diff options
author | rebortg <github@ghlr.de> | 2022-10-24 21:49:31 +0200 |
---|---|---|
committer | rebortg <github@ghlr.de> | 2022-10-24 21:49:31 +0200 |
commit | b18aa2f9d853b92e193269a53c1b00c9f48dd73f (patch) | |
tree | f5b33453ef9ffcbe6567ce9220a785fdc8236220 /docs/_locale/de_DE/LC_MESSAGES/configexamples/zone-policy.po | |
parent | 99ccd5cd0e0ac2efdc50f3eda88744601a0a996a (diff) | |
download | vyos-documentation-b18aa2f9d853b92e193269a53c1b00c9f48dd73f.tar.gz vyos-documentation-b18aa2f9d853b92e193269a53c1b00c9f48dd73f.zip |
migrate to new transifex client
Diffstat (limited to 'docs/_locale/de_DE/LC_MESSAGES/configexamples/zone-policy.po')
-rw-r--r-- | docs/_locale/de_DE/LC_MESSAGES/configexamples/zone-policy.po | 323 |
1 files changed, 0 insertions, 323 deletions
diff --git a/docs/_locale/de_DE/LC_MESSAGES/configexamples/zone-policy.po b/docs/_locale/de_DE/LC_MESSAGES/configexamples/zone-policy.po deleted file mode 100644 index 7ae4c684..00000000 --- a/docs/_locale/de_DE/LC_MESSAGES/configexamples/zone-policy.po +++ /dev/null @@ -1,323 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) 2021, VyOS maintainers and contributors -# This file is distributed under the same license as the VyOS package. -# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. -# -#, fuzzy -msgid "" -msgstr "" -"Project-Id-Version: VyOS 1.4\n" -"Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-10-21 12:01+0200\n" -"PO-Revision-Date: 2022-10-21 10:05+0000\n" -"Language-Team: German (Germany) (https://www.transifex.com/vyos/teams/155110/de_DE/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: de_DE\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: ../../configexamples/zone-policy.rst:6 3c76f26421954ac884480d0cffe55150 -msgid "Zone-Policy example" -msgstr "" - -#: ../../configexamples/zone-policy.rst:8 b000af62a2ff45e3bea0983ff08c6ca9 -msgid "" -"In :vytask:`T2199` the syntax of the zone configuration was changed. The " -"zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone" -" <name>``." -msgstr "" - -#: ../../configexamples/zone-policy.rst:13 518ed4192332498b988ad701dbe4ae94 -msgid "Native IPv4 and IPv6" -msgstr "" - -#: ../../configexamples/zone-policy.rst:15 e785499caee9483ebbfa8fea63bd3f60 -msgid "We have three networks." -msgstr "" - -#: ../../configexamples/zone-policy.rst:24 d5184c69966f41c5acd57ba576316df4 -msgid "" -"**This specific example is for a router on a stick, but is very easily " -"adapted for however many NICs you have**:" -msgstr "" - -#: ../../configexamples/zone-policy.rst:28 dc181a02a98a45da8888bc017de3ea1f -msgid "Internet - 192.168.200.100 - TCP/80" -msgstr "" - -#: ../../configexamples/zone-policy.rst:29 4e066389682c40048d57dec2c83a5aae -msgid "Internet - 192.168.200.100 - TCP/443" -msgstr "" - -#: ../../configexamples/zone-policy.rst:30 99c22b93805b4a9d97c17590c0d1ff93 -msgid "Internet - 192.168.200.100 - TCP/25" -msgstr "" - -#: ../../configexamples/zone-policy.rst:31 98671bd795584e58ab09f67a17c41bf1 -msgid "Internet - 192.168.200.100 - TCP/53" -msgstr "" - -#: ../../configexamples/zone-policy.rst:32 132e6aa544e14ab68d588186821b0cf1 -msgid "VyOS acts as DHCP, DNS forwarder, NAT, router and firewall." -msgstr "" - -#: ../../configexamples/zone-policy.rst:33 378d3439fdd441d0b598dee31369da95 -msgid "" -"192.168.200.200/2001:0DB8:0:BBBB::200 is an internal/external DNS, web and " -"mail (SMTP/IMAP) server." -msgstr "" - -#: ../../configexamples/zone-policy.rst:35 45a4384bc0fc4bd1a25c98a27c2a81ce -msgid "" -"192.168.100.10/2001:0DB8:0:AAAA::10 is the administrator's console. It can " -"SSH to VyOS." -msgstr "" - -#: ../../configexamples/zone-policy.rst:37 5cc8e033a70c48bcbc424e36c169c4af -msgid "LAN and DMZ hosts have basic outbound access: Web, FTP, SSH." -msgstr "" - -#: ../../configexamples/zone-policy.rst:38 7345f3e3a5874d65b6922d88f3117ecd -msgid "LAN can access DMZ resources." -msgstr "" - -#: ../../configexamples/zone-policy.rst:39 2413bb4e87ee4a92922530672b633c3c -msgid "DMZ cannot access LAN resources." -msgstr "" - -#: ../../configexamples/zone-policy.rst:40 604e13042cc6421fa69f297748ae55ab -msgid "Inbound WAN connect to DMZ host." -msgstr "" - -#: ../../configexamples/zone-policy.rstNone c296c8f6b6874d18872c119a8cc8ee57 -msgid "Network Topology Diagram" -msgstr "" - -#: ../../configexamples/zone-policy.rst:47 8aacd45be8534832803d7d08a1a8b19d -msgid "" -"The VyOS interface is assigned the .1/:1 address of their respective " -"networks. WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30." -msgstr "" - -#: ../../configexamples/zone-policy.rst:50 5e0f72b4b2db4789ac8dd371ba669517 -msgid "It will look something like this:" -msgstr "" - -#: ../../configexamples/zone-policy.rst:79 74742cf5724e4f2cb3049240b8b10f52 -msgid "Zones Basics" -msgstr "" - -#: ../../configexamples/zone-policy.rst:81 634e5b24c3f749cc9428984dd8206b28 -msgid "" -"Each interface is assigned to a zone. The interface can be physical or " -"virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the " -"same." -msgstr "" - -#: ../../configexamples/zone-policy.rst:85 6224d85ed139427b8bec0f53015beeb3 -msgid "" -"Traffic flows from zone A to zone B. That flow is what I refer to as a zone-" -"pair-direction. eg. A->B and B->A are two zone-pair-destinations." -msgstr "" - -#: ../../configexamples/zone-policy.rst:88 8cfb35f32511467cb39a75b1d6cd9548 -msgid "Ruleset are created per zone-pair-direction." -msgstr "" - -#: ../../configexamples/zone-policy.rst:90 ab2f3b9301084a50ac3c4342abfc2cfa -msgid "" -"I name rule sets to indicate which zone-pair-direction they represent. eg. " -"ZoneA-ZoneB or ZoneB-ZoneA. LAN-DMZ, DMZ-LAN." -msgstr "" - -#: ../../configexamples/zone-policy.rst:93 c7c352c3ba8341ee9563ded10b507dd9 -msgid "" -"In VyOS, you have to have unique Ruleset names. In the event of overlap, I " -"add a \"-6\" to the end of v6 rulesets. eg. LAN-DMZ, LAN-DMZ-6. This allows " -"for each auto-completion and uniqueness." -msgstr "" - -#: ../../configexamples/zone-policy.rst:97 c0ee89a6de5b40e8b7b1f41327938ce7 -msgid "" -"In this example we have 4 zones. LAN, WAN, DMZ, Local. The local zone is the" -" firewall itself." -msgstr "" - -#: ../../configexamples/zone-policy.rst:100 25d67004a0b34f2d80fe07eb586b31eb -msgid "" -"If your computer is on the LAN and you need to SSH into your VyOS box, you " -"would need a rule to allow it in the LAN-Local ruleset. If you want to " -"access a webpage from your VyOS box, you need a rule to allow it in the " -"Local-LAN ruleset." -msgstr "" - -#: ../../configexamples/zone-policy.rst:105 074031ebe23742cf9ab553c1d3c89851 -msgid "" -"In rules, it is good to keep them named consistently. As the number of rules" -" you have grows, the more consistency you have, the easier your life will " -"be." -msgstr "" - -#: ../../configexamples/zone-policy.rst:123 36212be96d234f809e3aa0635b224e23 -msgid "" -"The first two rules are to deal with the idiosyncrasies of VyOS and " -"iptables." -msgstr "" - -#: ../../configexamples/zone-policy.rst:126 cdaf927567ba470a843b6daed8e148a5 -msgid "" -"Zones and Rulesets both have a default action statement. When using Zone-" -"Policies, the default action is set by the zone-policy statement and is " -"represented by rule 10000." -msgstr "" - -#: ../../configexamples/zone-policy.rst:130 b923769f3fa648cabd265468da6f0ed8 -msgid "" -"It is good practice to log both accepted and denied traffic. It can save you" -" significant headaches when trying to troubleshoot a connectivity issue." -msgstr "" - -#: ../../configexamples/zone-policy.rst:134 8cdbfa157d0c40c5aaa5ce98e2e10eba -msgid "To add logging to the default rule, do:" -msgstr "" - -#: ../../configexamples/zone-policy.rst:141 8370b1669e3244a6a370ab9344a5e114 -msgid "" -"By default, iptables does not allow traffic for established sessions to " -"return, so you must explicitly allow this. I do this by adding two rules to " -"every ruleset. 1 allows established and related state packets through and " -"rule 2 drops and logs invalid state packets. We place the " -"established/related rule at the top because the vast majority of traffic on " -"a network is established and the invalid rule to prevent invalid state " -"packets from mistakenly being matched against other rules. Having the most " -"matched rule listed first reduces CPU load in high volume environments. " -"Note: I have filed a bug to have this added as a default action as well." -msgstr "" - -#: ../../configexamples/zone-policy.rst:152 b98728b4c0444251a8ddd9aae0061313 -msgid "" -"''It is important to note, that you do not want to add logging to the " -"established state rule as you will be logging both the inbound and outbound " -"packets for each session instead of just the initiation of the session. Your" -" logs will be massive in a very short period of time.''" -msgstr "" - -#: ../../configexamples/zone-policy.rst:157 5731588a00a1445aae957e1dfca6f6a9 -msgid "" -"In VyOS you must have the interfaces created before you can apply it to the " -"zone and the rulesets must be created prior to applying it to a zone-policy." -msgstr "" - -#: ../../configexamples/zone-policy.rst:161 214fa70e97f947ecb6bcb6ee8a95f7d7 -msgid "" -"I create/configure the interfaces first. Build out the rulesets for each " -"zone-pair-direction which includes at least the three state rules. Then I " -"setup the zone-policies." -msgstr "" - -#: ../../configexamples/zone-policy.rst:165 ff4bfdb0fea6403bbb05ec6ea9fa65b7 -msgid "" -"Zones do not allow for a default action of accept; either drop or reject. It" -" is important to remember this because if you apply an interface to a zone " -"and commit, any active connections will be dropped. Specifically, if you are" -" SSH’d into VyOS and add local or the interface you are connecting through " -"to a zone and do not have rulesets in place to allow SSH and established " -"sessions, you will not be able to connect." -msgstr "" - -#: ../../configexamples/zone-policy.rst:172 217de4fa5abe448d8c381c002f97e539 -msgid "" -"The following are the rules that were created for this example (may not be " -"complete), both in IPv4 and IPv6. If there is no IP specified, then the " -"source/destination address is