add german test translation

1 files changed, 323 insertions, 0 deletions

diff --git a/docs/_locale/de_DE/LC_MESSAGES/configexamples/zone-policy.po b/docs/_locale/de_DE/LC_MESSAGES/configexamples/zone-policy.po
new file mode 100644
index 00000000..7ae4c684
--- /dev/null
+++ b/docs/_locale/de_DE/LC_MESSAGES/configexamples/zone-policy.po
@@ -0,0 +1,323 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2021, VyOS maintainers and contributors
+# This file is distributed under the same license as the VyOS package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+# 
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: VyOS 1.4\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2022-10-21 12:01+0200\n"
+"PO-Revision-Date: 2022-10-21 10:05+0000\n"
+"Language-Team: German (Germany) (https://www.transifex.com/vyos/teams/155110/de_DE/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: de_DE\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: ../../configexamples/zone-policy.rst:6 3c76f26421954ac884480d0cffe55150
+msgid "Zone-Policy example"
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:8 b000af62a2ff45e3bea0983ff08c6ca9
+msgid ""
+"In :vytask:`T2199` the syntax of the zone configuration was changed. The "
+"zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone"
+" <name>``."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:13 518ed4192332498b988ad701dbe4ae94
+msgid "Native IPv4 and IPv6"
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:15 e785499caee9483ebbfa8fea63bd3f60
+msgid "We have three networks."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:24 d5184c69966f41c5acd57ba576316df4
+msgid ""
+"**This specific example is for a router on a stick, but is very easily "
+"adapted for however many NICs you have**:"
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:28 dc181a02a98a45da8888bc017de3ea1f
+msgid "Internet - 192.168.200.100 - TCP/80"
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:29 4e066389682c40048d57dec2c83a5aae
+msgid "Internet - 192.168.200.100 - TCP/443"
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:30 99c22b93805b4a9d97c17590c0d1ff93
+msgid "Internet - 192.168.200.100 - TCP/25"
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:31 98671bd795584e58ab09f67a17c41bf1
+msgid "Internet - 192.168.200.100 - TCP/53"
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:32 132e6aa544e14ab68d588186821b0cf1
+msgid "VyOS acts as DHCP, DNS forwarder, NAT, router and firewall."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:33 378d3439fdd441d0b598dee31369da95
+msgid ""
+"192.168.200.200/2001:0DB8:0:BBBB::200 is an internal/external DNS, web and "
+"mail (SMTP/IMAP) server."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:35 45a4384bc0fc4bd1a25c98a27c2a81ce
+msgid ""
+"192.168.100.10/2001:0DB8:0:AAAA::10 is the administrator's console. It can "
+"SSH to VyOS."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:37 5cc8e033a70c48bcbc424e36c169c4af
+msgid "LAN and DMZ hosts have basic outbound access: Web, FTP, SSH."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:38 7345f3e3a5874d65b6922d88f3117ecd
+msgid "LAN can access DMZ resources."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:39 2413bb4e87ee4a92922530672b633c3c
+msgid "DMZ cannot access LAN resources."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:40 604e13042cc6421fa69f297748ae55ab
+msgid "Inbound WAN connect to DMZ host."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rstNone c296c8f6b6874d18872c119a8cc8ee57
+msgid "Network Topology Diagram"
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:47 8aacd45be8534832803d7d08a1a8b19d
+msgid ""
+"The VyOS interface is assigned the .1/:1 address of their respective "
+"networks. WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:50 5e0f72b4b2db4789ac8dd371ba669517
+msgid "It will look something like this:"
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:79 74742cf5724e4f2cb3049240b8b10f52
+msgid "Zones Basics"
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:81 634e5b24c3f749cc9428984dd8206b28
+msgid ""
+"Each interface is assigned to a zone. The interface can be physical or "
+"virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the "
+"same."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:85 6224d85ed139427b8bec0f53015beeb3
+msgid ""
+"Traffic flows from zone A to zone B. That flow is what I refer to as a zone-"
+"pair-direction. eg. A->B and B->A are two zone-pair-destinations."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:88 8cfb35f32511467cb39a75b1d6cd9548
+msgid "Ruleset are created per zone-pair-direction."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:90 ab2f3b9301084a50ac3c4342abfc2cfa
+msgid ""
+"I name rule sets to indicate which zone-pair-direction they represent. eg. "
+"ZoneA-ZoneB or ZoneB-ZoneA. LAN-DMZ, DMZ-LAN."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:93 c7c352c3ba8341ee9563ded10b507dd9
+msgid ""
+"In VyOS, you have to have unique Ruleset names. In the event of overlap, I "
+"add a \"-6\" to the end of v6 rulesets. eg. LAN-DMZ, LAN-DMZ-6. This allows "
+"for each auto-completion and uniqueness."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:97 c0ee89a6de5b40e8b7b1f41327938ce7
+msgid ""
+"In this example we have 4 zones. LAN, WAN, DMZ, Local. The local zone is the"
+" firewall itself."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:100 25d67004a0b34f2d80fe07eb586b31eb
+msgid ""
+"If your computer is on the LAN and you need to SSH into your VyOS box, you "
+"would need a rule to allow it in the LAN-Local ruleset. If you want to "
+"access a webpage from your VyOS box, you need a rule to allow it in the "
+"Local-LAN ruleset."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:105 074031ebe23742cf9ab553c1d3c89851
+msgid ""
+"In rules, it is good to keep them named consistently. As the number of rules"
+" you have grows, the more consistency you have, the easier your life will "
+"be."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:123 36212be96d234f809e3aa0635b224e23
+msgid ""
+"The first two rules are to deal with the idiosyncrasies of VyOS and "
+"iptables."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:126 cdaf927567ba470a843b6daed8e148a5
+msgid ""
+"Zones and Rulesets both have a default action statement. When using Zone-"
+"Policies, the default action is set by the zone-policy statement and is "
+"represented by rule 10000."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:130 b923769f3fa648cabd265468da6f0ed8
+msgid ""
+"It is good practice to log both accepted and denied traffic. It can save you"
+" significant headaches when trying to troubleshoot a connectivity issue."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:134 8cdbfa157d0c40c5aaa5ce98e2e10eba
+msgid "To add logging to the default rule, do:"
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:141 8370b1669e3244a6a370ab9344a5e114
+msgid ""
+"By default, iptables does not allow traffic for established sessions to "
+"return, so you must explicitly allow this. I do this by adding two rules to "
+"every ruleset. 1 allows established and related state packets through and "
+"rule 2 drops and logs invalid state packets. We place the "
+"established/related rule at the top because the vast majority of traffic on "
+"a network is established and the invalid rule to prevent invalid state "
+"packets from mistakenly being matched against other rules. Having the most "
+"matched rule listed first reduces CPU load in high volume environments. "
+"Note: I have filed a bug to have this added as a default action as well."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:152 b98728b4c0444251a8ddd9aae0061313
+msgid ""
+"''It is important to note, that you do not want to add logging to the "
+"established state rule as you will be logging both the inbound and outbound "
+"packets for each session instead of just the initiation of the session. Your"
+" logs will be massive in a very short period of time.''"
