7 @@ msgstr "router2 (Random 1RU machine with 4 NICs)"
msgid "save the output to a file and import it in nearly all openvpn clients."
msgstr "save the output to a file and import it in nearly all openvpn clients."
-#: ../../configexamples/index.rst:45
+#: ../../configexamples/index.rst:47
msgid "shutdown and destroy the lab, if there is no error"
msgstr "shutdown and destroy the lab, if there is no error"
@@ -2700,6 +2790,22 @@ msgstr "switch2 (Nexus 10gb Switch)"
msgid "v6 pairs would be:"
msgstr "v6 pairs would be:"
+#: ../../configexamples/ansible.rst:34
+msgid "vyos10 - 192.0.2.108"
+msgstr "vyos10 - 192.0.2.108"
+
+#: ../../configexamples/ansible.rst:31
+msgid "vyos7 - 192.0.2.105"
+msgstr "vyos7 - 192.0.2.105"
+
+#: ../../configexamples/ansible.rst:32
+msgid "vyos8 - 192.0.2.106"
+msgstr "vyos8 - 192.0.2.106"
+
+#: ../../configexamples/ansible.rst:33
+msgid "vyos9 - 192.0.2.107"
+msgstr "vyos9 - 192.0.2.107"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:571
msgid "we are using \"source-address\" option cause we are not redistributing connected interfaces into BGP on the Core router hence there is no comeback route and ping will fail."
msgstr "we are using \"source-address\" option cause we are not redistributing connected interfaces into BGP on the Core router hence there is no comeback route and ping will fail."
diff --git a/docs/_locale/de/configuration.pot b/docs/_locale/de/configuration.pot
index df607936..cc30affb 100644
--- a/docs/_locale/de/configuration.pot
+++ b/docs/_locale/de/configuration.pot
@@ -40,6 +40,10 @@ msgstr "\"Managed address configuration\" flag"
msgid "\"Other configuration\" flag"
msgstr "\"Other configuration\" flag"
+#: ../../configuration/firewall/flowtables.rst:5
+msgid "###################ä############# Flowtables Firewall Configuration #################################"
+msgstr "###################ä############# Flowtables Firewall Configuration #################################"
+
#: ../../configuration/protocols/babel.rst:146
msgid "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves."
msgstr "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves."
@@ -100,11 +104,19 @@ msgstr "**Applies to:** Outbound traffic."
msgid "**Apply the traffic policy to an interface ingress or egress**."
msgstr "**Apply the traffic policy to an interface ingress or egress**."
+#: ../../configuration/firewall/index.rst:22
+msgid "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not."
+msgstr "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not."
+
+#: ../../configuration/firewall/index.rst:23
+msgid "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not."
+msgstr "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not."
+
#: ../../configuration/interfaces/tunnel.rst:137
msgid "**Cisco IOS Router:**"
msgstr "**Cisco IOS Router:**"
-#: ../../configuration/service/pppoe-server.rst:69
+#: ../../configuration/service/pppoe-server.rst:66
msgid "**Client IP address via IP range definition**"
msgstr "**Client IP address via IP range definition**"
@@ -116,56 +128,49 @@ msgstr "**Client IP subnets via CIDR notation**"
msgid "**Cluster-List length check**"
msgstr "**Cluster-List length check**"
+#: ../../configuration/firewall/index.rst:35
+msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``."
+msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``."
+
#: ../../configuration/trafficpolicy/index.rst:30
msgid "**Create a traffic policy**."
msgstr "**Create a traffic policy**."
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-vlan-8021ad.txt:121
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-vlan-8021ad.txt:121
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-vlan-8021ad.txt:121
#: ../../configuration/interfaces/wwan.rst:53
+#: ../../_include/interface-common-with-dhcp.txt:9
+#: ../../_include/interface-vlan-8021ad.txt:121
+#: ../../_include/interface-vlan-8021q.txt:97
msgid "**DHCP(v6)**"
msgstr "**DHCP(v6)**"
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
msgid "**DHCPv6 Prefix Delegation (PD)**"
msgstr "**DHCPv6 Prefix Delegation (PD)**"
+#: ../../configuration/firewall/index.rst:41
+msgid "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``."
+msgstr "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``."
+
+#: ../../configuration/firewall/index.rst:43
+msgid "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+msgstr "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+
+#: ../../configuration/firewall/index.rst:44
+msgid "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+msgstr "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+
+#: ../../configuration/firewall/bridge.rst:9
+#: ../../configuration/firewall/flowtables.rst:9
+msgid "**Documentation under development**"
+msgstr "**Documentation under development**"
+
#: ../../configuration/trafficpolicy/index.rst:169
msgid "**Ethernet (protocol, destination address or source address)**"
msgstr "**Ethernet (protocol, destination address or source address)**"
-#: ../../configuration/service/dhcp-server.rst:235
-#: ../../configuration/service/dhcp-server.rst:657
-#: ../../configuration/service/dhcp-server.rst:694
+#: ../../configuration/service/dhcp-server.rst:200
+#: ../../configuration/service/dhcp-server.rst:587
+#: ../../configuration/service/dhcp-server.rst:626
msgid "**Example:**"
msgstr "**Example:**"
@@ -177,10 +182,30 @@ msgstr "**External check**"
msgid "**Firewall mark**"
msgstr "**Firewall mark**"
-#: ../../configuration/firewall/index.rst:41
+#: ../../configuration/firewall/flowtables.rst:51
+msgid "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html"
+msgstr "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html"
+
+#: ../../configuration/firewall/index.rst:152
msgid "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks `_"
msgstr "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks `_"
+#: ../../configuration/firewall/index.rst:58
+msgid "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:"
+
+#: ../../configuration/firewall/index.rst:86
+msgid "**Forward (Bridge)**: stage where traffic that is trasspasing through the bridge is filtered and controlled:"
+msgstr "**Forward (Bridge)**: stage where traffic that is trasspasing through the bridge is filtered and controlled:"
+
+#: ../../configuration/firewall/index.rst:87
+msgid "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:"
+msgstr "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:"
+
+#: ../../configuration/firewall/flowtables.rst:83
+msgid "**Hardware offload:** should be supported by the NICs used."
+msgstr "**Hardware offload:** should be supported by the NICs used."
+
#: ../../configuration/protocols/bgp.rst:94
msgid "**IGP cost check**"
msgstr "**IGP cost check**"
@@ -205,6 +230,17 @@ msgstr "**Important note:** This documentation is valid only for VyOS Sagitta pr
msgid "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm"
msgstr "**Wichtiger Hinweis: ** Diese Dokumentation ist nur für VyOS Sagitta vor 1.4-Rolling-YYYYMMDDHHMM gültig"
+#: ../../configuration/firewall/ipv4.rst:60
+#: ../../configuration/firewall/ipv6.rst:60
+msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**"
+msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**"
+
+#: ../../configuration/firewall/bridge.rst:143
+#: ../../configuration/firewall/ipv4.rst:190
+#: ../../configuration/firewall/ipv6.rst:190
+msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**."
+msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**."
+
#: ../../configuration/firewall/general.rst:72
msgid "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **accept** for that chain. Only for custom chains, the default action is set to **drop**."
msgstr "**Wichtiger Hinweis zu Standardaktionen: ** Wenn die Standardaktion für eine Kette nicht definiert ist, ist die Standardaktion für diese Kette auf ** accept** gesetzt. Nur für benutzerdefinierte Ketten ist die Standardaktion auf **drop** gesetzt."
@@ -221,23 +257,35 @@ msgstr "**Important note on usage of terms:** The firewall makes use of the term
msgid "**Important note on usage of terms:** The firewall makes use of the terms `in`, `out`, and `local` for firewall policy. Users experienced with netfilter often confuse `in` to be a reference to the `INPUT` chain, and `out` the `OUTPUT` chain from netfilter. This is not the case. These instead indicate the use of the `FORWARD` chain and either the input or output interface. The `INPUT` chain, which is used for local traffic to the OS, is a reference to as `local` with respect to its input interface."
msgstr "**Important note on usage of terms:** The firewall makes use of the terms `in`, `out`, and `local` for firewall policy. Users experienced with netfilter often confuse `in` to be a reference to the `INPUT` chain, and `out` the `OUTPUT` chain from netfilter. This is not the case. These instead indicate the use of the `FORWARD` chain and either the input or output interface. The `INPUT` chain, which is used for local traffic to the OS, is a reference to as `local` with respect to its input interface."
+#: ../../configuration/firewall/index.rst:48
+msgid "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+
+#: ../../configuration/firewall/index.rst:49
+msgid "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+
#: ../../configuration/trafficpolicy/index.rst:170
msgid "**Interface name**"
msgstr "**Interface name**"
-#: ../../configuration/vpn/site2site_ipsec.rst:299
+#: ../../configuration/vpn/site2site_ipsec.rst:303
msgid "**LEFT**"
msgstr "**LEFT**"
-#: ../../configuration/vpn/site2site_ipsec.rst:283
+#: ../../configuration/vpn/site2site_ipsec.rst:287
msgid "**LEFT:** * WAN interface on `eth0.201` * `eth0.201` interface IP: `172.18.201.10/24` * `vti10` interface IP: `10.0.0.2/31` * `dum0` interface IP: `10.0.11.1/24` (for testing purposes)"
msgstr "**LEFT:** * WAN interface on `eth0.201` * `eth0.201` interface IP: `172.18.201.10/24` * `vti10` interface IP: `10.0.0.2/31` * `dum0` interface IP: `10.0.11.1/24` (for testing purposes)"
-#: ../../configuration/interfaces/vxlan.rst:214
+#: ../../configuration/firewall/bridge.rst:48
+msgid "**Layer 3 bridge**: When an IP address is assigned to the bridge interface, and if traffic is sent to the router to this IP (for example using such IP as default gateway), then rules defined for **bridge firewall** won't match, and firewall analysis continues at **IP layer**."
+msgstr "**Layer 3 bridge**: When an IP address is assigned to the bridge interface, and if traffic is sent to the router to this IP (for example using such IP as default gateway), then rules defined for **bridge firewall** won't match, and firewall analysis continues at **IP layer**."
+
+#: ../../configuration/interfaces/vxlan.rst:235
msgid "**Leaf2 configuration:**"
msgstr "**Leaf2 configuration:**"
-#: ../../configuration/interfaces/vxlan.rst:239
+#: ../../configuration/interfaces/vxlan.rst:260
msgid "**Leaf3 configuration:**"
msgstr "**Leaf3 configuration:**"
@@ -261,33 +309,33 @@ msgstr "**MED check**"
msgid "**Multi-path check**"
msgstr "**Multi-path check**"
-#: ../../configuration/protocols/bgp.rst:1192
+#: ../../configuration/protocols/bgp.rst:1193
msgid "**Node1:**"
msgstr "**Node1:**"
-#: ../../configuration/protocols/bgp.rst:1220
+#: ../../configuration/protocols/bgp.rst:1221
msgid "**Node2:**"
msgstr "**Node2:**"
#: ../../configuration/protocols/ospf.rst:840
#: ../../configuration/protocols/ospf.rst:913
#: ../../configuration/protocols/ospf.rst:985
-#: ../../configuration/protocols/ospf.rst:1348
+#: ../../configuration/protocols/ospf.rst:1350
#: ../../configuration/protocols/segment-routing.rst:281
msgid "**Node 1**"
msgstr "**Node 1**"
#: ../../configuration/protocols/babel.rst:192
-#: ../../configuration/protocols/bgp.rst:1102
-#: ../../configuration/protocols/bgp.rst:1129
-#: ../../configuration/protocols/bgp.rst:1147
-#: ../../configuration/protocols/bgp.rst:1175
-#: ../../configuration/protocols/isis.rst:313
-#: ../../configuration/protocols/isis.rst:388
-#: ../../configuration/protocols/isis.rst:429
-#: ../../configuration/protocols/isis.rst:467
+#: ../../configuration/protocols/bgp.rst:1103
+#: ../../configuration/protocols/bgp.rst:1130
+#: ../../configuration/protocols/bgp.rst:1148
+#: ../../configuration/protocols/bgp.rst:1176
+#: ../../configuration/protocols/isis.rst:341
+#: ../../configuration/protocols/isis.rst:416
+#: ../../configuration/protocols/isis.rst:457
+#: ../../configuration/protocols/isis.rst:495
#: ../../configuration/protocols/ospf.rst:948
-#: ../../configuration/protocols/ospf.rst:1318
+#: ../../configuration/protocols/ospf.rst:1320
#: ../../configuration/protocols/rip.rst:243
#: ../../configuration/protocols/segment-routing.rst:195
msgid "**Node 1:**"
@@ -296,20 +344,20 @@ msgstr "**Node 1:**"
#: ../../configuration/protocols/ospf.rst:850
#: ../../configuration/protocols/ospf.rst:930
#: ../../configuration/protocols/ospf.rst:1001
-#: ../../configuration/protocols/ospf.rst:1363
+#: ../../configuration/protocols/ospf.rst:1365
#: ../../configuration/protocols/segment-routing.rst:296
msgid "**Node 2**"
msgstr "**Node 2**"
#: ../../configuration/protocols/babel.rst:202
-#: ../../configuration/protocols/bgp.rst:1113
-#: ../../configuration/protocols/bgp.rst:1135
-#: ../../configuration/protocols/bgp.rst:1159
-#: ../../configuration/protocols/bgp.rst:1181
-#: ../../configuration/protocols/isis.rst:324
-#: ../../configuration/protocols/isis.rst:404
-#: ../../configuration/protocols/isis.rst:483
-#: ../../configuration/protocols/ospf.rst:1327
+#: ../../configuration/protocols/bgp.rst:1114
+#: ../../configuration/protocols/bgp.rst:1136
+#: ../../configuration/protocols/bgp.rst:1160
+#: ../../configuration/protocols/bgp.rst:1182
+#: ../../configuration/protocols/isis.rst:352
+#: ../../configuration/protocols/isis.rst:432
+#: ../../configuration/protocols/isis.rst:511
+#: ../../configuration/protocols/ospf.rst:1329
#: ../../configuration/protocols/rip.rst:251
#: ../../configuration/protocols/segment-routing.rst:211
msgid "**Node 2:**"
@@ -331,15 +379,39 @@ msgstr "**One gateway:**"
msgid "**Origin check**"
msgstr "**Origin check**"
+#: ../../configuration/firewall/index.rst:64
+msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+
+#: ../../configuration/firewall/index.rst:65
+msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+
#: ../../configuration/protocols/bgp.rst:125
msgid "**Peer address**"
msgstr "**Peer address**"
+#: ../../configuration/firewall/index.rst:38
+msgid "**Policy Route**: rules defined under ``set policy [route | route6] ...``."
+msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...``."
+
#: ../../configuration/policy/examples.rst:5
msgid "**Policy definition:**"
msgstr "**Policy definition:**"
-#: ../../configuration/service/dhcp-server.rst:450
+#: ../../configuration/firewall/index.rst:76
+msgid "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:"
+msgstr "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:"
+
+#: ../../configuration/firewall/index.rst:29
+msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:"
+msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:"
+
+#: ../../configuration/firewall/index.rst:28
+msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:"
+msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:"
+
+#: ../../configuration/service/dhcp-server.rst:391
msgid "**Primary**"
msgstr "**Primary**"
@@ -401,19 +473,19 @@ msgstr "**R2**"
msgid "**R2 Static Key**"
msgstr "**R2 Static Key**"
-#: ../../configuration/service/pppoe-server.rst:104
+#: ../../configuration/service/pppoe-server.rst:91
msgid "**RADIUS based IP pools (Framed-IP-Address)**"
msgstr "**RADIUS based IP pools (Framed-IP-Address)**"
-#: ../../configuration/service/pppoe-server.rst:128
+#: ../../configuration/service/pppoe-server.rst:115
msgid "**RADIUS sessions management DM/CoA**"
msgstr "**RADIUS sessions management DM/CoA**"
-#: ../../configuration/vpn/site2site_ipsec.rst:335
+#: ../../configuration/vpn/site2site_ipsec.rst:343
msgid "**RIGHT**"
msgstr "**RIGHT**"
-#: ../../configuration/vpn/site2site_ipsec.rst:289
+#: ../../configuration/vpn/site2site_ipsec.rst:293
msgid "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172.18.202.10/24` * `vti10` interface IP: `10.0.0.3/31` * `dum0` interface IP: `10.0.12.1/24` (for testing purposes)"
msgstr "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172.18.202.10/24` * `vti10` interface IP: `10.0.0.3/31` * `dum0` interface IP: `10.0.12.1/24` (for testing purposes)"
@@ -421,15 +493,15 @@ msgstr "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172
msgid "**Router-ID check**"
msgstr "**Router-ID check**"
-#: ../../configuration/protocols/igmp.rst:46
+#: ../../configuration/protocols/pim.rst:228
msgid "**Router 1**"
msgstr "**Router 1**"
-#: ../../configuration/protocols/igmp.rst:74
+#: ../../configuration/protocols/pim.rst:256
msgid "**Router 2**"
msgstr "**Router 2**"
-#: ../../configuration/protocols/igmp.rst:59
+#: ../../configuration/protocols/pim.rst:241
msgid "**Router 3**"
msgstr "**Router 3**"
@@ -449,7 +521,7 @@ msgstr "**SW1**"
msgid "**SW2**"
msgstr "**SW2**"
-#: ../../configuration/service/dhcp-server.rst:459
+#: ../../configuration/service/dhcp-server.rst:400
msgid "**Secondary**"
msgstr "**Secondary**"
@@ -461,15 +533,19 @@ msgstr "**Setting up IPSec**"
msgid "**Setting up the GRE tunnel**"
msgstr "**Setting up the GRE tunnel**"
-#: ../../configuration/interfaces/vxlan.rst:191
+#: ../../configuration/firewall/index.rst:80
+msgid "**Source NAT**: rules defined under ``set [nat | nat66] destination...``."
+msgstr "**Source NAT**: rules defined under ``set [nat | nat66] destination...``."
+
+#: ../../configuration/interfaces/vxlan.rst:212
msgid "**Spine1 Configuration:**"
msgstr "**Spine1 Configuration:**"
-#: ../../configuration/protocols/ospf.rst:1378
+#: ../../configuration/protocols/ospf.rst:1380
msgid "**Status**"
msgstr "**Status**"
-#: ../../configuration/protocols/ospf.rst:1336
+#: ../../configuration/protocols/ospf.rst:1338
msgid "**To see the redistributed routes:**"
msgstr "**To see the redistributed routes:**"
@@ -490,48 +566,12 @@ msgstr "**VyOS Router:**"
msgid "**Weight check**"
msgstr "**Weight check**"
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
+#: ../../_include/interface-dhcp-options.txt:74
msgid "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24"
msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24"
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
#: ../../_include/interface-address-with-dhcp.txt:7
#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
msgid "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64"
msgstr "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64"
@@ -579,50 +619,18 @@ msgstr "**default** – this area will be used for shortcutting only if ABR doe
msgid "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces."
msgstr "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces."
-#: ../../configuration/vpn/sstp.rst:188
+#: ../../configuration/vpn/sstp.rst:199
msgid "**deny** - deny mppe"
msgstr "**deny** - deny mppe"
-#: ../../configuration/nat/nat44.rst:201
+#: ../../configuration/nat/nat44.rst:213
msgid "**destination** - specify which packets the translation will be applied to, only based on the destination address and/or port number configured."
msgstr "**destination** - specify which packets the translation will be applied to, only based on the destination address and/or port number configured."
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
#: ../../_include/interface-address-with-dhcp.txt:9
msgid "**dhcp** interface address is received by DHCP from a DHCP server on this segment."
msgstr "**dhcp** interface address is received by DHCP from a DHCP server on this segment."
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
#: ../../_include/interface-address-with-dhcp.txt:11
msgid "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment."
msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment."
@@ -631,7 +639,7 @@ msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server
msgid "**discard:** Received packets which already contain relay information will be discarded."
msgstr "**discard:** Received packets which already contain relay information will be discarded."
-#: ../../configuration/protocols/igmp.rst:195
+#: ../../configuration/protocols/igmp-proxy.rst:23
msgid "**downstream:** Downstream network interfaces are the distribution interfaces to the destination networks, where multicast clients can join groups and receive multicast data. One or more downstream interfaces must be configured."
msgstr "**downstream:** Downstream network interfaces are the distribution interfaces to the destination networks, where multicast clients can join groups and receive multicast data. One or more downstream interfaces must be configured."
@@ -643,7 +651,7 @@ msgstr "**exporter**: aggregates packets into flows and exports flow records tow
msgid "**firewall all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
msgstr "**firewall all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
-#: ../../configuration/firewall/general.rst:99
+#: ../../configuration/firewall/global-options.rst:36
msgid "**firewall global-options all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
msgstr "**firewall global-options all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
@@ -655,6 +663,10 @@ msgstr "**forward:** All packets are forwarded, relay information already presen
msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to."
msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to."
+#: ../../configuration/nat/nat44.rst:165
+msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+
#: ../../configuration/interfaces/bonding.rst:161
msgid "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is"
msgstr "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is"
@@ -739,7 +751,11 @@ msgstr "**on-failure**: Restart containers when they exit with a non-zero exit c
msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to."
msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to."
-#: ../../configuration/vpn/sstp.rst:187
+#: ../../configuration/nat/nat44.rst:149
+msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+
+#: ../../configuration/vpn/sstp.rst:198
msgid "**prefer** - ask client for mppe, if it rejects don't fail"
msgstr "**prefer** - ask client for mppe, if it rejects don't fail"
@@ -751,7 +767,7 @@ msgstr "**process** When dnssec is set to process the behavior is similar to pro
msgid "**process-no-validate** In this mode the recursor acts as a \"security aware, non-validating\" nameserver, meaning it will set the DO-bit on outgoing queries and will provide DNSSEC related RRsets (NSEC, RRSIG) to clients that ask for them (by means of a DO-bit in the query), except for zones provided through the auth-zones setting. It will not do any validation in this mode, not even when requested by the client."
msgstr "**process-no-validate** In this mode the recursor acts as a \"security aware, non-validating\" nameserver, meaning it will set the DO-bit on outgoing queries and will provide DNSSEC related RRsets (NSEC, RRSIG) to clients that ask for them (by means of a DO-bit in the query), except for zones provided through the auth-zones setting. It will not do any validation in this mode, not even when requested by the client."
-#: ../../configuration/nat/nat44.rst:169
+#: ../../configuration/nat/nat44.rst:181
msgid "**protocol** - specify which types of protocols this translation rule applies to. Only packets matching the specified protocol are NATed. By default this applies to `all` protocols."
msgstr "**protocol** - specify which types of protocols this translation rule applies to. Only packets matching the specified protocol are NATed. By default this applies to `all` protocols."
@@ -767,7 +783,7 @@ msgstr "**remote side - commands**"
msgid "**replace:** Relay information already present in a packet is stripped and replaced with the router's own relay information set."
msgstr "**replace:** Relay information already present in a packet is stripped and replaced with the router's own relay information set."
-#: ../../configuration/vpn/sstp.rst:186
+#: ../../configuration/vpn/sstp.rst:197
msgid "**require** - ask client for mppe, if it rejects drop connection"
msgstr "**require** - ask client for mppe, if it rejects drop connection"
@@ -779,7 +795,7 @@ msgstr "**right**"
msgid "**setpcap**: Capability sets (from bounded or inherited set)"
msgstr "**setpcap**: Capability sets (from bounded or inherited set)"
-#: ../../configuration/nat/nat44.rst:183
+#: ../../configuration/nat/nat44.rst:195
msgid "**source** - specifies which packets the NAT translation rule applies to based on the packets source IP address and/or source port. Only matching packets are considered for NAT."
msgstr "**source** - specifies which packets the NAT translation rule applies to based on the packets source IP address and/or source port. Only matching packets are considered for NAT."
@@ -795,7 +811,7 @@ msgstr "**sys-time**: Permission to set system clock"
msgid "**transition** - Send and accept both styles of TLVs during transition."
msgstr "**transition** - Send and accept both styles of TLVs during transition."
-#: ../../configuration/protocols/igmp.rst:191
+#: ../../configuration/protocols/igmp-proxy.rst:19
msgid "**upstream:** The upstream network interface is the outgoing interface which is responsible for communicating to available multicast data sources. There can only be one upstream interface."
msgstr "**upstream:** The upstream network interface is the outgoing interface which is responsible for communicating to available multicast data sources. There can only be one upstream interface."
@@ -859,25 +875,6 @@ msgstr "011100"
msgid "011110"
msgstr "011110"
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
#: ../../_include/interface-ipv6.txt:79
msgid "0: Disable DAD"
msgstr "0: Disable DAD"
@@ -890,7 +887,7 @@ msgstr "0 if not defined, which means no refreshing."
msgid "0 if not defined."
msgstr "0 if not defined."
-#: ../../configuration/service/dhcp-server.rst:270
+#: ../../configuration/service/dhcp-server.rst:237
#: ../../configuration/system/syslog.rst:114
#: ../../configuration/system/syslog.rst:173
#: ../../configuration/trafficpolicy/index.rst:801
@@ -898,7 +895,7 @@ msgstr "0 if not defined."
msgid "1"
msgstr "1"
-#: ../../configuration/nat/nat44.rst:588
+#: ../../configuration/nat/nat44.rst:612
msgid "1-to-1 NAT"
msgstr "1-to-1 NAT"
@@ -953,7 +950,7 @@ msgstr "10 - 10 MBit/s"
msgid "11"
msgstr "11"
-#: ../../configuration/service/dhcp-server.rst:352
+#: ../../configuration/service/dhcp-server.rst:319
msgid "119"
msgstr "119"
@@ -963,11 +960,11 @@ msgstr "119"
msgid "12"
msgstr "12"
-#: ../../configuration/service/dhcp-server.rst:357
+#: ../../configuration/service/dhcp-server.rst:324
msgid "121, 249"
msgstr "121, 249"
-#: ../../configuration/service/dhcp-server.rst:337
+#: ../../configuration/service/dhcp-server.rst:304
#: ../../configuration/system/syslog.rst:138
#: ../../configuration/trafficpolicy/index.rst:870
msgid "13"
@@ -979,7 +976,7 @@ msgstr "13"
msgid "14"
msgstr "14"
-#: ../../configuration/service/dhcp-server.rst:297
+#: ../../configuration/service/dhcp-server.rst:264
#: ../../configuration/system/syslog.rst:142
#: ../../configuration/trafficpolicy/index.rst:866
msgid "15"
@@ -1003,7 +1000,7 @@ msgstr "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)"
msgid "18"
msgstr "18"
-#: ../../configuration/service/dhcp-server.rst:302
+#: ../../configuration/service/dhcp-server.rst:269
#: ../../configuration/system/syslog.rst:150
msgid "19"
msgstr "19"
@@ -1016,25 +1013,10 @@ msgstr "192.168.0.0 to 192.168.255.255 (CIDR: 192.168.0.0/16)"
msgid "1. Create an event handler"
msgstr "1. Create an event handler"
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
+#: ../../configuration/firewall/flowtables.rst:144
+msgid "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1."
+msgstr "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1."
+
#: ../../_include/interface-ipv6.txt:80
msgid "1: Enable DAD (default)"
msgstr "1: Enable DAD (default)"
@@ -1043,7 +1025,7 @@ msgstr "1: Enable DAD (default)"
msgid "1 if not defined."
msgstr "1 if not defined."
-#: ../../configuration/service/dhcp-server.rst:276
+#: ../../configuration/service/dhcp-server.rst:243
#: ../../configuration/system/syslog.rst:116
#: ../../configuration/system/syslog.rst:178
#: ../../configuration/trafficpolicy/index.rst:799
@@ -1077,7 +1059,7 @@ msgstr "25000 - 25 GBit/s"
msgid "2500 - 2.5 GBit/s"
msgstr "2500 - 2.5 GBit/s"
-#: ../../configuration/service/dhcp-server.rst:362
+#: ../../configuration/service/dhcp-server.rst:329
msgid "252"
msgstr "252"
@@ -1097,30 +1079,15 @@ msgstr "2FA OTP support"
msgid "2. Add regex to the script"
msgstr "2. Add regex to the script"
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
+#: ../../configuration/firewall/flowtables.rst:148
+msgid "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid."
+msgstr "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid."
+
#: ../../_include/interface-ipv6.txt:81
msgid "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found."
msgstr "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found."
-#: ../../configuration/service/dhcp-server.rst:282
+#: ../../configuration/service/dhcp-server.rst:249
#: ../../configuration/system/syslog.rst:118
#: ../../configuration/system/syslog.rst:181
#: ../../configuration/trafficpolicy/index.rst:797
@@ -1148,7 +1115,7 @@ msgstr "38"
msgid "3. Add a full path to the script"
msgstr "3. Add a full path to the script"
-#: ../../configuration/service/dhcp-server.rst:287
+#: ../../configuration/service/dhcp-server.rst:254
#: ../../configuration/system/syslog.rst:120
#: ../../configuration/system/syslog.rst:183
#: ../../configuration/trafficpolicy/index.rst:795
@@ -1164,11 +1131,11 @@ msgstr "40000 - 40 GBit/s"
msgid "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel."
msgstr "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel."
-#: ../../configuration/service/dhcp-server.rst:307
+#: ../../configuration/service/dhcp-server.rst:274
msgid "42"
msgstr "42"
-#: ../../configuration/service/dhcp-server.rst:312
+#: ../../configuration/service/dhcp-server.rst:279
msgid "44"
msgstr "44"
@@ -1180,6 +1147,10 @@ msgstr "46"
msgid "4. Add optional parameters"
msgstr "4. Add optional parameters"
+#: ../../configuration/firewall/flowtables.rst:153
+msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10."
+msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10."
+
#: ../../configuration/system/syslog.rst:122
#: ../../configuration/system/syslog.rst:185
#: ../../configuration/trafficpolicy/index.rst:793
@@ -1195,16 +1166,20 @@ msgstr "50000 - 50 GBit/s"
msgid "5000 - 5 GBit/s"
msgstr "5000 - 5 GBit/s"
-#: ../../configuration/service/dhcp-server.rst:317
+#: ../../configuration/service/dhcp-server.rst:284
msgid "54"
msgstr "54"
+#: ../../configuration/firewall/flowtables.rst:157
+msgid "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection."
+msgstr "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection."
+
#: ../../configuration/highavailability/index.rst:257
#: ../../configuration/highavailability/index.rst:288
msgid "5 if not defined."
msgstr "5 if not defined."
-#: ../../configuration/service/dhcp-server.rst:292
+#: ../../configuration/service/dhcp-server.rst:259
#: ../../configuration/system/syslog.rst:124
#: ../../configuration/system/syslog.rst:189
#: ../../configuration/trafficpolicy/index.rst:791
@@ -1212,7 +1187,7 @@ msgstr "5 if not defined."
msgid "6"
msgstr "6"
-#: ../../configuration/service/dhcp-server.rst:327
+#: ../../configuration/service/dhcp-server.rst:294
msgid "66"
msgstr "66"
@@ -1220,14 +1195,18 @@ msgstr "66"
msgid "66% of traffic is routed to eth0, eth1 gets 33% of traffic."
msgstr "66% of traffic is routed to eth0, eth1 gets 33% of traffic."
-#: ../../configuration/service/dhcp-server.rst:332
+#: ../../configuration/service/dhcp-server.rst:299
msgid "67"
msgstr "67"
-#: ../../configuration/service/dhcp-server.rst:342
+#: ../../configuration/service/dhcp-server.rst:309
msgid "69"
msgstr "69"
+#: ../../configuration/firewall/flowtables.rst:161
+msgid "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**."
+msgstr "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**."
+
#: ../../configuration/interfaces/tunnel.rst:81
msgid "6in4 (SIT)"
msgstr "6in4 (SIT)"
@@ -1243,7 +1222,7 @@ msgstr "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defin
msgid "7"
msgstr "7"
-#: ../../configuration/service/dhcp-server.rst:347
+#: ../../configuration/service/dhcp-server.rst:314
msgid "70"
msgstr "70"
@@ -1251,11 +1230,6 @@ msgstr "70"
msgid "8"
msgstr "8"
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
#: ../../_include/interface-vlan-8021q.txt:21
msgid "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``."
msgstr "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``."
@@ -1325,22 +1299,31 @@ msgstr "-: IP range to match."
msgid ": IP address to match."
msgstr ": IP address to match."
+#: ../../configuration/pki/index.rst:252
+msgid "ACME"
+msgstr "ACME"
+
+#: ../../configuration/pki/index.rst:281
+msgid "ACME Directory Resource URI."
+msgstr "ACME Directory Resource URI."
+
+#: ../../configuration/service/https.rst:59
+msgid "API"
+msgstr "API"
+
#: ../../configuration/protocols/static.rst:150
msgid "ARP"
msgstr "ARP"
-#: ../../configuration/firewall/general.rst:302
-#: ../../configuration/firewall/general-legacy.rst:257
+#: ../../configuration/firewall/groups.rst:129
msgid "A **domain group** represents a collection of domains."
msgstr "A **domain group** represents a collection of domains."
-#: ../../configuration/firewall/general.rst:284
-#: ../../configuration/firewall/general-legacy.rst:242
+#: ../../configuration/firewall/groups.rst:111
msgid "A **mac group** represents a collection of mac addresses."
msgstr "A **mac group** represents a collection of mac addresses."
-#: ../../configuration/firewall/general.rst:259
-#: ../../configuration/firewall/general-legacy.rst:217
+#: ../../configuration/firewall/groups.rst:86
msgid "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`."
msgstr "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`."
@@ -1368,7 +1351,7 @@ msgstr "A GRE tunnel operates at layer 3 of the OSI model and is represented by
msgid "A Rule-Set can be applied to every interface:"
msgstr "A Rule-Set can be applied to every interface:"
-#: ../../configuration/service/dhcp-server.rst:631
+#: ../../configuration/service/dhcp-server.rst:561
msgid "A SNTP server address can be specified for DHCPv6 clients."
msgstr "A SNTP server address can be specified for DHCPv6 clients."
@@ -1380,11 +1363,11 @@ msgstr "A VRF device is created with an associated route table. Network interfac
msgid "A VyOS GRE tunnel can carry both IPv4 and IPv6 traffic and can also be created over either IPv4 (gre) or IPv6 (ip6gre)."
msgstr "A VyOS GRE tunnel can carry both IPv4 and IPv6 traffic and can also be created over either IPv4 (gre) or IPv6 (ip6gre)."
-#: ../../configuration/service/dns.rst:149
+#: ../../configuration/service/dns.rst:162
msgid "A VyOS router with two interfaces - eth0 (WAN) and eth1 (LAN) - is required to implement a split-horizon DNS configuration for example.com."
msgstr "A VyOS router with two interfaces - eth0 (WAN) and eth1 (LAN) - is required to implement a split-horizon DNS configuration for example.com."
-#: ../../configuration/service/dhcp-server.rst:603
+#: ../../configuration/service/dhcp-server.rst:533
msgid "A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients."
msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients."
@@ -1392,7 +1375,7 @@ msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used
msgid "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well."
msgstr "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well."
-#: ../../configuration/firewall/zone.rst:54
+#: ../../configuration/firewall/zone.rst:73
msgid "A basic introduction to zone-based firewalls can be found `here `_, and an example at :ref:`examples-zone-policy`."
msgstr "A basic introduction to zone-based firewalls can be found `here `_, and an example at :ref:`examples-zone-policy`."
@@ -1413,7 +1396,7 @@ msgstr "A common example is the case of some policies which, in order to be effe
msgid "A complete LDAP auth OpenVPN configuration could look like the following example:"
msgstr "A complete LDAP auth OpenVPN configuration could look like the following example:"
-#: ../../configuration/vpn/sstp.rst:323
+#: ../../configuration/vpn/sstp.rst:335
msgid "A connection attempt will be shown as:"
msgstr "A connection attempt will be shown as:"
@@ -1433,7 +1416,7 @@ msgstr "A disabled group will be removed from the VRRP process and your router w
msgid "A domain name is the label (name) assigned to a computer network and is thus unique. VyOS appends the domain name as a suffix to any unqualified name. For example, if you set the domain name `example.com`, and you would ping the unqualified name of `crux`, then VyOS qualifies the name to `crux.example.com`."
msgstr "A domain name is the label (name) assigned to a computer network and is thus unique. VyOS appends the domain name as a suffix to any unqualified name. For example, if you set the domain name `example.com`, and you would ping the unqualified name of `crux`, then VyOS qualifies the name to `crux.example.com`."
-#: ../../configuration/nat/nat44.rst:685
+#: ../../configuration/nat/nat44.rst:709
msgid "A dummy interface for the provider-assigned IP;"
msgstr "A dummy interface for the provider-assigned IP;"
@@ -1445,7 +1428,7 @@ msgstr "A firewall mark ``fwmark`` allows using multiple ports for high-availabi
msgid "A full example of a Tunnelbroker.net config can be found at :ref:`here `."
msgstr "A full example of a Tunnelbroker.net config can be found at :ref:`here `."
-#: ../../configuration/service/dhcp-server.rst:187
+#: ../../configuration/service/dhcp-server.rst:152
msgid "A generic `` referencing this sync service."
msgstr "A generic `` referencing this sync service."
@@ -1489,6 +1472,10 @@ msgstr "A new interface becomes present ``Port-channel1``, all configuration lik
msgid "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:"
msgstr "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:"
+#: ../../configuration/firewall/flowtables.rst:44
+msgid "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path."
+msgstr "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path."
+
#: ../../configuration/protocols/bgp.rst:698
msgid "A penalty of 1000 is assessed each time the route fails. When the penalties reach a predefined threshold (suppress-value), the router stops advertising the route."
msgstr "A penalty of 1000 is assessed each time the route fails. When the penalties reach a predefined threshold (suppress-value), the router stops advertising the route."
@@ -1497,12 +1484,12 @@ msgstr "A penalty of 1000 is assessed each time the route fails. When the penalt
msgid "A physical interface is required to connect this MACsec instance to. Traffic leaving this interface will now be authenticated/encrypted."
msgstr "A physical interface is required to connect this MACsec instance to. Traffic leaving this interface will now be authenticated/encrypted."
