diff options
| author | Robert Göhler <github@ghlr.de> | 2024-03-27 21:31:34 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-27 21:31:34 +0100 |
| commit | 434ec318f0942b7e27420f4f796980f221e2e0cd (patch) | |
| tree | 5ea55028562b7b4b1af7d2b2c2139a15d63fc0e8 | |
| parent | 737172ccd811e8618b71c2d4e3866de5db3ecb0d (diff) | |
| parent | 27970f7a208d03180d542d282561ddd38d7fc29d (diff) | |
| download | vyos-documentation-434ec318f0942b7e27420f4f796980f221e2e0cd.tar.gz vyos-documentation-434ec318f0942b7e27420f4f796980f221e2e0cd.zip | |
Merge pull request #1344 from Giggum/sagitta
T5614: extend ipv4 firewall documentation on conntrack-helper matching
| -rw-r--r-- | docs/configuration/firewall/ipv4.rst | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst index 9a683d22..ee83967f 100644 --- a/docs/configuration/firewall/ipv4.rst +++ b/docs/configuration/firewall/ipv4.rst @@ -906,6 +906,30 @@ geoip) to keep database and rules updated. Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts. +.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> + conntrack-helper <module> +.. cfgcmd:: set firewall ipv4 input filter rule <1-999999> + conntrack-helper <module> +.. cfgcmd:: set firewall ipv4 output filter rule <1-999999> + conntrack-helper <module> +.. cfgcmd:: set firewall ipv4 name <name> rule <1-999999> + conntrack-helper <module> + + Match based on connection tracking protocol helper module to secure use of + that helper module. See below for possible completions `<module>`. + + .. code-block:: none + + Possible completions: + ftp Related traffic from FTP helper + h323 Related traffic from H.323 helper + pptp Related traffic from PPTP helper + nfs Related traffic from NFS helper + sip Related traffic from SIP helper + tftp Related traffic from TFTP helper + sqlnet Related traffic from SQLNet helper + + ******** Synproxy ******** |