summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNicolas Fort <nicolasfort1988@gmail.com>2022-12-23 08:24:04 -0300
committerNicolas Fort <nicolasfort1988@gmail.com>2022-12-23 08:24:04 -0300
commit768cae5fab16adbcc74c9dff0e321381bc294029 (patch)
tree85c43cc87d0cd0b4b314da164a366df71936e2dd
parentaade883e244075b3ac6678b64c9da7929e74192a (diff)
downloadvyos-documentation-768cae5fab16adbcc74c9dff0e321381bc294029.tar.gz
vyos-documentation-768cae5fab16adbcc74c9dff0e321381bc294029.zip
T4886: Add connection-mark information to firewall and policy docs.
-rw-r--r--docs/configuration/firewall/general.rst7
-rw-r--r--docs/configuration/policy/route.rst16
2 files changed, 21 insertions, 2 deletions
diff --git a/docs/configuration/firewall/general.rst b/docs/configuration/firewall/general.rst
index dc087018..f2e01e03 100644
--- a/docs/configuration/firewall/general.rst
+++ b/docs/configuration/firewall/general.rst
@@ -345,6 +345,13 @@ There are a lot of matching criteria against which the package can be tested.
Match criteria based on nat connection status.
+.. cfgcmd:: set firewall name <name> rule <1-999999> connection-mark
+ <1-2147483647>
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> connection-mark
+ <1-2147483647>
+
+ Match criteria based on connection mark.
+
.. cfgcmd:: set firewall name <name> rule <1-999999> source address
[address | addressrange | CIDR]
.. cfgcmd:: set firewall name <name> rule <1-999999> destination address
diff --git a/docs/configuration/policy/route.rst b/docs/configuration/policy/route.rst
index 6f60bc36..a6330c57 100644
--- a/docs/configuration/policy/route.rst
+++ b/docs/configuration/policy/route.rst
@@ -41,6 +41,11 @@ There are a lot of matching criteria options available, both for
``policy route`` and ``policy route6``. These options are listed
in this section.
+.. cfgcmd:: set policy route <name> rule <n> connection-mark <1-2147483647>
+.. cfgcmd:: set policy route6 <name> rule <n> connection-mark <1-2147483647>
+
+ Set match criteria based on connection mark.
+
.. cfgcmd:: set policy route <name> rule <n> source address
<match_criteria>
.. cfgcmd:: set policy route <name> rule <n> destination address
@@ -226,6 +231,13 @@ setting a different routing table.
Set rule action to drop.
+.. cfgcmd:: set policy route <name> rule <n> set connection-mark
+ <1-2147483647>
+.. cfgcmd:: set policy route6 <name> rule <n> set connection-mark
+ <1-2147483647>
+
+ Set a specific connection mark.
+
.. cfgcmd:: set policy route <name> rule <n> set dscp <0-63>
.. cfgcmd:: set policy route6 <name> rule <n> set dscp <0-63>
@@ -234,12 +246,12 @@ setting a different routing table.
.. cfgcmd:: set policy route <name> rule <n> set mark <1-2147483647>
.. cfgcmd:: set policy route6 <name> rule <n> set mark <1-2147483647>
- Set packet modifications: Packet marking
+ Set a specific packet mark.
.. cfgcmd:: set policy route <name> rule <n> set table <main | 1-200>
.. cfgcmd:: set policy route6 <name> rule <n> set table <main | 1-200>
- Set packet modifications: Routing table to forward packet with.
+ Set the routing table to forward packet with.
.. cfgcmd:: set policy route <name> rule <n> set tcp-mss <500-1460>
.. cfgcmd:: set policy route6 <name> rule <n> set tcp-mss <500-1460>