-#: ../../configuration/nat/nat44.rst:360
+#: ../../configuration/nat/nat44.rst:374
msgid "A pool of addresses can be defined by using a hyphen between two IP addresses:"
msgstr "A pool of addresses can be defined by using a hyphen between two IP addresses:"
-#: ../../configuration/firewall/general.rst:761
-#: ../../configuration/firewall/general-legacy.rst:506
+#: ../../configuration/firewall/ipv4.rst:485
+#: ../../configuration/firewall/ipv6.rst:491
msgid "A port can be set with a port number or a name which is here defined: ``/etc/services``."
msgstr "A port can be set with a port number or a name which is here defined: ``/etc/services``."
@@ -1535,24 +1522,15 @@ msgstr "A script can be run when an interface state change occurs. Scripts are r
msgid "A segment ID that contains an IP address prefix calculated by an IGP in the service provider core network. Prefix SIDs are globally unique, this value indentify it"
msgstr "A segment ID that contains an IP address prefix calculated by an IGP in the service provider core network. Prefix SIDs are globally unique, this value indentify it"
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
#: ../../_include/interface-disable-flow-control.txt:11
msgid "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up."
msgstr "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up."
-#: ../../configuration/service/dhcp-server.rst:659
+#: ../../configuration/service/dhcp-server.rst:589
msgid "A shared network named ``NET1`` serves subnet ``2001:db8::/64``"
msgstr "A shared network named ``NET1`` serves subnet ``2001:db8::/64``"
-#: ../../configuration/protocols/bgp.rst:1145
+#: ../../configuration/protocols/bgp.rst:1146
msgid "A simple BGP configuration via IPv6."
msgstr "A simple BGP configuration via IPv6."
@@ -1560,7 +1538,7 @@ msgstr "A simple BGP configuration via IPv6."
msgid "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate."
msgstr "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate."
-#: ../../configuration/protocols/bgp.rst:1100
+#: ../../configuration/protocols/bgp.rst:1101
msgid "A simple eBGP configuration:"
msgstr "A simple eBGP configuration:"
@@ -1572,6 +1550,14 @@ msgstr "A simple example of Shaper using priorities."
msgid "A simple example of an FQ-CoDel policy working inside a Shaper one."
msgstr "A simple example of an FQ-CoDel policy working inside a Shaper one."
+#: ../../configuration/firewall/index.rst:14
+msgid "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take."
+msgstr "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take."
+
+#: ../../configuration/firewall/index.rst:14
+msgid "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take."
+msgstr "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take."
+
#: ../../configuration/nat/nat66.rst:28
msgid "A single internal network and external network. Use the NAT66 device to connect a single internal network and public network, and the hosts in the internal network use IPv6 address prefixes that only support routing within the local range. When a host in the internal network accesses the external network, the source IPv6 address prefix in the message will be converted into a global unicast IPv6 address prefix by the NAT66 device."
msgstr "A single internal network and external network. Use the NAT66 device to connect a single internal network and public network, and the hosts in the internal network use IPv6 address prefixes that only support routing within the local range. When a host in the internal network accesses the external network, the source IPv6 address prefix in the message will be converted into a global unicast IPv6 address prefix by the NAT66 device."
@@ -1584,11 +1570,11 @@ msgstr "A station acts as a Wi-Fi client accessing the network through an availa
msgid "A sync group allows VRRP groups to transition together."
msgstr "A sync group allows VRRP groups to transition together."
-#: ../../configuration/protocols/ospf.rst:1316
+#: ../../configuration/protocols/ospf.rst:1318
msgid "A typical configuration using 2 nodes."
msgstr "A typical configuration using 2 nodes."
-#: ../../configuration/nat/nat44.rst:400
+#: ../../configuration/nat/nat44.rst:414
msgid "A typical problem with using NAT and hosting public servers is the ability for internal systems to reach an internal server using it's external IP address. The solution to this is usually the use of split-DNS to correctly point host systems to the internal address when requests are made internally. Because many smaller networks lack DNS infrastructure, a work-around is commonly deployed to facilitate the traffic by NATing the request from internal hosts to the source address of the internal interface on the firewall."
msgstr "A typical problem with using NAT and hosting public servers is the ability for internal systems to reach an internal server using it's external IP address. The solution to this is usually the use of split-DNS to correctly point host systems to the internal address when requests are made internally. Because many smaller networks lack DNS infrastructure, a work-around is commonly deployed to facilitate the traffic by NATing the request from internal hosts to the source address of the internal interface on the firewall."
@@ -1612,11 +1598,11 @@ msgstr "A value of 296 works well on very slow links (40 bytes for TCP/IP header
msgid "A very small buffer will soon start dropping packets."
msgstr "A very small buffer will soon start dropping packets."
-#: ../../configuration/firewall/zone.rst:33
+#: ../../configuration/firewall/zone.rst:52
msgid "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone."
msgstr "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone."
-#: ../../configuration/service/dns.rst:384
+#: ../../configuration/service/dns.rst:397
msgid "Above, command syntax isn noted to configure dynamic dns on a specific interface. It is possible to overlook the additional address option, web, when completeing those commands. ddclient_ has another way to determine the WAN IP address, using a web-based url to determine the external IP. Each of the commands above will need to be modified to use 'web' as the 'interface' specified if this functionality is to be utilized."
msgstr "Above, command syntax isn noted to configure dynamic dns on a specific interface. It is possible to overlook the additional address option, web, when completeing those commands. ddclient_ has another way to determine the WAN IP address, using a web-based url to determine the external IP. Each of the commands above will need to be modified to use 'web' as the 'interface' specified if this functionality is to be utilized."
@@ -1652,12 +1638,14 @@ msgstr "Action must be taken immediately - A condition that should be corrected
msgid "Action which will be run once the ctrl-alt-del keystroke is received."
msgstr "Action which will be run once the ctrl-alt-del keystroke is received."
-#: ../../configuration/firewall/general.rst:327
+#: ../../configuration/firewall/bridge.rst:65
+#: ../../configuration/firewall/ipv4.rst:81
+#: ../../configuration/firewall/ipv6.rst:81
#: ../../configuration/policy/route.rst:238
msgid "Actions"
msgstr "Actions"
-#: ../../configuration/interfaces/openvpn.rst:431
+#: ../../configuration/interfaces/openvpn.rst:483
msgid "Active Directory"
msgstr "Active Directory"
@@ -1737,7 +1725,7 @@ msgstr "Add the private key portion of this certificate to the CLI. This should
msgid "Add the public CA certificate for the CA named `name` to the VyOS CLI."
msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI."
-#: ../../configuration/vpn/openconnect.rst:169
+#: ../../configuration/vpn/openconnect.rst:176
msgid "Adding a 2FA with an OTP-key"
msgstr "Adding a 2FA with an OTP-key"
@@ -1753,7 +1741,7 @@ msgstr "Additional option to run TFTP server in the :abbr:`VRF (Virtual Routing
msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side."
msgstr "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side."
-#: ../../configuration/nat/nat44.rst:738
+#: ../../configuration/nat/nat44.rst:760
msgid "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)"
msgstr "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)"
@@ -1765,7 +1753,7 @@ msgstr "Additionally you should keep in mind that this feature fundamentally dis
msgid "Address"
msgstr "Address"
-#: ../../configuration/nat/nat44.rst:219
+#: ../../configuration/nat/nat44.rst:231
msgid "Address Conversion"
msgstr "Address Conversion"
@@ -1773,20 +1761,19 @@ msgstr "Address Conversion"
msgid "Address Families"
msgstr "Address Families"
-#: ../../configuration/firewall/general.rst:192
-#: ../../configuration/firewall/general-legacy.rst:168
+#: ../../configuration/firewall/groups.rst:19
msgid "Address Groups"
msgstr "Address Groups"
-#: ../../configuration/service/dhcp-server.rst:662
+#: ../../configuration/service/dhcp-server.rst:592
msgid "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``."
msgstr "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``."
-#: ../../configuration/service/dhcp-server.rst:652
+#: ../../configuration/service/dhcp-server.rst:582
msgid "Address pools"
msgstr "Address pools"
-#: ../../configuration/service/https.rst:42
+#: ../../configuration/service/https.rst:33
msgid "Address to listen for HTTPS requests"
msgstr "Address to listen for HTTPS requests"
@@ -1798,7 +1785,7 @@ msgstr "Adds registry to list of unqualified-search-registries. By default, for
msgid "Administrative Distance"
msgstr "Administrative Distance"
-#: ../../configuration/nat/nat44.rst:289
+#: ../../configuration/nat/nat44.rst:301
msgid "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them."
msgstr "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them."
@@ -1818,7 +1805,7 @@ msgstr "Advertising a Prefix"
msgid "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:"
msgstr "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:"
-#: ../../configuration/vrf/index.rst:323
+#: ../../configuration/vrf/index.rst:325
msgid "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3."
msgstr "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3."
@@ -1846,7 +1833,7 @@ msgstr "Algorithm"
msgid "Aliases"
msgstr "Aliases"
-#: ../../configuration/service/dns.rst:154
+#: ../../configuration/service/dns.rst:167
msgid "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1"
msgstr "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1"
@@ -1874,7 +1861,7 @@ msgstr "All interfaces used for the DHCP relay must be configured. This includes
msgid "All items in a sync group should be similarly configured. If one VRRP group is set to a different preemption delay or priority, it would result in an endless transition loop."
msgstr "All items in a sync group should be similarly configured. If one VRRP group is set to a different preemption delay or priority, it would result in an endless transition loop."
-#: ../../configuration/service/dns.rst:156
+#: ../../configuration/service/dns.rst:169
msgid "All other DNS requests will be forwarded to a different set of DNS servers at 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff and 2001:db8::2:ffff"
msgstr "All other DNS requests will be forwarded to a different set of DNS servers at 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff and 2001:db8::2:ffff"
@@ -1882,6 +1869,10 @@ msgstr "All other DNS requests will be forwarded to a different set of DNS serve
msgid "All reply sizes are accepted by default."
msgstr "All reply sizes are accepted by default."
+#: ../../configuration/protocols/pim.rst:91
+msgid "All routers in the PIM network must agree on these values."
+msgstr "All routers in the PIM network must agree on these values."
+
#: ../../configuration/system/task-scheduler.rst:10
msgid "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration."
msgstr "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration."
@@ -1894,11 +1885,11 @@ msgstr "All these rules with OTC will help to detect and mitigate route leaks an
msgid "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS."
msgstr "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS."
-#: ../../configuration/firewall/zone.rst:36
+#: ../../configuration/firewall/zone.rst:55
msgid "All traffic between zones is affected by existing policies"
msgstr "All traffic between zones is affected by existing policies"
-#: ../../configuration/firewall/zone.rst:35
+#: ../../configuration/firewall/zone.rst:54
msgid "All traffic to and from an interface within a zone is permitted."
msgstr "All traffic to and from an interface within a zone is permitted."
@@ -1922,7 +1913,7 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy
msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces."
msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces."
-#: ../../configuration/service/dns.rst:346
+#: ../../configuration/service/dns.rst:359
msgid "Allow explicit IPv6 address for the interface."
msgstr "Allow explicit IPv6 address for the interface."
@@ -1930,15 +1921,24 @@ msgstr "Allow explicit IPv6 address for the interface."
msgid "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP."
msgstr "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP."
+#: ../../configuration/service/mdns.rst:43
+msgid "Allow listing additional custom domains to be browsed (in addition to the default ``local``) so that they can be reflected."
+msgstr "Allow listing additional custom domains to be browsed (in addition to the default ``local``) so that they can be reflected."
+
#: ../../configuration/protocols/bfd.rst:34
msgid "Allow this BFD peer to not be directly connected"
msgstr "Allow this BFD peer to not be directly connected"
-#: ../../configuration/firewall/general.rst:1137
#: ../../configuration/firewall/general-legacy.rst:694
msgid "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol."
msgstr "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol."
+#: ../../configuration/firewall/ipv4.rst:812
+#: ../../configuration/firewall/ipv6.rst:821
+#: ../../configuration/system/conntrack.rst:199
+msgid "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example."
+msgstr "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example."
+
#: ../../configuration/interfaces/bridge.rst:162
msgid "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen."
msgstr "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen."
@@ -1959,7 +1959,9 @@ msgstr "Allows you to configure the next-hop interface for an interface-based IP
msgid "Already learned known_hosts files of clients need an update as the public key will change."
msgstr "Already learned known_hosts files of clients need an update as the public key will change."
-#: ../../configuration/firewall/general.rst:377
+#: ../../configuration/firewall/bridge.rst:123
+#: ../../configuration/firewall/ipv4.rst:166
+#: ../../configuration/firewall/ipv6.rst:166
msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**."
msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**."
@@ -1971,7 +1973,7 @@ msgstr "Also, for backwards compatibility this configuration, which uses generic
msgid "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:"
msgstr "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:"
-#: ../../configuration/nat/nat44.rst:276
+#: ../../configuration/nat/nat44.rst:288
msgid "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one."
msgstr "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one."
@@ -1983,15 +1985,15 @@ msgstr "Alternate Routing Tables"
msgid "Alternate routing tables are used with policy based routing by utilizing :ref:`vrf`."
msgstr "Alternate routing tables are used with policy based routing by utilizing :ref:`vrf`."
-#: ../../configuration/interfaces/vxlan.rst:321
+#: ../../configuration/interfaces/vxlan.rst:342
msgid "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:"
msgstr "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:"
-#: ../../configuration/service/dhcp-server.rst:130
+#: ../../configuration/service/dhcp-server.rst:116
msgid "Always exclude this address from any defined range. This address will never be assigned by the DHCP server."
msgstr "Always exclude this address from any defined range. This address will never be assigned by the DHCP server."
-#: ../../configuration/firewall/general.rst:241
+#: ../../configuration/firewall/groups.rst:68
msgid "An **interface group** represents a collection of interfaces."
msgstr "An **interface group** represents a collection of interfaces."
@@ -2035,6 +2037,10 @@ msgstr "An agent is a network-management software module that resides on a manag
msgid "An alternate command could be \"mpls-te on\" (Traffic Engineering)"
msgstr "An alternate command could be \"mpls-te on\" (Traffic Engineering)"
+#: ../../configuration/firewall/ipv4.rst:373
+msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion."
+msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion."
+
#: ../../configuration/firewall/general-legacy.rst:424
msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses `_)"
msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses `_)"
@@ -2043,7 +2049,7 @@ msgstr "An arbitrary netmask can be applied to mask addresses to only match agai
msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses `_)."
msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses `_)."
-#: ../../configuration/firewall/general.rst:619
+#: ../../configuration/firewall/ipv6.rst:371
msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses `_)"
msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses `_)"
@@ -2072,7 +2078,7 @@ msgstr "An example of creating a VLAN-aware bridge is as follows:"
msgid "An example of key generation:"
msgstr "An example of key generation:"
-#: ../../configuration/vpn/openconnect.rst:291
+#: ../../configuration/vpn/openconnect.rst:298
msgid "An example of the data captured by a FREERADIUS server with sql accounting:"
msgstr "An example of the data captured by a FREERADIUS server with sql accounting:"
@@ -2080,10 +2086,34 @@ msgstr "An example of the data captured by a FREERADIUS server with sql accounti
msgid "An option that takes a quoted string is set by replacing all quote characters with the string ``"`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``."
msgstr "An option that takes a quoted string is set by replacing all quote characters with the string ``"`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``."
+#: ../../configuration/firewall/flowtables.rst:142
+msgid "Analysis on what happens for desired connection:"
+msgstr "Analysis on what happens for desired connection:"
+
+#: ../../configuration/firewall/bridge.rst:297
+msgid "And, to print only bridge firewall information:"
+msgstr "And, to print only bridge firewall information:"
+
+#: ../../configuration/firewall/ipv4.rst:57
+msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``"
+msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``"
+
+#: ../../configuration/firewall/ipv6.rst:57
+msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``"
+msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``"
+
#: ../../configuration/policy/route.rst:76
msgid "And for ipv6:"
msgstr "And for ipv6:"
+#: ../../configuration/firewall/groups.rst:165
+msgid "And next, some configuration example where groups are used:"
+msgstr "And next, some configuration example where groups are used:"
+
+#: ../../configuration/firewall/bridge.rst:349
+msgid "And op-mode commands:"
+msgstr "And op-mode commands:"
+
#: ../../configuration/system/ip.rst:84
msgid "And the different IPv4 **reset** commands available:"
msgstr "And the different IPv4 **reset** commands available:"
@@ -2093,7 +2123,7 @@ msgstr "And the different IPv4 **reset** commands available:"
msgid "And then hash is reduced modulo slave count."
msgstr "And then hash is reduced modulo slave count."
-#: ../../configuration/nat/nat44.rst:590
+#: ../../configuration/nat/nat44.rst:614
msgid "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT configuration, both DNAT and SNAT are used to NAT all traffic from an external IP address to an internal IP address and vice-versa."
msgstr "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT configuration, both DNAT and SNAT are used to NAT all traffic from an external IP address to an internal IP address and vice-versa."
@@ -2118,7 +2148,7 @@ msgstr "Apply a route-map filter to routes for the specified protocol. The follo
msgid "Apply routing policy to **inbound** direction of out VLAN interfaces"
msgstr "Apply routing policy to **inbound** direction of out VLAN interfaces"
-#: ../../configuration/firewall/zone.rst:82
+#: ../../configuration/firewall/zone.rst:101
msgid "Applying a Rule-Set to a Zone"
msgstr "Applying a Rule-Set to a Zone"
@@ -2151,49 +2181,11 @@ msgstr "Arista EOS"
msgid "Aruba/HP"
msgstr "Aruba/HP"
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
#: ../../configuration/interfaces/pppoe.rst:207
#: ../../configuration/interfaces/pppoe.rst:253
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
#: ../../configuration/interfaces/sstp-client.rst:79
#: ../../_include/interface-ip.txt:4
#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
msgid "As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP options part of a SYN packet. By setting the MSS value, you are telling the remote side unequivocally 'do not try to send me packets bigger than this value'."
msgstr "As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP options part of a SYN packet. By setting the MSS value, you are telling the remote side unequivocally 'do not try to send me packets bigger than this value'."
@@ -2209,6 +2201,10 @@ msgstr "As VyOS is Linux based the default port used is not using 4789 as the de
msgid "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors."
msgstr "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors."
+#: ../../configuration/firewall/index.rst:7
+msgid "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)."
+msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)."
+
#: ../../configuration/interfaces/wwan.rst:326
msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed."
msgstr "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed."
@@ -2221,10 +2217,14 @@ msgstr "As a reference: for 10mbit/s on Intel, you might need at least 10kbyte b
msgid "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel."
msgstr "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel."
-#: ../../configuration/firewall/zone.rst:49
+#: ../../configuration/firewall/zone.rst:68
msgid "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs."
msgstr "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs."
+#: ../../configuration/firewall/flowtables.rst:109
+msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch."
+msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch."
+
#: ../../configuration/system/option.rst:80
msgid "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs."
msgstr "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs."
@@ -2241,6 +2241,10 @@ msgstr "As of VyOS 1.4, OpenVPN site-to-site mode can use either pre-shared keys
msgid "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1."
msgstr "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1."
+#: ../../configuration/firewall/groups.rst:147
+msgid "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules."
+msgstr "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules."
+
#: ../../configuration/trafficpolicy/index.rst:196
msgid "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_."
msgstr "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_."
@@ -2249,11 +2253,11 @@ msgstr "As shown in the example above, one of the possibilities to match packets
msgid "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies."
msgstr "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies."
-#: ../../configuration/firewall/index.rst:81
+#: ../../configuration/firewall/index.rst:176
msgid "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface."
msgstr "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface."
-#: ../../configuration/firewall/index.rst:60
+#: ../../configuration/firewall/index.rst:182
msgid "As the example image below shows, the device was configured with rules blocking inbound or outbound traffic on each interface."
msgstr "As the example image below shows, the device was configured with rules blocking inbound or outbound traffic on each interface."
@@ -2281,7 +2285,7 @@ msgstr "As with other policies, you can define different type of matching rules
msgid "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:"
msgstr "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:"
-#: ../../configuration/interfaces/vxlan.rst:264
+#: ../../configuration/interfaces/vxlan.rst:285
msgid "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:"
msgstr "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:"
@@ -2309,7 +2313,7 @@ msgstr "Assign member interfaces to PortChannel"
msgid "Assign static IP address to `` account."
msgstr "Assign static IP address to `` account."
-#: ../../configuration/service/dhcp-server.rst:111
+#: ../../configuration/service/dhcp-server.rst:97
msgid "Assign the IP address to this machine for `` seconds."
msgstr "Assign the IP address to this machine for `` seconds."
@@ -2377,7 +2381,6 @@ msgstr "Assured Forwarding(AF) 43"
msgid "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued."
msgstr "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued."
-#: ../../configuration/firewall/general.rst:1489
#: ../../configuration/firewall/general-legacy.rst:972
msgid "At the moment it not possible to look at the whole firewall log with VyOS operational commands. All logs will save to ``/var/logs/messages``. For example: ``grep '10.10.0.10' /var/log/messages``"
msgstr "At the moment it not possible to look at the whole firewall log with VyOS operational commands. All logs will save to ``/var/logs/messages``. For example: ``grep '10.10.0.10' /var/log/messages``"
@@ -2434,7 +2437,7 @@ msgstr "Authentication – to verify that the message is from a valid source."
msgid "Authorization token"
msgstr "Authorization token"
-#: ../../configuration/service/pppoe-server.rst:172
+#: ../../configuration/service/pppoe-server.rst:159
msgid "Automatic VLAN Creation"
msgstr "Automatic VLAN Creation"
@@ -2442,6 +2445,10 @@ msgstr "Automatic VLAN Creation"
msgid "Automatic VLAN creation"
msgstr "Automatic VLAN creation"
+#: ../../configuration/protocols/pim.rst:137
+msgid "Automatically create BFD session for each RIP peer discovered in this interface. When the BFD session monitor signalize that the link is down the RIP peer is removed and all the learned routes associated with that peer are removed."
+msgstr "Automatically create BFD session for each RIP peer discovered in this interface. When the BFD session monitor signalize that the link is down the RIP peer is removed and all the learned routes associated with that peer are removed."
+
#: ../../configuration/system/option.rst:19
msgid "Automatically reboot system on kernel panic after 60 seconds."
msgstr "Automatically reboot system on kernel panic after 60 seconds."
@@ -2450,7 +2457,7 @@ msgstr "Automatically reboot system on kernel panic after 60 seconds."
msgid "Autonomous Systems"
msgstr "Autonomous Systems"
-#: ../../configuration/nat/nat44.rst:370
+#: ../../configuration/nat/nat44.rst:384
msgid "Avoiding \"leaky\" NAT"
msgstr "Avoiding \"leaky\" NAT"
@@ -2530,7 +2537,7 @@ msgstr "BGP roles are defined in RFC :rfc:`9234` and provide an easy way to add
msgid "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable."
msgstr "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable."
-#: ../../configuration/vrf/index.rst:411
+#: ../../configuration/vrf/index.rst:413
msgid "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN."
msgstr "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN."
@@ -2563,7 +2570,7 @@ msgid "Balancing based on domain name"
msgstr "Balancing based on domain name"
#: ../../configuration/service/ipoe-server.rst:122
-#: ../../configuration/service/pppoe-server.rst:195
+#: ../../configuration/service/pppoe-server.rst:182
#: ../../configuration/vpn/l2tp.rst:113
msgid "Bandwidth Shaping"
msgstr "Bandwidth Shaping"
@@ -2573,7 +2580,7 @@ msgstr "Bandwidth Shaping"
msgid "Bandwidth Shaping for local users"
msgstr "Bandwidth Shaping for local users"
-#: ../../configuration/service/pppoe-server.rst:197
+#: ../../configuration/service/pppoe-server.rst:184
msgid "Bandwidth rate limits can be set for local users or RADIUS based attributes."
msgstr "Bandwidth rate limits can be set for local users or RADIUS based attributes."
@@ -2585,7 +2592,14 @@ msgstr "Bandwidth rate limits can be set for local users or via RADIUS based att
msgid "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes."
msgstr "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes."
-#: ../../configuration/vpn/dmvpn.rst:34
+#: ../../configuration/firewall/ipv4.rst:54
+msgid "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``"
+msgstr "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``"
+
+#: ../../configuration/firewall/ipv6.rst:54
+msgid "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``"
+msgstr "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``"
+
#: ../../configuration/vpn/dmvpn.rst:34
msgid "Baseline DMVPN topology"
msgstr "Baseline DMVPN topology"
@@ -2594,7 +2608,6 @@ msgstr "Baseline DMVPN topology"
msgid "Basic Concepts"
msgstr "Basic Concepts"
-#: ../../configuration/protocols/igmp.rst:91
#: ../../configuration/protocols/pim6.rst:26
msgid "Basic commands"
msgstr "Basic commands"
@@ -2611,7 +2624,7 @@ msgstr "Basic filtering could also be applied to IPv6 traffic."
msgid "Basic setup"
msgstr "Basic setup"
-#: ../../configuration/vpn/openconnect.rst:255
+#: ../../configuration/vpn/openconnect.rst:262
msgid "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group."
msgstr "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group."
@@ -2631,11 +2644,11 @@ msgstr "Because existing sessions do not automatically fail over to a new path,
msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted."
msgstr "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted."
-#: ../../configuration/firewall/zone.rst:84
+#: ../../configuration/firewall/zone.rst:103
msgid "Before you are able to apply a rule-set to a zone you have to create the zones first."
msgstr "Before you are able to apply a rule-set to a zone you have to create the zones first."
-#: ../../configuration/vpn/site2site_ipsec.rst:413
+#: ../../configuration/vpn/site2site_ipsec.rst:422
msgid "Below flow-chart could be a quick reference for the close-action combination depending on how the peer is configured."
msgstr "Below flow-chart could be a quick reference for the close-action combination depending on how the peer is configured."
@@ -2663,7 +2676,7 @@ msgstr "Binary value"
msgid "Bind listener to specific interface/address, mandatory for IPv6"
msgstr "Bind listener to specific interface/address, mandatory for IPv6"
-#: ../../configuration/interfaces/vxlan.rst:285
+#: ../../configuration/interfaces/vxlan.rst:306
msgid "Binds eth1.241 and vxlan241 to each other by making them both member interfaces of the same bridge."
msgstr "Binds eth1.241 and vxlan241 to each other by making them both member interfaces of the same bridge."
@@ -2695,15 +2708,15 @@ msgstr "Bond / Link Aggregation"
msgid "Bond options"
msgstr "Bond options"
-#: ../../configuration/service/dhcp-server.rst:339
+#: ../../configuration/service/dhcp-server.rst:306
msgid "Boot image length in 512-octet blocks"
msgstr "Boot image length in 512-octet blocks"
-#: ../../configuration/service/dhcp-server.rst:334
+#: ../../configuration/service/dhcp-server.rst:301
msgid "Bootstrap file name"
msgstr "Bootstrap file name"
-#: ../../configuration/interfaces/vxlan.rst:102
+#: ../../configuration/interfaces/vxlan.rst:123
msgid "Both IPv4 and IPv6 multicast is possible."
msgstr "Both IPv4 and IPv6 multicast is possible."
@@ -2711,25 +2724,6 @@ msgstr "Both IPv4 and IPv6 multicast is possible."
msgid "Both local administered and remote administered :abbr:`RADIUS (Remote Authentication Dial-In User Service)` accounts are supported."
msgstr "Both local administered and remote administered :abbr:`RADIUS (Remote Authentication Dial-In User Service)` accounts are supported."
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
#: ../../_include/interface-ip.txt:88
msgid "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on."
msgstr "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on."
@@ -2746,10 +2740,18 @@ msgstr "Bridge"
msgid "Bridge:"
msgstr "Bridge:"
+#: ../../configuration/firewall/bridge.rst:7
+msgid "Bridge Firewall Configuration"
+msgstr "Bridge Firewall Configuration"
+
#: ../../configuration/interfaces/bridge.rst:66
msgid "Bridge Options"
msgstr "Bridge Options"
+#: ../../configuration/firewall/bridge.rst:56
+msgid "Bridge Rules"
+msgstr "Bridge Rules"
+
#: ../../configuration/interfaces/bridge.rst:198
#: ../../configuration/interfaces/bridge.rst:233
msgid "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64"
@@ -2779,7 +2781,7 @@ msgstr "By default, VyOS does not advertise a default route (0.0.0.0/0) even if
msgid "By default, a new token is generated every 30 seconds by the mobile application. In order to compensate for possible time-skew between the client and the server, an extra token before and after the current time is allowed. This allows for a time skew of up to 30 seconds between authentication server and client."
msgstr "By default, a new token is generated every 30 seconds by the mobile application. In order to compensate for possible time-skew between the client and the server, an extra token before and after the current time is allowed. This allows for a time skew of up to 30 seconds between authentication server and client."
-#: ../../configuration/service/dns.rst:380
+#: ../../configuration/service/dns.rst:393
msgid "By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP."
msgstr "By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP."
@@ -2792,7 +2794,7 @@ msgstr "By default, enabling RPKI does not change best path selection. In partic
msgid "By default, it supports both planned and unplanned outages."
msgstr "By default, it supports both planned and unplanned outages."
-#: ../../configuration/service/https.rst:54
+#: ../../configuration/service/https.rst:45
msgid "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts."
msgstr "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts."
@@ -2808,8 +2810,7 @@ msgstr "By default, the BGP prefix is advertised even if it's not present in the
msgid "By default, this bridging is allowed."
msgstr "By default, this bridging is allowed."
-#: ../../configuration/firewall/general.rst:90
-#: ../../configuration/firewall/general-legacy.rst:42
+#: ../../configuration/firewall/global-options.rst:27
msgid "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall."
msgstr "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall."
@@ -2876,7 +2877,7 @@ msgstr "Certificates"
msgid "Change system keyboard layout to given language."
msgstr "Change system keyboard layout to given language."
-#: ../../configuration/firewall/zone.rst:75
+#: ../../configuration/firewall/zone.rst:94
msgid "Change the default-action with this setting."
msgstr "Change the default-action with this setting."
@@ -2896,6 +2897,10 @@ msgstr "Changing the keymap only has an effect on the system console, using SSH
msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173"
msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173"
+#: ../../configuration/system/updates.rst:28
+msgid "Check:"
+msgstr "Check:"
+
#: ../../configuration/system/acceleration.rst:32
msgid "Check if the Intel® QAT device is up and ready to do the job."
msgstr "Check if the Intel® QAT device is up and ready to do the job."
@@ -2908,10 +2913,14 @@ msgstr "Check status"
msgid "Check the many parameters available for the `show ipv6 route` command:"
msgstr "Check the many parameters available for the `show ipv6 route` command:"
-#: ../../configuration/service/pppoe-server.rst:320
+#: ../../configuration/service/pppoe-server.rst:307
msgid "Checking connections"
msgstr "Checking connections"
+#: ../../configuration/firewall/flowtables.rst:165
+msgid "Checks"
+msgstr "Checks"
+
#: ../../configuration/service/tftp-server.rst:21
msgid "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated."
msgstr "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated."
@@ -2920,25 +2929,6 @@ msgstr "Choose your ``directory`` location carefully or you will loose the conte
msgid "Cisco Catalyst"
msgstr "Cisco Catalyst"
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
#: ../../_include/interface-ip.txt:168
msgid "Cisco and Allied Telesyn call it Private VLAN"
msgstr "Cisco and Allied Telesyn call it Private VLAN"
@@ -2955,7 +2945,7 @@ msgstr "Class treatment"
msgid "Classes"
msgstr "Classes"
-#: ../../configuration/service/dhcp-server.rst:359
+#: ../../configuration/service/dhcp-server.rst:326
msgid "Classless static route"
msgstr "Classless static route"
@@ -2975,7 +2965,7 @@ msgstr "Client:"
msgid "Client Address Pools"
msgstr "Client Address Pools"
-#: ../../configuration/interfaces/openvpn.rst:388
+#: ../../configuration/interfaces/openvpn.rst:440
msgid "Client Authentication"
msgstr "Client Authentication"
@@ -2983,7 +2973,7 @@ msgstr "Client Authentication"
msgid "Client Configuration"
msgstr "Client Configuration"
-#: ../../configuration/vpn/sstp.rst:278
+#: ../../configuration/vpn/sstp.rst:289
msgid "Client IP addresses will be provided from pool `192.0.2.0/25`"
msgstr "Client IP addresses will be provided from pool `192.0.2.0/25`"
@@ -2995,11 +2985,11 @@ msgstr "Client Side"
msgid "Client configuration"
msgstr "Client configuration"
-#: ../../configuration/service/dhcp-server.rst:299
+#: ../../configuration/service/dhcp-server.rst:266
msgid "Client domain name"
msgstr "Client domain name"
-#: ../../configuration/service/dhcp-server.rst:354
+#: ../../configuration/service/dhcp-server.rst:321
msgid "Client domain search"
msgstr "Client domain search"
@@ -3011,7 +3001,7 @@ msgstr "Client isolation can be used to prevent low-level bridging of frames bet
msgid "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:"
msgstr "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:"
-#: ../../configuration/service/dhcp-server.rst:590
+#: ../../configuration/service/dhcp-server.rst:514
msgid "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``."
msgstr "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``."
@@ -3023,7 +3013,9 @@ msgstr "Clock daemon"
msgid "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year."
msgstr "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year."
-#: ../../configuration/firewall/general.rst:530
+#: ../../configuration/firewall/bridge.rst:216
+#: ../../configuration/firewall/ipv4.rst:298
+#: ../../configuration/firewall/ipv6.rst:298
msgid "Command for disabling a rule but keep it in the configuration."
msgstr "Command for disabling a rule but keep it in the configuration."
@@ -3031,12 +3023,16 @@ msgstr "Command for disabling a rule but keep it in the configuration."
msgid "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview."
msgstr "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview."
-#: ../../configuration/firewall/general.rst:1544
-#: ../../configuration/firewall/general-legacy.rst:1054
+#: ../../configuration/firewall/ipv4.rst:1179
+#: ../../configuration/firewall/ipv6.rst:1195
msgid "Command used to update GeoIP database and firewall sets."
msgstr "Command used to update GeoIP database and firewall sets."
-#: ../../configuration/service/dhcp-server.rst:438
+#: ../../configuration/firewall/flowtables.rst:119
+msgid "Commands"
+msgstr "Commands"
+
+#: ../../configuration/service/dhcp-server.rst:379
msgid "Common configuration, valid for both primary and secondary node."
msgstr "Common configuration, valid for both primary and secondary node."
@@ -3072,7 +3068,9 @@ msgid "Confidentiality – Encryption of packets to prevent snooping by an unaut
msgstr "Confidentiality – Encryption of packets to prevent snooping by an unauthorized source."
#: ../../configuration/container/index.rst:12
-#: ../../configuration/firewall/zone.rst:47
+#: ../../configuration/firewall/global-options.rst:23
+#: ../../configuration/firewall/groups.rst:11
+#: ../../configuration/firewall/zone.rst:66
#: ../../configuration/interfaces/bonding.rst:17
#: ../../configuration/interfaces/bridge.rst:21
#: ../../configuration/interfaces/dummy.rst:28
@@ -3081,6 +3079,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/interfaces/l2tpv3.rst:31
#: ../../configuration/interfaces/loopback.rst:26
#: ../../configuration/interfaces/macsec.rst:20
+#: ../../configuration/interfaces/openvpn.rst:585
#: ../../configuration/interfaces/pppoe.rst:59
#: ../../configuration/interfaces/pseudo-ethernet.rst:45
#: ../../configuration/interfaces/sstp-client.rst:20
@@ -3090,7 +3089,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/interfaces/wireless.rst:30
#: ../../configuration/interfaces/wwan.rst:16
#: ../../configuration/loadbalancing/reverse-proxy.rst:13
-#: ../../configuration/nat/nat44.rst:681
+#: ../../configuration/nat/nat44.rst:705
#: ../../configuration/policy/access-list.rst:13
#: ../../configuration/policy/as-path-list.rst:10
#: ../../configuration/policy/community-list.rst:10
@@ -3101,7 +3100,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/policy/route-map.rst:10
#: ../../configuration/protocols/bfd.rst:143
#: ../../configuration/protocols/bgp.rst:164
-#: ../../configuration/protocols/igmp.rst:186
+#: ../../configuration/protocols/igmp-proxy.rst:14
#: ../../configuration/protocols/isis.rst:28
#: ../../configuration/protocols/ospf.rst:22
#: ../../configuration/protocols/ospf.rst:1076
@@ -3112,13 +3111,13 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/service/dhcp-relay.rst:19
#: ../../configuration/service/dhcp-relay.rst:137
#: ../../configuration/service/dhcp-server.rst:22
-#: ../../configuration/service/dhcp-server.rst:586
+#: ../../configuration/service/dhcp-server.rst:510
#: ../../configuration/service/dns.rst:8
-#: ../../configuration/service/dns.rst:214
+#: ../../configuration/service/dns.rst:227
#: ../../configuration/service/https.rst:14
#: ../../configuration/service/ipoe-server.rst:28
#: ../../configuration/service/lldp.rst:36
-#: ../../configuration/service/mdns.rst:18
+#: ../../configuration/service/mdns.rst:19
#: ../../configuration/service/ntp.rst:40
#: ../../configuration/service/pppoe-server.rst:17
#: ../../configuration/service/salt-minion.rst:25
@@ -3131,28 +3130,31 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/system/login.rst:241
#: ../../configuration/system/login.rst:310
#: ../../configuration/system/sflow.rst:12
+#: ../../configuration/system/updates.rst:8
#: ../../configuration/vpn/dmvpn.rst:38
#: ../../configuration/vpn/dmvpn.rst:182
#: ../../configuration/vpn/openconnect.rst:21
#: ../../configuration/vpn/sstp.rst:65
#: ../../configuration/vrf/index.rst:16
#: ../../configuration/vrf/index.rst:253
-#: ../../configuration/vrf/index.rst:286
-#: ../../configuration/vrf/index.rst:434
+#: ../../configuration/vrf/index.rst:288
+#: ../../configuration/vrf/index.rst:436
msgid "Configuration"
msgstr "Configuration"
+#: ../../configuration/firewall/flowtables.rst:100
#: ../../configuration/protocols/babel.rst:188
-#: ../../configuration/protocols/ospf.rst:1314
+#: ../../configuration/protocols/ospf.rst:1316
#: ../../configuration/protocols/pim6.rst:78
#: ../../configuration/protocols/rip.rst:239
#: ../../configuration/protocols/segment-routing.rst:187
#: ../../configuration/system/login.rst:279
-#: ../../configuration/system/login.rst:348
+#: ../../configuration/system/login.rst:350
msgid "Configuration Example"
msgstr "Configuration Example"
-#: ../../configuration/nat/nat44.rst:313
+#: ../../configuration/nat/nat44.rst:325
+#: ../../configuration/nat/nat64.rst:38
#: ../../configuration/nat/nat66.rst:109
msgid "Configuration Examples"
msgstr "Configuration Examples"
@@ -3165,6 +3167,10 @@ msgstr "Configuration Guide"
msgid "Configuration Options"
msgstr "Configuration Options"
+#: ../../configuration/firewall/global-options.rst:17
+msgid "Configuration commands covered in this section:"
+msgstr "Configuration commands covered in this section:"
+
#: ../../configuration/vpn/ipsec.rst:284
msgid "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
msgstr "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
@@ -3173,7 +3179,11 @@ msgstr "Configuration commands for the private and public key will be displayed
msgid "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
msgstr "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
-#: ../../configuration/vrf/index.rst:428
+#: ../../configuration/firewall/bridge.rst:323
+msgid "Configuration example:"
+msgstr "Configuration example:"
+
+#: ../../configuration/vrf/index.rst:430
msgid "Configuration for these exported routes must, at a minimum, specify these two parameters."
msgstr "Configuration for these exported routes must, at a minimum, specify these two parameters."
