summaryrefslogtreecommitdiff
path: root/docs/configuration
diff options
context:
space:
mode:
authorRobert Göhler <github@ghlr.de>2024-06-18 21:31:18 +0200
committerGitHub <noreply@github.com>2024-06-18 21:31:18 +0200
commit81be6965bb8081de5a25d4c9cf64e9e486b4fe1a (patch)
tree0c409cd54b3053907f072037410afa32454234d8 /docs/configuration
parent1ce53b2fd048ceb9b3f6be7c3567f2efe8335cdb (diff)
parentfe416b56cfa30494172a0310c16fd2787330c7bb (diff)
downloadvyos-documentation-81be6965bb8081de5a25d4c9cf64e9e486b4fe1a.tar.gz
vyos-documentation-81be6965bb8081de5a25d4c9cf64e9e486b4fe1a.zip
Merge pull request #1482 from nicolas-fort/fwall_blueprints
Configuration Blueprints: add new example for firewall+vrf.
Diffstat (limited to 'docs/configuration')
-rw-r--r--docs/configuration/firewall/ipv4.rst8
-rw-r--r--docs/configuration/firewall/ipv6.rst8
2 files changed, 16 insertions, 0 deletions
diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst
index e53f2480..39370c86 100644
--- a/docs/configuration/firewall/ipv4.rst
+++ b/docs/configuration/firewall/ipv4.rst
@@ -732,6 +732,10 @@ geoip) to keep database and rules updated.
For example: ``eth2*``. Prepending character ``!`` for inverted matching
criteria is also supported. For example ``!eth2``
+.. note:: If an interface is attached to a non-default vrf, when using
+ **inbound-interface**, vrf name must be used. For example ``set firewall
+ ipv4 forward filter rule 10 inbound-interface name MGMT``
+
.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
inbound-interface group <iface_group>
.. cfgcmd:: set firewall ipv4 input filter rule <1-999999>
@@ -753,6 +757,10 @@ geoip) to keep database and rules updated.
For example: ``eth2*``. Prepending character ``!`` for inverted matching
criteria is also supported. For example ``!eth2``
+.. note:: If an interface is attached to a non-default vrf, when using
+ **outbound-interface**, real interface name must be used. For example
+ ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``
+
.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
outbound-interface group <iface_group>
.. cfgcmd:: set firewall ipv4 output filter rule <1-999999>
diff --git a/docs/configuration/firewall/ipv6.rst b/docs/configuration/firewall/ipv6.rst
index 423f3e09..511fd51f 100644
--- a/docs/configuration/firewall/ipv6.rst
+++ b/docs/configuration/firewall/ipv6.rst
@@ -723,6 +723,10 @@ geoip) to keep database and rules updated.
For example: ``eth2*``. Prepending character ``!`` for inverted matching
criteria is also supported. For example ``!eth2``
+.. note:: If an interface is attached to a non-default vrf, when using
+ **inbound-interface**, vrf name must be used. For example ``set firewall
+ ipv6 forward filter rule 10 inbound-interface name MGMT``
+
.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>
inbound-interface group <iface_group>
.. cfgcmd:: set firewall ipv6 input filter rule <1-999999>
@@ -744,6 +748,10 @@ geoip) to keep database and rules updated.
For example: ``eth2*``. Prepending character ``!`` for inverted matching
criteria is also supported. For example ``!eth2``
+.. note:: If an interface is attached to a non-default vrf, when using
+ **outbound-interface**, real interface name must be used. For example
+ ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``
+
.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>
outbound-interface group <iface_group>
.. cfgcmd:: set firewall ipv6 output filter rule <1-999999>