not explicit." -msgstr "" - -#: ../../configexamples/zone-policy.rst:226 68c0c6d0b20b468f99608f851ae72f5f -msgid "Since we have 4 zones, we need to setup the following rulesets." -msgstr "" - -#: ../../configexamples/zone-policy.rst:243 5b84e1b04a934648956fa3d46c7d7ab3 -msgid "" -"Even if the two zones will never communicate, it is a good idea to create " -"the zone-pair-direction rulesets and set enable-default-log. This will allow" -" you to log attempts to access the networks. Without it, you will never see " -"the connection attempts." -msgstr "" - -#: ../../configexamples/zone-policy.rst:248 633e0ef63aa44eb68b1f92674e715140 -msgid "This is an example of the three base rules." -msgstr "" - -#: ../../configexamples/zone-policy.rst:272 617108f6e8a04def8d089d3373c5fdc4 -msgid "Here is an example of an IPv6 DMZ-WAN ruleset." -msgstr "" - -#: ../../configexamples/zone-policy.rst:345 a17a13e6dca3416fb9c3d5fa95aff51b -msgid "" -"Once you have all of your rulesets built, then you need to create your zone-" -"policy." -msgstr "" - -#: ../../configexamples/zone-policy.rst:348 2570cdfd598542d4ab4b7e38b8fb7d1e -msgid "Start by setting the interface and default action for each zone." -msgstr "" - -#: ../../configexamples/zone-policy.rst:355 ac4dd0fd6ee24b81a3d208db070b0029 -msgid "" -"In this case, we are setting the v6 ruleset that represents traffic sourced " -"from the LAN, destined for the DMZ. Because the zone-policy firewall syntax " -"is a little awkward, I keep it straight by thinking of it backwards." -msgstr "" - -#: ../../configexamples/zone-policy.rst:364 ded641d51758415e9f0cf27ae1e9b3c4 -msgid "" -"DMZ-LAN policy is LAN-DMZ. You can get a rhythm to it when you build out a " -"bunch at one time." -msgstr "" - -#: ../../configexamples/zone-policy.rst:367 f3adf536211a4f12817bf30695b1b65f -msgid "" -"In the end, you will end up with something like this config. I took out " -"everything but the Firewall, Interfaces, and zone-policy sections. It is " -"long enough as is." -msgstr "" - -#: ../../configexamples/zone-policy.rst:373 d4a2cf9526ec4602822a592145060277 -msgid "IPv6 Tunnel" -msgstr "" - -#: ../../configexamples/zone-policy.rst:375 44a092c185cb4956b7b4bec83f6da9b6 -msgid "" -"If you are using a IPv6 tunnel from HE.net or someone else, the basis is the" -" same except you have two WAN interfaces. One for v4 and one for v6." -msgstr "" - -#: ../../configexamples/zone-policy.rst:378 a9091d4fcd5b424088a2352f008d5947 -msgid "" -"You would have 5 zones instead of just 4 and you would configure your v6 " -"ruleset between your tunnel interface and your LAN/DMZ zones instead of to " -"the WAN." -msgstr "" - -#: ../../configexamples/zone-policy.rst:382 eb7fd578bb60426f8d96fd0016a0d005 -msgid "LAN, WAN, DMZ, local and TUN (tunnel)" -msgstr "" - -#: ../../configexamples/zone-policy.rst:384 c4c7ca9af6244fcf9b0b9ff4ad49cd10 -msgid "v6 pairs would be:" -msgstr "" - -#: ../../configexamples/zone-policy.rst:401 28572036af8b4fd4b48436a393b06d90 -msgid "Notice, none go to WAN since WAN wouldn't have a v6 address on it." -msgstr "" - -#: ../../configexamples/zone-policy.rst:403 0c5f292540b24741a12114027008fe61 -msgid "" -"You would have to add a couple of rules on your wan-local ruleset to allow " -"protocol 41 in." -msgstr "" - -#: ../../configexamples/zone-policy.rst:406 36b65f4c07e644a7b2d18c4ca8639c83 -msgid "Something like:" -msgstr "" |