summaryrefslogtreecommitdiff
path: root/docs/configuration/firewall
diff options
context:
space:
mode:
authorrebortg <github@ghlr.de>2024-11-03 21:39:10 +0100
committerrebortg <github@ghlr.de>2024-11-03 21:39:10 +0100
commit2707e9ac6778eb9e71937bebc484290a0be03adb (patch)
treea1915fbf6bacc3ce01c9ebf3a509ac9feb5f4757 /docs/configuration/firewall
parent9fd263ad9fd477992ee2bfc7f7ed7e03678a16b5 (diff)
downloadvyos-documentation-2707e9ac6778eb9e71937bebc484290a0be03adb.tar.gz
vyos-documentation-2707e9ac6778eb9e71937bebc484290a0be03adb.zip
Firewall: correct ipv4/6 ipsec match parameter
Diffstat (limited to 'docs/configuration/firewall')
-rw-r--r--docs/configuration/firewall/ipv4.rst8
-rw-r--r--docs/configuration/firewall/ipv6.rst8
2 files changed, 8 insertions, 8 deletions
diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst
index 419a9339..5fc9bd4c 100644
--- a/docs/configuration/firewall/ipv4.rst
+++ b/docs/configuration/firewall/ipv4.rst
@@ -771,13 +771,13 @@ geoip) to keep database and rules updated.
invert the criteria to match is also supported. For example ``!IFACE_GROUP``
.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
- ipsec [match-ipsec | match-none]
+ ipsec [match-ipsec-in | match-ipsec-out | match-none-in | match-none-out]
.. cfgcmd:: set firewall ipv4 input filter rule <1-999999>
- ipsec [match-ipsec | match-none]
+ ipsec [match-ipsec-in | match-none-in]
.. cfgcmd:: set firewall ipv4 output filter rule <1-999999>
- ipsec [match-ipsec | match-none]
+ ipsec [match-ipsec-out | match-none-out]
.. cfgcmd:: set firewall ipv4 name <name> rule <1-999999>
- ipsec [match-ipsec | match-none]
+ ipsec [match-ipsec-in | match-ipsec-out | match-none-in | match-none-out]
Match based on ipsec.
diff --git a/docs/configuration/firewall/ipv6.rst b/docs/configuration/firewall/ipv6.rst
index 0c995c12..c579b6d1 100644
--- a/docs/configuration/firewall/ipv6.rst
+++ b/docs/configuration/firewall/ipv6.rst
@@ -762,13 +762,13 @@ geoip) to keep database and rules updated.
invert the criteria to match is also supported. For example ``!IFACE_GROUP``
.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>
- ipsec [match-ipsec | match-none]
+ ipsec [match-ipsec-in | match-ipsec-out | match-none-in | match-none-out]
.. cfgcmd:: set firewall ipv6 input filter rule <1-999999>
- ipsec [match-ipsec | match-none]
+ ipsec [match-ipsec-in | match-none-in]
.. cfgcmd:: set firewall ipv6 output filter rule <1-999999>
- ipsec [match-ipsec | match-none]
+ ipsec [match-ipsec-out | match-none-out]
.. cfgcmd:: set firewall ipv6 name <name> rule <1-999999>
- ipsec [match-ipsec | match-none]
+ ipsec [match-ipsec-in | match-ipsec-out | match-none-in | match-none-out]
Match based on ipsec.