@@ -3181,11 +3191,11 @@ msgstr "Configuration for these exported routes must, at a minimum, specify thes
msgid "Configuration of :ref:`routing-static`"
msgstr "Configuration of :ref:`routing-static`"
-#: ../../configuration/service/dhcp-server.rst:430
+#: ../../configuration/service/dhcp-server.rst:371
msgid "Configuration of a DHCP failover pair"
msgstr "Configuration of a DHCP failover pair"
-#: ../../configuration/vrf/index.rst:436
+#: ../../configuration/vrf/index.rst:438
msgid "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family."
msgstr "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family."
@@ -3198,11 +3208,11 @@ msgstr "Configure"
msgid "Configure BFD"
msgstr "Configure BFD"
-#: ../../configuration/service/dns.rst:245
+#: ../../configuration/service/dns.rst:258
msgid "Configure DNS `` which should be updated. This can be set multiple times."
msgstr "Configure DNS `` which should be updated. This can be set multiple times."
-#: ../../configuration/service/dns.rst:240
+#: ../../configuration/service/dns.rst:253
msgid "Configure DNS `` to be updated."
msgstr "Configure DNS `` to be updated."
@@ -3224,59 +3234,42 @@ msgstr "Configure Graceful Restart :rfc:`3623` restarting support. When enabled,
msgid "Configure IP address of the DHCP `` which will handle the relayed packets."
msgstr "Configure IP address of the DHCP `` which will handle the relayed packets."
-#: ../../configuration/vpn/sstp.rst:203
+#: ../../configuration/vpn/sstp.rst:214
msgid "Configure RADIUS `` and its required port for authentication requests."
msgstr "Configure RADIUS `` and its required port for authentication requests."
-#: ../../configuration/vpn/sstp.rst:207
+#: ../../configuration/vpn/sstp.rst:218
msgid "Configure RADIUS `` and its required shared `` for communicating with the RADIUS server."
msgstr "Configure RADIUS `` and its required shared `` for communicating with the RADIUS server."
-#: ../../configuration/nat/nat44.rst:210
+#: ../../configuration/nat/nat44.rst:222
msgid "Configure SNAT rule (40) to only NAT packets with a destination address of 192.0.2.1."
msgstr "Configure SNAT rule (40) to only NAT packets with a destination address of 192.0.2.1."
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
#: ../../_include/interface-mtu.txt:4
msgid "Configure :abbr:`MTU (Maximum Transmission Unit)` on given ``. It is the size (in bytes) of the largest ethernet frame sent on this link."
msgstr "Configure :abbr:`MTU (Maximum Transmission Unit)` on given ``. It is the size (in bytes) of the largest ethernet frame sent on this link."
-#: ../../configuration/system/login.rst:373
+#: ../../configuration/system/login.rst:375
msgid "Configure `` which is shown after user has logged in to the system."
msgstr "Configure `` which is shown after user has logged in to the system."
-#: ../../configuration/system/login.rst:368
+#: ../../configuration/system/login.rst:370
msgid "Configure `` which is shown during SSH connect and before a user is logged in."
msgstr "Configure `` which is shown during SSH connect and before a user is logged in."
-#: ../../configuration/service/dns.rst:328
+#: ../../configuration/service/dns.rst:341
msgid "Configure `` used when authenticating the update request for DynDNS service identified by ``."
msgstr "Configure `` used when authenticating the update request for DynDNS service identified by ``."
-#: ../../configuration/service/dns.rst:321
+#: ../../configuration/service/dns.rst:334
msgid "Configure `` used when authenticating the update request for DynDNS service identified by ``. For Namecheap, set the you wish to update."
msgstr "Configure `` used when authenticating the update request for DynDNS service identified by ``. For Namecheap, set the you wish to update."
+#: ../../configuration/system/updates.rst:17
+msgid "Configure a URL that contains information about images."
+msgstr "Configure a URL that contains information about images."
+
#: ../../configuration/system/flow-accounting.rst:158
msgid "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface."
msgstr "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface."
@@ -3311,7 +3304,7 @@ msgstr "Configure agent IP address associated with this interface."
msgid "Configure aggregation delay timer interval."
msgstr "Configure aggregation delay timer interval."
-#: ../../configuration/vpn/openconnect.rst:278
+#: ../../configuration/vpn/openconnect.rst:285
msgid "Configure an accounting server and enable accounting with:"
msgstr "Configure an accounting server and enable accounting with:"
@@ -3323,10 +3316,18 @@ msgstr "Configure and enable collection of flow information for the interface id
msgid "Configure and enable collection of flow information for the interface identified by ``."
msgstr "Configure and enable collection of flow information for the interface identified by ``."
+#: ../../configuration/system/updates.rst:12
+msgid "Configure auto-checking for new images"
+msgstr "Configure auto-checking for new images"
+
#: ../../configuration/loadbalancing/reverse-proxy.rst:114
msgid "Configure backend `` mode TCP or HTTP"
msgstr "Configure backend `` mode TCP or HTTP"
+#: ../../configuration/nat/nat66.rst:148
+msgid "Configure both routers (a and b) for DHCPv6-PD via dummy interface:"
+msgstr "Configure both routers (a and b) for DHCPv6-PD via dummy interface:"
+
#: ../../configuration/service/console-server.rst:49
msgid "Configure either one or two stop bits. This defaults to one stop bits if left unconfigured."
msgstr "Configure either one or two stop bits. This defaults to one stop bits if left unconfigured."
@@ -3339,75 +3340,16 @@ msgstr "Configure either seven or eight data bits. This defaults to eight data b
msgid "Configure individual bridge port ``."
msgstr "Configure individual bridge port ``."
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
#: ../../configuration/interfaces/pppoe.rst:223
#: ../../configuration/interfaces/pppoe.rst:269
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
#: ../../configuration/interfaces/sstp-client.rst:95
#: ../../_include/interface-ip.txt:59
#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
msgid "Configure interface-specific Host/Router behaviour. If set, the interface will switch to host mode and IPv6 forwarding will be disabled on this interface."
msgstr "Configure interface-specific Host/Router behaviour. If set, the interface will switch to host mode and IPv6 forwarding will be disabled on this interface."
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
#: ../../_include/interface-address-with-dhcp.txt:5
#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
msgid "Configure interface `` with one or more interface addresses."
msgstr "Configure interface `` with one or more interface addresses."
@@ -3439,7 +3381,7 @@ msgstr "Configure one or more attributes to the given NTP server."
msgid "Configure one or more servers for synchronisation. Server name can be either an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`."
msgstr "Configure one or more servers for synchronisation. Server name can be either an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`."
-#: ../../configuration/service/dns.rst:251
+#: ../../configuration/service/dns.rst:264
msgid "Configure optional TTL value on the given resource record. This defaults to 600 seconds."
msgstr "Configure optional TTL value on the given resource record. This defaults to 600 seconds."
@@ -3451,14 +3393,10 @@ msgstr "Configure physical interface duplex setting."
msgid "Configure physical interface speed setting."
msgstr "Configure physical interface speed setting."
-#: ../../_include/interface-mirror.txt:16
-#: ../../_include/interface-mirror.txt:16
#: ../../_include/interface-mirror.txt:16
msgid "Configure port mirroring for `interface` inbound traffic and copy the traffic to `monitor-interface`"
msgstr "Configure port mirroring for `interface` inbound traffic and copy the traffic to `monitor-interface`"
-#: ../../_include/interface-mirror.txt:28
-#: ../../_include/interface-mirror.txt:28
#: ../../_include/interface-mirror.txt:28
msgid "Configure port mirroring for `interface` outbound traffic and copy the traffic to `monitor-interface`"
msgstr "Configure port mirroring for `interface` outbound traffic and copy the traffic to `monitor-interface`"
@@ -3491,7 +3429,7 @@ msgstr "Configure service `` mode TCP or HTTP"
msgid "Configure service `` to use the backend "
msgstr "Configure service `` to use the backend "
-#: ../../configuration/system/login.rst:392
+#: ../../configuration/system/login.rst:394
msgid "Configure session timeout after which the user will be logged out."
msgstr "Configure session timeout after which the user will be logged out."
@@ -3499,7 +3437,15 @@ msgstr "Configure session timeout after which the user will be logged out."
msgid "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen."
msgstr "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen."
-#: ../../configuration/service/dns.rst:234
+#: ../../configuration/nat/nat66.rst:182
+msgid "Configure the A-side router for NPTv6 using the prefixes above:"
+msgstr "Configure the A-side router for NPTv6 using the prefixes above:"
+
+#: ../../configuration/nat/nat66.rst:204
+msgid "Configure the B-side router for NPTv6 using the prefixes above:"
+msgstr "Configure the B-side router for NPTv6 using the prefixes above:"
+
+#: ../../configuration/service/dns.rst:247
msgid "Configure the DNS `` IP/FQDN used when updating this dynamic assignment."
msgstr "Configure the DNS `` IP/FQDN used when updating this dynamic assignment."
@@ -3523,27 +3469,14 @@ msgstr "Configure the discrete port under which the TACACS server can be reached
msgid "Configure the load-balancing reverse-proxy service for HTTP."
msgstr "Configure the load-balancing reverse-proxy service for HTTP."
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
#: ../../_include/interface-mac.txt:4
msgid "Configure user defined :abbr:`MAC (Media Access Control)` address on given ``."
msgstr "Configure user defined :abbr:`MAC (Media Access Control)` address on given ``."
+#: ../../configuration/protocols/pim.rst:180
+msgid "Configure watermark warning generation for an IGMP group limit. Generates warning once the configured group limit is reached while adding new groups."
+msgstr "Configure watermark warning generation for an IGMP group limit. Generates warning once the configured group limit is reached while adding new groups."
+
#: ../../configuration/vrf/index.rst:28
msgid "Configured routing table `` is used by VRF ``."
msgstr "Configured routing table `` is used by VRF ``."
@@ -3556,7 +3489,7 @@ msgstr "Configured value"
msgid "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group."
msgstr "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group."
-#: ../../configuration/vpn/openconnect.rst:272
+#: ../../configuration/vpn/openconnect.rst:279
msgid "Configuring RADIUS accounting"
msgstr "Configuring RADIUS accounting"
@@ -3569,10 +3502,14 @@ msgstr "Configuring a listen-address is essential for the service to work."
msgid "Connect/Disconnect"
msgstr "Connect/Disconnect"
-#: ../../configuration/vpn/sstp.rst:144
+#: ../../configuration/vpn/sstp.rst:155
msgid "Connected client should use `` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6."
msgstr "Connected client should use `` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6."
+#: ../../configuration/protocols/rpki.rst:129
+msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
+msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
+
#: ../../configuration/protocols/rpki.rst:129
msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH you first need to create yoursels an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH you first need to create yoursels an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
@@ -3585,10 +3522,18 @@ msgstr "Conntrack"
msgid "Conntrack Sync"
msgstr "Conntrack Sync"
-#: ../../configuration/service/conntrack-sync.rst:None
+#: ../../configuration/service/conntrack-sync.rst:-1
msgid "Conntrack Sync Example"
msgstr "Conntrack Sync Example"
+#: ../../configuration/system/conntrack.rst:178
+msgid "Conntrack ignore rules"
+msgstr "Conntrack ignore rules"
+
+#: ../../configuration/system/conntrack.rst:204
+msgid "Conntrack log"
+msgstr "Conntrack log"
+
#: ../../configuration/system/syslog.rst:21
msgid "Console"
msgstr "Console"
@@ -3605,6 +3550,10 @@ msgstr "Constrain the memory available to the container."
msgid "Container"
msgstr "Container"
+#: ../../configuration/system/conntrack.rst:65
+msgid "Contrack Timeouts"
+msgstr "Contrack Timeouts"
+
#: ../../configuration/nat/nat66.rst:98
msgid "Convert the address prefix of a single `fc00::/64` network to `fc01::/64`"
msgstr "Convert the address prefix of a single `fc00::/64` network to `fc01::/64`"
@@ -3629,11 +3578,11 @@ msgstr "Creat community-list policy identified by name ."
msgid "Creat extcommunity-list policy identified by name ."
msgstr "Creat extcommunity-list policy identified by name ."
-#: ../../configuration/service/dhcp-server.rst:118
+#: ../../configuration/service/dhcp-server.rst:104
msgid "Create DHCP address range with a range id of ``. DHCP leases are taken from this pool. The pool starts at address ``."
msgstr "Create DHCP address range with a range id of ``. DHCP leases are taken from this pool. The pool starts at address ``."
-#: ../../configuration/service/dhcp-server.rst:124
+#: ../../configuration/service/dhcp-server.rst:110
msgid "Create DHCP address range with a range id of ``. DHCP leases are taken from this pool. The pool stops with address ``."
msgstr "Create DHCP address range with a range id of ``. DHCP leases are taken from this pool. The pool stops with address ``."
@@ -3657,15 +3606,10 @@ msgstr "Create a file named ``VyOS-1.3.6.1.4.1.44641.ConfigMgmt-Commands`` using
msgid "Create a load balancing rule, it can be a number between 1 and 9999:"
msgstr "Create a load balancing rule, it can be a number between 1 and 9999:"
-#: ../../configuration/service/dhcp-server.rst:218
+#: ../../configuration/service/dhcp-server.rst:183
msgid "Create a new DHCP static mapping named `` which is valid for the host identified by its MAC ``."
msgstr "Create a new DHCP static mapping named `` which is valid for the host identified by its MAC ``."
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
#: ../../_include/interface-vlan-8021q.txt:26
msgid "Create a new VLAN interface on interface `` using the VLAN number provided via ``."
msgstr "Create a new VLAN interface on interface `` using the VLAN number provided via ``."
@@ -3714,6 +3658,22 @@ msgstr "Create a static hostname mapping which will always resolve the name `."
msgstr "Create as-path-policy identified by name ."
+#: ../../configuration/firewall/flowtables.rst:64
+msgid "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``."
+msgstr "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``."
+
+#: ../../configuration/firewall/flowtables.rst:95
+msgid "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``."
+msgstr "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``."
+
+#: ../../configuration/firewall/flowtables.rst:90
+msgid "Create firewall rule in forward chain, and set action to ``offload``."
+msgstr "Create firewall rule in forward chain, and set action to ``offload``."
+
+#: ../../configuration/firewall/flowtables.rst:61
+msgid "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable."
+msgstr "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable."
+
#: ../../configuration/policy/large-community-list.rst:17
msgid "Create large-community-list policy identified by name ."
msgstr "Create large-community-list policy identified by name ."
@@ -3726,7 +3686,7 @@ msgstr "Create named `` for the configured static mapping for `
msgid "Create new VRF instance with ``. The name is used when placing individual interfaces into the VRF."
msgstr "Create new VRF instance with ``. The name is used when placing individual interfaces into the VRF."
-#: ../../configuration/service/dns.rst:221
+#: ../../configuration/service/dns.rst:234
msgid "Create new :rfc:`2136` DNS update configuration which will update the IP address assigned to `` on the service you configured under ``."
msgstr "Create new :rfc:`2136` DNS update configuration which will update the IP address assigned to `` on the service you configured under ``."
@@ -3750,10 +3710,18 @@ msgstr "Creates static peer mapping of protocol-address to :abbr:`NBMA (Non-broa
msgid "Creating a bridge interface is very simple. In this example, we will have:"
msgstr "Creating a bridge interface is very simple. In this example, we will have:"
+#: ../../configuration/firewall/flowtables.rst:67
+msgid "Creating a flow table:"
+msgstr "Creating a flow table:"
+
#: ../../configuration/trafficpolicy/index.rst:335
msgid "Creating a traffic policy"
msgstr "Creating a traffic policy"
+#: ../../configuration/firewall/flowtables.rst:85
+msgid "Creating rules for using flow tables:"
+msgstr "Creating rules for using flow tables:"
+
#: ../../configuration/system/syslog.rst:178
msgid "Critical"
msgstr "Critical"
@@ -3794,15 +3762,27 @@ msgstr "Currently dynamic routing is supported for the following protocols:"
msgid "Custom File"
msgstr "Custom File"
+#: ../../configuration/firewall/bridge.rst:44
+msgid "Custom bridge firewall chains can be create with command ``set firewall bridge name ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain."
+msgstr "Custom bridge firewall chains can be create with command ``set firewall bridge name ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain."
+
#: ../../configuration/firewall/general.rst:77
msgid "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
msgstr "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+#: ../../configuration/firewall/ipv4.rst:65
+msgid "Custom firewall chains can be created, with commands ``set firewall ipv4 name ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 name ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+
+#: ../../configuration/firewall/ipv6.rst:65
+msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+
#: ../../configuration/highavailability/index.rst:373
msgid "Custom health-check script allows checking real-server availability"
msgstr "Custom health-check script allows checking real-server availability"
-#: ../../configuration/system/conntrack.rst:167
+#: ../../configuration/system/conntrack.rst:180
msgid "Customized ignore rules, based on a packet and flow selector."
msgstr "Customized ignore rules, based on a packet and flow selector."
@@ -3822,19 +3802,18 @@ msgstr "DHCP Relay"
msgid "DHCP Server"
msgstr "DHCP Server"
-#: ../../configuration/service/dhcp-server.rst:384
+#: ../../configuration/service/dhcp-server.rst:351
msgid "DHCP failover parameters"
msgstr "DHCP failover parameters"
-#: ../../configuration/service/dhcp-server.rst:374
+#: ../../configuration/service/dhcp-server.rst:341
msgid "DHCP lease range"
msgstr "DHCP lease range"
-#: ../../configuration/service/dhcp-server.rst:436
+#: ../../configuration/service/dhcp-server.rst:377
msgid "DHCP range spans from `192.168.189.10` - `192.168.189.250`"
msgstr "DHCP range spans from `192.168.189.10` - `192.168.189.250`"
-#: ../../configuration/service/dhcp-relay.rst:96
#: ../../configuration/service/dhcp-relay.rst:96
msgid "DHCP relay example"
msgstr "DHCP relay example"
@@ -3843,20 +3822,19 @@ msgstr "DHCP relay example"
msgid "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``."
msgstr "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``."
-#: ../../configuration/service/dhcp-server.rst:654
+#: ../../configuration/service/dhcp-server.rst:584
msgid "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario."
msgstr "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario."
-#: ../../configuration/service/dhcp-relay.rst:182
-#: ../../configuration/service/dhcp-relay.rst:182
+#: ../../configuration/service/dhcp-relay.rst:184
msgid "DHCPv6 relay example"
msgstr "DHCPv6 relay example"
-#: ../../configuration/service/dhcp-relay.rst:174
+#: ../../configuration/service/dhcp-relay.rst:176
msgid "DHCPv6 requests are received by the router on `listening interface` ``eth1``"
msgstr "DHCPv6 requests are received by the router on `listening interface` ``eth1``"
-#: ../../configuration/nat/nat44.rst:735
+#: ../../configuration/nat/nat44.rst:757
msgid "DH Group 14"
msgstr "DH Group 14"
@@ -3884,11 +3862,11 @@ msgstr "DNAT"
msgid "DNAT66"
msgstr "DNAT66"
-#: ../../configuration/nat/nat44.rst:494
+#: ../../configuration/nat/nat44.rst:514
msgid "DNAT is typically referred to as a **Port Forward**. When using VyOS as a NAT router and firewall, a common configuration task is to redirect incoming traffic to a system behind the firewall."
msgstr "DNAT is typically referred to as a **Port Forward**. When using VyOS as a NAT router and firewall, a common configuration task is to redirect incoming traffic to a system behind the firewall."
-#: ../../configuration/nat/nat44.rst:268
+#: ../../configuration/nat/nat44.rst:280
msgid "DNAT rule 10 replaces the destination address of an inbound packet with 192.0.2.10"
msgstr "DNAT rule 10 replaces the destination address of an inbound packet with 192.0.2.10"
@@ -3909,11 +3887,11 @@ msgstr "DNS name servers"
msgid "DNS search list to advertise"
msgstr "DNS search list to advertise"
-#: ../../configuration/service/dhcp-server.rst:294
+#: ../../configuration/service/dhcp-server.rst:261
msgid "DNS server IPv4 address"
msgstr "DNS server IPv4 address"
-#: ../../configuration/service/dhcp-server.rst:661
+#: ../../configuration/service/dhcp-server.rst:591
msgid "DNS server is located at ``2001:db8::ffff``"
msgstr "DNS server is located at ``2001:db8::ffff``"
@@ -3925,8 +3903,8 @@ msgstr "DSCP values as per :rfc:`2474` and :rfc:`4595`:"
msgid "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``"
msgstr "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``"
-#: ../../configuration/firewall/general.rst:714
-#: ../../configuration/firewall/general-legacy.rst:480
+#: ../../configuration/firewall/ipv4.rst:444
+#: ../../configuration/firewall/ipv6.rst:451
msgid "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated."
msgstr "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated."
@@ -3942,29 +3920,14 @@ msgstr "Debug-level messages - Messages that contain information normally of use
msgid "Default"
msgstr "Default"
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
#: ../../_include/interface-ipv6.txt:94
msgid "Default: 1"
msgstr "Default: 1"
+#: ../../configuration/service/https.rst:42
+msgid "Default: 443"
+msgstr "Default: 443"
+
#: ../../configuration/protocols/failover.rst:58
msgid "Default 1."
msgstr "Default 1."
@@ -3977,11 +3940,11 @@ msgstr "Default Gateway/Route"
msgid "Default Router Preference"
msgstr "Default Router Preference"
-#: ../../configuration/vpn/sstp.rst:190
+#: ../../configuration/vpn/sstp.rst:201
msgid "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute."
msgstr "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute."
-#: ../../configuration/service/dhcp-server.rst:433
+#: ../../configuration/service/dhcp-server.rst:374
msgid "Default gateway and DNS server is at `192.0.2.254`"
msgstr "Default gateway and DNS server is at `192.0.2.254`"
@@ -3997,25 +3960,6 @@ msgstr "Default is ``any-available``."
msgid "Default is ``icmp``."
msgstr "Default is ``icmp``."
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
#: ../../_include/interface-disable-link-detect.txt:7
msgid "Default is to detects physical link state changes."
msgstr "Default is to detects physical link state changes."
@@ -4044,36 +3988,31 @@ msgstr "Define Conection Timeouts"
msgid "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted."
msgstr "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted."
-#: ../../configuration/firewall/general.rst:225
-#: ../../configuration/firewall/general-legacy.rst:201
+#: ../../configuration/firewall/groups.rst:52
msgid "Define a IPv4 or IPv6 Network group."
msgstr "Define a IPv4 or IPv6 Network group."
-#: ../../configuration/firewall/general.rst:201
-#: ../../configuration/firewall/general-legacy.rst:177
+#: ../../configuration/firewall/groups.rst:28
msgid "Define a IPv4 or a IPv6 address group"
msgstr "Define a IPv4 or a IPv6 address group"
-#: ../../configuration/firewall/zone.rst:59
+#: ../../configuration/firewall/zone.rst:78
msgid "Define a Zone"
msgstr "Define a Zone"
-#: ../../configuration/nat/nat44.rst:246
+#: ../../configuration/nat/nat44.rst:258
msgid "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20"
msgstr "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20"
-#: ../../configuration/firewall/general.rst:306
-#: ../../configuration/firewall/general-legacy.rst:261
+#: ../../configuration/firewall/groups.rst:133
msgid "Define a domain group."
msgstr "Define a domain group."
-#: ../../configuration/firewall/general.rst:288
-#: ../../configuration/firewall/general-legacy.rst:246
+#: ../../configuration/firewall/groups.rst:115
msgid "Define a mac group."
msgstr "Define a mac group."
-#: ../../configuration/firewall/general.rst:268
-#: ../../configuration/firewall/general-legacy.rst:226
+#: ../../configuration/firewall/groups.rst:95
msgid "Define a port group. A port name can be any name defined in /etc/services. e.g.: http"
msgstr "Define a port group. A port name can be any name defined in /etc/services. e.g.: http"
@@ -4081,119 +4020,51 @@ msgstr "Define a port group. A port name can be any name defined in /etc/service
msgid "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers."
msgstr "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers."
-#: ../../configuration/firewall/general.rst:245
+#: ../../configuration/firewall/groups.rst:72
msgid "Define an interface group. Wildcard are accepted too."
msgstr "Define an interface group. Wildcard are accepted too."
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
#: ../../_include/interface-ip.txt:85
msgid "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table."
msgstr "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table."
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
#: ../../_include/interface-ip.txt:69
msgid "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`."
msgstr "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`."
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
#: ../../_include/interface-ip.txt:121
msgid "Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses:"
msgstr "Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses:"
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
#: ../../_include/interface-ip.txt:101
msgid "Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface."
msgstr "Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface."
-#: ../../configuration/firewall/general.rst:476
-#: ../../configuration/firewall/general-legacy.rst:361
+#: ../../configuration/firewall/flowtables.rst:71
+msgid "Define interfaces to be used in the flowtable."
+msgstr "Define interfaces to be used in the flowtable."
+
+#: ../../configuration/firewall/bridge.rst:187
+#: ../../configuration/firewall/ipv4.rst:252
+#: ../../configuration/firewall/ipv6.rst:252
msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined."
msgstr "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined."
-#: ../../configuration/firewall/general.rst:450
-#: ../../configuration/firewall/general-legacy.rst:347
+#: ../../configuration/firewall/bridge.rst:173
+#: ../../configuration/firewall/ipv4.rst:230
+#: ../../configuration/firewall/ipv6.rst:230
msgid "Define log-level. Only applicable if rule log is enable."
msgstr "Define log-level. Only applicable if rule log is enable."
-#: ../../configuration/firewall/general.rst:463
-#: ../../configuration/firewall/general-legacy.rst:354
+#: ../../configuration/firewall/bridge.rst:180
+#: ../../configuration/firewall/ipv4.rst:241
+#: ../../configuration/firewall/ipv6.rst:241
msgid "Define log group to send message to. Only applicable if rule log is enable."
msgstr "Define log group to send message to. Only applicable if rule log is enable."
-#: ../../configuration/firewall/general.rst:490
-#: ../../configuration/firewall/general-legacy.rst:369
+#: ../../configuration/firewall/bridge.rst:195
+#: ../../configuration/firewall/ipv4.rst:264
+#: ../../configuration/firewall/ipv6.rst:264
msgid "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined."
msgstr "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined."
@@ -4201,15 +4072,19 @@ msgstr "Define number of packets to queue inside the kernel before sending them
msgid "Define the time interval to update the local cache"
msgstr "Define the time interval to update the local cache"
-#: ../../configuration/firewall/zone.rst:70
+#: ../../configuration/firewall/zone.rst:89
msgid "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself."
msgstr "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself."
+#: ../../configuration/firewall/flowtables.rst:80
+msgid "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used."
+msgstr "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used."
+
#: ../../configuration/protocols/rpki.rst:114
msgid "Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching instance which is used."
msgstr "Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching instance which is used."
-#: ../../configuration/protocols/igmp.rst:202
+#: ../../configuration/protocols/igmp-proxy.rst:30
msgid "Defines alternate sources for multicasting and IGMP data. The network address must be on the following format 'a.b.c.d/n'. By default, the router will accept data from sources on the same network as configured on an interface. If the multicast source lies on a remote network, one must define from where traffic should be accepted."
msgstr "Defines alternate sources for multicasting and IGMP data. The network address must be on the following format 'a.b.c.d/n'. By default, the router will accept data from sources on the same network as configured on an interface. If the multicast source lies on a remote network, one must define from where traffic should be accepted."
@@ -4233,7 +4108,7 @@ msgstr "Defines next-hop distance for this route, routes with smaller administra
msgid "Defines protocols for checking ARP, ICMP, TCP"
msgstr "Defines protocols for checking ARP, ICMP, TCP"
-#: ../../configuration/vpn/sstp.rst:167
+#: ../../configuration/vpn/sstp.rst:178
msgid "Defines the maximum `` of unanswered echo requests. Upon reaching the value ``, the session will be reset."
msgstr "Defines the maximum `` of unanswered echo requests. Upon reaching the value ``, the session will be reset."
@@ -4245,7 +4120,7 @@ msgstr "Defines the specified device as a system console. Available console devi
msgid "Defining Peers"
msgstr "Defining Peers"
-#: ../../configuration/service/dhcp-server.rst:649
+#: ../../configuration/service/dhcp-server.rst:579
msgid "Delegate prefixes from the range indicated by the start and stop qualifier."
msgstr "Delegate prefixes from the range indicated by the start and stop qualifier."
@@ -4281,7 +4156,6 @@ msgstr "Deletes the specified user-defined file in the /var/log/user dire
msgid "Depending on the location, not all of these channels may be available for use!"
msgstr "Depending on the location, not all of these channels may be available for use!"
-#: ../../configuration/service/router-advert.rst:1
#: ../../configuration/service/router-advert.rst:1
#: ../../configuration/system/syslog.rst:107
#: ../../configuration/system/syslog.rst:167
@@ -4297,11 +4171,11 @@ msgstr "Despite the Drop-Tail policy does not slow down packets, if many packets
msgid "Despite the fact that AD is a superset of LDAP"
msgstr "Despite the fact that AD is a superset of LDAP"
-#: ../../configuration/nat/nat44.rst:261
+#: ../../configuration/nat/nat44.rst:273
msgid "Destination Address"
msgstr "Destination Address"
-#: ../../configuration/nat/nat44.rst:492
+#: ../../configuration/nat/nat44.rst:512
msgid "Destination NAT"
msgstr "Destination NAT"
@@ -4326,6 +4200,7 @@ msgid "Devices evaluating whether an IPv4 address is public must be updated to r
msgstr "Devices evaluating whether an IPv4 address is public must be updated to recognize the new address space. Allocating more private IPv4 address space for NAT devices might prolong the transition to IPv6."
#: ../../configuration/nat/nat44.rst:71
+#: ../../configuration/nat/nat64.rst:21
#: ../../configuration/nat/nat66.rst:18
msgid "Different NAT Types"
msgstr "Different NAT Types"
@@ -4350,7 +4225,8 @@ msgstr "Disable a BFD peer"
msgid "Disable a container."
msgstr "Disable a container."
-#: ../../configuration/firewall/general.rst:1283
+#: ../../configuration/firewall/ipv4.rst:930
+#: ../../configuration/firewall/ipv6.rst:939
msgid "Disable conntrack loose track option"
msgstr "Disable conntrack loose track option"
@@ -4362,29 +4238,6 @@ msgstr "Disable dhcp-relay service."
msgid "Disable dhcpv6-relay service."
msgstr "Disable dhcpv6-relay service."
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
#: ../../_include/interface-disable.txt:4
msgid "Disable given ``. It will be placed in administratively down (``A/D``) state."
msgstr "Disable given ``. It will be placed in administratively down (``A/D``) state."
@@ -4397,6 +4250,10 @@ msgstr "Disable immediate session reset if peer's connected link goes down."
msgid "Disable password based authentication. Login via SSH keys only. This hardens security!"
msgstr "Disable password based authentication. Login via SSH keys only. This hardens security!"
+#: ../../configuration/protocols/pim.rst:167
+msgid "Disable sending and receiving PIM control packets on the interface."
+msgstr "Disable sending and receiving PIM control packets on the interface."
+
#: ../../configuration/service/ssh.rst:64
msgid "Disable the host validation through reverse DNS lookups - can speedup login time when reverse lookup is not possible."
msgstr "Disable the host validation through reverse DNS lookups - can speedup login time when reverse lookup is not possible."
@@ -4413,7 +4270,7 @@ msgstr "Disable this IPv4 static route entry."
msgid "Disable this IPv6 static route entry."
msgstr "Disable this IPv6 static route entry."
-#: ../../configuration/protocols/igmp.rst:228
+#: ../../configuration/protocols/igmp-proxy.rst:56
msgid "Disable this service."
msgstr "Disable this service."
@@ -4437,7 +4294,7 @@ msgstr "Disables interface-based IPv4 static route."
msgid "Disables interface-based IPv6 static route."
msgstr "Disables interface-based IPv6 static route."
-#: ../../configuration/protocols/igmp.rst:215
+#: ../../configuration/protocols/igmp-proxy.rst:43
msgid "Disables quickleave mode. In this mode the daemon will not send a Leave IGMP message upstream as soon as it receives a Leave message for any downstream interface. The daemon will not ask for Membership reports on the downstream interfaces, and if a report is received the group is not joined again the upstream."
msgstr "Disables quickleave mode. In this mode the daemon will not send a Leave IGMP message upstream as soon as it receives a Leave message for any downstream interface. The daemon will not ask for Membership reports on the downstream interfaces, and if a report is received the group is not joined again the upstream."
@@ -4533,25 +4390,6 @@ msgstr "Displays the route packets taken to a network host utilizing VRF instanc
msgid "Do *not* manually edit `/etc/hosts`. This file will automatically be regenerated on boot based on the settings in this section, which means you'll lose all your manual edits. Instead, configure static host mappings as follows."
msgstr "Do *not* manually edit `/etc/hosts`. This file will automatically be regenerated on boot based on the settings in this section, which means you'll lose all your manual edits. Instead, configure static host mappings as follows."
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
#: ../../_include/interface-ipv6.txt:37
msgid "Do not assign a link-local IPv6 address to this interface."
msgstr "Do not assign a link-local IPv6 address to this interface."
@@ -4564,25 +4402,6 @@ msgstr "Do not configure IFB as the first step. First create everything else of
msgid "Do not use the local ``/etc/hosts`` file in name resolution. VyOS DHCP server will use this file to add resolvers to assigned addresses."
msgstr "Do not use the local ``/etc/hosts`` file in name resolution. VyOS DHCP server will use this file to add resolvers to assigned addresses."
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
#: ../../_include/interface-ip.txt:162
msgid "Does not need to be used together with proxy_arp."
msgstr "Does not need to be used together with proxy_arp."
@@ -4591,8 +4410,7 @@ msgstr "Does not need to be used together with proxy_arp."
msgid "Domain"
msgstr "Domain"
-#: ../../configuration/firewall/general.rst:300
-#: ../../configuration/firewall/general-legacy.rst:255
+#: ../../configuration/firewall/groups.rst:127
msgid "Domain Groups"
msgstr "Domain Groups"
@@ -4600,7 +4418,7 @@ msgstr "Domain Groups"
msgid "Domain Name"
msgstr "Domain Name"
-#: ../../configuration/service/https.rst:59
+#: ../../configuration/service/https.rst:50
msgid "Domain name(s) for which to obtain certificate"
msgstr "Domain name(s) for which to obtain certificate"
@@ -4608,6 +4426,10 @@ msgstr "Domain name(s) for which to obtain certificate"
msgid "Domain names can include letters, numbers, hyphens and periods with a maximum length of 253 characters."
msgstr "Domain names can include letters, numbers, hyphens and periods with a maximum length of 253 characters."
+#: ../../configuration/pki/index.rst:259
+msgid "Domain names to apply, multiple domain-names can be specified."
+msgstr "Domain names to apply, multiple domain-names can be specified."
+
#: ../../configuration/system/name-server.rst:13
#: ../../configuration/system/name-server.rst:45
msgid "Domain search order"
@@ -4617,15 +4439,15 @@ msgstr "Domain search order"
msgid "Don't be afraid that you need to re-do your configuration. Key transformation is handled, as always, by our migration scripts, so this will be a smooth transition for you!"
msgstr "Don't be afraid that you need to re-do your configuration. Key transformation is handled, as always, by our migration scripts, so this will be a smooth transition for you!"
-#: ../../configuration/protocols/bgp.rst:1171
+#: ../../configuration/protocols/bgp.rst:1172
msgid "Don't forget, the CIDR declared in the network statement **MUST exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
msgstr "Don't forget, the CIDR declared in the network statement **MUST exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
-#: ../../configuration/protocols/bgp.rst:1125
+#: ../../configuration/protocols/bgp.rst:1126
msgid "Don't forget, the CIDR declared in the network statement MUST **exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
msgstr "Don't forget, the CIDR declared in the network statement MUST **exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
-#: ../../configuration/vpn/site2site_ipsec.rst:295
+#: ../../configuration/vpn/site2site_ipsec.rst:299
msgid "Don't get confused about the used /31 tunnel subnet. :rfc:`3021` gives you additional information for using /31 subnets on point-to-point links."
msgstr "Don't get confused about the used /31 tunnel subnet. :rfc:`3021` gives you additional information for using /31 subnets on point-to-point links."