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:157 5731588a00a1445aae957e1dfca6f6a9
+msgid ""
+"In VyOS you must have the interfaces created before you can apply it to the "
+"zone and the rulesets must be created prior to applying it to a zone-policy."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:161 214fa70e97f947ecb6bcb6ee8a95f7d7
+msgid ""
+"I create/configure the interfaces first. Build out the rulesets for each "
+"zone-pair-direction which includes at least the three state rules. Then I "
+"setup the zone-policies."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:165 ff4bfdb0fea6403bbb05ec6ea9fa65b7
+msgid ""
+"Zones do not allow for a default action of accept; either drop or reject. It"
+" is important to remember this because if you apply an interface to a zone "
+"and commit, any active connections will be dropped. Specifically, if you are"
+" SSH’d into VyOS and add local or the interface you are connecting through "
+"to a zone and do not have rulesets in place to allow SSH and established "
+"sessions, you will not be able to connect."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:172 217de4fa5abe448d8c381c002f97e539
+msgid ""
+"The following are the rules that were created for this example (may not be "
+"complete), both in IPv4 and IPv6. If there is no IP specified, then the "
+"source/destination address is not explicit."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:226 68c0c6d0b20b468f99608f851ae72f5f
+msgid "Since we have 4 zones, we need to setup the following rulesets."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:243 5b84e1b04a934648956fa3d46c7d7ab3
+msgid ""
+"Even if the two zones will never communicate, it is a good idea to create "
+"the zone-pair-direction rulesets and set enable-default-log. This will allow"
+" you to log attempts to access the networks. Without it, you will never see "
+"the connection attempts."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:248 633e0ef63aa44eb68b1f92674e715140
+msgid "This is an example of the three base rules."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:272 617108f6e8a04def8d089d3373c5fdc4
+msgid "Here is an example of an IPv6 DMZ-WAN ruleset."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:345 a17a13e6dca3416fb9c3d5fa95aff51b
+msgid ""
+"Once you have all of your rulesets built, then you need to create your zone-"
+"policy."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:348 2570cdfd598542d4ab4b7e38b8fb7d1e
+msgid "Start by setting the interface and default action for each zone."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:355 ac4dd0fd6ee24b81a3d208db070b0029
+msgid ""
+"In this case, we are setting the v6 ruleset that represents traffic sourced "
+"from the LAN, destined for the DMZ. Because the zone-policy firewall syntax "
+"is a little awkward, I keep it straight by thinking of it backwards."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:364 ded641d51758415e9f0cf27ae1e9b3c4
+msgid ""
+"DMZ-LAN policy is LAN-DMZ. You can get a rhythm to it when you build out a "
+"bunch at one time."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:367 f3adf536211a4f12817bf30695b1b65f
+msgid ""
+"In the end, you will end up with something like this config. I took out "
+"everything but the Firewall, Interfaces, and zone-policy sections. It is "
+"long enough as is."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:373 d4a2cf9526ec4602822a592145060277
+msgid "IPv6 Tunnel"
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:375 44a092c185cb4956b7b4bec83f6da9b6
+msgid ""
+"If you are using a IPv6 tunnel from HE.net or someone else, the basis is the"
+" same except you have two WAN interfaces. One for v4 and one for v6."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:378 a9091d4fcd5b424088a2352f008d5947
+msgid ""
+"You would have 5 zones instead of just 4 and you would configure your v6 "
+"ruleset between your tunnel interface and your LAN/DMZ zones instead of to "
+"the WAN."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:382 eb7fd578bb60426f8d96fd0016a0d005
+msgid "LAN, WAN, DMZ, local and TUN (tunnel)"
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:384 c4c7ca9af6244fcf9b0b9ff4ad49cd10
+msgid "v6 pairs would be:"
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:401 28572036af8b4fd4b48436a393b06d90
+msgid "Notice, none go to WAN since WAN wouldn't have a v6 address on it."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:403 0c5f292540b24741a12114027008fe61
+msgid ""
+"You would have to add a couple of rules on your wan-local ruleset to allow "
+"protocol 41 in."
+msgstr ""
+
+#: ../../configexamples/zone-policy.rst:406 36b65f4c07e644a7b2d18c4ca8639c83
+msgid "Something like:"
+msgstr ""