vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Quickstart: manual backport to sagitta for firewall configuration in quickstart.

Browse Source
This commit is contained in:
Nicolas Fort 2024-03-06 08:45:01 -03:00
parent 7385cfe0d4
commit be722bf1bd
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/quick-start.rst
View File

@ -156,7 +156,7 @@ Configure Stateful Packet Filtering
-----------------------------------
With the new firewall structure, we have have a lot of flexibility in how we
group and order our rules, as shown by the two alternative approaches below.
group and order our rules, as shown by the three alternative approaches below.
Option 1: Global State Policies
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@ -212,12 +212,11 @@ hooks as the first filtering rule in the respective chains:
set firewall ipv4 input filter rule 10 action 'jump'
set firewall ipv4 input filter rule 10 jump-target CONN_FILTER
Option 2: Per-Hook Chain
Option 3: Per-Hook Chain
^^^^^^^^^^^^^^^^^^^^^^^^
Alternatively, instead of configuring the ``CONN_FILTER`` chain described above,
you can take the more traditional stateful connection filtering approach by
creating rules on each hook's chain:
Alternatively, you can take the more traditional stateful connection
filtering approach by creating rules on each base hook's chain:
.. code-block:: none