@@ -4657,7 +4479,7 @@ msgstr "Drop rate"
msgid "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets"
msgstr "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets"
-#: ../../configuration/service/pppoe-server.rst:380
+#: ../../configuration/service/pppoe-server.rst:367
msgid "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation"
msgstr "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation"
@@ -4665,7 +4487,7 @@ msgstr "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation"
msgid "Dummy"
msgstr "Dummy"
-#: ../../configuration/nat/nat44.rst:692
+#: ../../configuration/nat/nat44.rst:716
msgid "Dummy interface"
msgstr "Dummy interface"
@@ -4677,11 +4499,15 @@ msgstr "Dummy interfaces can be used as interfaces that always stay up (in the s
msgid "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers."
msgstr "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers."
+#: ../../configuration/pki/index.rst:285
+msgid "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory"
+msgstr "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory"
+
#: ../../configuration/service/ssh.rst:113
msgid "Dynamic-protection"
msgstr "Dynamic-protection"
-#: ../../configuration/service/dns.rst:199
+#: ../../configuration/service/dns.rst:212
msgid "Dynamic DNS"
msgstr "Dynamic DNS"
@@ -4689,7 +4515,7 @@ msgstr "Dynamic DNS"
msgid "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter."
msgstr "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter."
-#: ../../configuration/nat/nat44.rst:731
+#: ../../configuration/nat/nat44.rst:753
msgid "ESP Phase:"
msgstr "ESP Phase:"
@@ -4757,10 +4583,14 @@ msgstr "Each site-to-site peer has the next options:"
msgid "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
msgstr "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
-#: ../../configuration/service/https.rst:63
+#: ../../configuration/service/https.rst:54
msgid "Email address to associate with certificate"
msgstr "Email address to associate with certificate"
+#: ../../configuration/pki/index.rst:265
+msgid "Email used for registration and recovery contact."
+msgstr "Email used for registration and recovery contact."
+
#: ../../configuration/trafficpolicy/index.rst:300
msgid "Embedding one policy into another one"
msgstr "Embedding one policy into another one"
@@ -4809,6 +4639,10 @@ msgstr "Enable DHCP failover configuration for this address pool."
msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``"
msgstr "Enable HT-delayed Block Ack ``[DELAYED-BA]``"
+#: ../../configuration/system/frr.rst:24
+msgid "Enable ICMP Router Discovery Protocol support"
+msgstr "Enable ICMP Router Discovery Protocol support"
+
#: ../../configuration/interfaces/bridge.rst:81
msgid "Enable IGMP and MLD querier."
msgstr "Enable IGMP and MLD querier."
@@ -4817,23 +4651,23 @@ msgstr "Enable IGMP and MLD querier."
msgid "Enable IGMP and MLD snooping."
msgstr "Enable IGMP and MLD snooping."
-#: ../../configuration/service/dhcp-server.rst:304
+#: ../../configuration/service/dhcp-server.rst:271
msgid "Enable IP forwarding on client"
msgstr "Enable IP forwarding on client"
-#: ../../configuration/protocols/isis.rst:311
+#: ../../configuration/protocols/isis.rst:339
msgid "Enable IS-IS"
msgstr "Enable IS-IS"
-#: ../../configuration/protocols/isis.rst:427
+#: ../../configuration/protocols/isis.rst:455
msgid "Enable IS-IS and IGP-LDP synchronization"
msgstr "Enable IS-IS and IGP-LDP synchronization"
-#: ../../configuration/protocols/isis.rst:386
+#: ../../configuration/protocols/isis.rst:414
msgid "Enable IS-IS and redistribute routes not natively in IS-IS"
msgstr "Enable IS-IS and redistribute routes not natively in IS-IS"
-#: ../../configuration/protocols/isis.rst:465
+#: ../../configuration/protocols/isis.rst:493
#: ../../configuration/protocols/segment-routing.rst:193
msgid "Enable IS-IS with Segment Routing (Experimental)"
msgstr "Enable IS-IS with Segment Routing (Experimental)"
@@ -4883,6 +4717,10 @@ msgstr "Enable OpenVPN Data Channel Offload feature by loading the appropriate k
msgid "Enable SNMP queries of the LLDP database"
msgstr "Enable SNMP queries of the LLDP database"
+#: ../../configuration/system/frr.rst:28
+msgid "Enable SNMP support for an individual routing daemon."
+msgstr "Enable SNMP support for an individual routing daemon."
+
#: ../../configuration/interfaces/bridge.rst:197
#: ../../configuration/interfaces/bridge.rst:232
msgid "Enable STP"
@@ -4900,6 +4738,14 @@ msgstr "Enable VHT TXOP Power Save Mode"
msgid "Enable VLAN-Aware Bridge"
msgstr "Enable VLAN-Aware Bridge"
+#: ../../configuration/system/frr.rst:13
+msgid "Enable :abbr:`BMP (BGP Monitoring Protocol)` support"
+msgstr "Enable :abbr:`BMP (BGP Monitoring Protocol)` support"
+
+#: ../../configuration/service/https.rst:46
+msgid "Enable automatic redirect from http to https."
+msgstr "Enable automatic redirect from http to https."
+
#: ../../configuration/vpn/dmvpn.rst:132
msgid "Enable creation of shortcut routes."
msgstr "Enable creation of shortcut routes."
@@ -4916,18 +4762,22 @@ msgstr "Enable given legacy protocol on this LLDP instance. Legacy protocols inc
msgid "Enable layer 7 HTTP health check"
msgstr "Enable layer 7 HTTP health check"
-#: ../../configuration/firewall/general.rst:177
-#: ../../configuration/firewall/general-legacy.rst:126
+#: ../../configuration/firewall/bridge.rst:157
+#: ../../configuration/firewall/ipv4.rst:206
+#: ../../configuration/firewall/ipv6.rst:206
+msgid "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled."
+msgstr "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled."
+
+#: ../../configuration/firewall/global-options.rst:114
msgid "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:"
msgstr "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:169
-#: ../../configuration/firewall/general-legacy.rst:119
+#: ../../configuration/firewall/global-options.rst:106
msgid "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:"
msgstr "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:426
-#: ../../configuration/firewall/general-legacy.rst:340
+#: ../../configuration/firewall/ipv4.rst:173
+#: ../../configuration/firewall/ipv6.rst:173
msgid "Enable or disable logging for the matched packet."
msgstr "Enable or disable logging for the matched packet."
@@ -4935,28 +4785,9 @@ msgstr "Enable or disable logging for the matched packet."
msgid "Enable ospf on an interface and set associated area."
msgstr "Enable ospf on an interface and set associated area."
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
#: ../../configuration/interfaces/pppoe.rst:228
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
#: ../../configuration/interfaces/sstp-client.rst:100
#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
msgid "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended."
msgstr "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended."
@@ -5002,18 +4833,22 @@ msgstr "Enabled on-demand PPPoE connections bring up the link only when traffic
msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters."
msgstr "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters."
-#: ../../configuration/vrf/index.rst:459
+#: ../../configuration/vrf/index.rst:461
msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained."
msgstr "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained."
-#: ../../configuration/vpn/sstp.rst:266
+#: ../../configuration/vpn/sstp.rst:277
msgid "Enables bandwidth shaping via RADIUS."
msgstr "Enables bandwidth shaping via RADIUS."
-#: ../../configuration/vrf/index.rst:481
+#: ../../configuration/vrf/index.rst:483
msgid "Enables import or export of routes between the current unicast VRF and VPN."
msgstr "Enables import or export of routes between the current unicast VRF and VPN."
+#: ../../configuration/interfaces/vxlan.rst:72
+msgid "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
+msgstr "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
+
#: ../../configuration/protocols/bfd.rst:30
msgid "Enables the echo transmission mode"
msgstr "Enables the echo transmission mode"
@@ -5022,7 +4857,7 @@ msgstr "Enables the echo transmission mode"
msgid "Enabling Advertisments"
msgstr "Enabling Advertisments"
-#: ../../configuration/interfaces/openvpn.rst:627
+#: ../../configuration/interfaces/openvpn.rst:679
msgid "Enabling OpenVPN DCO"
msgstr "Enabling OpenVPN DCO"
@@ -5030,11 +4865,11 @@ msgstr "Enabling OpenVPN DCO"
msgid "Enabling SSH only requires you to specify the port ```` you want SSH to listen on. By default, SSH runs on port 22."
msgstr "Enabling SSH only requires you to specify the port ```` you want SSH to listen on. By default, SSH runs on port 22."
-#: ../../configuration/protocols/igmp.rst:224
+#: ../../configuration/protocols/igmp-proxy.rst:52
msgid "Enabling this function increases the risk of bandwidth saturation."
msgstr "Enabling this function increases the risk of bandwidth saturation."
-#: ../../configuration/service/https.rst:37
+#: ../../configuration/service/https.rst:73
msgid "Enforce strict path checking"
msgstr "Enforce strict path checking"
@@ -5050,25 +4885,6 @@ msgstr "Ensure that when comparing routes where both are equal on most metrics,
msgid "Enterprise installations usually ship a kind of directory service which is used to have a single password store for all employees. VyOS and OpenVPN support using LDAP/AD as single user backend."
msgstr "Enterprise installations usually ship a kind of directory service which is used to have a single password store for all employees. VyOS and OpenVPN support using LDAP/AD as single user backend."
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
#: ../../_include/interface-ip.txt:172
msgid "Ericsson call it MAC-Forced Forwarding (RFC Draft)"
msgstr "Ericsson call it MAC-Forced Forwarding (RFC Draft)"
@@ -5089,15 +4905,6 @@ msgstr "Established sessions can be viewed using the **show l2tp-server sessions
msgid "Ethernet"
msgstr "Ethernet"
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
#: ../../_include/interface-disable-flow-control.txt:4
msgid "Ethernet flow control is a mechanism for temporarily stopping the transmission of data on Ethernet family computer networks. The goal of this mechanism is to ensure zero packet loss in the presence of network congestion."
msgstr "Ethernet flow control is a mechanism for temporarily stopping the transmission of data on Ethernet family computer networks. The goal of this mechanism is to ensure zero packet loss in the presence of network congestion."
@@ -5130,7 +4937,7 @@ msgstr "Event handler script"
msgid "Event handler that monitors the state of interface eth0."
msgstr "Event handler that monitors the state of interface eth0."
-#: ../../configuration/nat/nat44.rst:221
+#: ../../configuration/nat/nat44.rst:233
msgid "Every NAT rule has a translation command defined. The address defined for the translation is the address used when the address information in a packet is replaced."
msgstr "Every NAT rule has a translation command defined. The address defined for the translation is the address used when the address information in a packet is replaced."
@@ -5162,563 +4969,114 @@ msgstr "Every WWAN connection requires an :abbr:`APN (Access Point Name)` which
msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection."
msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection."
+#: ../../configuration/firewall/bridge.rst:321
#: ../../configuration/highavailability/index.rst:397
#: ../../configuration/interfaces/bonding.rst:291
#: ../../configuration/interfaces/l2tpv3.rst:86
#: ../../configuration/interfaces/pppoe.rst:323
#: ../../configuration/interfaces/virtual-ethernet.rst:92
-#: ../../configuration/interfaces/vxlan.rst:166
+#: ../../configuration/interfaces/vxlan.rst:187
#: ../../configuration/interfaces/wwan.rst:294
#: ../../configuration/protocols/failover.rst:63
-#: ../../configuration/protocols/igmp.rst:35
-#: ../../configuration/protocols/igmp.rst:233
+#: ../../configuration/protocols/igmp-proxy.rst:61
+#: ../../configuration/protocols/pim.rst:217
#: ../../configuration/protocols/rpki.rst:156
#: ../../configuration/service/broadcast-relay.rst:55
#: ../../configuration/service/conntrack-sync.rst:186
#: ../../configuration/service/dhcp-relay.rst:85
-#: ../../configuration/service/dhcp-relay.rst:172
-#: ../../configuration/service/dhcp-server.rst:421
-#: ../../configuration/service/dns.rst:147
-#: ../../configuration/service/dns.rst:263
+#: ../../configuration/service/dhcp-relay.rst:174
+#: ../../configuration/service/dhcp-server.rst:362
+#: ../../configuration/service/dns.rst:160
+#: ../../configuration/service/dns.rst:276
#: ../../configuration/service/eventhandler.rst:83
#: ../../configuration/service/ipoe-server.rst:150
-#: ../../configuration/service/mdns.rst:34
+#: ../../configuration/service/mdns.rst:50
#: ../../configuration/service/monitoring.rst:134
#: ../../configuration/service/snmp.rst:94
#: ../../configuration/service/snmp.rst:145
#: ../../configuration/service/tftp-server.rst:47
#: ../../configuration/system/acceleration.rst:58
-#: ../../configuration/system/login.rst:395
+#: ../../configuration/system/login.rst:397
#: ../../configuration/system/name-server.rst:28
#: ../../configuration/system/name-server.rst:63
#: ../../configuration/system/sflow.rst:49
+#: ../../configuration/system/updates.rst:21
#: ../../configuration/trafficpolicy/index.rst:530
#: ../../configuration/trafficpolicy/index.rst:1122
#: ../../configuration/vpn/dmvpn.rst:161
#: ../../configuration/vpn/openconnect.rst:97
-#: ../../configuration/vpn/sstp.rst:275
+#: ../../configuration/vpn/sstp.rst:286
#: ../../configuration/vrf/index.rst:99
#: ../../configuration/vrf/index.rst:232
msgid "Example"
msgstr "Example"
-#: ../../configuration/service/pppoe-server.rst:144
+#: ../../configuration/service/pppoe-server.rst:131
msgid "Example, from radius-server send command for disconnect client with username test"
msgstr "Example, from radius-server send command for disconnect client with username test"
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-eapol.txt:18
-#: ../../_include/interface-eapol.txt:33
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-vrf.txt:9
#: ../../configuration/interfaces/pppoe.rst:127
#: ../../configuration/interfaces/pppoe.rst:140
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-vrf.txt:9
#: ../../configuration/interfaces/sstp-client.rst:49
#: ../../configuration/interfaces/sstp-client.rst:62
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-per-client-thread.txt:10
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-per-client-thread.txt:10
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../configuration/nat/nat44.rst:153
-#: ../../configuration/nat/nat44.rst:163
-#: ../../configuration/nat/nat44.rst:173
-#: ../../configuration/nat/nat44.rst:187
-#: ../../configuration/nat/nat44.rst:208
-#: ../../configuration/nat/nat44.rst:244
-#: ../../configuration/nat/nat44.rst:266
-#: ../../configuration/nat/nat44.rst:411
+#: ../../configuration/nat/nat44.rst:170
+#: ../../configuration/nat/nat44.rst:185
+#: ../../configuration/nat/nat44.rst:199
+#: ../../configuration/nat/nat44.rst:220
+#: ../../configuration/nat/nat44.rst:256
+#: ../../configuration/nat/nat44.rst:278
+#: ../../configuration/nat/nat44.rst:425
#: ../../configuration/nat/nat66.rst:78
#: ../../configuration/nat/nat66.rst:96
#: ../../configuration/protocols/static.rst:174
-#: ../../configuration/service/dns.rst:350
+#: ../../configuration/service/dns.rst:363
#: ../../configuration/service/monitoring.rst:69
#: ../../configuration/service/monitoring.rst:98
#: ../../configuration/service/ssh.rst:165
#: ../../configuration/service/ssh.rst:200
#: ../../configuration/system/flow-accounting.rst:164
#: ../../configuration/vpn/l2tp.rst:41
-#: ../../configuration/vpn/site2site_ipsec.rst:158
-#: ../../configuration/vpn/site2site_ipsec.rst:269
+#: ../../configuration/vpn/site2site_ipsec.rst:162
+#: ../../configuration/vpn/site2site_ipsec.rst:273
+#: ../../_include/interface-address-with-dhcp.txt:22
+#: ../../_include/interface-address.txt:9
+#: ../../_include/interface-description.txt:7
+#: ../../_include/interface-dhcp-options.txt:10
+#: ../../_include/interface-dhcp-options.txt:22
+#: ../../_include/interface-dhcp-options.txt:39
+#: ../../_include/interface-dhcp-options.txt:51
+#: ../../_include/interface-dhcp-options.txt:62
+#: ../../_include/interface-dhcp-options.txt:77
+#: ../../_include/interface-dhcp-options.txt:91
+#: ../../_include/interface-disable-flow-control.txt:19
+#: ../../_include/interface-disable-link-detect.txt:9
+#: ../../_include/interface-disable.txt:7
+#: ../../_include/interface-eapol.txt:18
+#: ../../_include/interface-eapol.txt:33
+#: ../../_include/interface-ip.txt:27
+#: ../../_include/interface-ip.txt:50
+#: ../../_include/interface-ip.txt:144
+#: ../../_include/interface-ipv6.txt:15
+#: ../../_include/interface-ipv6.txt:28
+#: ../../_include/interface-ipv6.txt:39
+#: ../../_include/interface-ipv6.txt:51
+#: ../../_include/interface-ipv6.txt:83
+#: ../../_include/interface-ipv6.txt:96
+#: ../../_include/interface-mac.txt:7
+#: ../../_include/interface-mtu.txt:7
+#: ../../_include/interface-per-client-thread.txt:10
+#: ../../_include/interface-vrf.txt:9
msgid "Example:"
msgstr "Example:"
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
msgid "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation."
msgstr "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation."
-#: ../../configuration/nat/nat44.rst:357
+#: ../../configuration/nat/nat44.rst:371
msgid "Example: For an ~8,000 host network a source NAT pool of 32 IP addresses is recommended."
msgstr "Example: For an ~8,000 host network a source NAT pool of 32 IP addresses is recommended."
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
msgid "Example: If ID is 1 and the client is delegated an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will combine the two values into a single IPv6 prefix, 2001:db8:ffff:1::/64, and will configure the prefix on the specified interface."
msgstr "Example: If ID is 1 and the client is delegated an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will combine the two values into a single IPv6 prefix, 2001:db8:ffff:1::/64, and will configure the prefix on the specified interface."
@@ -5769,24 +5127,24 @@ msgstr "Example: to be appended is set to ``vyos.net`` and the URL received is `
msgid "Example Configuration"
msgstr "Example Configuration"
-#: ../../configuration/service/dns.rst:365
+#: ../../configuration/service/dns.rst:378
msgid "Example IPv6 only:"
msgstr "Example IPv6 only:"
-#: ../../configuration/nat/nat44.rst:666
+#: ../../configuration/nat/nat44.rst:690
msgid "Example Network"
msgstr "Example Network"
-#: ../../configuration/firewall/general.rst:1495
-#: ../../configuration/firewall/general-legacy.rst:979
+#: ../../configuration/firewall/ipv4.rst:1130
+#: ../../configuration/firewall/ipv6.rst:1153
msgid "Example Partial Config"
msgstr "Example Partial Config"
-#: ../../configuration/protocols/ospf.rst:1346
+#: ../../configuration/protocols/ospf.rst:1348
msgid "Example configuration for WireGuard interfaces:"
msgstr "Example configuration for WireGuard interfaces:"
-#: ../../configuration/service/pppoe-server.rst:160
+#: ../../configuration/service/pppoe-server.rst:147
msgid "Example for changing rate-limit via RADIUS CoA."
msgstr "Example for changing rate-limit via RADIUS CoA."
@@ -5794,28 +5152,31 @@ msgstr "Example for changing rate-limit via RADIUS CoA."
msgid "Example for configuring a simple L2TP over IPsec VPN for remote access (works with native Windows and Mac VPN clients):"
msgstr "Example for configuring a simple L2TP over IPsec VPN for remote access (works with native Windows and Mac VPN clients):"
-#: ../../configuration/nat/nat44.rst:280
+#: ../../configuration/nat/nat44.rst:292
msgid "Example of redirection:"
msgstr "Example of redirection:"
-#: ../../configuration/firewall/general.rst:1278
+#: ../../configuration/firewall/ipv4.rst:925
+#: ../../configuration/firewall/ipv6.rst:934
msgid "Example synproxy"
msgstr "Example synproxy"
+#: ../../configuration/firewall/groups.rst:145
#: ../../configuration/interfaces/bridge.rst:187
#: ../../configuration/interfaces/macsec.rst:153
#: ../../configuration/interfaces/wireless.rst:541
#: ../../configuration/loadbalancing/reverse-proxy.rst:187
#: ../../configuration/policy/index.rst:46
-#: ../../configuration/protocols/bgp.rst:1095
-#: ../../configuration/protocols/isis.rst:308
+#: ../../configuration/protocols/bgp.rst:1096
+#: ../../configuration/protocols/isis.rst:336
#: ../../configuration/protocols/ospf.rst:834
-#: ../../configuration/service/pppoe-server.rst:356
+#: ../../configuration/service/pppoe-server.rst:343
#: ../../configuration/service/webproxy.rst:419
msgid "Examples"
msgstr "Examples"
-#: ../../configuration/vpn/site2site_ipsec.rst:153
+#: ../../configuration/nat/nat44.rst:154
+#: ../../configuration/vpn/site2site_ipsec.rst:157
msgid "Examples:"
msgstr "Examples:"
@@ -5847,11 +5208,15 @@ msgstr "Exit policy on match: go to rule <1-65535>"
msgid "Expedited forwarding (EF)"
msgstr "Expedited forwarding (EF)"
+#: ../../configuration/firewall/flowtables.rst:140
+msgid "Explanation"
+msgstr "Explanation"
+
#: ../../configuration/service/salt-minion.rst:33
msgid "Explicitly declare ID for this minion to use (default: hostname)"
msgstr "Explicitly declare ID for this minion to use (default: hostname)"
-#: ../../configuration/service/dhcp-relay.rst:176
+#: ../../configuration/service/dhcp-relay.rst:178
msgid "External DHCPv6 server is at 2001:db8::4"
msgstr "External DHCPv6 server is at 2001:db8::4"
@@ -5879,11 +5244,15 @@ msgstr "FQ-CoDel is tuned to run ok with its default parameters at 10Gbit speeds
msgid "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it."
msgstr "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it."
+#: ../../configuration/system/frr.rst:5
+msgid "FRR"
+msgstr "FRR"
+
#: ../../configuration/protocols/ospf.rst:213
msgid "FRR offers only partial support for some of the routing protocol extensions that are used with MPLS-TE; it does not support a complete RSVP-TE solution."
msgstr "FRR offers only partial support for some of the routing protocol extensions that are used with MPLS-TE; it does not support a complete RSVP-TE solution."
-#: ../../configuration/interfaces/vxlan.rst:138
+#: ../../configuration/interfaces/vxlan.rst:159
msgid "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`."
msgstr "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`."
@@ -5905,8 +5274,8 @@ msgstr "Facility Code"
#: ../../configuration/loadbalancing/wan.rst:218
#: ../../configuration/protocols/failover.rst:3
-#: ../../configuration/service/dhcp-server.rst:171
-#: ../../configuration/service/dhcp-server.rst:428
+#: ../../configuration/service/dhcp-server.rst:136
+#: ../../configuration/service/dhcp-server.rst:369
msgid "Failover"
msgstr "Failover"
@@ -5942,15 +5311,15 @@ msgstr "Features of the Current Implementation"
msgid "Field"
msgstr "Field"
-#: ../../configuration/service/dns.rst:228
+#: ../../configuration/service/dns.rst:241
msgid "File identified by `` containing the secret RNDC key shared with remote DNS server."
msgstr "File identified by `` containing the secret RNDC key shared with remote DNS server."
-#: ../../configuration/service/pppoe-server.rst:241
+#: ../../configuration/service/pppoe-server.rst:228
msgid "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)"
msgstr "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)"
-#: ../../configuration/service/pppoe-server.rst:167
+#: ../../configuration/service/pppoe-server.rst:154
msgid "Filter-Id=5000/4000 (means 5000Kbit down-stream rate and 4000Kbit up-stream rate) If attribute Filter-Id redefined, replace it in RADIUS CoA request."
msgstr "Filter-Id=5000/4000 (means 5000Kbit down-stream rate and 4000Kbit up-stream rate) If attribute Filter-Id redefined, replace it in RADIUS CoA request."
@@ -5982,6 +5351,14 @@ msgstr "Firewall"
msgid "Firewall-Legacy"
msgstr "Firewall-Legacy"
+#: ../../configuration/firewall/ipv4.rst:72
+msgid "Firewall - IPv4 Rules"
+msgstr "Firewall - IPv4 Rules"
+
+#: ../../configuration/firewall/ipv6.rst:72
+msgid "Firewall - IPv6 Rules"
+msgstr "Firewall - IPv6 Rules"
+
#: ../../configuration/firewall/general.rst:7
msgid "Firewall Configuration"
msgstr "Firewall Configuration"
@@ -5990,7 +5367,9 @@ msgstr "Firewall Configuration"
msgid "Firewall Configuration (Deprecated)"
msgstr "Firewall Configuration (Deprecated)"
-#: ../../configuration/firewall/general.rst:495
+#: ../../configuration/firewall/bridge.rst:199
+#: ../../configuration/firewall/ipv4.rst:268
+#: ../../configuration/firewall/ipv6.rst:268
msgid "Firewall Description"
msgstr "Firewall Description"
@@ -5999,7 +5378,9 @@ msgstr "Firewall Description"
msgid "Firewall Exceptions"
msgstr "Firewall Exceptions"
-#: ../../configuration/firewall/general.rst:410
+#: ../../configuration/firewall/bridge.rst:149
+#: ../../configuration/firewall/ipv4.rst:196
+#: ../../configuration/firewall/ipv6.rst:196
msgid "Firewall Logs"
msgstr "Firewall Logs"
@@ -6007,6 +5388,14 @@ msgstr "Firewall Logs"
msgid "Firewall Rules"
msgstr "Firewall Rules"
+#: ../../configuration/firewall/groups.rst:7
+msgid "Firewall groups"
+msgstr "Firewall groups"
+
+#: ../../configuration/firewall/groups.rst:13
+msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and/or as inbound/outbound in the case of interface group."
+msgstr "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and/or as inbound/outbound in the case of interface group."
+
#: ../../configuration/firewall/general.rst:186
msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and as inbpund/outbound in the case of interface group."
msgstr "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and as inbpund/outbound in the case of interface group."
@@ -6023,10 +5412,14 @@ msgstr "Firewall mark. It possible to loadbalancing traffic based on ``fwmark``
msgid "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces."
msgstr "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces."
-#: ../../configuration/nat/nat44.rst:620
+#: ../../configuration/nat/nat44.rst:644
msgid "Firewall rules are written as normal, using the internal IP address as the source of outbound rules and the destination of inbound rules."
msgstr "Firewall rules are written as normal, using the internal IP address as the source of outbound rules and the destination of inbound rules."
+#: ../../configuration/nat/nat44.rst:572
+msgid "Firewall rules for Destination NAT"
+msgstr "Firewall rules for Destination NAT"
+
#: ../../configuration/interfaces/wwan.rst:321
msgid "Firmware Update"
msgstr "Firmware Update"
@@ -6059,7 +5452,7 @@ msgstr "First of all, we need to create a CA root certificate and server certifi
msgid "First of all you must configure BGP router with the :abbr:`ASN (Autonomous System Number)`. The AS number is an identifier for the autonomous system. The BGP protocol uses the AS number for detecting whether the BGP connection is internal or external. VyOS does not have a special command to start the BGP process. The BGP process starts when the first neighbor is configured."
msgstr "First of all you must configure BGP router with the :abbr:`ASN (Autonomous System Number)`. The AS number is an identifier for the autonomous system. The BGP protocol uses the AS number for detecting whether the BGP connection is internal or external. VyOS does not have a special command to start the BGP process. The BGP process starts when the first neighbor is configured."
-#: ../../configuration/nat/nat44.rst:635
+#: ../../configuration/nat/nat44.rst:659
msgid "First scenario: apply destination NAT for all HTTP traffic comming through interface eth0, and user 4 backends. First backend should received 30% of the request, second backend should get 20%, third 15% and the fourth 35% We will use source and destination address for hash generation."
msgstr "First scenario: apply destination NAT for all HTTP traffic comming through interface eth0, and user 4 backends. First backend should received 30% of the request, second backend should get 20%, third 15% and the fourth 35% We will use source and destination address for hash generation."
@@ -6067,7 +5460,7 @@ msgstr "First scenario: apply destination NAT for all HTTP traffic comming throu
msgid "First steps"
msgstr "First steps"
-#: ../../configuration/vpn/openconnect.rst:171
+#: ../../configuration/vpn/openconnect.rst:178
msgid "First the OTP keys must be generated and sent to the user and to the configuration:"
msgstr "First the OTP keys must be generated and sent to the user and to the configuration:"
@@ -6103,10 +5496,30 @@ msgstr "Flow and packet-based balancing"
msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router."
msgstr "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router."
+#: ../../configuration/firewall/flowtables.rst:57
+msgid "Flowtable Configuration"
+msgstr "Flowtable Configuration"
+
+#: ../../configuration/firewall/flowtables.rst:7
+msgid "Flowtables Firewall Configuration"
+msgstr "Flowtables Firewall Configuration"
+
+#: ../../configuration/firewall/flowtables.rst:32
+msgid "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols."
+msgstr "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols."
+
#: ../../configuration/loadbalancing/wan.rst:244
msgid "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished."
msgstr "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished."
+#: ../../configuration/service/ssh.rst:236
+msgid "Follow the SSH dynamic-protection log."
+msgstr "Follow the SSH dynamic-protection log."
+
+#: ../../configuration/service/ssh.rst:228
+msgid "Follow the SSH server log."
+msgstr "Follow the SSH server log."
+
#: ../../configuration/vpn/openconnect.rst:102
msgid "Follow the instructions to generate CA cert (in configuration mode):"
msgstr "Follow the instructions to generate CA cert (in configuration mode):"
@@ -6115,6 +5528,10 @@ msgstr "Follow the instructions to generate CA cert (in configuration mode):"
msgid "Follow the instructions to generate server cert (in configuration mode):"
msgstr "Follow the instructions to generate server cert (in configuration mode):"
+#: ../../configuration/service/mdns.rst:91
+msgid "Follow the logs for mDNS repeater service."
+msgstr "Follow the logs for mDNS repeater service."
+
#: ../../configuration/interfaces/openvpn.rst:258
msgid "For Encryption:"
msgstr "For Encryption:"
@@ -6131,11 +5548,11 @@ msgstr "For IS-IS top operate correctly, one must do the equivalent of a Router
msgid "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop."
msgstr "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop."
-#: ../../configuration/service/pppoe-server.rst:201
+#: ../../configuration/service/pppoe-server.rst:188
msgid "For Local Users"
msgstr "For Local Users"
-#: ../../configuration/service/pppoe-server.rst:236
+#: ../../configuration/service/pppoe-server.rst:223
msgid "For RADIUS users"
msgstr "For RADIUS users"
@@ -6147,11 +5564,11 @@ msgstr "For USB port information please refor to: :ref:`hardware_usb`."
msgid "For :ref:`bidirectional-nat` a rule for both :ref:`source-nat` and :ref:`destination-nat` needs to be created."
msgstr "For :ref:`bidirectional-nat` a rule for both :ref:`source-nat` and :ref:`destination-nat` needs to be created."
-#: ../../configuration/nat/nat44.rst:263
+#: ../../configuration/nat/nat44.rst:275
msgid "For :ref:`destination-nat` rules the packets destination address will be replaced by the specified address in the `translation address` command."
msgstr "For :ref:`destination-nat` rules the packets destination address will be replaced by the specified address in the `translation address` command."
-#: ../../configuration/nat/nat44.rst:228
+#: ../../configuration/nat/nat44.rst:240
msgid "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address."
msgstr "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address."
@@ -6163,7 +5580,7 @@ msgstr "For a headstart you can use the below example on how to build a bond,por
msgid "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system."
msgstr "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system."
-#: ../../configuration/nat/nat44.rst:248
+#: ../../configuration/nat/nat44.rst:260
msgid "For a large amount of private machines behind the NAT your address pool might to be bigger. Use any address in the range 100.64.0.10 - 100.64.0.20 on SNAT rule 40 when doing the translation"
msgstr "For a large amount of private machines behind the NAT your address pool might to be bigger. Use any address in the range 100.64.0.10 - 100.64.0.20 on SNAT rule 40 when doing the translation"
@@ -6187,7 +5604,9 @@ msgstr "For example:"
msgid "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``"
msgstr "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``"
-#: ../../configuration/firewall/general.rst:320
+#: ../../configuration/firewall/bridge.rst:58
+#: ../../configuration/firewall/ipv4.rst:74
+#: ../../configuration/firewall/ipv6.rst:74
msgid "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed."
msgstr "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed."
@@ -6223,11 +5642,11 @@ msgstr "For latest releases, refer the `firewall (interface-groups) ` in this section you can find detailed information only for the next part of the general structure:"
+msgstr "From main structure defined in :doc:`Firewall Overview` in this section you can find detailed information only for the next part of the general structure:"
+
#: ../../configuration/highavailability/index.rst:380
msgid "Fwmark"
msgstr "Fwmark"
@@ -6369,6 +5819,10 @@ msgstr "General"
msgid "General Configuration"
msgstr "General Configuration"
+#: ../../configuration/firewall/bridge.rst:291
+msgid "General commands for firewall configuration, counter and statiscits:"
+msgstr "General commands for firewall configuration, counter and statiscits:"
+
#: ../../configuration/interfaces/wireguard.rst:29
msgid "Generate Keypair"
msgstr "Generate Keypair"
@@ -6424,6 +5878,10 @@ msgstr "Get an overview over the encryption counters."
msgid "Get detailed information about LLDP neighbors."
msgstr "Get detailed information about LLDP neighbors."
+#: ../../configuration/nat/nat66.rst:160
+msgid "Get the DHCPv6-PD prefixes from both routers:"
+msgstr "Get the DHCPv6-PD prefixes from both routers:"
+
#: ../../configuration/protocols/rpki.rst:39
msgid "Getting started"
msgstr "Getting started"
@@ -6444,6 +5902,10 @@ msgstr "Gloabal"
msgid "Global Options"
msgstr "Global Options"
+#: ../../configuration/firewall/global-options.rst:7
+msgid "Global Options Firewall Configuration"
+msgstr "Global Options Firewall Configuration"
+
#: ../../configuration/highavailability/index.rst:224
msgid "Global options"
msgstr "Global options"
@@ -6465,7 +5927,6 @@ msgstr "Graceful Restart"
msgid "Gratuitous ARP"
msgstr "Gratuitous ARP"
-#: ../../configuration/firewall/general.rst:184
#: ../../configuration/firewall/general-legacy.rst:153
msgid "Groups"
msgstr "Groups"
@@ -6482,7 +5943,11 @@ msgstr "HQ's router requires the following steps to generate crypto materials fo
msgid "HTTP-API"
msgstr "HTTP-API"
-#: ../../configuration/service/dns.rst:304
+#: ../../configuration/service/https.rst:5
+msgid "HTTP API"
+msgstr "HTTP API"
+
+#: ../../configuration/service/dns.rst:317
msgid "HTTP based services"
msgstr "HTTP based services"
@@ -6499,11 +5964,11 @@ msgstr "HTTP client"
msgid "HT (High Throughput) capabilities (802.11n)"
msgstr "HT (High Throughput) capabilities (802.11n)"
-#: ../../configuration/nat/nat44.rst:398
+#: ../../configuration/nat/nat44.rst:412
msgid "Hairpin NAT/NAT Reflection"
msgstr "Hairpin NAT/NAT Reflection"
-#: ../../configuration/service/dhcp-server.rst:643
+#: ../../configuration/service/dhcp-server.rst:573
msgid "Hand out prefixes of size `` to clients in subnet `` when they request for prefix delegation."
msgstr "Hand out prefixes of size `` to clients in subnet `` when they request for prefix delegation."
@@ -6511,7 +5976,7 @@ msgstr "Hand out prefixes of size `` to clients in subnet `` whe
msgid "Handling and monitoring"
msgstr "Handling and monitoring"
-#: ../../configuration/nat/nat44.rst:389
+#: ../../configuration/nat/nat44.rst:403
msgid "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled."
msgstr "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled."
@@ -6527,15 +5992,15 @@ msgstr "Health check scripts"
msgid "Health checks"
msgstr "Health checks"
-#: ../../configuration/nat/nat44.rst:602
+#: ../../configuration/nat/nat44.rst:626
msgid "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:"
msgstr "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:"
-#: ../../configuration/nat/nat44.rst:668
+#: ../../configuration/nat/nat44.rst:692
msgid "Here's one example of a network environment for an ASP. The ASP requests that all connections from this company should come from 172.29.41.89 - an address that is assigned by the ASP and not in use at the customer site."
msgstr "Here's one example of a network environment for an ASP. The ASP requests that all connections from this company should come from 172.29.41.89 - an address that is assigned by the ASP and not in use at the customer site."
-#: ../../configuration/protocols/isis.rst:357
+#: ../../configuration/protocols/isis.rst:385
msgid "Here's the IP routes that are populated. Just the loopback:"
msgstr "Here's the IP routes that are populated. Just the loopback:"
@@ -6563,36 +6028,21 @@ msgstr "Here is an example :abbr:`NET (Network Entity Title)` value:"
msgid "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`."
msgstr "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`."
-#: ../../configuration/protocols/isis.rst:523
+#: ../../configuration/firewall/groups.rst:150
+msgid "Here is an example were multiple groups are created:"
+msgstr "Here is an example were multiple groups are created:"
+
+#: ../../configuration/protocols/isis.rst:551
#: ../../configuration/protocols/ospf.rst:1036
#: ../../configuration/protocols/segment-routing.rst:251
#: ../../configuration/protocols/segment-routing.rst:330
msgid "Here is the routing tables showing the MPLS segment routing label operations:"
msgstr "Here is the routing tables showing the MPLS segment routing label operations:"
-#: ../../configuration/nat/nat44.rst:633
+#: ../../configuration/nat/nat44.rst:657
msgid "Here we provide two examples on how to apply NAT Load Balance."
msgstr "Here we provide two examples on how to apply NAT Load Balance."
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
#: ../../_include/interface-ip.txt:170
msgid "Hewlett-Packard call it Source-Port filtering or port-isolation"
msgstr "Hewlett-Packard call it Source-Port filtering or port-isolation"
@@ -6624,7 +6074,7 @@ msgstr "Host Information"
msgid "Host name"
msgstr "Host name"
-#: ../../configuration/service/dhcp-server.rst:698
+#: ../../configuration/service/dhcp-server.rst:630
msgid "Host specific mapping shall be named ``client1``"
msgstr "Host specific mapping shall be named ``client1``"
@@ -6676,17 +6126,10 @@ msgstr "IEEE 802.1X/MACsec pre-shared key mode. This allows configuring MACsec w
msgid "IEEE 802.1X/MACsec replay protection window. This determines a window in which replay is tolerated, to allow receipt of frames that have been misordered by the network."
msgstr "IEEE 802.1X/MACsec replay protection window. This determines a window in which replay is tolerated, to allow receipt of frames that have been misordered by the network."
