Merge pull request #870 from ganawaj/feature/correct-firewall-application

firewall: correct rule-set interface assignments

1 files changed, 12 insertions, 11 deletions

diff --git a/docs/configuration/firewall/general.rst b/docs/configuration/firewall/general.rst
index cfd7a8ce..0cf8bcec 100644
--- a/docs/configuration/firewall/general.rst
+++ b/docs/configuration/firewall/general.rst
@@ -591,17 +591,18 @@ A Rule-Set can be applied to every interface:
 * ``out``: Ruleset for forwarded packets on an outbound interface
 * ``local``: Ruleset for packets destined for this router
 
-.. cfgcmd:: set interface ethernet <ethN> firewall [in | out | local]
-   [name | ipv6-name] <rule-set>
+.. cfgcmd:: set firewall interface <interface> [in | out | local] [name |
+   ipv6-name] <rule-set>
+
 
    Here are some examples for applying a rule-set to an interface
 
    .. code-block:: none
 
-      set interface ethernet eth1 vif 100 firewall in name LANv4-IN
-      set interface ethernet eth1 vif 100 firewall out name LANv4-OUT
-      set interface bonding bond0 firewall in name LANv4-IN
-      set interfaces openvpn vtun1 firewall in name Lanv4-IN
+      set firewall interface eth1.100 in name LANv4-IN
+      set firewall interface eth1.100 out name LANv4-OUT
+      set firewall interface bond0 in name LANv4-IN
+      set firewall interface vtun1 in name LANv4-IN
 
    .. note::
       As you can see in the example here, you can assign the same rule-set to
@@ -815,6 +816,11 @@ Example Partial Config
 .. code-block:: none
 
   firewall {
+     interface eth0 {
+         in {
+             name FROM-INTERNET
+         }
+     }
      all-ping enable
      broadcast-ping disable
      config-trap disable
@@ -871,11 +877,6 @@ Example Partial Config
          address dhcp
          description OUTSIDE
          duplex auto
-         firewall {
-             in {
-                 name FROM-INTERNET
-             }
-         }
      }
   }