Merge pull request #1435 from vyos/mergify/bp/sagitta/pr-1434

Firewall: add documentation for dynamic firewall groups. (backport #1434)

1 files changed, 21 insertions, 0 deletions

diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst
index b5a087a7..2fe877bb 100644
--- a/docs/configuration/firewall/ipv4.rst
+++ b/docs/configuration/firewall/ipv4.rst
@@ -516,6 +516,27 @@ geoip) to keep database and rules updated.
    criteria.
 
 .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
+   source group dynamic-address-group <name | !name>
+.. cfgcmd:: set firewall ipv4 input filter rule <1-999999>
+   source group dynamic-address-group <name | !name>
+.. cfgcmd:: set firewall ipv4 output filter rule <1-999999>
+   source group dynamic-address-group <name | !name>
+.. cfgcmd:: set firewall ipv4 name <name> rule <1-999999>
+   source group dynamic-address-group <name | !name>
+
+.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
+   destination group dynamic-address-group <name | !name>
+.. cfgcmd:: set firewall ipv4 input filter rule <1-999999>
+   destination group dynamic-address-group <name | !name>
+.. cfgcmd:: set firewall ipv4 output filter rule <1-999999>
+   destination group dynamic-address-group <name | !name>
+.. cfgcmd:: set firewall ipv4 name <name> rule <1-999999>
+   destination group dynamic-address-group <name | !name>
+
+   Use a specific dynamic-address-group. Prepend character ``!`` for inverted
+   matching criteria.
+
+.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
    source group network-group <name | !name>
 .. cfgcmd:: set firewall ipv4 input filter rule <1-999999>
    source group network-group <name | !name>