-#: ../../_include/interface-vlan-8021ad.txt:3
-#: ../../_include/interface-vlan-8021ad.txt:3
#: ../../_include/interface-vlan-8021ad.txt:3
msgid "IEEE 802.1ad_ was an Ethernet networking standard informally known as QinQ as an amendment to IEEE standard 802.1q VLAN interfaces as described above. 802.1ad was incorporated into the base 802.1q_ standard in 2011. The technique is also known as provider bridging, Stacked VLANs, or simply QinQ or Q-in-Q. \"Q-in-Q\" can for supported devices apply to C-tag stacking on C-tag (Ethernet Type = 0x8100)."
msgstr "IEEE 802.1ad_ was an Ethernet networking standard informally known as QinQ as an amendment to IEEE standard 802.1q VLAN interfaces as described above. 802.1ad was incorporated into the base 802.1q_ standard in 2011. The technique is also known as provider bridging, Stacked VLANs, or simply QinQ or Q-in-Q. \"Q-in-Q\" can for supported devices apply to C-tag stacking on C-tag (Ethernet Type = 0x8100)."
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
#: ../../_include/interface-vlan-8021q.txt:1
msgid "IEEE 802.1q_, often referred to as Dot1q, is the networking standard that supports virtual LANs (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. The standard also contains provisions for a quality-of-service prioritization scheme commonly known as IEEE 802.1p and defines the Generic Attribute Registration Protocol."
msgstr "IEEE 802.1q_, often referred to as Dot1q, is the networking standard that supports virtual LANs (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. The standard also contains provisions for a quality-of-service prioritization scheme commonly known as IEEE 802.1p and defines the Generic Attribute Registration Protocol."
@@ -6695,11 +6138,15 @@ msgstr "IEEE 802.1q_, often referred to as Dot1q, is the networking standard tha
msgid "IETF published :rfc:`6598`, detailing a shared address space for use in ISP CGN deployments that can handle the same network prefixes occurring both on inbound and outbound interfaces. ARIN returned address space to the :abbr:`IANA (Internet Assigned Numbers Authority)` for this allocation."
msgstr "IETF published :rfc:`6598`, detailing a shared address space for use in ISP CGN deployments that can handle the same network prefixes occurring both on inbound and outbound interfaces. ARIN returned address space to the :abbr:`IANA (Internet Assigned Numbers Authority)` for this allocation."
-#: ../../configuration/protocols/igmp.rst:179
+#: ../../configuration/protocols/pim.rst:176
+msgid "IGMP - Internet Group Management Protocol)"
+msgstr "IGMP - Internet Group Management Protocol)"
+
+#: ../../configuration/protocols/igmp-proxy.rst:7
msgid "IGMP Proxy"
msgstr "IGMP Proxy"
-#: ../../configuration/nat/nat44.rst:726
+#: ../../configuration/nat/nat44.rst:748
msgid "IKE Phase:"
msgstr "IKE Phase:"
@@ -6711,11 +6158,11 @@ msgstr "IKE (Internet Key Exchange) Attributes"
msgid "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996"
msgstr "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996"
-#: ../../configuration/vpn/site2site_ipsec.rst:156
+#: ../../configuration/vpn/site2site_ipsec.rst:160
msgid "IKEv1"
msgstr "IKEv1"
-#: ../../configuration/vpn/site2site_ipsec.rst:267
+#: ../../configuration/vpn/site2site_ipsec.rst:271
msgid "IKEv2"
msgstr "IKEv2"
@@ -6739,11 +6186,11 @@ msgstr "IPIP6"
msgid "IPSec:"
msgstr "IPSec:"
-#: ../../configuration/nat/nat44.rst:722
+#: ../../configuration/nat/nat44.rst:744
msgid "IPSec IKE and ESP"
msgstr "IPSec IKE and ESP"
-#: ../../configuration/nat/nat44.rst:687
+#: ../../configuration/nat/nat44.rst:711
msgid "IPSec IKE and ESP Groups;"
msgstr "IPSec IKE and ESP Groups;"
@@ -6751,19 +6198,19 @@ msgstr "IPSec IKE and ESP Groups;"
msgid "IPSec IKEv2 Remote Access VPN"
msgstr "IPSec IKEv2 Remote Access VPN"
-#: ../../configuration/vpn/site2site_ipsec.rst:281
+#: ../../configuration/vpn/site2site_ipsec.rst:285
msgid "IPSec IKEv2 site2site VPN"
msgstr "IPSec IKEv2 site2site VPN"
-#: ../../configuration/vpn/site2site_ipsec.rst:281
+#: ../../configuration/vpn/site2site_ipsec.rst:285
msgid "IPSec IKEv2 site2site VPN (source ./draw.io/vpn_s2s_ikev2.drawio)"
msgstr "IPSec IKEv2 site2site VPN (source ./draw.io/vpn_s2s_ikev2.drawio)"
-#: ../../configuration/nat/nat44.rst:758
+#: ../../configuration/nat/nat44.rst:780
msgid "IPSec VPN Tunnels"
msgstr "IPSec VPN Tunnels"
-#: ../../configuration/nat/nat44.rst:688
+#: ../../configuration/nat/nat44.rst:712
msgid "IPSec VPN tunnels."
msgstr "IPSec VPN tunnels."
@@ -6771,7 +6218,7 @@ msgstr "IPSec VPN tunnels."
msgid "IP address"
msgstr "IP address"
-#: ../../configuration/service/dhcp-server.rst:237
+#: ../../configuration/service/dhcp-server.rst:202
msgid "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``"
msgstr "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``"
@@ -6780,19 +6227,19 @@ msgstr "IP address ``192.168.1.100`` shall be statically mapped to client named
msgid "IP address ``192.168.2.1/24``"
msgstr "IP address ``192.168.2.1/24``"
-#: ../../configuration/service/dhcp-server.rst:319
+#: ../../configuration/service/dhcp-server.rst:286
msgid "IP address for DHCP server identifier"
msgstr "IP address for DHCP server identifier"
-#: ../../configuration/service/dhcp-server.rst:309
+#: ../../configuration/service/dhcp-server.rst:276
msgid "IP address of NTP server"
msgstr "IP address of NTP server"
-#: ../../configuration/service/dhcp-server.rst:349
+#: ../../configuration/service/dhcp-server.rst:316
msgid "IP address of POP3 server"
msgstr "IP address of POP3 server"
-#: ../../configuration/service/dhcp-server.rst:344
+#: ../../configuration/service/dhcp-server.rst:311
msgid "IP address of SMTP server"
msgstr "IP address of SMTP server"
@@ -6808,7 +6255,7 @@ msgstr "IP address of route to match, based on prefix-list."
msgid "IP address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
msgstr "IP address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
-#: ../../configuration/service/dhcp-server.rst:379
+#: ../../configuration/service/dhcp-server.rst:346
msgid "IP address to exclude from DHCP lease range"
msgstr "IP address to exclude from DHCP lease range"
@@ -6884,19 +6331,23 @@ msgstr "IPsec"
msgid "IPsec policy matching GRE"
msgstr "IPsec policy matching GRE"
-#: ../../configuration/service/pppoe-server.rst:359
+#: ../../configuration/service/pppoe-server.rst:346
msgid "IPv4"
msgstr "IPv4"
-#: ../../configuration/interfaces/vxlan.rst:85
+#: ../../configuration/interfaces/vxlan.rst:106
msgid "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly."
msgstr "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly."
-#: ../../configuration/service/dhcp-server.rst:324
+#: ../../configuration/firewall/ipv4.rst:7
+msgid "IPv4 Firewall Configuration"
+msgstr "IPv4 Firewall Configuration"
+
+#: ../../configuration/service/dhcp-server.rst:291
msgid "IPv4 address of next bootstrap server"
msgstr "IPv4 address of next bootstrap server"
-#: ../../configuration/service/dhcp-server.rst:284
+#: ../../configuration/service/dhcp-server.rst:251
msgid "IPv4 address of router on the client's subnet"
msgstr "IPv4 address of router on the client's subnet"
@@ -6904,7 +6355,7 @@ msgstr "IPv4 address of router on the client's subnet"
msgid "IPv4 or IPv6 source address of NetFlow packets"
msgstr "IPv4 or IPv6 source address of NetFlow packets"
-#: ../../configuration/protocols/bgp.rst:1098
+#: ../../configuration/protocols/bgp.rst:1099
msgid "IPv4 peering"
msgstr "IPv4 peering"
@@ -6925,7 +6376,7 @@ msgid "IPv4 server"
msgstr "IPv4 server"
#: ../../configuration/interfaces/pppoe.rst:244
-#: ../../configuration/service/pppoe-server.rst:280
+#: ../../configuration/service/pppoe-server.rst:267
#: ../../configuration/system/ipv6.rst:3
msgid "IPv6"
msgstr "IPv6"
@@ -6942,11 +6393,15 @@ msgstr "IPv6 DHCPv6-PD Example"
msgid "IPv6 DNS addresses are optional."
msgstr "IPv6 DNS addresses are optional."
+#: ../../configuration/firewall/ipv6.rst:7
+msgid "IPv6 Firewall Configuration"
+msgstr "IPv6 Firewall Configuration"
+
#: ../../configuration/protocols/pim6.rst:5
msgid "IPv6 Multicast"
msgstr "IPv6 Multicast"
-#: ../../configuration/service/pppoe-server.rst:295
+#: ../../configuration/service/pppoe-server.rst:282
msgid "IPv6 Prefix Delegation"
msgstr "IPv6 Prefix Delegation"
@@ -6962,7 +6417,7 @@ msgstr "IPv6 SLAAC and IA-PD"
msgid "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers"
msgstr "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers"
-#: ../../configuration/service/dhcp-server.rst:696
+#: ../../configuration/service/dhcp-server.rst:628
msgid "IPv6 address ``2001:db8::101`` shall be statically mapped"
msgstr "IPv6 address ``2001:db8::101`` shall be statically mapped"
@@ -6978,11 +6433,11 @@ msgstr "IPv6 address of route to match, based on IPv6 prefix-list."
msgid "IPv6 address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
msgstr "IPv6 address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
-#: ../../configuration/service/pppoe-server.rst:283
+#: ../../configuration/service/pppoe-server.rst:270
msgid "IPv6 client's prefix assignment"
msgstr "IPv6 client's prefix assignment"
-#: ../../configuration/protocols/bgp.rst:1143
+#: ../../configuration/protocols/bgp.rst:1144
msgid "IPv6 peering"
msgstr "IPv6 peering"
@@ -6990,7 +6445,7 @@ msgstr "IPv6 peering"
msgid "IPv6 prefix."
msgstr "IPv6 prefix."
-#: ../../configuration/service/dhcp-server.rst:697
+#: ../../configuration/service/dhcp-server.rst:629
msgid "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped"
msgstr "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped"
@@ -7002,7 +6457,7 @@ msgstr "IPv6 relay"
msgid "IPv6 route source: bgp, connected, eigrp, isis, kernel, nhrp, ospfv3, ripng, static."
msgstr "IPv6 route source: bgp, connected, eigrp, isis, kernel, nhrp, ospfv3, ripng, static."
-#: ../../configuration/service/dhcp-server.rst:578
+#: ../../configuration/service/dhcp-server.rst:502
msgid "IPv6 server"
msgstr "IPv6 server"
@@ -7022,11 +6477,11 @@ msgstr "IS-IS Global Configuration"
msgid "IS-IS SR Configuration"
msgstr "IS-IS SR Configuration"
-#: ../../configuration/service/dhcp-server.rst:266
+#: ../../configuration/service/dhcp-server.rst:233
msgid "ISC-DHCP Option name"
msgstr "ISC-DHCP Option name"
-#: ../../configuration/vpn/openconnect.rst:226
+#: ../../configuration/vpn/openconnect.rst:233
msgid "Identity Based Configuration"
msgstr "Identity Based Configuration"
@@ -7042,11 +6497,18 @@ msgstr "If ARP monitoring is used in an etherchannel compatible mode (modes roun
msgid "If CA is present, this certificate will be included in generated CRLs"
msgstr "If CA is present, this certificate will be included in generated CRLs"
-#: ../../_include/interface-per-client-thread.txt:8
#: ../../_include/interface-per-client-thread.txt:8
msgid "If CLI option is not specified, this feature is disabled."
msgstr "If CLI option is not specified, this feature is disabled."
+#: ../../configuration/protocols/pim.rst:35
+msgid "If PIM has the a choice of ECMP nexthops for a particular :abbr:`RPF (Reverse Path Forwarding)`, PIM will cause S,G flows to be spread out amongst the nexthops. If this command is not specified then the first nexthop found will be used."
+msgstr "If PIM has the a choice of ECMP nexthops for a particular :abbr:`RPF (Reverse Path Forwarding)`, PIM will cause S,G flows to be spread out amongst the nexthops. If this command is not specified then the first nexthop found will be used."
+
+#: ../../configuration/protocols/pim.rst:42
+msgid "If PIM is using ECMP and an interface goes down, cause PIM to rebalance all S,G flows across the remaining nexthops. If this command is not configured PIM only modifies those S,G flows that were using the interface that went down."
+msgstr "If PIM is using ECMP and an interface goes down, cause PIM to rebalance all S,G flows across the remaining nexthops. If this command is not configured PIM only modifies those S,G flows that were using the interface that went down."
+
#: ../../configuration/protocols/bgp.rst:225
msgid "If :cfgcmd:`strict` is set the BGP session won’t become established until the BGP neighbor sets local Role on its side. This configuration parameter is defined in RFC :rfc:`9234` and is used to enforce the corresponding configuration at your counter-parts side."
msgstr "If :cfgcmd:`strict` is set the BGP session won’t become established until the BGP neighbor sets local Role on its side. This configuration parameter is defined in RFC :rfc:`9234` and is used to enforce the corresponding configuration at your counter-parts side."
@@ -7072,7 +6534,9 @@ msgstr "If a response is heard, the lease is abandoned, and the server does not
msgid "If a route has an ORIGINATOR_ID attribute because it has been reflected, that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer the route was received from will be used."
msgstr "If a route has an ORIGINATOR_ID attribute because it has been reflected, that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer the route was received from will be used."
-#: ../../configuration/firewall/general.rst:329
+#: ../../configuration/firewall/bridge.rst:67
+#: ../../configuration/firewall/ipv4.rst:83
+#: ../../configuration/firewall/ipv6.rst:83
msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match."
msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match."
@@ -7088,71 +6552,18 @@ msgstr "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918
msgid "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead."
msgstr "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead."
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
+#: ../../configuration/protocols/pim.rst:106
+msgid "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+msgstr "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+
#: ../../_include/interface-ip.txt:72
msgid "If configured, incoming IP directed broadcast packets on this interface will be forwarded."
msgstr "If configured, incoming IP directed broadcast packets on this interface will be forwarded."
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
#: ../../_include/interface-ip.txt:124
msgid "If configured, reply only if the target IP address is local address configured on the incoming interface."
msgstr "If configured, reply only if the target IP address is local address configured on the incoming interface."
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
#: ../../_include/interface-ip.txt:106
msgid "If configured, try to avoid local addresses that are not in the target's subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2."
msgstr "If configured, try to avoid local addresses that are not in the target's subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2."
@@ -7161,7 +6572,7 @@ msgstr "If configured, try to avoid local addresses that are not in the target's
msgid "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor."
msgstr "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor."
-#: ../../configuration/nat/nat44.rst:542
+#: ../../configuration/nat/nat44.rst:564
msgid "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`."
msgstr "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`."
@@ -7169,7 +6580,15 @@ msgstr "If forwarding traffic to a different port than it is arriving on, you ma
msgid "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority."
msgstr "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority."
-#: ../../configuration/protocols/igmp.rst:221
+#: ../../configuration/firewall/index.rst:82
+msgid "If interface were the packet was received is part of a bridge, then packet is processed at the **Bridge Layer**, which contains a ver basic setup where for bridge filtering:"
+msgstr "If interface were the packet was received is part of a bridge, then packet is processed at the **Bridge Layer**, which contains a ver basic setup where for bridge filtering:"
+
+#: ../../configuration/firewall/index.rst:25
+msgid "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:"
+msgstr "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:"
+
+#: ../../configuration/protocols/igmp-proxy.rst:49
msgid "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled."
msgstr "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled."
@@ -7193,7 +6612,7 @@ msgstr "If multi-pathing is enabled, then check whether the routes not yet disti
msgid "If no connection to an RPKI cache server can be established after a pre-defined timeout, the router will process routes without prefix origin validation. It still will try to establish a connection to an RPKI cache server in the background."
msgstr "If no connection to an RPKI cache server can be established after a pre-defined timeout, the router will process routes without prefix origin validation. It still will try to establish a connection to an RPKI cache server in the background."
-#: ../../configuration/nat/nat44.rst:205
+#: ../../configuration/nat/nat44.rst:217
msgid "If no destination is specified the rule will match on any destination address and port."
msgstr "If no destination is specified the rule will match on any destination address and port."
@@ -7205,52 +6624,18 @@ msgstr "If no ip prefix list is specified, it acts as permit. If ip prefix list
msgid "If no option is specified, this defaults to `all`."
msgstr "If no option is specified, this defaults to `all`."
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
#: ../../_include/interface-ip.txt:42
msgid "If not set (default) allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work)."
msgstr "If not set (default) allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work)."
+#: ../../configuration/protocols/pim.rst:142
+msgid "If optional profile parameter is used, select a BFD profile for the BFD sessions created via this interface."
+msgstr "If optional profile parameter is used, select a BFD profile for the BFD sessions created via this interface."
+
#: ../../configuration/system/ip.rst:17
msgid "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not."
msgstr "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not."
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
#: ../../_include/interface-ip.txt:36
msgid "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems."
msgstr "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems."
@@ -7259,25 +6644,6 @@ msgstr "If set the kernel can respond to arp requests with addresses from other
msgid "If suffix is omitted, minutes are implied."
msgstr "If suffix is omitted, minutes are implied."
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
#: ../../_include/interface-ip.txt:91
msgid "If the ARP table already contains the IP address of the gratuitous arp frame, the arp table will be updated regardless if this setting is on or off."
msgstr "If the ARP table already contains the IP address of the gratuitous arp frame, the arp table will be updated regardless if this setting is on or off."
@@ -7318,6 +6684,14 @@ msgstr "If the average queue size is lower than the **min-threshold**, an arrivi
msgid "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one."
msgstr "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one."
+#: ../../configuration/firewall/index.rst:83
+msgid "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:"
+msgstr "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:"
+
+#: ../../configuration/firewall/index.rst:26
+msgid "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:"
+msgstr "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:"
+
#: ../../configuration/interfaces/bonding.rst:187
#: ../../configuration/interfaces/bonding.rst:216
msgid "If the protocol is IPv6 then the source and destination addresses are first hashed using ipv6_addr_hash."
@@ -7339,7 +6713,7 @@ msgstr "If the table is empty and you have a warning message, it means conntrack
msgid "If there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time."
msgstr "If there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time."
-#: ../../configuration/vpn/site2site_ipsec.rst:237
+#: ../../configuration/vpn/site2site_ipsec.rst:241
msgid "If there is SNAT rules on eth1, need to add exclude rule"
msgstr "If there is SNAT rules on eth1, need to add exclude rule"
@@ -7348,7 +6722,7 @@ msgstr "If there is SNAT rules on eth1, need to add exclude rule"
msgid "If this command is invoked from configure mode with the ``run`` prefix the key is automatically installed to the appropriate interface:"
msgstr "If this command is invoked from configure mode with the ``run`` prefix the key is automatically installed to the appropriate interface:"
-#: ../../configuration/service/dhcp-relay.rst:166
+#: ../../configuration/service/dhcp-relay.rst:168
msgid "If this is set the relay agent will insert the interface ID. This option is set automatically if more than one listening interfaces are in use."
msgstr "If this is set the relay agent will insert the interface ID. This option is set automatically if more than one listening interfaces are in use."
@@ -7356,52 +6730,14 @@ msgstr "If this is set the relay agent will insert the interface ID. This option
msgid "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped."
msgstr "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped."
-#: ../../configuration/vpn/sstp.rst:172
+#: ../../configuration/vpn/sstp.rst:183
msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `` seconds."
msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `` seconds."
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
#: ../../_include/interface-ip.txt:75
msgid "If this option is unset (default), incoming IP directed broadcast packets will not be forwarded."
msgstr "If this option is unset (default), incoming IP directed broadcast packets will not be forwarded."
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
#: ../../_include/interface-ip.txt:127
msgid "If this option is unset (default), reply for any local target IP address, configured on any interface."
msgstr "If this option is unset (default), reply for any local target IP address, configured on any interface."
@@ -7422,7 +6758,7 @@ msgstr "If unset, incoming connections to the RADIUS server will use the nearest
msgid "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken."
msgstr "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken."
-#: ../../configuration/nat/nat44.rst:788
+#: ../../configuration/nat/nat44.rst:810
msgid "If you've completed all the above steps you no doubt want to see if it's all working."
msgstr "If you've completed all the above steps you no doubt want to see if it's all working."
@@ -7473,6 +6809,10 @@ msgstr "If you configure a class for **VoIP traffic**, don't give it any *ceilin
msgid "If you enable this, you will probably want to set diversity-factor and channel below."
msgstr "If you enable this, you will probably want to set diversity-factor and channel below."
+#: ../../configuration/protocols/pim.rst:54
+msgid "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale."
+msgstr "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale."
+
#: ../../configuration/interfaces/bonding.rst:312
msgid "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack."
msgstr "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack."
@@ -7493,6 +6833,10 @@ msgstr "If you have a lot of interfaces, and/or a lot of subnets, then enabling
msgid "If you have configured the `INSIDE-OUT` policy, you will need to add additional rules to permit inbound NAT traffic."
msgstr "If you have configured the `INSIDE-OUT` policy, you will need to add additional rules to permit inbound NAT traffic."
+#: ../../configuration/protocols/pim.rst:171
+msgid "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface."
+msgstr "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface."
+
#: ../../configuration/system/flow-accounting.rst:65
msgid "If you need to sample also egress traffic, you may want to configure egress flow-accounting:"
msgstr "If you need to sample also egress traffic, you may want to configure egress flow-accounting:"
@@ -7541,7 +6885,7 @@ msgstr "Ignore VRRP main interface faults"
msgid "Image thankfully borrowed from https://en.wikipedia.org/wiki/File:SNMP_communication_principles_diagram.PNG which is under the GNU Free Documentation License"
msgstr "Image thankfully borrowed from https://en.wikipedia.org/wiki/File:SNMP_communication_principles_diagram.PNG which is under the GNU Free Documentation License"
-#: ../../configuration/vpn/site2site_ipsec.rst:275
+#: ../../configuration/vpn/site2site_ipsec.rst:279
msgid "Imagine the following topology"
msgstr "Imagine the following topology"
@@ -7573,36 +6917,15 @@ msgstr "In VyOS, IKE attributes are specified through IKE groups. Multiple propo
msgid "In VyOS, a class is identified by a number you can choose when configuring it."
msgstr "In VyOS, a class is identified by a number you can choose when configuring it."
-#: ../../_include/interface-vlan-8021ad.txt:22
-#: ../../_include/interface-vlan-8021ad.txt:22
#: ../../_include/interface-vlan-8021ad.txt:22
msgid "In VyOS the terms ``vif-s`` and ``vif-c`` stand for the ethertype tags that are used."
msgstr "In VyOS the terms ``vif-s`` and ``vif-c`` stand for the ethertype tags that are used."
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
#: ../../_include/interface-ip.txt:166
msgid "In :rfc:`3069` it is called VLAN Aggregation"
msgstr "In :rfc:`3069` it is called VLAN Aggregation"
-#: ../../configuration/firewall/zone.rst:41
+#: ../../configuration/firewall/zone.rst:60
msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone `` to ``firewall zone ``."
msgstr "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone `` to ``firewall zone ``."
@@ -7610,8 +6933,6 @@ msgstr "In :vytask:`T2199` the syntax of the zone configuration was changed. The
msgid "In a minimal configuration, the following must be provided:"
msgstr "In a minimal configuration, the following must be provided:"
-#: ../../_include/interface-vlan-8021ad.txt:16
-#: ../../_include/interface-vlan-8021ad.txt:16
#: ../../_include/interface-vlan-8021ad.txt:16
msgid "In a multiple VLAN header context, out of convenience the term \"VLAN tag\" or just \"tag\" for short is often used in place of \"802.1q_ VLAN header\". QinQ allows multiple VLAN tags in an Ethernet frame; together these tags constitute a tag stack. When used in the context of an Ethernet frame, a QinQ frame is a frame that has 2 VLAN 802.1q_ headers (double-tagged)."
msgstr "In a multiple VLAN header context, out of convenience the term \"VLAN tag\" or just \"tag\" for short is often used in place of \"802.1q_ VLAN header\". QinQ allows multiple VLAN tags in an Ethernet frame; together these tags constitute a tag stack. When used in the context of an Ethernet frame, a QinQ frame is a frame that has 2 VLAN 802.1q_ headers (double-tagged)."
@@ -7632,15 +6953,9 @@ msgstr "In addition to :abbr:`RADIUS (Remote Authentication Dial-In User Service
msgid "In addition to displaying flow accounting information locally, one can also exported them to a collection server."
msgstr "In addition to displaying flow accounting information locally, one can also exported them to a collection server."
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
#: ../../configuration/pki/index.rst:144
#: ../../configuration/pki/index.rst:159
+#: ../../configuration/pki/pki_cli_import_help.txt:1
msgid "In addition to the command above, the output is in a format which can be used to directly import the key into the VyOS CLI by simply copy-pasting the output from op-mode into configuration mode."
msgstr "In addition to the command above, the output is in a format which can be used to directly import the key into the VyOS CLI by simply copy-pasting the output from op-mode into configuration mode."
@@ -7656,8 +6971,7 @@ msgstr "In addition you will specifiy the IP address or FQDN for the client wher
msgid "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address."
msgstr "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address."
-#: ../../configuration/firewall/general.rst:194
-#: ../../configuration/firewall/general-legacy.rst:170
+#: ../../configuration/firewall/groups.rst:21
msgid "In an **address group** a single IP address or IP address ranges are defined."
msgstr "In an **address group** a single IP address or IP address ranges are defined."
@@ -7681,6 +6995,10 @@ msgstr "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random
msgid "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:"
msgstr "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:"
+#: ../../configuration/firewall/bridge.rst:70
+msgid "In firewall bridge rules, the action can be:"
+msgstr "In firewall bridge rules, the action can be:"
+
#: ../../configuration/protocols/ospf.rst:339
msgid "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized."
msgstr "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized."
@@ -7693,7 +7011,7 @@ msgstr "In large deployments it is not reasonable to configure each user individ
msgid "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting."
msgstr "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting."
-#: ../../configuration/service/dhcp-server.rst:196
+#: ../../configuration/service/dhcp-server.rst:161
msgid "In order for the primary and the secondary DHCP server to keep their lease tables in sync, they must be able to reach each other on TCP port 647. If you have firewall rules in effect, adjust them accordingly."
msgstr "In order for the primary and the secondary DHCP server to keep their lease tables in sync, they must be able to reach each other on TCP port 647. If you have firewall rules in effect, adjust them accordingly."
@@ -7721,41 +7039,34 @@ msgstr "In order to have VyOS Traffic Control working you need to follow 2 steps
msgid "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way."
msgstr "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way."
-#: ../../configuration/service/dhcp-server.rst:691
+#: ../../configuration/service/dhcp-server.rst:623
msgid "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process."
msgstr "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process."
+#: ../../configuration/interfaces/vxlan.rst:82
+msgid "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host."
+msgstr "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host."
+
#: ../../configuration/trafficpolicy/index.rst:402
msgid "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds."
msgstr "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds."
+#: ../../configuration/protocols/pim.rst:87
+msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands."
+msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands."
+
#: ../../configuration/interfaces/ethernet.rst:95
msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option."
msgstr "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option."
-#: ../../configuration/nat/nat44.rst:382
+#: ../../configuration/firewall/flowtables.rst:59
+msgid "In order to use flowtables, the minimal configuration needed includes:"
+msgstr "In order to use flowtables, the minimal configuration needed includes:"
+
+#: ../../configuration/nat/nat44.rst:396
msgid "In other words, connection tracking has already observed the connection be closed and has transition the flow to INVALID to prevent attacks from attempting to reuse the connection."
msgstr "In other words, connection tracking has already observed the connection be closed and has transition the flow to INVALID to prevent attacks from attempting to reuse the connection."
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
#: ../../_include/interface-ip.txt:47
msgid "In other words it allows control of which cards (usually 1) will respond to an arp request."
msgstr "In other words it allows control of which cards (usually 1) will respond to an arp request."
@@ -7764,7 +7075,7 @@ msgstr "In other words it allows control of which cards (usually 1) will respond
msgid "In our example, we used the key name ``openvpn-1`` which we will reference in our configuration."
msgstr "In our example, we used the key name ``openvpn-1`` which we will reference in our configuration."
-#: ../../configuration/nat/nat44.rst:507
+#: ../../configuration/nat/nat44.rst:527
msgid "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers"
msgstr "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers"
@@ -7812,15 +7123,15 @@ msgstr "In the case you want to apply some kind of **shaping** to your **inbound
msgid "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it."
msgstr "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it."
-#: ../../configuration/service/pppoe-server.rst:272
+#: ../../configuration/service/pppoe-server.rst:259
msgid "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients."
msgstr "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients."
-#: ../../configuration/nat/nat44.rst:321
+#: ../../configuration/nat/nat44.rst:333
msgid "In the example used for the Quick Start configuration above, we demonstrate the following configuration:"
msgstr "In the example used for the Quick Start configuration above, we demonstrate the following configuration:"
-#: ../../configuration/system/login.rst:397
+#: ../../configuration/system/login.rst:399
msgid "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password."
msgstr "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password."
@@ -7832,7 +7143,7 @@ msgstr "In the following example, the IPs for the remote clients are defined in
msgid "In the following example, when VLAN9 transitions, VLAN20 will also transition:"
msgstr "In the following example, when VLAN9 transitions, VLAN20 will also transition:"
-#: ../../configuration/protocols/igmp.rst:37
+#: ../../configuration/protocols/pim.rst:219
msgid "In the following example we can see a basic multicast setup:"
msgstr "In the following example we can see a basic multicast setup:"
@@ -7856,11 +7167,11 @@ msgstr "In this command tree, all hardware acceleration options will be handled.
msgid "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:"
msgstr "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:"
-#: ../../configuration/nat/nat44.rst:344
+#: ../../configuration/nat/nat44.rst:358
msgid "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be."
msgstr "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be."
-#: ../../configuration/nat/nat44.rst:498
+#: ../../configuration/nat/nat44.rst:518
msgid "In this example, we will be using the example Quick Start configuration above as a starting point."
msgstr "In this example, we will be using the example Quick Start configuration above as a starting point."
@@ -7880,10 +7191,38 @@ msgstr "In this example we will use the most complicated case: a setup where eac
msgid "In this method, the DSL Modem/Router connects to the ISP for you with your credentials preprogrammed into the device. This gives you an :rfc:`1918` address, such as ``192.168.1.0/24`` by default."
msgstr "In this method, the DSL Modem/Router connects to the ISP for you with your credentials preprogrammed into the device. This gives you an :rfc:`1918` address, such as ``192.168.1.0/24`` by default."
-#: ../../configuration/service/dns.rst:152
+#: ../../configuration/service/dns.rst:165
msgid "In this scenario:"
msgstr "In this scenario:"
+#: ../../configuration/firewall/ipv4.rst:13
+msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/ipv6.rst:13
+msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/bridge.rst:15
+msgid "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/flowtables.rst:15
+msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables"
+
+#: ../../configuration/firewall/flowtables.rst:15
+msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables."
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables."
+
+#: ../../configuration/firewall/zone.rst:25
+msgid "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/bridge.rst:289
+msgid "In this section you can find all useful firewall op-mode commands."
+msgstr "In this section you can find all useful firewall op-mode commands."
+
#: ../../configuration/service/webproxy.rst:95
msgid "In transparent proxy mode, all traffic arriving on port 80 and destined for the Internet is automatically forwarded through the proxy. This allows immediate proxy forwarding without configuring client browsers."
msgstr "In transparent proxy mode, all traffic arriving on port 80 and destined for the Internet is automatically forwarded through the proxy. This allows immediate proxy forwarding without configuring client browsers."
@@ -7896,7 +7235,7 @@ msgstr "In typical uses of SNMP, one or more administrative computers called man
msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
-#: ../../configuration/firewall/zone.rst:24
+#: ../../configuration/firewall/zone.rst:43
msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
@@ -7916,11 +7255,11 @@ msgstr "Increase Maximum MPDU length to 7991 or 11454 octets (default 3895 octet
msgid "Indication"
msgstr "Indication"
-#: ../../configuration/service/dhcp-server.rst:84
+#: ../../configuration/service/dhcp-server.rst:64
msgid "Individual Client Subnet"
msgstr "Individual Client Subnet"
-#: ../../configuration/service/dhcp-server.rst:54
+#: ../../configuration/service/dhcp-server.rst:49
msgid "Inform client that the DNS server can be found at ``."
msgstr "Inform client that the DNS server can be found at ``."
@@ -7940,53 +7279,19 @@ msgstr "Informational messages"
msgid "Input from `eth0` network interface"
msgstr "Input from `eth0` network interface"
+#: ../../configuration/firewall/bridge.rst:390
+msgid "Inspect logs:"
+msgstr "Inspect logs:"
+
#: ../../configuration/vpn/pptp.rst:32
msgid "Install the client software via apt and execute pptpsetup to generate the configuration."
msgstr "Install the client software via apt and execute pptpsetup to generate the configuration."
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
#: ../../configuration/interfaces/pppoe.rst:218
#: ../../configuration/interfaces/pppoe.rst:264
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
#: ../../configuration/interfaces/sstp-client.rst:90
#: ../../_include/interface-ip.txt:15
#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
msgid "Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to automatically set the proper value."
msgstr "Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to automatically set the proper value."
@@ -7994,21 +7299,6 @@ msgstr "Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to auto
msgid "Instead of password only authentication, 2FA password authentication + OTP key can be used. Alternatively, OTP authentication only, without a password, can be used. To do this, an OTP configuration must be added to the configuration above:"
msgstr "Instead of password only authentication, 2FA password authentication + OTP key can be used. Alternatively, OTP authentication only, without a password, can be used. To do this, an OTP configuration must be added to the configuration above:"
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
#: ../../_include/interface-dhcp-options.txt:19
msgid "Instead of sending the real system hostname to the DHCP server, overwrite the host-name with this given-value."
msgstr "Instead of sending the real system hostname to the DHCP server, overwrite the host-name with this given-value."
@@ -8035,7 +7325,7 @@ msgstr "Interconnect the global VRF with vrf \"red\" using the veth10 <-> veth 1
msgid "Interface Configuration"
msgstr "Interface Configuration"
-#: ../../configuration/firewall/general.rst:239
+#: ../../configuration/firewall/groups.rst:66
msgid "Interface Groups"
msgstr "Interface Groups"
@@ -8043,7 +7333,7 @@ msgstr "Interface Groups"
msgid "Interface Routes"
msgstr "Interface Routes"
-#: ../../configuration/protocols/igmp.rst:235
+#: ../../configuration/protocols/igmp-proxy.rst:63
msgid "Interface `eth1` LAN is behind NAT. In order to subscribe `10.0.0.0/23` subnet multicast which is in `eth0` WAN we need to configure igmp-proxy."
msgstr "Interface `eth1` LAN is behind NAT. In order to subscribe `10.0.0.0/23` subnet multicast which is in `eth0` WAN we need to configure igmp-proxy."
@@ -8059,11 +7349,16 @@ msgstr "Interface for DHCP Relay Agent to forward requests out."
msgid "Interface for DHCP Relay Agent to listen for requests."
msgstr "Interface for DHCP Relay Agent to listen for requests."
+#: ../../configuration/protocols/pim.rst:133
+#: ../../configuration/protocols/pim.rst:186
+msgid "Interface specific commands"
+msgstr "Interface specific commands"
+
#: ../../configuration/service/conntrack-sync.rst:71
msgid "Interface to use for syncing conntrack entries."
msgstr "Interface to use for syncing conntrack entries."
-#: ../../configuration/interfaces/vxlan.rst:93
+#: ../../configuration/interfaces/vxlan.rst:114
msgid "Interface used for VXLAN underlay. This is mandatory when using VXLAN via a multicast network. VXLAN traffic will always enter and exit this interface."
msgstr "Interface used for VXLAN underlay. This is mandatory when using VXLAN via a multicast network. VXLAN traffic will always enter and exit this interface."
@@ -8133,6 +7428,10 @@ msgstr "It's not likely that anyone will need it any time soon, but it does exis
msgid "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode"
msgstr "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode"
+#: ../../configuration/firewall/flowtables.rst:167
+msgid "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded"
+msgstr "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded"
+
#: ../../configuration/system/option.rst:111
msgid "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3."
msgstr "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3."
@@ -8150,7 +7449,7 @@ msgstr "It generates the keypair, which includes the public and private parts. T
msgid "It helps to support as HELPER only for planned restarts."
msgstr "It helps to support as HELPER only for planned restarts."
-#: ../../configuration/firewall/zone.rst:87
+#: ../../configuration/firewall/zone.rst:106
msgid "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*"
msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*"
@@ -8158,7 +7457,7 @@ msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should b
msgid "It is compatible with Cisco (R) AnyConnect (R) clients."
msgstr "It is compatible with Cisco (R) AnyConnect (R) clients."
-#: ../../configuration/service/dhcp-server.rst:660
+#: ../../configuration/service/dhcp-server.rst:590
msgid "It is connected to ``eth1``"
msgstr "It is connected to ``eth1``"
@@ -8170,11 +7469,15 @@ msgstr "It is highly recommended to use SSH key authentication. By default there
msgid "It is highly recommended to use the same address for both the LDP router-id and the discovery transport address, but for VyOS MPLS LDP to work both parameters must be explicitly set in the configuration."
msgstr "It is highly recommended to use the same address for both the LDP router-id and the discovery transport address, but for VyOS MPLS LDP to work both parameters must be explicitly set in the configuration."
+#: ../../configuration/nat/nat44.rst:574
+msgid "It is important to note that when creating firewall rules, the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
+msgstr "It is important to note that when creating firewall rules, the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
+
#: ../../configuration/nat/nat44.rst:549
msgid "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
msgstr "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
-#: ../../configuration/vrf/index.rst:503
+#: ../../configuration/vrf/index.rst:505
msgid "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place."
msgstr "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place."
@@ -8190,7 +7493,7 @@ msgstr "It is not valid to use the `vif 1` option for VLAN aware bridges because
msgid "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user."
msgstr "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user."
-#: ../../configuration/vrf/index.rst:494
+#: ../../configuration/vrf/index.rst:496
msgid "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected."
msgstr "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected."
@@ -8210,22 +7513,6 @@ msgstr "It uses a single TCP or UDP connection and does not rely on packet sourc
msgid "It uses a stochastic model to classify incoming packets into different flows and is used to provide a fair share of the bandwidth to all the flows using the queue. Each flow is managed by the CoDel queuing discipline. Reordering within a flow is avoided since Codel internally uses a FIFO queue."
msgstr "It uses a stochastic model to classify incoming packets into different flows and is used to provide a fair share of the bandwidth to all the flows using the queue. Each flow is managed by the CoDel queuing discipline. Reordering within a flow is avoided since Codel internally uses a FIFO queue."
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
msgid "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface."
msgstr "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface."
@@ -8258,11 +7545,11 @@ msgstr "Key Generation"
msgid "Key Management"
msgstr "Key Management"
-#: ../../configuration/vpn/site2site_ipsec.rst:374
+#: ../../configuration/vpn/site2site_ipsec.rst:383
msgid "Key Parameters:"
msgstr "Key Parameters:"
-#: ../../configuration/firewall/zone.rst:31
+#: ../../configuration/firewall/zone.rst:50
msgid "Key Points:"
msgstr "Key Points:"
@@ -8319,7 +7606,7 @@ msgstr "L2TPv3 is described in :rfc:`3931`."
msgid "L2TPv3 options"
msgstr "L2TPv3 options"
-#: ../../configuration/vrf/index.rst:397
+#: ../../configuration/vrf/index.rst:399
msgid "L3VPN VRFs"
msgstr "L3VPN VRFs"
@@ -8360,19 +7647,19 @@ msgstr "Label Distribution Protocol"
msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements."
msgstr "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements."
-#: ../../configuration/service/dhcp-server.rst:663
+#: ../../configuration/service/dhcp-server.rst:593
msgid "Lease time will be left at the default value which is 24 hours"
msgstr "Lease time will be left at the default value which is 24 hours"
-#: ../../configuration/service/dhcp-server.rst:369
+#: ../../configuration/service/dhcp-server.rst:336
msgid "Lease timeout in seconds (default: 86400)"
msgstr "Lease timeout in seconds (default: 86400)"
-#: ../../configuration/firewall/index.rst:47
+#: ../../configuration/firewall/index.rst:167
msgid "Legacy Firewall"
msgstr "Legacy Firewall"
-#: ../../configuration/interfaces/vxlan.rst:112
+#: ../../configuration/interfaces/vxlan.rst:133
msgid "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP."
msgstr "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP."
@@ -8404,7 +7691,7 @@ msgstr "Level 4 balancing"
msgid "Lifetime associated with the default router in units of seconds"
msgstr "Lifetime associated with the default router in units of seconds"
-#: ../../configuration/service/https.rst:72
+#: ../../configuration/service/https.rst:63
msgid "Lifetime in days; default is 365"
msgstr "Lifetime in days; default is 365"
@@ -8436,7 +7723,7 @@ msgstr "Limiter"
msgid "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)."
msgstr "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)."
-#: ../../configuration/system/login.rst:379
+#: ../../configuration/system/login.rst:381
msgid "Limits"
msgstr "Limits"
@@ -8452,7 +7739,7 @@ msgstr "Link MTU value placed in RAs, exluded in RAs if unset"
msgid "Link aggregation"
msgstr "Link aggregation"
-#: ../../configuration/nat/nat44.rst:372
+#: ../../configuration/nat/nat44.rst:386
msgid "Linux netfilter will not NAT traffic marked as INVALID. This often confuses people into thinking that Linux (or specifically VyOS) has a broken NAT implementation because non-NATed traffic is seen leaving an external interface. This is actually working as intended, and a packet capture of the \"leaky\" traffic should reveal that the traffic is either an additional TCP \"RST\", \"FIN,ACK\", or \"RST,ACK\" sent by client systems after Linux netfilter considers the connection closed. The most common is the additional TCP RST some host implementations send after terminating a connection (which is implementation-specific)."
msgstr "Linux netfilter will not NAT traffic marked as INVALID. This often confuses people into thinking that Linux (or specifically VyOS) has a broken NAT implementation because non-NATed traffic is seen leaving an external interface. This is actually working as intended, and a packet capture of the \"leaky\" traffic should reveal that the traffic is either an additional TCP \"RST\", \"FIN,ACK\", or \"RST,ACK\" sent by client systems after Linux netfilter considers the connection closed. The most common is the additional TCP RST some host implementations send after terminating a connection (which is implementation-specific)."
@@ -8480,7 +7767,7 @@ msgstr "List of supported algorithms: ``diffie-hellman-group1-sha1``, ``diffie-h
msgid "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``"
msgstr "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``"
-#: ../../configuration/policy/route-map.rst:360
+#: ../../configuration/policy/route-map.rst:362
msgid "List of well-known communities"
msgstr "List of well-known communities"
@@ -8504,15 +7791,15 @@ msgstr "Load-balancing algorithms to be used for distributind requests among the
msgid "Load-balancing schedule algorithm:"
msgstr "Load-balancing schedule algorithm:"
-#: ../../configuration/nat/nat44.rst:632
+#: ../../configuration/nat/nat44.rst:656
msgid "Load Balance"
msgstr "Load Balance"
-#: ../../configuration/service/pppoe-server.rst:256
+#: ../../configuration/service/pppoe-server.rst:243
msgid "Load Balancing"
msgstr "Load Balancing"
-#: ../../configuration/system/login.rst:420
+#: ../../configuration/system/login.rst:422
msgid "Load the container image in op-mode."
msgstr "Load the container image in op-mode."
@@ -8529,7 +7816,7 @@ msgstr "Local Configuration:"
msgid "Local Configuration - Annotated:"
msgstr "Local Configuration - Annotated:"
-#: ../../configuration/service/dhcp-server.rst:178
+#: ../../configuration/service/dhcp-server.rst:143
msgid "Local IP `` used when communicating to the failover peer."
msgstr "Local IP `` used when communicating to the failover peer."
@@ -8609,7 +7896,7 @@ msgstr "Log syslog messages to file specified via ``, for an explanati
msgid "Log syslog messages to remote host specified by ``. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below."
msgstr "Log syslog messages to remote host specified by ``. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below."
-#: ../../configuration/system/conntrack.rst:187
+#: ../../configuration/system/conntrack.rst:224
msgid "Log the connection tracking events per protocol."
msgstr "Log the connection tracking events per protocol."
@@ -8617,7 +7904,9 @@ msgstr "Log the connection tracking events per protocol."
msgid "Logging"
msgstr "Logging"
-#: ../../configuration/firewall/general.rst:412
+#: ../../configuration/firewall/bridge.rst:151
+#: ../../configuration/firewall/ipv4.rst:198
+#: ../../configuration/firewall/ipv6.rst:198
msgid "Logging can be enable for every single firewall rule. If enabled, other log options can be defined."
msgstr "Logging can be enable for every single firewall rule. If enabled, other log options can be defined."
@@ -8629,14 +7918,18 @@ msgstr "Logging to a remote host leaves the local logging configuration intact,
msgid "Login/User Management"
msgstr "Login/User Management"
-#: ../../configuration/system/login.rst:361
+#: ../../configuration/system/login.rst:363
msgid "Login Banner"
msgstr "Login Banner"
-#: ../../configuration/system/login.rst:381
+#: ../../configuration/system/login.rst:383
msgid "Login limits"
msgstr "Login limits"
+#: ../../configuration/protocols/isis.rst:306
+msgid "Loop Free Alternate (LFA)"
+msgstr "Loop Free Alternate (LFA)"
+
#: ../../configuration/interfaces/loopback.rst:7
msgid "Loopback"
msgstr "Loopback"
@@ -8660,8 +7953,7 @@ msgstr "MAC/PHY information"
msgid "MACVLAN - Pseudo Ethernet"
msgstr "MACVLAN - Pseudo Ethernet"
-#: ../../configuration/firewall/general.rst:282
-#: ../../configuration/firewall/general-legacy.rst:240
+#: ../../configuration/firewall/groups.rst:109
msgid "MAC Groups"
msgstr "MAC Groups"
@@ -8701,52 +7993,14 @@ msgstr "MPLS"
msgid "MPLS support in VyOS is not finished yet, and therefore its functionality is limited. Currently there is no support for MPLS enabled VPN services such as L2VPNs and mVPNs. RSVP support is also not present as the underlying routing stack (FRR) does not implement it. Currently VyOS implements LDP as described in RFC 5036; other LDP standard are the following ones: RFC 6720, RFC 6667, RFC 5919, RFC 5561, RFC 7552, RFC 4447. Because MPLS is already available (FRR also supports RFC 3031)."
msgstr "MPLS support in VyOS is not finished yet, and therefore its functionality is limited. Currently there is no support for MPLS enabled VPN services such as L2VPNs and mVPNs. RSVP support is also not present as the underlying routing stack (FRR) does not implement it. Currently VyOS implements LDP as described in RFC 5036; other LDP standard are the following ones: RFC 6720, RFC 6667, RFC 5919, RFC 5561, RFC 7552, RFC 4447. Because MPLS is already available (FRR also supports RFC 3031)."
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
#: ../../configuration/interfaces/pppoe.rst:215
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
#: ../../configuration/interfaces/sstp-client.rst:87
#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
msgid "MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in 1452 bytes on a 1492 byte MTU."
msgstr "MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in 1452 bytes on a 1492 byte MTU."
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
#: ../../configuration/interfaces/pppoe.rst:261
#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
msgid "MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in 1432 bytes on a 1492 byte MTU."
msgstr "MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in 1432 bytes on a 1492 byte MTU."
@@ -8758,11 +8012,19 @@ msgstr "MTU"
msgid "Mail system"
msgstr "Mail system"
+#: ../../configuration/firewall/index.rst:20
+msgid "Main notes regarding this packet flow and terminology used in VyOS firewall:"
+msgstr "Main notes regarding this packet flow and terminology used in VyOS firewall:"
+
+#: ../../configuration/firewall/index.rst:91
+msgid "Main structure VyOS firewall cli is shown next:"
+msgstr "Main structure VyOS firewall cli is shown next:"
+
#: ../../configuration/firewall/general.rst:20
msgid "Main structure is shown next:"
msgstr "Main structure is shown next:"
-#: ../../configuration/service/pppoe-server.rst:308
+#: ../../configuration/service/pppoe-server.rst:295
msgid "Maintenance mode"
msgstr "Maintenance mode"
@@ -8786,11 +8048,15 @@ msgstr "Mandatory Settings"
msgid "Manual Neighbor Configuration"
msgstr "Manual Neighbor Configuration"
-#: ../../configuration/interfaces/vxlan.rst:150
+#: ../../configuration/pki/index.rst:336
+msgid "Manually trigger certificate renewal. This will be done twice a day."
+msgstr "Manually trigger certificate renewal. This will be done twice a day."
+
+#: ../../configuration/interfaces/vxlan.rst:171
msgid "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge."
msgstr "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge."
-#: ../../configuration/vpn/sstp.rst:212
+#: ../../configuration/vpn/sstp.rst:223
msgid "Mark RADIUS server as offline for this given `` in seconds."
msgstr "Mark RADIUS server as offline for this given `` in seconds."
@@ -8810,7 +8076,8 @@ msgstr "Match BGP large communities."
msgid "Match IP addresses based on its geolocation. More info: `geoip matching `_."
msgstr "Match IP addresses based on its geolocation. More info: `geoip matching `_."
-#: ../../configuration/firewall/general.rst:710
+#: ../../configuration/firewall/ipv4.rst:440
+#: ../../configuration/firewall/ipv6.rst:447
msgid "Match IP addresses based on its geolocation. More info: `geoip matching `_. Use inverse-match to match anything except the given country-codes."
msgstr "Match IP addresses based on its geolocation. More info: `geoip matching `_. Use inverse-match to match anything except the given country-codes."
@@ -8822,18 +8089,18 @@ msgstr "Match RPKI validation result."
msgid "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol."
msgstr "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol."
-#: ../../configuration/firewall/general.rst:1091
-#: ../../configuration/firewall/general-legacy.rst:671
+#: ../../configuration/firewall/ipv4.rst:773
+#: ../../configuration/firewall/ipv6.rst:783
msgid "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol."
msgstr "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol."
-#: ../../configuration/firewall/general.rst:1158
-#: ../../configuration/firewall/general-legacy.rst:709
+#: ../../configuration/firewall/ipv4.rst:831
+#: ../../configuration/firewall/ipv6.rst:840
msgid "Match against the state of a packet."
msgstr "Match against the state of a packet."
-#: ../../configuration/firewall/general.rst:924
-#: ../../configuration/firewall/general-legacy.rst:590
+#: ../../configuration/firewall/ipv4.rst:620
+#: ../../configuration/firewall/ipv6.rst:630
msgid "Match based on dscp value."
msgstr "Match based on dscp value."
@@ -8841,18 +8108,28 @@ msgstr "Match based on dscp value."
msgid "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported."
msgstr "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported."
-#: ../../configuration/firewall/general.rst:937
-#: ../../configuration/firewall/general-legacy.rst:597
+#: ../../configuration/firewall/ipv4.rst:631
+#: ../../configuration/firewall/ipv6.rst:641
msgid "Match based on fragment criteria."
msgstr "Match based on fragment criteria."
-#: ../../configuration/firewall/general.rst:956
-#: ../../configuration/firewall/general-legacy.rst:604
+#: ../../configuration/firewall/ipv4.rst:642
+msgid "Match based on icmp code and type."
+msgstr "Match based on icmp code and type."
+
+#: ../../configuration/firewall/ipv4.rst:653
+msgid "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported."
+msgstr "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported."
+
+#: ../../configuration/firewall/ipv6.rst:663
+msgid "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
+msgstr "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
+
+#: ../../configuration/firewall/ipv6.rst:652
#: ../../configuration/policy/route.rst:131
msgid "Match based on icmp|icmpv6 code and type."
msgstr "Match based on icmp|icmpv6 code and type."
-#: ../../configuration/firewall/general.rst:975
#: ../../configuration/firewall/general-legacy.rst:610
msgid "Match based on icmp|icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
msgstr "Match based on icmp|icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
@@ -8869,8 +8146,20 @@ msgstr "Match based on inbound/outbound interface. Wilcard ``*`` can be used. Fo
msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
-#: ../../configuration/firewall/general.rst:1013
-#: ../../configuration/firewall/general-legacy.rst:630
+#: ../../configuration/firewall/bridge.rst:239
+#: ../../configuration/firewall/ipv4.rst:663
+#: ../../configuration/firewall/ipv6.rst:673
+msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+
+#: ../../configuration/firewall/bridge.rst:248
+#: ../../configuration/firewall/ipv4.rst:674
+#: ../../configuration/firewall/ipv6.rst:684
+msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+
+#: ../../configuration/firewall/ipv4.rst:707
+#: ../../configuration/firewall/ipv6.rst:717
msgid "Match based on ipsec criteria."
msgstr "Match based on ipsec criteria."
@@ -8878,53 +8167,77 @@ msgstr "Match based on ipsec criteria."
msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
-#: ../../configuration/firewall/general.rst:1064
-#: ../../configuration/firewall/general-legacy.rst:656
+#: ../../configuration/firewall/bridge.rst:256
+#: ../../configuration/firewall/ipv4.rst:684
+#: ../../configuration/firewall/ipv6.rst:694
+msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+
+#: ../../configuration/firewall/bridge.rst:265
+#: ../../configuration/firewall/ipv4.rst:695
+#: ../../configuration/firewall/ipv6.rst:705
+msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+
+#: ../../configuration/firewall/ipv4.rst:750
+#: ../../configuration/firewall/ipv6.rst:760
#: ../../configuration/policy/route.rst:176
msgid "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported."
msgstr "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported."
-#: ../../configuration/firewall/general.rst:1078
-#: ../../configuration/firewall/general-legacy.rst:664
+#: ../../configuration/firewall/ipv4.rst:762
+#: ../../configuration/firewall/ipv6.rst:772
#: ../../configuration/policy/route.rst:184
msgid "Match based on packet type criteria."
msgstr "Match based on packet type criteria."
-#: ../../configuration/firewall/general.rst:1039
-#: ../../configuration/firewall/general-legacy.rst:644
+#: ../../configuration/firewall/ipv4.rst:729
+#: ../../configuration/firewall/ipv6.rst:739
msgid "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**"
msgstr "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**"
-#: ../../configuration/firewall/general.rst:1026
-#: ../../configuration/firewall/general-legacy.rst:637
+#: ../../configuration/firewall/ipv4.rst:718
+#: ../../configuration/firewall/ipv6.rst:728
msgid "Match based on the maximum number of packets to allow in excess of rate."
msgstr "Match based on the maximum number of packets to allow in excess of rate."
-#: ../../configuration/firewall/general.rst:1124
-#: ../../configuration/firewall/general-legacy.rst:689
+#: ../../configuration/firewall/bridge.rst:273
+msgid "Match based on vlan ID. Range is also supported."
+msgstr "Match based on vlan ID. Range is also supported."
+
+#: ../../configuration/firewall/bridge.rst:280
+msgid "Match based on vlan priority(pcp). Range is also supported."
+msgstr "Match based on vlan priority(pcp). Range is also supported."
+
+#: ../../configuration/firewall/ipv4.rst:801
+#: ../../configuration/firewall/ipv6.rst:810
msgid "Match bases on recently seen sources."
msgstr "Match bases on recently seen sources."
-#: ../../configuration/firewall/general.rst:562
-#: ../../configuration/firewall/general-legacy.rst:394
+#: ../../configuration/firewall/ipv4.rst:325
+#: ../../configuration/firewall/ipv6.rst:325
msgid "Match criteria based on connection mark."
msgstr "Match criteria based on connection mark."
-#: ../../configuration/firewall/general.rst:549
-#: ../../configuration/firewall/general-legacy.rst:387
+#: ../../configuration/firewall/ipv4.rst:314
+#: ../../configuration/firewall/ipv6.rst:314
msgid "Match criteria based on nat connection status."
msgstr "Match criteria based on nat connection status."
-#: ../../configuration/firewall/general.rst:586
+#: ../../configuration/firewall/ipv4.rst:345
+#: ../../configuration/firewall/ipv6.rst:345
msgid "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses."
msgstr "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses."
+#: ../../configuration/firewall/bridge.rst:232
+msgid "Match criteria based on source and/or destination mac-address."
+msgstr "Match criteria based on source and/or destination mac-address."
+
#: ../../configuration/loadbalancing/reverse-proxy.rst:58
msgid "Match domain name"
msgstr "Match domain name"
-#: ../../configuration/firewall/general.rst:1234
-#: ../../configuration/firewall/general-legacy.rst:732
+#: ../../configuration/firewall/ipv6.rst:894
#: ../../configuration/policy/route.rst:234
msgid "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
msgstr "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
@@ -8937,19 +8250,19 @@ msgstr "Match local preference."
msgid "Match route metric."
msgstr "Match route metric."
-#: ../../configuration/firewall/general.rst:1222
-#: ../../configuration/firewall/general-legacy.rst:726
+#: ../../configuration/firewall/ipv4.rst:885
#: ../../configuration/policy/route.rst:229
msgid "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
msgstr "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
-#: ../../configuration/firewall/general.rst:1259
-#: ../../configuration/firewall/general-legacy.rst:742
+#: ../../configuration/firewall/ipv4.rst:906
+#: ../../configuration/firewall/ipv6.rst:915
msgid "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts."
msgstr "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts."
-#: ../../configuration/firewall/general.rst:534
-#: ../../configuration/firewall/general-legacy.rst:378
+#: ../../configuration/firewall/bridge.rst:219
+#: ../../configuration/firewall/ipv4.rst:301
+#: ../../configuration/firewall/ipv6.rst:301
#: ../../configuration/policy/route.rst:38
msgid "Matching criteria"
msgstr "Matching criteria"
@@ -8966,7 +8279,7 @@ msgstr "Maximum A-MSDU length 3839 (default) or 7935 octets"
msgid "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations."
msgstr "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations."
-#: ../../configuration/vpn/sstp.rst:148
+#: ../../configuration/vpn/sstp.rst:159
msgid "Maximum number of IPv4 nameservers"
msgstr "Maximum number of IPv4 nameservers"
@@ -8978,7 +8291,11 @@ msgstr "Maximum number of authenticator processes to spawn. If you start too few
msgid "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that."
msgstr "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that."
-#: ../../configuration/vpn/sstp.rst:239
+#: ../../configuration/service/dns.rst:148
+msgid "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120."
+msgstr "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120."
+
+#: ../../configuration/vpn/sstp.rst:250
msgid "Maximum number of tries to send Access-Request/Accounting-Request queries"
msgstr "Maximum number of tries to send Access-Request/Accounting-Request queries"
@@ -9010,6 +8327,26 @@ msgstr "Metris version, the default is ``2``"
msgid "Min and max intervals between unsolicited multicast RAs"
msgstr "Min and max intervals between unsolicited multicast RAs"
+#: ../../configuration/firewall/flowtables.rst:106
+msgid "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities."
+msgstr "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities."
+
+#: ../../configuration/protocols/pim.rst:49
+msgid "Modify the join/prune interval that PIM uses to the new value. Time is specified in seconds."
+msgstr "Modify the join/prune interval that PIM uses to the new value. Time is specified in seconds."
+
+#: ../../configuration/protocols/pim.rst:59
+msgid "Modify the time out value for a S,G flow from 1-65535 seconds. If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+msgstr "Modify the time out value for a S,G flow from 1-65535 seconds. If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+
+#: ../../configuration/protocols/pim.rst:98
+msgid "Modify the time out value for a S,G flow from 1-65535 seconds at :abbr:`RP (Rendezvous Point)`. The normal keepalive period for the KAT(S,G) defaults to 210 seconds. However, at the :abbr:`RP (Rendezvous Point)`, the keepalive period must be at least the Register_Suppression_Time, or the RP may time out the (S,G) state before the next Null-Register arrives. Thus, the KAT(S,G) is set to max(Keepalive_Period, RP_Keepalive_Period) when a Register-Stop is sent."
+msgstr "Modify the time out value for a S,G flow from 1-65535 seconds at :abbr:`RP (Rendezvous Point)`. The normal keepalive period for the KAT(S,G) defaults to 210 seconds. However, at the :abbr:`RP (Rendezvous Point)`, the keepalive period must be at least the Register_Suppression_Time, or the RP may time out the (S,G) state before the next Null-Register arrives. Thus, the KAT(S,G) is set to max(Keepalive_Period, RP_Keepalive_Period) when a Register-Stop is sent."
+
+#: ../../configuration/protocols/pim.rst:82
+msgid "Modify the time that pim will register suppress a FHR will send register notifications to the kernel."
+msgstr "Modify the time that pim will register suppress a FHR will send register notifications to the kernel."
+
#: ../../configuration/interfaces/wireless.rst:22
msgid "Monitor, the system passively monitors any kind of wireless traffic"
msgstr "Monitor, the system passively monitors any kind of wireless traffic"
@@ -9034,7 +8371,7 @@ msgstr "Most operating systems include native client support for IPsec IKEv2 VPN
msgid "Mount a volume into the container"
msgstr "Mount a volume into the container"
-#: ../../configuration/service/dhcp-server.rst:268
+#: ../../configuration/service/dhcp-server.rst:235
msgid "Multi"
msgstr "Multi"
@@ -9046,16 +8383,15 @@ msgstr "Multi-client server is the most popular OpenVPN mode on routers. It alwa
msgid "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses."
msgstr "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses."
-#: ../../configuration/service/dhcp-server.rst:392
+#: ../../configuration/service/dhcp-server.rst:359
msgid "Multi: can be specified multiple times."
msgstr "Multi: can be specified multiple times."
-#: ../../configuration/interfaces/vxlan.rst:89
-#: ../../configuration/protocols/igmp.rst:7
+#: ../../configuration/interfaces/vxlan.rst:110
msgid "Multicast"
msgstr "Multicast"
-#: ../../configuration/interfaces/vxlan.rst:209
+#: ../../configuration/interfaces/vxlan.rst:230
msgid "Multicast-routing is required for the leaves to forward traffic between each other in a more scalable way. This also requires PIM to be enabled towards the leaves so that the Spine can learn what multicast groups each Leaf expects traffic from."
msgstr "Multicast-routing is required for the leaves to forward traffic between each other in a more scalable way. This also requires PIM to be enabled towards the leaves so that the Spine can learn what multicast groups each Leaf expects traffic from."
@@ -9063,11 +8399,15 @@ msgstr "Multicast-routing is required for the leaves to forward traffic between
msgid "Multicast DNS uses the 224.0.0.251 address, which is \"administratively scoped\" and does not leave the subnet. It retransmits mDNS packets from one interface to other interfaces. This enables support for e.g. Apple Airplay devices across multiple VLANs."
msgstr "Multicast DNS uses the 224.0.0.251 address, which is \"administratively scoped\" and does not leave the subnet. It retransmits mDNS packets from one interface to other interfaces. This enables support for e.g. Apple Airplay devices across multiple VLANs."
-#: ../../configuration/interfaces/vxlan.rst:105
+#: ../../configuration/service/mdns.rst:8
+msgid "Multicast DNS uses the reserved address ``224.0.0.251``, which is `\"administratively scoped\"` and does not leave the subnet. mDNS repeater retransmits mDNS packets from one interface to other interfaces. This enables support for devices using mDNS discovery (like network printers, Apple Airplay, Chromecast, various IP based home-automation devices etc) across multiple VLANs."
+msgstr "Multicast DNS uses the reserved address ``224.0.0.251``, which is `\"administratively scoped\"` and does not leave the subnet. mDNS repeater retransmits mDNS packets from one interface to other interfaces. This enables support for devices using mDNS discovery (like network printers, Apple Airplay, Chromecast, various IP based home-automation devices etc) across multiple VLANs."
+
+#: ../../configuration/interfaces/vxlan.rst:126
msgid "Multicast VXLAN"
msgstr "Multicast VXLAN"
-#: ../../configuration/interfaces/vxlan.rst:99
+#: ../../configuration/interfaces/vxlan.rst:120
msgid "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast."
msgstr "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast."
@@ -9075,7 +8415,7 @@ msgstr "Multicast group address for VXLAN interface. VXLAN tunnels can be built
msgid "Multicast group to use for syncing conntrack entries."
msgstr "Multicast group to use for syncing conntrack entries."
-#: ../../configuration/protocols/igmp.rst:26
+#: ../../configuration/protocols/pim.rst:22
msgid "Multicast receivers will talk IGMP to their local router, so, besides having PIM configured in every router, IGMP must also be configured in any router where there could be a multicast receiver locally connected."
msgstr "Multicast receivers will talk IGMP to their local router, so, besides having PIM configured in every router, IGMP must also be configured in any router where there could be a multicast receiver locally connected."
@@ -9083,8 +8423,8 @@ msgstr "Multicast receivers will talk IGMP to their local router, so, besides ha
msgid "Multicast receivers will talk MLD to their local router, so, besides having PIMv6 configured in every router, MLD must also be configured in any router where there could be a multicast receiver locally connected."
msgstr "Multicast receivers will talk MLD to their local router, so, besides having PIMv6 configured in every router, MLD must also be configured in any router where there could be a multicast receiver locally connected."
-#: ../../configuration/service/dhcp-server.rst:59
-#: ../../configuration/service/dhcp-server.rst:106
+#: ../../configuration/service/dhcp-server.rst:54
+#: ../../configuration/service/dhcp-server.rst:92
msgid "Multiple DNS servers can be defined."
msgstr "Multiple DNS servers can be defined."
@@ -9096,7 +8436,7 @@ msgstr "Multiple RPKI caching instances can be supplied and they need a preferen
msgid "Multiple Uplinks"
msgstr "Multiple Uplinks"
-#: ../../configuration/interfaces/vxlan.rst:144
+#: ../../configuration/interfaces/vxlan.rst:165
msgid "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI."
msgstr "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI."
@@ -9108,7 +8448,7 @@ msgstr "Multiple aliases can pe specified per host-name."
msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'"
msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'"
-#: ../../configuration/system/conntrack.rst:122
+#: ../../configuration/system/conntrack.rst:150
msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``"
msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``"
@@ -9125,12 +8465,12 @@ msgstr "Multiple networks/client IP addresses can be configured."
msgid "Multiple servers can be specified."
msgstr "Multiple servers can be specified."
-#: ../../configuration/service/dns.rst:361
+#: ../../configuration/service/dns.rst:374
msgid "Multiple services can be used per interface. Just specify as many services per interface as you like!"
msgstr "Multiple services can be used per interface. Just specify as many services per interface as you like!"
-#: ../../configuration/firewall/general.rst:770
-#: ../../configuration/firewall/general-legacy.rst:515
+#: ../../configuration/firewall/ipv4.rst:494
+#: ../../configuration/firewall/ipv6.rst:500
msgid "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:"
msgstr "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:"
@@ -9147,18 +8487,18 @@ msgstr "Multiple users can connect to the same serial device but only one is all
msgid "Multiprotocol extensions enable BGP to carry routing information for multiple network layer protocols. BGP supports an Address Family Identifier (AFI) for IPv4 and IPv6."
msgstr "Multiprotocol extensions enable BGP to carry routing information for multiple network layer protocols. BGP supports an Address Family Identifier (AFI) for IPv4 and IPv6."
-#: ../../configuration/service/dhcp-server.rst:274
-#: ../../configuration/service/dhcp-server.rst:280
-#: ../../configuration/service/dhcp-server.rst:285
-#: ../../configuration/service/dhcp-server.rst:305
-#: ../../configuration/service/dhcp-server.rst:320
-#: ../../configuration/service/dhcp-server.rst:325
-#: ../../configuration/service/dhcp-server.rst:330
-#: ../../configuration/service/dhcp-server.rst:335
-#: ../../configuration/service/dhcp-server.rst:340
-#: ../../configuration/service/dhcp-server.rst:360
-#: ../../configuration/service/dhcp-server.rst:365
-#: ../../configuration/service/dhcp-server.rst:370
+#: ../../configuration/service/dhcp-server.rst:241
+#: ../../configuration/service/dhcp-server.rst:247
+#: ../../configuration/service/dhcp-server.rst:252
+#: ../../configuration/service/dhcp-server.rst:272
+#: ../../configuration/service/dhcp-server.rst:287
+#: ../../configuration/service/dhcp-server.rst:292
+#: ../../configuration/service/dhcp-server.rst:297
+#: ../../configuration/service/dhcp-server.rst:302
+#: ../../configuration/service/dhcp-server.rst:307
+#: ../../configuration/service/dhcp-server.rst:327
+#: ../../configuration/service/dhcp-server.rst:332
+#: ../../configuration/service/dhcp-server.rst:337
msgid "N"
msgstr "N"
@@ -9175,19 +8515,31 @@ msgstr "NAT, Routing, Firewall Interaction"
msgid "NAT44"
msgstr "NAT44"
+#: ../../configuration/nat/nat64.rst:5
+msgid "NAT64"
+msgstr "NAT64"
+
+#: ../../configuration/nat/nat64.rst:62
+msgid "NAT64 client configuration:"
+msgstr "NAT64 client configuration:"
+
+#: ../../configuration/nat/nat64.rst:44
+msgid "NAT64 server configuration:"
+msgstr "NAT64 server configuration:"
+
#: ../../configuration/nat/nat66.rst:5
msgid "NAT66(NPTv6)"
msgstr "NAT66(NPTv6)"
-#: ../../configuration/nat/nat44.rst:706
+#: ../../configuration/nat/nat44.rst:730
msgid "NAT Configuration"
msgstr "NAT Configuration"
-#: ../../configuration/nat/nat44.rst:287
+#: ../../configuration/nat/nat44.rst:299
msgid "NAT Load Balance"
msgstr "NAT Load Balance"
-#: ../../configuration/nat/nat44.rst:293
+#: ../../configuration/nat/nat44.rst:305
msgid "NAT Load Balance uses an algorithm that generates a hash and based on it, then it applies corresponding translation. This hash can be generated randomly, or can use data from the ip header: source-address, destination-address, source-port and/or destination-port. By default, it will generate the hash randomly."
msgstr "NAT Load Balance uses an algorithm that generates a hash and based on it, then it applies corresponding translation. This hash can be generated randomly, or can use data from the ip header: source-address, destination-address, source-port and/or destination-port. By default, it will generate the hash randomly."
@@ -9195,16 +8547,15 @@ msgstr "NAT Load Balance uses an algorithm that generates a hash and based on it
msgid "NAT Ruleset"
msgstr "NAT Ruleset"
-#: ../../configuration/nat/nat44.rst:686
+#: ../../configuration/nat/nat44.rst:710
msgid "NAT (specifically, Source NAT);"
msgstr "NAT (specifically, Source NAT);"
-#: ../../configuration/nat/nat44.rst:624
+#: ../../configuration/nat/nat44.rst:648
msgid "NAT before VPN"
msgstr "NAT before VPN"
-#: ../../configuration/nat/nat44.rst:677
-#: ../../configuration/nat/nat44.rst:677
+#: ../../configuration/nat/nat44.rst:701
msgid "NAT before VPN Topology"
msgstr "NAT before VPN Topology"
@@ -9236,7 +8587,7 @@ msgstr "NTP supplies a warning of any impending leap second adjustment, but no i
msgid "Name Server"
msgstr "Name Server"
-#: ../../configuration/service/dhcp-server.rst:389
+#: ../../configuration/service/dhcp-server.rst:356
msgid "Name of static mapping"
msgstr "Name of static mapping"
@@ -9244,11 +8595,11 @@ msgstr "Name of static mapping"
msgid "Name of the single table Only if set group-metrics single-table."
msgstr "Name of the single table Only if set group-metrics single-table."
-#: ../../configuration/service/dhcp-server.rst:329
+#: ../../configuration/service/dhcp-server.rst:296
msgid "Name or IPv4 address of TFTP server"
msgstr "Name or IPv4 address of TFTP server"
-#: ../../configuration/service/dhcp-server.rst:314
+#: ../../configuration/service/dhcp-server.rst:281
msgid "NetBIOS over TCP/IP name server"
msgstr "NetBIOS over TCP/IP name server"
@@ -9276,7 +8627,7 @@ msgstr "NetFlow is usually enabled on a per-interface basis to limit load on the
msgid "NetFlow v5 example:"
msgstr "NetFlow v5 example:"
-#: ../../configuration/firewall/index.rst:16
+#: ../../configuration/firewall/index.rst:13
msgid "Netfilter based"
msgstr "Netfilter based"
@@ -9302,8 +8653,7 @@ msgstr "Network Control"
msgid "Network Emulator"
msgstr "Network Emulator"
-#: ../../configuration/firewall/general.rst:215
-#: ../../configuration/firewall/general-legacy.rst:191
+#: ../../configuration/firewall/groups.rst:42
msgid "Network Groups"
msgstr "Network Groups"
@@ -9315,7 +8665,7 @@ msgstr "Network ID (SSID) ``Enterprise-TEST``"
msgid "Network ID (SSID) ``TEST``"
msgstr "Network ID (SSID) ``TEST``"
-#: ../../configuration/protocols/igmp.rst:None
+#: ../../configuration/protocols/pim.rst:-1
msgid "Network Topology Diagram"
msgstr "Network Topology Diagram"
@@ -9339,7 +8689,7 @@ msgstr "New user will use SHA/AES for authentication and privacy"
msgid "Next-hop interface for the route"
msgstr "Next-hop interface for the route"
-#: ../../configuration/vpn/openconnect.rst:205
+#: ../../configuration/vpn/openconnect.rst:212
msgid "Next it is necessary to configure 2FA for OpenConnect:"
msgstr "Next it is necessary to configure 2FA for OpenConnect:"
@@ -9428,7 +8778,7 @@ msgstr "Now we add the option to the scope, adapt to your setup"
msgid "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients."
msgstr "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients."
-#: ../../configuration/vpn/openconnect.rst:212
+#: ../../configuration/vpn/openconnect.rst:219
msgid "Now when connecting the user will first be asked for the password and then the OTP key."
msgstr "Now when connecting the user will first be asked for the password and then the OTP key."
@@ -9480,7 +8830,7 @@ msgstr "OTP-key generation"
msgid "Offloading"
msgstr "Offloading"
-#: ../../configuration/service/dhcp-server.rst:278
+#: ../../configuration/service/dhcp-server.rst:245
msgid "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)"
msgstr "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)"
@@ -9555,6 +8905,10 @@ msgstr "On the initiator, we need to set the remote-id option so that it can ide
msgid "On the initiator, we set the peer address to its public address, but on the responder we only set the id."
msgstr "On the initiator, we set the peer address to its public address, but on the responder we only set the id."
+#: ../../configuration/protocols/pim.rst:120
+msgid "On the last hop router if it is desired to not switch over to the SPT tree configure this command."
+msgstr "On the last hop router if it is desired to not switch over to the SPT tree configure this command."
+
#: ../../configuration/vpn/rsa-keys.rst:57
msgid "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work."
msgstr "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work."
@@ -9563,25 +8917,6 @@ msgstr "On the responder, we need to set the local id so that initiator can know
msgid "Once a class has a filter configured, you will also have to define what you want to do with the traffic of that class, what specific Traffic-Control treatment you want to give it. You will have different possibilities depending on the Traffic Policy you are configuring."
msgstr "Once a class has a filter configured, you will also have to define what you want to do with the traffic of that class, what specific Traffic-Control treatment you want to give it. You will have different possibilities depending on the Traffic Policy you are configuring."
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
#: ../../_include/interface-ip.txt:21
msgid "Once a neighbor has been found, the entry is considered to be valid for at least for this specific time. An entry's validity will be extended if it receives positive feedback from higher level protocols."
msgstr "Once a neighbor has been found, the entry is considered to be valid for at least for this specific time. An entry's validity will be extended if it receives positive feedback from higher level protocols."
@@ -9606,6 +8941,10 @@ msgstr "Once flow accounting is configured on an interfaces it provides the abil
msgid "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them."
msgstr "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them."
+#: ../../configuration/firewall/flowtables.rst:38
+msgid "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)"
+msgstr "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)"
+
#: ../../configuration/service/pppoe-server.rst:63
msgid "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially."
msgstr "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially."
@@ -9614,11 +8953,11 @@ msgstr "Once the local tunnel endpoint ``set service pppoe-server gateway-addres
msgid "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave."
msgstr "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave."
-#: ../../configuration/service/pppoe-server.rst:224
+#: ../../configuration/service/pppoe-server.rst:211
msgid "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'."
msgstr "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'."
-#: ../../configuration/vpn/openconnect.rst:250
+#: ../../configuration/vpn/openconnect.rst:257
msgid "Once you commit the above changes you can create a config file in the /config/auth/ocserv/config-per-user directory that matches a username of a user you have created e.g. \"tst\". Now when logging in with the \"tst\" user the config options you set in this file will be loaded."
msgstr "Once you commit the above changes you can create a config file in the /config/auth/ocserv/config-per-user directory that matches a username of a user you have created e.g. \"tst\". Now when logging in with the \"tst\" user the config options you set in this file will be loaded."
@@ -9626,7 +8965,7 @@ msgstr "Once you commit the above changes you can create a config file in the /c
msgid "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands."
msgstr "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands."
-#: ../../configuration/vpn/sstp.rst:295
+#: ../../configuration/vpn/sstp.rst:307
msgid "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file."
msgstr "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file."
@@ -9650,11 +8989,6 @@ msgstr "One of the important features built on top of the Netfilter framework is
msgid "One of the uses of Fair Queue might be the mitigation of Denial of Service attacks."
msgstr "One of the uses of Fair Queue might be the mitigation of Denial of Service attacks."
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
#: ../../_include/interface-vlan-8021q.txt:32
msgid "Only 802.1Q-tagged packets are accepted on Ethernet vifs."
msgstr "Only 802.1Q-tagged packets are accepted on Ethernet vifs."
@@ -9663,8 +8997,12 @@ msgstr "Only 802.1Q-tagged packets are accepted on Ethernet vifs."
msgid "Only VRRP is supported. Required option."
msgstr "Only VRRP is supported. Required option."
-#: ../../configuration/firewall/general.rst:731
-#: ../../configuration/firewall/general-legacy.rst:490
+#: ../../configuration/service/https.rst:18
+msgid "Only allow certain IP addresses or prefixes to access the https webserver."
+msgstr "Only allow certain IP addresses or prefixes to access the https webserver."
+
+#: ../../configuration/firewall/ipv4.rst:459
+#: ../../configuration/firewall/ipv6.rst:466
msgid "Only in the source criteria, you can specify a mac-address."
msgstr "Only in the source criteria, you can specify a mac-address."
@@ -9672,22 +9010,7 @@ msgstr "Only in the source criteria, you can specify a mac-address."
msgid "Only one SRGB and default SPF Algorithm is supported"
msgstr "Only one SRGB and default SPF Algorithm is supported"
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
+#: ../../_include/interface-dhcp-options.txt:48
msgid "Only request an address from the DHCP server but do not request a default gateway."
msgstr "Only request an address from the DHCP server but do not request a default gateway."
@@ -9703,6 +9026,10 @@ msgstr "Only request an address from the SSTP server but do not install any defa
msgid "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note that the key will usually be several hundred characters long, and you will need to copy and paste it. Some terminal emulators may accidentally split this over several lines. Be attentive when you paste it that it only pastes as a single line. The third part is simply an identifier, and is for your own reference."
msgstr "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note that the key will usually be several hundred characters long, and you will need to copy and paste it. Some terminal emulators may accidentally split this over several lines. Be attentive when you paste it that it only pastes as a single line. The third part is simply an identifier, and is for your own reference."
+#: ../../configuration/interfaces/vxlan.rst:96
+msgid "Only works with a VXLAN device with external flag set."
+msgstr "Only works with a VXLAN device with external flag set."
+
#: ../../configuration/highavailability/index.rst:457
msgid "Op-mode check virtual-server status"
msgstr "Op-mode check virtual-server status"
@@ -9715,15 +9042,15 @@ msgstr "OpenConnect"
msgid "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol."
msgstr "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol."
-#: ../../configuration/vpn/openconnect.rst:274
+#: ../../configuration/vpn/openconnect.rst:281
msgid "OpenConnect can be configured to send accounting information to a RADIUS server to capture user session data such as time of connect/disconnect, data transferred, and so on."
msgstr "OpenConnect can be configured to send accounting information to a RADIUS server to capture user session data such as time of connect/disconnect, data transferred, and so on."
-#: ../../configuration/vpn/openconnect.rst:267
+#: ../../configuration/vpn/openconnect.rst:274
msgid "OpenConnect server matches the filename in a case sensitive manner, make sure the username/group name you configure matches the filename exactly."
msgstr "OpenConnect server matches the filename in a case sensitive manner, make sure the username/group name you configure matches the filename exactly."
-#: ../../configuration/vpn/openconnect.rst:228
+#: ../../configuration/vpn/openconnect.rst:235
msgid "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual `_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users."
msgstr "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual `_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users."
@@ -9778,27 +9105,34 @@ msgstr "Operating Modes"
#: ../../configuration/interfaces/virtual-ethernet.rst:55
#: ../../configuration/interfaces/wireless.rst:416
#: ../../configuration/interfaces/wwan.rst:79
-#: ../../configuration/pki/index.rst:252
-#: ../../configuration/protocols/igmp.rst:245
+#: ../../configuration/pki/index.rst:290
+#: ../../configuration/protocols/igmp-proxy.rst:73
#: ../../configuration/protocols/static.rst:183
#: ../../configuration/service/conntrack-sync.rst:103
#: ../../configuration/service/console-server.rst:76
#: ../../configuration/service/dhcp-relay.rst:124
-#: ../../configuration/service/dhcp-relay.rst:199
-#: ../../configuration/service/dns.rst:182
+#: ../../configuration/service/dhcp-relay.rst:201
+#: ../../configuration/service/dns.rst:195
#: ../../configuration/service/lldp.rst:71
+#: ../../configuration/service/mdns.rst:79
#: ../../configuration/service/ssh.rst:145
#: ../../configuration/service/webproxy.rst:330
#: ../../configuration/system/default-route.rst:25
#: ../../configuration/system/flow-accounting.rst:175
#: ../../configuration/vrf/index.rst:111
-#: ../../configuration/vrf/index.rst:321
-#: ../../configuration/vrf/index.rst:501
+#: ../../configuration/vrf/index.rst:323
+#: ../../configuration/vrf/index.rst:503
msgid "Operation"
msgstr "Operation"
-#: ../../configuration/firewall/general.rst:1307
-#: ../../configuration/firewall/general-legacy.rst:778
+#: ../../configuration/firewall/groups.rst:186
+#: ../../configuration/firewall/zone.rst:128
+msgid "Operation-mode"
+msgstr "Operation-mode"
+
+#: ../../configuration/firewall/bridge.rst:284
+#: ../../configuration/firewall/ipv4.rst:954
+#: ../../configuration/firewall/ipv6.rst:962
msgid "Operation-mode Firewall"
msgstr "Operation-mode Firewall"
@@ -9806,8 +9140,8 @@ msgstr "Operation-mode Firewall"
msgid "Operation Commands"
msgstr "Operation Commands"
-#: ../../configuration/service/dhcp-server.rst:512
-#: ../../configuration/service/dhcp-server.rst:732
+#: ../../configuration/service/dhcp-server.rst:412
+#: ../../configuration/service/dhcp-server.rst:664
#: ../../configuration/system/acceleration.rst:42
msgid "Operation Mode"
msgstr "Operation Mode"
@@ -9825,7 +9159,7 @@ msgstr "Operational Commands"
#: ../../configuration/protocols/bgp.rst:950
#: ../../configuration/protocols/mpls.rst:218
#: ../../configuration/protocols/ospf.rst:609
-#: ../../configuration/protocols/ospf.rst:1266
+#: ../../configuration/protocols/ospf.rst:1268
#: ../../configuration/protocols/rip.rst:193
msgid "Operational Mode Commands"
msgstr "Operational Mode Commands"
@@ -9843,11 +9177,11 @@ msgstr "Option"
msgid "Option 43 for UniFI"
msgstr "Option 43 for UniFI"
-#: ../../configuration/service/dhcp-server.rst:267
+#: ../../configuration/service/dhcp-server.rst:234
msgid "Option description"
msgstr "Option description"
-#: ../../configuration/service/dhcp-server.rst:265
+#: ../../configuration/service/dhcp-server.rst:232
msgid "Option number"
msgstr "Option number"
@@ -9886,15 +9220,19 @@ msgstr "Optional/default settings"
msgid "Optional Configuration"
msgstr "Optional Configuration"
+#: ../../configuration/protocols/pim.rst:123
+msgid "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens."
+msgstr "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens."
+
#: ../../configuration/container/index.rst:47
msgid "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix."
msgstr "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix."
#: ../../configuration/interfaces/openvpn.rst:631
#: ../../configuration/service/dhcp-relay.rst:53
-#: ../../configuration/service/dhcp-relay.rst:158
-#: ../../configuration/service/dhcp-server.rst:257
-#: ../../configuration/vpn/sstp.rst:219
+#: ../../configuration/service/dhcp-relay.rst:160
+#: ../../configuration/service/dhcp-server.rst:224
+#: ../../configuration/vpn/sstp.rst:230
msgid "Options"
msgstr "Options"
@@ -9918,11 +9256,11 @@ msgstr "Or **binary** prefixes."
msgid "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied."
msgstr "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied."
-#: ../../configuration/service/pppoe-server.rst:251
+#: ../../configuration/service/pppoe-server.rst:238
msgid "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*."
msgstr "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*."
-#: ../../configuration/nat/nat44.rst:512
+#: ../../configuration/nat/nat44.rst:532
msgid "Our configuration commands would be:"
msgstr "Our configuration commands would be:"
@@ -9962,9 +9300,14 @@ msgstr "Over UDP"
msgid "Override static-mapping's name-server with a custom one that will be sent only to this host."
msgstr "Override static-mapping's name-server with a custom one that will be sent only to this host."
-#: ../../configuration/firewall/general.rst:11
-#: ../../configuration/firewall/general-legacy.rst:15
+#: ../../configuration/firewall/bridge.rst:13
+#: ../../configuration/firewall/flowtables.rst:13
+#: ../../configuration/firewall/global-options.rst:11
+#: ../../configuration/firewall/ipv4.rst:11
+#: ../../configuration/firewall/ipv6.rst:11
+#: ../../configuration/firewall/zone.rst:11
#: ../../configuration/nat/nat44.rst:68
+#: ../../configuration/nat/nat64.rst:18
#: ../../configuration/nat/nat66.rst:15
msgid "Overview"
msgstr "Overview"
@@ -9973,8 +9316,8 @@ msgstr "Overview"
msgid "Overview and basic concepts"
msgstr "Overview and basic concepts"
-#: ../../configuration/firewall/general.rst:1461
-#: ../../configuration/firewall/general-legacy.rst:908
+#: ../../configuration/firewall/groups.rst:190
+#: ../../configuration/firewall/ipv6.rst:1117
msgid "Overview of defined groups. You see the type, the members, and where the group is used."
msgstr "Overview of defined groups. You see the type, the members, and where the group is used."
@@ -9994,14 +9337,22 @@ msgstr "PC2 is in VRF ``blue`` which is the development department"
msgid "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department."
msgstr "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department."
-#: ../../configuration/interfaces/vxlan.rst:109
+#: ../../configuration/interfaces/vxlan.rst:130
msgid "PC4 has IP 10.0.0.4/24 and PC5 has IP 10.0.0.5/24, so they believe they are in the same broadcast domain."
msgstr "PC4 has IP 10.0.0.4/24 and PC5 has IP 10.0.0.5/24, so they believe they are in the same broadcast domain."
-#: ../../configuration/interfaces/vxlan.rst:120
+#: ../../configuration/interfaces/vxlan.rst:141
msgid "PC5 receives the ping echo, responds with an echo reply that Leaf3 receives and this time forwards to Leaf2's unicast address directly because it learned the location of PC4 above. When Leaf2 receives the echo reply from PC5 it sees that it came from Leaf3 and so remembers that PC5 is reachable via Leaf3."
msgstr "PC5 receives the ping echo, responds with an echo reply that Leaf3 receives and this time forwards to Leaf2's unicast address directly because it learned the location of PC4 above. When Leaf2 receives the echo reply from PC5 it sees that it came from Leaf3 and so remembers that PC5 is reachable via Leaf3."
+#: ../../configuration/protocols/pim.rst:31
+msgid "PIM-SM - PIM Sparse Mode"
+msgstr "PIM-SM - PIM Sparse Mode"
+
+#: ../../configuration/protocols/pim6.rst:5
+msgid "PIM6 - Protocol Independent Multicast for IPv6"
+msgstr "PIM6 - Protocol Independent Multicast for IPv6"
+
#: ../../configuration/protocols/igmp.rst:16
msgid "PIM (Protocol Independent Multicast) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
msgstr "PIM (Protocol Independent Multicast) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
@@ -10010,6 +9361,10 @@ msgstr "PIM (Protocol Independent Multicast) must be configured in every interfa
msgid "PIM and IGMP"
msgstr "PIM and IGMP"
+#: ../../configuration/protocols/pim.rst:7
+msgid "PIM – Protocol Independent Multicast"
+msgstr "PIM – Protocol Independent Multicast"
+
#: ../../configuration/protocols/pim6.rst:9
msgid "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
msgstr "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
@@ -10022,7 +9377,7 @@ msgstr "PKI"
msgid "PPDU"
msgstr "PPDU"
-#: ../../configuration/vpn/sstp.rst:163
+#: ../../configuration/vpn/sstp.rst:174
msgid "PPP Settings"
msgstr "PPP Settings"
@@ -10054,11 +9409,11 @@ msgstr "Particularly large networks may wish to run their own RPKI certificate a
msgid "Path `` value for Spanning Tree Protocol. Each interface in a bridge could have a different speed and this value is used when deciding which link to use. Faster interfaces should have lower costs."
msgstr "Path `` value for Spanning Tree Protocol. Each interface in a bridge could have a different speed and this value is used when deciding which link to use. Faster interfaces should have lower costs."
-#: ../../configuration/vpn/sstp.rst:155
+#: ../../configuration/vpn/sstp.rst:166
msgid "Path to `` pointing to the certificate authority certificate."
msgstr "Path to `` pointing to the certificate authority certificate."
-#: ../../configuration/vpn/sstp.rst:159
+#: ../../configuration/vpn/sstp.rst:170
msgid "Path to `` pointing to the servers certificate (public portion)."
msgstr "Path to `` pointing to the servers certificate (public portion)."
@@ -10102,7 +9457,7 @@ msgstr "Per default VyOSs has minimal syslog logging enabled which is stored and
msgid "Per default every packet is sampled (that is, the sampling rate is 1)."
msgstr "Per default every packet is sampled (that is, the sampling rate is 1)."
-#: ../../configuration/service/pppoe-server.rst:336
+#: ../../configuration/service/pppoe-server.rst:323
msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again."
msgstr "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again."
@@ -10126,29 +9481,6 @@ msgstr "Ping uses ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an I
msgid "Pinging (IPv6) the other host and intercepting the traffic in ``eth1`` will show you the content is encrypted."
msgstr "Pinging (IPv6) the other host and intercepting the traffic in ``eth1`` will show you the content is encrypted."
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
#: ../../_include/interface-vrf.txt:4
msgid "Place interface in given VRF instance."
msgstr "Place interface in given VRF instance."
@@ -10157,6 +9489,14 @@ msgstr "Place interface in given VRF instance."
msgid "Play an audible beep to the system speaker when system is ready."
msgstr "Play an audible beep to the system speaker when system is ready."
+#: ../../configuration/firewall/index.rst:137
+msgid "Please, refer to appropiate section for more information about firewall configuration:"
+msgstr "Please, refer to appropiate section for more information about firewall configuration:"
+
+#: ../../configuration/firewall/index.rst:138
+msgid "Please, refer to appropriate section for more information about firewall configuration:"
+msgstr "Please, refer to appropriate section for more information about firewall configuration:"
+
#: ../../configuration/service/ipoe-server.rst:23
msgid "Please be aware, due to an upstream bug, config changes/commits will restart the ppp daemon and will reset existing IPoE sessions, in order to become effective."
msgstr "Please be aware, due to an upstream bug, config changes/commits will restart the ppp daemon and will reset existing IPoE sessions, in order to become effective."
@@ -10173,23 +9513,10 @@ msgstr "Please refer to the :ref:`ipsec` documentation for the individual IPSec
msgid "Please refer to the :ref:`tunnel-interface` documentation for the individual tunnel related options."
msgstr "Please refer to the :ref:`tunnel-interface` documentation for the individual tunnel related options."
-#: ../../configuration/service/dhcp-server.rst:423
+#: ../../configuration/service/dhcp-server.rst:364
msgid "Please see the :ref:`dhcp-dns-quick-start` configuration."
msgstr "Please see the :ref:`dhcp-dns-quick-start` configuration."
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
#: ../../_include/need_improvement.txt:13
msgid "Please take a look at the Contributing Guide for our :ref:`documentation`."
msgstr "Please take a look at the Contributing Guide for our :ref:`documentation`."
@@ -10230,12 +9557,11 @@ msgstr "Policy Sections"
msgid "Policy for checking targets"
msgstr "Policy for checking targets"
-#: ../../configuration/system/conntrack.rst:152
+#: ../../configuration/system/conntrack.rst:57
msgid "Policy to track previously established connections."
msgstr "Policy to track previously established connections."
-#: ../../configuration/firewall/general.rst:257
-#: ../../configuration/firewall/general-legacy.rst:215
+#: ../../configuration/firewall/groups.rst:84
msgid "Port Groups"
msgstr "Port Groups"
@@ -10245,7 +9571,7 @@ msgstr "Port Groups"
msgid "Port Mirror (SPAN)"
msgstr "Port Mirror (SPAN)"
-#: ../../configuration/vpn/sstp.rst:231
+#: ../../configuration/vpn/sstp.rst:242
msgid "Port for Dynamic Authorization Extension server (DM/CoA)"
msgstr "Port for Dynamic Authorization Extension server (DM/CoA)"
@@ -10261,15 +9587,10 @@ msgstr "Port number used by connection, default is ``9273``"
msgid "Port number used by connection."
msgstr "Port number used by connection."
-#: ../../configuration/service/https.rst:46
+#: ../../configuration/service/https.rst:37
msgid "Port to listen for HTTPS requests; default 443"
msgstr "Port to listen for HTTPS requests; default 443"
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
#: ../../_include/interface-vlan-8021q.txt:9
msgid "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN."
msgstr "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN."
@@ -10335,7 +9656,7 @@ msgstr "Preference associated with the default router"
msgid "Prefix Conversion"
msgstr "Prefix Conversion"
-#: ../../configuration/service/dhcp-server.rst:634
+#: ../../configuration/service/dhcp-server.rst:564
msgid "Prefix Delegation"
msgstr "Prefix Delegation"
@@ -10387,11 +9708,11 @@ msgstr "Prepend the given string of AS numbers to the AS_PATH of the BGP path's
msgid "Principle of SNMP Communication"
msgstr "Principle of SNMP Communication"
-#: ../../configuration/vrf/index.rst:530
+#: ../../configuration/vrf/index.rst:532
msgid "Print a summary of neighbor connections for the specified AFI/SAFI combination."
msgstr "Print a summary of neighbor connections for the specified AFI/SAFI combination."
-#: ../../configuration/vrf/index.rst:509
+#: ../../configuration/vrf/index.rst:511
msgid "Print active IPV4 or IPV6 routes advertised via the VPN SAFI."
msgstr "Print active IPV4 or IPV6 routes advertised via the VPN SAFI."
@@ -10408,25 +9729,6 @@ msgstr "Priority Queue"
msgid "Priority Queue, as other non-shaping policies, is only useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Priority Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Priority Queue into a classful shaping policy to make sure it owns the queue. In that case packets can be prioritized based on DSCP."
msgstr "Priority Queue, as other non-shaping policies, is only useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Priority Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Priority Queue into a classful shaping policy to make sure it owns the queue. In that case packets can be prioritized based on DSCP."
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
#: ../../_include/interface-ip.txt:153
msgid "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)."
msgstr "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)."
@@ -10455,8 +9757,7 @@ msgstr "Protocols are: tcp, sctp, dccp, udp, icmp and ipv6-icmp."
msgid "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled."
msgstr "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled."
-#: ../../configuration/firewall/general.rst:212
-#: ../../configuration/firewall/general-legacy.rst:188
+#: ../../configuration/firewall/groups.rst:39
msgid "Provide a IPv4 or IPv6 address group description"
msgstr "Provide a IPv4 or IPv6 address group description"
@@ -10464,39 +9765,43 @@ msgstr "Provide a IPv4 or IPv6 address group description"
msgid "Provide a IPv4 or IPv6 network group description."
msgstr "Provide a IPv4 or IPv6 network group description."
-#: ../../configuration/firewall/general.rst:515
-#: ../../configuration/firewall/general-legacy.rst:334
+#: ../../configuration/firewall/ipv4.rst:285
+#: ../../configuration/firewall/ipv6.rst:285
#: ../../configuration/policy/route.rst:30
msgid "Provide a description for each rule."
msgstr "Provide a description for each rule."
-#: ../../configuration/firewall/general.rst:314
+#: ../../configuration/firewall/flowtables.rst:75
+msgid "Provide a description to the flow table."
+msgstr "Provide a description to the flow table."
+
+#: ../../configuration/firewall/groups.rst:141
msgid "Provide a domain group description."
msgstr "Provide a domain group description."
-#: ../../configuration/firewall/general.rst:297
+#: ../../configuration/firewall/groups.rst:124
msgid "Provide a mac group description."
msgstr "Provide a mac group description."
-#: ../../configuration/firewall/general.rst:279
-#: ../../configuration/firewall/general-legacy.rst:237
+#: ../../configuration/firewall/groups.rst:106
msgid "Provide a port group description."
msgstr "Provide a port group description."
-#: ../../configuration/firewall/general-legacy.rst:281
#: ../../configuration/policy/route.rst:20
msgid "Provide a rule-set description."
msgstr "Provide a rule-set description."
-#: ../../configuration/firewall/general.rst:503
+#: ../../configuration/firewall/bridge.rst:205
+#: ../../configuration/firewall/ipv4.rst:275
+#: ../../configuration/firewall/ipv6.rst:275
msgid "Provide a rule-set description to a custom firewall chain."
msgstr "Provide a rule-set description to a custom firewall chain."
-#: ../../configuration/firewall/general.rst:236
+#: ../../configuration/firewall/groups.rst:63
msgid "Provide an IPv4 or IPv6 network group description."
msgstr "Provide an IPv4 or IPv6 network group description."
-#: ../../configuration/firewall/general.rst:254
+#: ../../configuration/firewall/groups.rst:81
msgid "Provide an interface group description"
msgstr "Provide an interface group description"
@@ -10508,7 +9813,6 @@ msgstr "Provider - Customer"
msgid "Provides a backbone area coherence by virtual link establishment."
msgstr "Provides a backbone area coherence by virtual link establishment."
-#: ../../_include/interface-per-client-thread.txt:4
#: ../../_include/interface-per-client-thread.txt:4
msgid "Provides a per-device control to enable/disable the threaded mode for all the NAPI instances of the given network device, without the need for a device up/down."
msgstr "Provides a per-device control to enable/disable the threaded mode for all the NAPI instances of the given network device, without the need for a device up/down."
@@ -10584,7 +9888,7 @@ msgid "R2 has 192.0.2.2/24 & 2001:db8::2/64"
msgstr "R2 has 192.0.2.2/24 & 2001:db8::2/64"
#: ../../configuration/system/login.rst:234
-#: ../../configuration/vpn/sstp.rst:196
+#: ../../configuration/vpn/sstp.rst:207
msgid "RADIUS"
msgstr "RADIUS"
@@ -10604,7 +9908,7 @@ msgstr "RADIUS authentication"
msgid "RADIUS bandwidth shaping attribute"
msgstr "RADIUS bandwidth shaping attribute"
-#: ../../configuration/service/pppoe-server.rst:125
+#: ../../configuration/service/pppoe-server.rst:112
msgid "RADIUS provides the IP addresses in the example above via Framed-IP-Address."
msgstr "RADIUS provides the IP addresses in the example above via Framed-IP-Address."
@@ -10624,7 +9928,7 @@ msgstr "RADIUS source address"
msgid "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned."
msgstr "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned."
-#: ../../configuration/service/dhcp-server.rst:289
+#: ../../configuration/service/dhcp-server.rst:256
msgid "RFC 868 time server IPv4 address"
msgstr "RFC 868 time server IPv4 address"
@@ -10740,11 +10044,11 @@ msgstr "Recommended for larger installations."
msgid "Redirect HTTP to HTTPS"
msgstr "Redirect HTTP to HTTPS"
-#: ../../configuration/nat/nat44.rst:417
+#: ../../configuration/nat/nat44.rst:431
msgid "Redirect Microsoft RDP traffic from the internal (LAN, private) network via :ref:`destination-nat` in rule 110 to the internal, private host 192.0.2.40. We also need a :ref:`source-nat` rule 110 for the reverse path of the traffic. The internal network 192.0.2.0/24 is reachable via interface `eth0.10`."
msgstr "Redirect Microsoft RDP traffic from the internal (LAN, private) network via :ref:`destination-nat` in rule 110 to the internal, private host 192.0.2.40. We also need a :ref:`source-nat` rule 110 for the reverse path of the traffic. The internal network 192.0.2.0/24 is reachable via interface `eth0.10`."
-#: ../../configuration/nat/nat44.rst:413
+#: ../../configuration/nat/nat44.rst:427
msgid "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40."
msgstr "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40."
@@ -10755,7 +10059,7 @@ msgstr "Redirect URL to a new location"
#: ../../configuration/protocols/babel.rst:154
#: ../../configuration/protocols/bgp.rst:557
#: ../../configuration/protocols/ospf.rst:564
-#: ../../configuration/protocols/ospf.rst:1249
+#: ../../configuration/protocols/ospf.rst:1251
#: ../../configuration/protocols/rip.rst:136
msgid "Redistribution Configuration"
msgstr "Redistribution Configuration"
@@ -10764,7 +10068,7 @@ msgstr "Redistribution Configuration"
msgid "Redundancy and load sharing. There are multiple NAT66 devices at the edge of an IPv6 network to another IPv6 network. The path through the NAT66 device to another IPv6 network forms an equivalent route, and traffic can be load-shared on these NAT66 devices. In this case, you can configure the same source address translation rules on these NAT66 devices, so that any NAT66 device can handle IPv6 traffic between different sites."
msgstr "Redundancy and load sharing. There are multiple NAT66 devices at the edge of an IPv6 network to another IPv6 network. The path through the NAT66 device to another IPv6 network forms an equivalent route, and traffic can be load-shared on these NAT66 devices. In this case, you can configure the same source address translation rules on these NAT66 devices, so that any NAT66 device can handle IPv6 traffic between different sites."
-#: ../../configuration/service/dns.rst:265
+#: ../../configuration/service/dns.rst:278
msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``"
msgstr "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``"
@@ -10790,22 +10094,7 @@ msgstr "Regular expression to match against an AS path. For example \"64501 6450
msgid "Regular expression to match against an extended community list, where text could be:"
msgstr "Regular expression to match against an extended community list, where text could be:"
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
+#: ../../_include/interface-dhcp-options.txt:71
msgid "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting."
msgstr "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting."
@@ -10858,7 +10147,7 @@ msgstr "Remote ``InfluxDB`` bucket name"
msgid "Remote database name."
msgstr "Remote database name."
-#: ../../configuration/service/dhcp-server.rst:182
+#: ../../configuration/service/dhcp-server.rst:147
msgid "Remote peer IP `` of the second DHCP server in this failover cluster."
msgstr "Remote peer IP `` of the second DHCP server in this failover cluster."
@@ -10882,26 +10171,11 @@ msgstr "Repeat the procedure on the other router."
msgid "Replay protection"
msgstr "Replay protection"
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
#: ../../_include/interface-dhcpv6-options.txt:50
msgid "Request only a temporary address and not form an IA_NA (Identity Association for Non-temporary Addresses) partnership."
msgstr "Request only a temporary address and not form an IA_NA (Identity Association for Non-temporary Addresses) partnership."
-#: ../../configuration/service/dhcp-relay.rst:175
+#: ../../configuration/service/dhcp-relay.rst:177
msgid "Requests are forwarded through ``eth2`` as the `upstream interface`"
msgstr "Requests are forwarded through ``eth2`` as the `upstream interface`"
@@ -10917,11 +10191,12 @@ msgstr "Requirements"
msgid "Requirements:"
msgstr "Requirements:"
-#: ../../configuration/firewall/general.rst:1279
+#: ../../configuration/firewall/ipv4.rst:926
+#: ../../configuration/firewall/ipv6.rst:935
msgid "Requirements to enable synproxy:"
msgstr "Requirements to enable synproxy:"
-#: ../../configuration/protocols/bgp.rst:1063
+#: ../../configuration/protocols/bgp.rst:1064
#: ../../configuration/protocols/mpls.rst:248
msgid "Reset"
msgstr "Reset"
@@ -10930,11 +10205,11 @@ msgstr "Reset"
msgid "Reset OpenVPN"
msgstr "Reset OpenVPN"
-#: ../../configuration/system/ipv6.rst:176
+#: ../../configuration/system/ipv6.rst:150
msgid "Reset commands"
msgstr "Reset commands"
-#: ../../configuration/service/dns.rst:186
+#: ../../configuration/service/dns.rst:199
msgid "Resets the local DNS forwarding cache database. You can reset the cache for all entries or only for entries to a specific domain."
msgstr "Resets the local DNS forwarding cache database. You can reset the cache for all entries or only for entries to a specific domain."
@@ -10946,7 +10221,7 @@ msgstr "Restart"
msgid "Restart DHCP relay service"
msgstr "Restart DHCP relay service"
-#: ../../configuration/service/dhcp-relay.rst:203
+#: ../../configuration/service/dhcp-relay.rst:205
msgid "Restart DHCPv6 relay agent immediately."
msgstr "Restart DHCPv6 relay agent immediately."
@@ -10954,11 +10229,15 @@ msgstr "Restart DHCPv6 relay agent immediately."
msgid "Restart a given container"
msgstr "Restart a given container"
-#: ../../configuration/service/dhcp-server.rst:528
+#: ../../configuration/service/mdns.rst:83
+msgid "Restart mDNS repeater service."
+msgstr "Restart mDNS repeater service."
+
+#: ../../configuration/service/dhcp-server.rst:428
msgid "Restart the DHCP server"
msgstr "Restart the DHCP server"
-#: ../../configuration/protocols/igmp.rst:249
+#: ../../configuration/protocols/igmp-proxy.rst:77
msgid "Restart the IGMP proxy process."
msgstr "Restart the IGMP proxy process."
@@ -10966,7 +10245,7 @@ msgstr "Restart the IGMP proxy process."
msgid "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted."
msgstr "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted."
-#: ../../configuration/service/dns.rst:191
+#: ../../configuration/service/dns.rst:204
msgid "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache."
msgstr "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache."
@@ -11012,7 +10291,7 @@ msgstr "Route Aggregation Configuration"
msgid "Route Dampening"
msgstr "Route Dampening"
-#: ../../configuration/protocols/bgp.rst:1188
+#: ../../configuration/protocols/bgp.rst:1189
msgid "Route Filtering"
msgstr "Route Filtering"
@@ -11052,7 +10331,7 @@ msgstr "Route and Route6 Policy"
msgid "Route dampening wich described in :rfc:`2439` enables you to identify routes that repeatedly fail and return. If route dampening is enabled, an unstable route accumulates penalties each time the route fails and returns. If the accumulated penalties exceed a threshold, the route is no longer advertised. This is route suppression. Routes that have been suppressed are re-entered into the routing table only when the amount of their penalty falls below a threshold."
msgstr "Route dampening wich described in :rfc:`2439` enables you to identify routes that repeatedly fail and return. If route dampening is enabled, an unstable route accumulates penalties each time the route fails and returns. If the accumulated penalties exceed a threshold, the route is no longer advertised. This is route suppression. Routes that have been suppressed are re-entered into the routing table only when the amount of their penalty falls below a threshold."
-#: ../../configuration/protocols/bgp.rst:1190
+#: ../../configuration/protocols/bgp.rst:1191
msgid "Route filter can be applied using a route-map:"
msgstr "Route filter can be applied using a route-map:"
@@ -11084,11 +10363,11 @@ msgstr "Router Lifetime"
msgid "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``."
msgstr "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``."
-#: ../../configuration/vrf/index.rst:423
+#: ../../configuration/vrf/index.rst:425
msgid "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:"
msgstr "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:"
-#: ../../configuration/protocols/isis.rst:413
+#: ../../configuration/protocols/isis.rst:441
msgid "Routes on Node 2:"
msgstr "Routes on Node 2:"
@@ -11120,13 +10399,13 @@ msgstr "Routing"
msgid "Routing tables that will be used in this example are:"
msgstr "Routing tables that will be used in this example are:"
-#: ../../configuration/firewall/general-legacy.rst:270
#: ../../configuration/policy/route.rst:10
msgid "Rule-Sets"
msgstr "Rule-Sets"
-#: ../../configuration/firewall/general.rst:1310
-#: ../../configuration/firewall/general-legacy.rst:781
+#: ../../configuration/firewall/bridge.rst:287
+#: ../../configuration/firewall/ipv4.rst:957
+#: ../../configuration/firewall/ipv6.rst:965
msgid "Rule-set overview"
msgstr "Rule-set overview"
@@ -11138,6 +10417,10 @@ msgstr "Rule 10 matches requests with the domain name ``node1.example.com`` forw
msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``."
msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``."
+#: ../../configuration/firewall/flowtables.rst:151
+msgid "Rule 110 is hit, so connection is accepted."
+msgstr "Rule 110 is hit, so connection is accepted."
+
#: ../../configuration/loadbalancing/reverse-proxy.rst:257
msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``."
msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``."
@@ -11146,7 +10429,9 @@ msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact pat
msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``"
msgstr "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``"
-#: ../../configuration/firewall/general.rst:519
+#: ../../configuration/firewall/bridge.rst:208
+#: ../../configuration/firewall/ipv4.rst:288
+#: ../../configuration/firewall/ipv6.rst:288
msgid "Rule Status"
msgstr "Rule Status"
@@ -11162,7 +10447,7 @@ msgstr "Rules allow to control and route incoming traffic to specific backend ba
msgid "Rules will be created for both :ref:`source-nat` and :ref:`destination-nat`."
msgstr "Rules will be created for both :ref:`source-nat` and :ref:`destination-nat`."
-#: ../../configuration/service/dns.rst:378
+#: ../../configuration/service/dns.rst:391
msgid "Running Behind NAT"
msgstr "Running Behind NAT"
@@ -11170,6 +10455,10 @@ msgstr "Running Behind NAT"
msgid "SNAT"
msgstr "SNAT"
+#: ../../configuration/nat/nat64.rst:26
+msgid "SNAT64"
+msgstr "SNAT64"
+
#: ../../configuration/nat/nat66.rst:23
msgid "SNAT66"
msgstr "SNAT66"
@@ -11218,8 +10507,6 @@ msgstr "SNMPv3"
msgid "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new security related features that have been missing from the previous versions. Security was one of the biggest weakness of SNMP until v3. Authentication in SNMP Versions 1 and 2 amounts to nothing more than a password (community string) sent in clear text between a manager and agent. Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used."
msgstr "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new security related features that have been missing from the previous versions. Security was one of the biggest weakness of SNMP until v3. Authentication in SNMP Versions 1 and 2 amounts to nothing more than a password (community string) sent in clear text between a manager and agent. Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used."
-#: ../../_include/interface-mirror.txt:1
-#: ../../_include/interface-mirror.txt:1
#: ../../_include/interface-mirror.txt:1
msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance."
msgstr "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance."
@@ -11258,7 +10545,7 @@ msgid "SSID to be used in IEEE 802.11 management frames"
msgstr "SSID to be used in IEEE 802.11 management frames"
#: ../../configuration/vpn/openconnect.rst:24
-#: ../../configuration/vpn/sstp.rst:151
+#: ../../configuration/vpn/sstp.rst:162
msgid "SSL Certificates"
msgstr "SSL Certificates"
@@ -11306,7 +10593,7 @@ msgstr "SaltStack_ is Python-based, open-source software for event-driven IT aut
msgid "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only."
msgstr "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only."
-#: ../../configuration/interfaces/vxlan.rst:153
+#: ../../configuration/interfaces/vxlan.rst:174
msgid "Sample configuration of SVD with VLAN to VNI mappings is shown below."
msgstr "Sample configuration of SVD with VLAN to VNI mappings is shown below."
@@ -11326,11 +10613,11 @@ msgstr "Script execution"
msgid "Scripting"
msgstr "Scripting"
-#: ../../configuration/nat/nat44.rst:652
+#: ../../configuration/nat/nat44.rst:676
msgid "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly."
msgstr "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly."
-#: ../../configuration/vpn/sstp.rst:235
+#: ../../configuration/vpn/sstp.rst:246
msgid "Secret for Dynamic Authorization Extension server (DM/CoA)"
msgstr "Secret for Dynamic Authorization Extension server (DM/CoA)"
@@ -11343,6 +10630,10 @@ msgstr "Security"
msgid "Security/authentication messages"
msgstr "Security/authentication messages"
+#: ../../configuration/protocols/pim.rst:109
+msgid "See :rfc:`7761#section-4.1` for details."
+msgstr "See :rfc:`7761#section-4.1` for details."
+
#: ../../configuration/system/ip.rst:52
msgid "See below the different parameters available for the IPv4 **show** command:"
msgstr "See below the different parameters available for the IPv4 **show** command:"
@@ -11371,11 +10662,15 @@ msgstr "Segment routing (SR) is used by the IGP protocols to interconnect networ
msgid "Segment routing defines a control plane network architecture and can be applied to an existing MPLS based dataplane. In the MPLS networks, segments are encoded as MPLS labels and are imposed at the ingress router. MPLS labels are exchanged and populated by IGPs like IS-IS.Segment Routing as per RFC8667 for MPLS dataplane. It supports IPv4, IPv6 and ECMP and has been tested against Cisco & Juniper routers.however,this deployment is still EXPERIMENTAL for FRR."
msgstr "Segment routing defines a control plane network architecture and can be applied to an existing MPLS based dataplane. In the MPLS networks, segments are encoded as MPLS labels and are imposed at the ingress router. MPLS labels are exchanged and populated by IGPs like IS-IS.Segment Routing as per RFC8667 for MPLS dataplane. It supports IPv4, IPv6 and ECMP and has been tested against Cisco & Juniper routers.however,this deployment is still EXPERIMENTAL for FRR."
+#: ../../configuration/service/https.rst:50
+msgid "Select TLS version used."
+msgstr "Select TLS version used."
+
#: ../../configuration/interfaces/macsec.rst:34
msgid "Select cipher suite used for cryptographic operations. This setting is mandatory."
msgstr "Select cipher suite used for cryptographic operations. This setting is mandatory."
-#: ../../configuration/vrf/index.rst:466
+#: ../../configuration/vrf/index.rst:468
msgid "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop."
msgstr "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop."
@@ -11408,7 +10703,7 @@ msgid "Serial interfaces can be any interface which is directly connected to the
msgstr "Serial interfaces can be any interface which is directly connected to the CPU or chipset (mostly known as a ttyS interface in Linux) or any other USB to serial converter (Prolific PL2303 or FTDI FT232/FT4232 based chips)."
#: ../../configuration/interfaces/openvpn.rst:325
-#: ../../configuration/vpn/sstp.rst:199
+#: ../../configuration/vpn/sstp.rst:210
msgid "Server"
msgstr "Server"
@@ -11432,7 +10727,7 @@ msgstr "Server Side"
msgid "Server configuration"
msgstr "Server configuration"
-#: ../../configuration/service/https.rst:50
+#: ../../configuration/service/https.rst:41
msgid "Server names for virtual hosts it can be exact, wildcard or regex."
msgstr "Server names for virtual hosts it can be exact, wildcard or regex."
@@ -11457,19 +10752,19 @@ msgstr "Set BGP community-list to exactly match."
msgid "Set BGP local preference attribute."
msgstr "Set BGP local preference attribute."
-#: ../../configuration/policy/route-map.rst:334
+#: ../../configuration/policy/route-map.rst:336
msgid "Set BGP origin code."
msgstr "Set BGP origin code."
-#: ../../configuration/policy/route-map.rst:339
+#: ../../configuration/policy/route-map.rst:341
msgid "Set BGP originator ID attribute."
msgstr "Set BGP originator ID attribute."
-#: ../../configuration/policy/route-map.rst:357
+#: ../../configuration/policy/route-map.rst:359
msgid "Set BGP weight attribute"
msgstr "Set BGP weight attribute"
-#: ../../configuration/nat/nat44.rst:176
+#: ../../configuration/nat/nat44.rst:188
msgid "Set DNAT rule 20 to only NAT UDP packets"
msgstr "Set DNAT rule 20 to only NAT UDP packets"
@@ -11481,19 +10776,19 @@ msgstr "Set IPSec inbound match criterias, where:"
msgid "Set IP fragment match, where:"
msgstr "Set IP fragment match, where:"
-#: ../../configuration/policy/route-map.rst:329
+#: ../../configuration/policy/route-map.rst:331
msgid "Set OSPF external metric-type."
msgstr "Set OSPF external metric-type."
-#: ../../configuration/nat/nat44.rst:175
+#: ../../configuration/nat/nat44.rst:187
msgid "Set SNAT rule 20 to only NAT TCP and UDP packets"
msgstr "Set SNAT rule 20 to only NAT TCP and UDP packets"
-#: ../../configuration/nat/nat44.rst:189
+#: ../../configuration/nat/nat44.rst:201
msgid "Set SNAT rule 20 to only NAT packets arriving from the 192.0.2.0/24 network"
msgstr "Set SNAT rule 20 to only NAT packets arriving from the 192.0.2.0/24 network"
-#: ../../configuration/nat/nat44.rst:191
+#: ../../configuration/nat/nat44.rst:203
msgid "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 network with a source port of 80 and 443"
msgstr "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 network with a source port of 80 and 443"
@@ -11501,11 +10796,12 @@ msgstr "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 ne
msgid "Set SSL certeficate for service "
msgstr "Set SSL certeficate for service "
-#: ../../configuration/firewall/general.rst:1271
+#: ../../configuration/firewall/ipv4.rst:918
+#: ../../configuration/firewall/ipv6.rst:927
msgid "Set TCP-MSS (maximum segment size) for the connection"
msgstr "Set TCP-MSS (maximum segment size) for the connection"
-#: ../../configuration/service/dns.rst:267
+#: ../../configuration/service/dns.rst:280
msgid "Set TTL to 300 seconds"
msgstr "Set TTL to 300 seconds"
@@ -11517,51 +10813,31 @@ msgstr "Set Virtual Tunnel Interface"
msgid "Set a container description"
msgstr "Set a container description"
-#: ../../configuration/system/conntrack.rst:114
+#: ../../configuration/system/conntrack.rst:113
+msgid "Set a destination and/or source address. Accepted input for ipv4:"
+msgstr "Set a destination and/or source address. Accepted input for ipv4:"
+
+#: ../../configuration/system/conntrack.rst:142
msgid "Set a destination and/or source port. Accepted input:"
msgstr "Set a destination and/or source port. Accepted input:"
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
#: ../../_include/interface-description.txt:4
msgid "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools."
msgstr "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools."
-#: ../../configuration/system/login.rst:385
+#: ../../configuration/system/login.rst:387
msgid "Set a limit on the maximum number of concurrent logged-in users on the system."
msgstr "Set a limit on the maximum number of concurrent logged-in users on the system."
-#: ../../configuration/firewall/zone.rst:79
+#: ../../configuration/firewall/zone.rst:98
msgid "Set a meaningful description."
msgstr "Set a meaningful description."
-#: ../../configuration/service/https.rst:18
+#: ../../configuration/service/https.rst:63
msgid "Set a named api key. Every key has the same, full permissions on the system."
msgstr "Set a named api key. Every key has the same, full permissions on the system."
-#: ../../configuration/system/conntrack.rst:92
+#: ../../configuration/system/conntrack.rst:106
msgid "Set a rule description."
msgstr "Set a rule description."
@@ -11693,7 +10969,7 @@ msgstr "Set if antenna pattern does not change during the lifetime of an associa
msgid "Set inbound interface to match."
msgstr "Set inbound interface to match."
-#: ../../configuration/firewall/zone.rst:65
+#: ../../configuration/firewall/zone.rst:84
msgid "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone."
msgstr "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone."
@@ -11737,7 +11013,7 @@ msgstr "Set maximum `` of DHCP packets including relay agent information.
msgid "Set maximum average matching rate. Format for rate: integer/time_unit, where time_unit could be any one of second, minute, hour or day.For example 1/second implies rule to be matched at an average of once per second."
msgstr "Set maximum average matching rate. Format for rate: integer/time_unit, where time_unit could be any one of second, minute, hour or day.For example 1/second implies rule to be matched at an average of once per second."
-#: ../../configuration/service/dhcp-relay.rst:162
+#: ../../configuration/service/dhcp-relay.rst:164
msgid "Set maximum hop count before packets are discarded, default: 10"
msgstr "Set maximum hop count before packets are discarded, default: 10"
@@ -11779,7 +11055,7 @@ msgstr "Set packet modifications: Packet Differentiated Services Codepoint (DSCP
msgid "Set parameters for matching recently seen sources. This match could be used by seeting count (source address seen more than <1-255> times) and/or time (source address seen in the last <0-4294967295> seconds)."
msgstr "Set parameters for matching recently seen sources. This match could be used by seeting count (source address seen more than <1-255> times) and/or time (source address seen in the last <0-4294967295> seconds)."
-#: ../../configuration/policy/route-map.rst:348
+#: ../../configuration/policy/route-map.rst:350
msgid "Set prefixes to table."
msgstr "Set prefixes to table."
@@ -11820,7 +11096,7 @@ msgstr "Set some metric to routes learned from a particular neighbor."
msgid "Set source-address to your local IP (LAN)."
msgstr "Set source-address to your local IP (LAN)."
-#: ../../configuration/policy/route-map.rst:344
+#: ../../configuration/policy/route-map.rst:346
msgid "Set source IP/IPv6 address for route."
msgstr "Set source IP/IPv6 address for route."
@@ -11829,7 +11105,7 @@ msgstr "Set source IP/IPv6 address for route."
msgid "Set source address or prefix to match."
msgstr "Set source address or prefix to match."
-#: ../../configuration/policy/route-map.rst:352
+#: ../../configuration/policy/route-map.rst:354
msgid "Set tag value for routing protocol."
msgstr "Set tag value for routing protocol."
@@ -11850,8 +11126,7 @@ msgstr "Set the IP address of the local interface to be used for the tunnel."
msgid "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address."
msgstr "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address."
-#: ../../configuration/firewall/general.rst:162
-#: ../../configuration/firewall/general-legacy.rst:112
+#: ../../configuration/firewall/global-options.rst:99
msgid "Set the IPv4 source validation mode. The following system parameter will be altered:"
msgstr "Set the IPv4 source validation mode. The following system parameter will be altered:"
@@ -11876,6 +11151,10 @@ msgstr "Set the MLD version used on this interface. The default value is 2."
msgid "Set the Maximum Stack Depth supported by the router. The value depend of the MPLS dataplane."
msgstr "Set the Maximum Stack Depth supported by the router. The value depend of the MPLS dataplane."
+#: ../../configuration/protocols/pim.rst:153
+msgid "Set the PIM hello and hold interval for a interface."
+msgstr "Set the PIM hello and hold interval for a interface."
+
#: ../../configuration/protocols/segment-routing.rst:56
#: ../../configuration/protocols/segment-routing.rst:134
msgid "Set the Segment Routing Global Block i.e. the label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535."
@@ -11896,6 +11175,10 @@ msgstr "Set the Segment Routing Local Block i.e. the label range used by MPLS to
msgid "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both."
msgstr "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both."
+#: ../../configuration/protocols/pim.rst:147
+msgid "Set the :abbr:`DR (Designated Router)` Priority for the interface. This command is useful to allow the user to influence what node becomes the DR for a LAN segment."
+msgstr "Set the :abbr:`DR (Designated Router)` Priority for the interface. This command is useful to allow the user to influence what node becomes the DR for a LAN segment."
+
#: ../../configuration/interfaces/pppoe.rst:148
msgid "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the peer to send packets of no more than `mru` bytes. The value of `mru` must be between 128 and 16384."
msgstr "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the peer to send packets of no more than `mru` bytes. The value of `mru` must be between 128 and 16384."
@@ -11920,22 +11203,7 @@ msgstr "Set the default VRRP version to use. This defaults to 2, but IPv6 instan
msgid "Set the device's transmit (TX) key. This key must be a hex string that is 16-bytes (GCM-AES-128) or 32-bytes (GCM-AES-256)."
msgstr "Set the device's transmit (TX) key. This key must be a hex string that is 16-bytes (GCM-AES-128) or 32-bytes (GCM-AES-256)."
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
+#: ../../_include/interface-dhcp-options.txt:60
msgid "Set the distance for the default gateway sent by the DHCP server."
msgstr "Set the distance for the default gateway sent by the DHCP server."
@@ -11951,15 +11219,15 @@ msgstr "Set the distance for the default gateway sent by the SSTP server."
msgid "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip."
msgstr "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip."
-#: ../../configuration/firewall/general-legacy.rst:136
+#: ../../configuration/firewall/global-options.rst:127
msgid "Set the global setting for an established connection."
msgstr "Set the global setting for an established connection."
-#: ../../configuration/firewall/general-legacy.rst:142
+#: ../../configuration/firewall/global-options.rst:137
msgid "Set the global setting for invalid packets."
msgstr "Set the global setting for invalid packets."
-#: ../../configuration/firewall/general-legacy.rst:148
+#: ../../configuration/firewall/global-options.rst:147
msgid "Set the global setting for related connections."
msgstr "Set the global setting for related connections."
@@ -11975,7 +11243,7 @@ msgstr "Set the maximum hop `` before packets are discarded. Range 0...25
msgid "Set the maximum length of A-MPDU pre-EOF padding that the station can receive"
msgstr "Set the maximum length of A-MPDU pre-EOF padding that the station can receive"
-#: ../../configuration/system/conntrack.rst:147
+#: ../../configuration/system/conntrack.rst:52
msgid "Set the maximum number of TCP half-open connections."
msgstr "Set the maximum number of TCP half-open connections."
@@ -11995,7 +11263,7 @@ msgstr "Set the native VLAN ID flag of the interface. When a data packet without
msgid "Set the next-hop as unchanged. Pass through the route-map without changing its value"
msgstr "Set the next-hop as unchanged. Pass through the route-map without changing its value"
-#: ../../configuration/system/conntrack.rst:157
+#: ../../configuration/system/conntrack.rst:62
msgid "Set the number of TCP maximum retransmit attempts."
msgstr "Set the number of TCP maximum retransmit attempts."
@@ -12027,6 +11295,10 @@ msgstr "Set the peer-session-id, which is a 32-bit integer value assigned to the
msgid "Set the restart behavior of the container."
msgstr "Set the restart behavior of the container."
+#: ../../configuration/policy/route-map.rst:323
+msgid "Set the route metric. When used with BGP, set the BGP attribute MED to a specific value. Use ``+/-`` to add or subtract the specified value to/from the existing/MED. Use ``rtt`` to set the MED to the round trip time or ``+rtt/-rtt`` to add/subtract the round trip time to/from the MED."
+msgstr "Set the route metric. When used with BGP, set the BGP attribute MED to a specific value. Use ``+/-`` to add or subtract the specified value to/from the existing/MED. Use ``rtt`` to set the MED to the round trip time or ``+rtt/-rtt`` to add/subtract the round trip time to/from the MED."
+
#: ../../configuration/policy/route.rst:269
msgid "Set the routing table to forward packet with."
msgstr "Set the routing table to forward packet with."
@@ -12043,11 +11315,11 @@ msgstr "Set the size of the hash table. The connection tracking hash table makes
msgid "Set the source IP of forwarded packets, otherwise original senders address is used."
msgstr "Set the source IP of forwarded packets, otherwise original senders address is used."
-#: ../../configuration/system/conntrack.rst:83
+#: ../../configuration/system/conntrack.rst:97
msgid "Set the timeout in secounds for a protocol or state."
msgstr "Set the timeout in secounds for a protocol or state."
-#: ../../configuration/system/conntrack.rst:141
+#: ../../configuration/system/conntrack.rst:175
msgid "Set the timeout in secounds for a protocol or state in a custom rule."
msgstr "Set the timeout in secounds for a protocol or state in a custom rule."
@@ -12056,7 +11328,8 @@ msgstr "Set the timeout in secounds for a protocol or state in a custom rule."
msgid "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created."
msgstr "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created."
-#: ../../configuration/firewall/general.rst:1275
+#: ../../configuration/firewall/ipv4.rst:922
+#: ../../configuration/firewall/ipv6.rst:931
msgid "Set the window scale factor for TCP window scaling"
msgstr "Set the window scale factor for TCP window scaling"
@@ -12068,7 +11341,7 @@ msgstr "Set window of concurrently valid codes."
msgid "Sets the image name in the hub registry"
msgstr "Sets the image name in the hub registry"
-#: ../../configuration/interfaces/vxlan.rst:299
+#: ../../configuration/interfaces/vxlan.rst:320
msgid "Sets the interface to listen for multicast packets on. Could be a loopback, not yet tested."
msgstr "Sets the interface to listen for multicast packets on. Could be a loopback, not yet tested."
@@ -12076,7 +11349,7 @@ msgstr "Sets the interface to listen for multicast packets on. Could be a loopba
msgid "Sets the listening port for a listening address. This overrides the default port of 3128 on the specific listen address."
msgstr "Sets the listening port for a listening address. This overrides the default port of 3128 on the specific listen address."
-#: ../../configuration/interfaces/vxlan.rst:306
+#: ../../configuration/interfaces/vxlan.rst:327
msgid "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address."
msgstr "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address."
@@ -12084,7 +11357,7 @@ msgstr "Sets the unique id for this vxlan-interface. Not sure how it correlates
msgid "Setting VRRP group priority"
msgstr "Setting VRRP group priority"
-#: ../../configuration/service/dhcp-server.rst:264
+#: ../../configuration/service/dhcp-server.rst:231
msgid "Setting name"
msgstr "Setting name"
@@ -12116,7 +11389,7 @@ msgstr "Setting up certificates:"
msgid "Setting up tunnel:"
msgstr "Setting up tunnel:"
-#: ../../configuration/service/dhcp-server.rst:432
+#: ../../configuration/service/dhcp-server.rst:373
msgid "Setup DHCP failover for network 192.0.2.0/24"
msgstr "Setup DHCP failover for network 192.0.2.0/24"
@@ -12132,7 +11405,7 @@ msgstr "Setup the `` in seconds when querying the RADIUS server."
msgid "Setup the `` in seconds when querying the TACACS server."
msgstr "Setup the `` in seconds when querying the TACACS server."
-#: ../../configuration/service/dns.rst:314
+#: ../../configuration/service/dns.rst:327
msgid "Setup the dynamic DNS hostname `` associated with the DynDNS provider identified by `` when the IP address on address `` changes."
msgstr "Setup the dynamic DNS hostname `` associated with the DynDNS provider identified by `` when the IP address on address `` changes."
@@ -12172,7 +11445,7 @@ msgstr "Short GI capabilities for 20 and 40 MHz"
msgid "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full."
msgstr "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full."
-#: ../../configuration/vrf/index.rst:486
+#: ../../configuration/vrf/index.rst:488
msgid "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s."
msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s."
@@ -12181,16 +11454,17 @@ msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the
msgid "Show"
msgstr "Show"
-#: ../../configuration/service/dhcp-server.rst:516
+#: ../../configuration/service/dhcp-server.rst:416
msgid "Show DHCP server daemon log file"
msgstr "Show DHCP server daemon log file"
-#: ../../configuration/service/dhcp-server.rst:736
+#: ../../configuration/service/dhcp-server.rst:668
msgid "Show DHCPv6 server daemon log file"
msgstr "Show DHCPv6 server daemon log file"
-#: ../../configuration/firewall/general.rst:1482
-#: ../../configuration/firewall/general-legacy.rst:965
+#: ../../configuration/firewall/bridge.rst:306
+#: ../../configuration/firewall/ipv4.rst:1115
+#: ../../configuration/firewall/ipv6.rst:1138
msgid "Show Firewall log"
msgstr "Show Firewall log"
@@ -12198,6 +11472,22 @@ msgstr "Show Firewall log"
msgid "Show LLDP neighbors connected via interface ``."
msgstr "Show LLDP neighbors connected via interface ``."
+#: ../../configuration/service/ssh.rst:232
+msgid "Show SSH dynamic-protection log."
+msgstr "Show SSH dynamic-protection log."
+
+#: ../../configuration/service/ssh.rst:224
+msgid "Show SSH server log."
+msgstr "Show SSH server log."
+
+#: ../../configuration/service/ssh.rst:248
+msgid "Show SSH server public key fingerprints, including a visual ASCII art representation."
+msgstr "Show SSH server public key fingerprints, including a visual ASCII art representation."
+
+#: ../../configuration/service/ssh.rst:244
+msgid "Show SSH server public key fingerprints."
+msgstr "Show SSH server public key fingerprints."
+
#: ../../configuration/loadbalancing/wan.rst:271
msgid "Show WAN load balancer information including test types and targets. A character at the start of each line depicts the state of the test"
msgstr "Show WAN load balancer information including test types and targets. A character at the start of each line depicts the state of the test"
@@ -12242,15 +11532,15 @@ msgstr "Show WWAN module signal strength."
msgid "Show a list available container networks"
msgstr "Show a list available container networks"
-#: ../../configuration/pki/index.rst:259
+#: ../../configuration/pki/index.rst:297
msgid "Show a list of installed :abbr:`CA (Certificate Authority)` certificates."
msgstr "Show a list of installed :abbr:`CA (Certificate Authority)` certificates."
-#: ../../configuration/pki/index.rst:294
+#: ../../configuration/pki/index.rst:332
msgid "Show a list of installed :abbr:`CRLs (Certificate Revocation List)`."
msgstr "Show a list of installed :abbr:`CRLs (Certificate Revocation List)`."
-#: ../../configuration/pki/index.rst:277
+#: ../../configuration/pki/index.rst:315
msgid "Show a list of installed certificates"
msgstr "Show a list of installed certificates"
@@ -12356,44 +11646,52 @@ msgstr "Show info about the Wireguard service. It also shows the latest handshak
msgid "Show information about physical ``"
msgstr "Show information about physical ``"
+#: ../../configuration/service/ssh.rst:240
+msgid "Show list of IPs currently blocked by SSH dynamic-protection."
+msgstr "Show list of IPs currently blocked by SSH dynamic-protection."
+
+#: ../../configuration/service/mdns.rst:87
+msgid "Show logs for mDNS repeater service."
+msgstr "Show logs for mDNS repeater service."
+
#: ../../configuration/container/index.rst:159
msgid "Show logs from a given container"
msgstr "Show logs from a given container"
-#: ../../configuration/service/dhcp-server.rst:520
+#: ../../configuration/service/dhcp-server.rst:420
msgid "Show logs from all DHCP client processes."
msgstr "Show logs from all DHCP client processes."
-#: ../../configuration/service/dhcp-server.rst:740
+#: ../../configuration/service/dhcp-server.rst:672
msgid "Show logs from all DHCPv6 client processes."
msgstr "Show logs from all DHCPv6 client processes."
-#: ../../configuration/service/dhcp-server.rst:524
+#: ../../configuration/service/dhcp-server.rst:424
msgid "Show logs from specific `interface` DHCP client process."
msgstr "Show logs from specific `interface` DHCP client process."
-#: ../../configuration/service/dhcp-server.rst:744
+#: ../../configuration/service/dhcp-server.rst:676
msgid "Show logs from specific `interface` DHCPv6 client process."
msgstr "Show logs from specific `interface` DHCPv6 client process."
-#: ../../configuration/pki/index.rst:273
+#: ../../configuration/pki/index.rst:311
msgid "Show only information for specified Certificate Authority."
msgstr "Show only information for specified Certificate Authority."
-#: ../../configuration/pki/index.rst:290
+#: ../../configuration/pki/index.rst:328
msgid "Show only information for specified certificate."
msgstr "Show only information for specified certificate."
-#: ../../configuration/service/dhcp-server.rst:562
-#: ../../configuration/service/dhcp-server.rst:767
+#: ../../configuration/service/dhcp-server.rst:478
+#: ../../configuration/service/dhcp-server.rst:699
msgid "Show only leases in the specified pool."
msgstr "Show only leases in the specified pool."
-#: ../../configuration/service/dhcp-server.rst:776
+#: ../../configuration/service/dhcp-server.rst:708
msgid "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)"
msgstr "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)"
-#: ../../configuration/service/dhcp-server.rst:571
+#: ../../configuration/service/dhcp-server.rst:496
msgid "Show only leases with the specified state. Possible states: all, active, free, expired, released, abandoned, reset, backup (default = active)"
msgstr "Show only leases with the specified state. Possible states: all, active, free, expired, released, abandoned, reset, backup (default = active)"
@@ -12405,19 +11703,23 @@ msgstr "Show routing table entry for the default route."
msgid "Show specific MACsec interface information"
msgstr "Show specific MACsec interface information"
-#: ../../configuration/vpn/site2site_ipsec.rst:217
+#: ../../configuration/vpn/site2site_ipsec.rst:221
msgid "Show status of new setup:"
msgstr "Show status of new setup:"
-#: ../../configuration/service/dhcp-server.rst:547
+#: ../../configuration/service/dhcp-server.rst:447
msgid "Show statuses of all active leases:"
msgstr "Show statuses of all active leases:"
-#: ../../configuration/service/dhcp-server.rst:532
+#: ../../configuration/service/dhcp-server.rst:465
+msgid "Show statuses of all active leases granted by local (this server) or remote (failover server):"
+msgstr "Show statuses of all active leases granted by local (this server) or remote (failover server):"
+
+#: ../../configuration/service/dhcp-server.rst:432
msgid "Show the DHCP server statistics:"
msgstr "Show the DHCP server statistics:"
-#: ../../configuration/service/dhcp-server.rst:543
+#: ../../configuration/service/dhcp-server.rst:443
msgid "Show the DHCP server statistics for the specified pool."
msgstr "Show the DHCP server statistics for the specified pool."
@@ -12437,11 +11739,22 @@ msgstr "Show the list of all active containers."
msgid "Show the local container images."
msgstr "Show the local container images."
-#: ../../configuration/firewall/general.rst:1486
#: ../../configuration/firewall/general-legacy.rst:969
msgid "Show the logs of a specific Rule-Set."
msgstr "Show the logs of a specific Rule-Set."
+#: ../../configuration/firewall/bridge.rst:316
+msgid "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set."
+msgstr "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set."
+
+#: ../../configuration/firewall/ipv4.rst:1125
+msgid "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+msgstr "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+
+#: ../../configuration/firewall/ipv6.rst:1148
+msgid "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+
#: ../../configuration/protocols/failover.rst:75
#: ../../configuration/protocols/failover.rst:101
msgid "Show the route"
@@ -12455,7 +11768,7 @@ msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP"
msgid "Showing BFD monitored static routes"
msgstr "Showing BFD monitored static routes"
-#: ../../configuration/service/dhcp-server.rst:752
+#: ../../configuration/service/dhcp-server.rst:684
msgid "Shows status of all assigned leases:"
msgstr "Shows status of all assigned leases:"
@@ -12483,7 +11796,7 @@ msgstr "Sierra Wireless AirPrime MC7455 miniPCIe card (LTE)"
msgid "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)"
msgstr "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)"
-#: ../../configuration/vpn/site2site_ipsec.rst:418
+#: ../../configuration/vpn/site2site_ipsec.rst:427
msgid "Similar combinations are applicable for the dead-peer-detection."
msgstr "Similar combinations are applicable for the dead-peer-detection."
@@ -12519,7 +11832,11 @@ msgstr "Since the RADIUS server would be a single point of failure, multiple RAD
msgid "Since the mDNS protocol sends the AA records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
msgstr "Since the mDNS protocol sends the AA records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
-#: ../../configuration/interfaces/vxlan.rst:136
+#: ../../configuration/service/mdns.rst:14
+msgid "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
+msgstr "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
+
+#: ../../configuration/interfaces/vxlan.rst:157
msgid "Single VXLAN device (SVD)"
msgstr "Single VXLAN device (SVD)"
@@ -12540,6 +11857,10 @@ msgstr "Site-to-site mode supports x.509 but doesn't require it and can also wor
msgid "Site to Site VPN"
msgstr "Site to Site VPN"
+#: ../../configuration/pki/index.rst:275
+msgid "Size of the RSA key."
+msgstr "Size of the RSA key."
+
#: ../../configuration/interfaces/bonding.rst:47
msgid "Slave selection for outgoing traffic is done according to the transmit hash policy, which may be changed from the default simple XOR policy via the :cfgcmd:`hash-policy` option, documented below."
msgstr "Slave selection for outgoing traffic is done according to the transmit hash policy, which may be changed from the default simple XOR policy via the :cfgcmd:`hash-policy` option, documented below."
@@ -12548,26 +11869,14 @@ msgstr "Slave selection for outgoing traffic is done according to the transmit h
msgid "So in our firewall policy, we want to allow traffic coming in on the outside interface, destined for TCP port 80 and the IP address of 192.168.0.100."
msgstr "So in our firewall policy, we want to allow traffic coming in on the outside interface, destined for TCP port 80 and the IP address of 192.168.0.100."
+#: ../../configuration/nat/nat44.rst:579
+msgid "So in our firewall ruleset, we want to allow traffic which previously matched a destination nat rule. In order to avoid creating many rules, one for each destination nat rule, we can accept all **'dnat'** connections with one simple rule, using ``connection-status`` matcher:"
+msgstr "So in our firewall ruleset, we want to allow traffic which previously matched a destination nat rule. In order to avoid creating many rules, one for each destination nat rule, we can accept all **'dnat'** connections with one simple rule, using ``connection-status`` matcher:"
+
#: ../../configuration/service/snmp.rst:245
msgid "SolarWinds"
msgstr "SolarWinds"
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
msgid "Some ISPs by default only delegate a /64 prefix. To request for a specific prefix size use this option to request for a bigger delegation for this pd ``. This value is in the range from 32 - 64 so you could request up to a /32 prefix (if your ISP allows this) down to a /64 delegation."
msgstr "Some ISPs by default only delegate a /64 prefix. To request for a specific prefix size use this option to request for a bigger delegation for this pd ``. This value is in the range from 32 - 64 so you could request up to a /32 prefix (if your ISP allows this) down to a /64 delegation."
@@ -12580,15 +11889,18 @@ msgstr "Some IT environments require the use of a proxy to connect to the Intern
msgid "Some RADIUS_ severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list."
msgstr "Some RADIUS_ severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list."
-#: ../../configuration/nat/nat44.rst:626
+#: ../../configuration/nat/nat44.rst:650
msgid "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP."
msgstr "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP."
-#: ../../configuration/firewall/general.rst:86
#: ../../configuration/firewall/general-legacy.rst:38
msgid "Some firewall settings are global and have an affect on the whole system."
msgstr "Some firewall settings are global and have an affect on the whole system."
+#: ../../configuration/firewall/global-options.rst:13
+msgid "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli."
+msgstr "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli."
+
#: ../../configuration/trafficpolicy/index.rst:327
msgid "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it."
msgstr "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it."
@@ -12621,15 +11933,15 @@ msgstr "Some users tend to connect their mobile devices using WireGuard to their
msgid "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``"`` statement."
msgstr "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``"`` statement."
-#: ../../configuration/service/dhcp-server.rst:771
+#: ../../configuration/service/dhcp-server.rst:703
msgid "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)"
msgstr "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)"
-#: ../../configuration/service/dhcp-server.rst:566
+#: ../../configuration/service/dhcp-server.rst:491
msgid "Sort the output by the specified key. Possible keys: ip, hardware_address, state, start, end, remaining, pool, hostname (default = ip)"
msgstr "Sort the output by the specified key. Possible keys: ip, hardware_address, state, start, end, remaining, pool, hostname (default = ip)"
-#: ../../configuration/nat/nat44.rst:226
+#: ../../configuration/nat/nat44.rst:238
msgid "Source Address"
msgstr "Source Address"
@@ -12637,7 +11949,7 @@ msgstr "Source Address"
msgid "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN."
msgstr "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN."
-#: ../../configuration/vpn/sstp.rst:257
+#: ../../configuration/vpn/sstp.rst:268
msgid "Source IPv4 address used in all RADIUS server queires."
msgstr "Source IPv4 address used in all RADIUS server queires."
@@ -12661,6 +11973,10 @@ msgstr "Source all connections to the TACACS servers from given VRF ``."
msgid "Source protocol to match."
msgstr "Source protocol to match."
+#: ../../configuration/vpn/ipsec.rst:225
+msgid "Source tunnel from dummy interface"
+msgstr "Source tunnel from dummy interface"
+
#: ../../configuration/vpn/ipsec.rst:225
msgid "Source tunnel from loopbacks"
msgstr "Source tunnel from loopbacks"
@@ -12685,15 +12001,15 @@ msgstr "Spatial Multiplexing Power Save (SMPS) settings"
msgid "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop."
msgstr "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop."
-#: ../../configuration/vpn/sstp.rst:227
+#: ../../configuration/vpn/sstp.rst:238
msgid "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)"
msgstr "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)"
-#: ../../configuration/vpn/sstp.rst:183
+#: ../../configuration/vpn/sstp.rst:194
msgid "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioation preference."
msgstr "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioation preference."
-#: ../../configuration/vrf/index.rst:475
+#: ../../configuration/vrf/index.rst:477
msgid "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN."
msgstr "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN."
@@ -12705,6 +12021,10 @@ msgstr "Specifies an upstream network `` from which replies from `` that the SSTP port will listen on (default 4
msgid "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password."
msgstr "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password."
-#: ../../configuration/vrf/index.rst:450
+#: ../../configuration/vrf/index.rst:452
msgid "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute."
msgstr "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute."
-#: ../../configuration/vrf/index.rst:443
+#: ../../configuration/vrf/index.rst:445
msgid "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN."
msgstr "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN."
-#: ../../configuration/vpn/sstp.rst:270
+#: ../../configuration/vpn/sstp.rst:281
msgid "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius."
msgstr "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius."
-#: ../../configuration/vpn/sstp.rst:177
+#: ../../configuration/vpn/sstp.rst:188
msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used."
msgstr "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used."
-#: ../../configuration/interfaces/vxlan.rst:72
+#: ../../configuration/interfaces/vxlan.rst:77
msgid "Specifies whether an external control plane (e.g. BGP L2VPN/EVPN) or the internal FDB should be used."
msgstr "Specifies whether an external control plane (e.g. BGP L2VPN/EVPN) or the internal FDB should be used."
+#: ../../configuration/interfaces/vxlan.rst:94
+msgid "Specifies whether the VXLAN device is capable of vni filtering."
+msgstr "Specifies whether the VXLAN device is capable of vni filtering."
+
#: ../../configuration/protocols/ospf.rst:268
msgid "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs."
msgstr "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs."
-#: ../../configuration/vpn/sstp.rst:261
+#: ../../configuration/vpn/sstp.rst:272
msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`."
msgstr "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`."
@@ -12806,23 +12130,27 @@ msgstr "Specifies which RADIUS server attribute contains the rate limit informat
msgid "Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be defined."
msgstr "Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be defined."
-#: ../../configuration/firewall/general.rst:663
-#: ../../configuration/firewall/general-legacy.rst:455
+#: ../../configuration/firewall/ipv4.rst:401
+#: ../../configuration/firewall/ipv6.rst:408
msgid "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query."
msgstr "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query."
-#: ../../configuration/service/dhcp-server.rst:620
+#: ../../configuration/service/dhcp-server.rst:550
msgid "Specify a NIS+ server address for DHCPv6 clients."
msgstr "Specify a NIS+ server address for DHCPv6 clients."
-#: ../../configuration/service/dhcp-server.rst:615
+#: ../../configuration/service/dhcp-server.rst:545
msgid "Specify a NIS server address for DHCPv6 clients."
msgstr "Specify a NIS server address for DHCPv6 clients."
-#: ../../configuration/service/dhcp-server.rst:625
+#: ../../configuration/service/dhcp-server.rst:555
msgid "Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address of Fully Qualified Domain Name for all DHCPv6 clients."
msgstr "Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address of Fully Qualified Domain Name for all DHCPv6 clients."
+#: ../../configuration/protocols/pim.rst:129
+msgid "Specify a range of group addresses via a prefix-list that forces PIM to never do :abbr:`SSM (Source-Specific Multicast)` over."
+msgstr "Specify a range of group addresses via a prefix-list that forces PIM to never do :abbr:`SSM (Source-Specific Multicast)` over."
+
#: ../../configuration/system/task-scheduler.rst:33
msgid "Specify absolute `` to script which will be run when `` is executed."
msgstr "Specify absolute `` to script which will be run when `` is executed."
@@ -12869,42 +12197,10 @@ msgstr "Specify the IPv4 source address to use for the BGP session to this neigh
msgid "Specify the LDAP server to connect to."
msgstr "Specify the LDAP server to connect to."
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
msgid "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)."
msgstr "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)."
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer."
msgstr "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer."
@@ -12929,7 +12225,7 @@ msgstr "Specify the systems `` as the Region/Location that best define
msgid "Specify the time interval when `` should be executed. The interval is specified as number with one of the following suffixes:"
msgstr "Specify the time interval when `` should be executed. The interval is specified as number with one of the following suffixes:"
-#: ../../configuration/service/dns.rst:256
+#: ../../configuration/service/dns.rst:269
msgid "Specify timeout / update interval to check if IP address changed."
msgstr "Specify timeout / update interval to check if IP address changed."
@@ -12937,7 +12233,7 @@ msgstr "Specify timeout / update interval to check if IP address changed."
msgid "Specify timeout interval for keepalive message in seconds."
msgstr "Specify timeout interval for keepalive message in seconds."
-#: ../../configuration/interfaces/vxlan.rst:170
+#: ../../configuration/interfaces/vxlan.rst:191
msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2."
msgstr "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2."
@@ -12953,7 +12249,11 @@ msgstr "Spoke"
msgid "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol."
msgstr "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol."
-#: ../../configuration/nat/nat44.rst:791
+#: ../../configuration/service/https.rst:56
+msgid "Start Webserver in given VRF."
+msgstr "Start Webserver in given VRF."
+
+#: ../../configuration/nat/nat44.rst:813
msgid "Start by checking for IPSec SAs (Security Associations) with:"
msgstr "Start by checking for IPSec SAs (Security Associations) with:"
@@ -12961,6 +12261,10 @@ msgstr "Start by checking for IPSec SAs (Security Associations) with:"
msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall `_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall `_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
+#: ../../configuration/firewall/zone.rst:13
+msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall `_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration ` chapter."
+msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall