summaryrefslogtreecommitdiff
path: root/docs/configuration
diff options
context:
space:
mode:
authorRobert Göhler <github@ghlr.de>2024-03-10 21:01:35 +0100
committerGitHub <noreply@github.com>2024-03-10 21:01:35 +0100
commitd712c7991ccb00aa91558c27a776907d299aa277 (patch)
tree13edee1b63a6010b25a21a7b7bc805ef6fa1b090 /docs/configuration
parent0d37526d22519b7234ccc8023c23ece37e49929c (diff)
parent5a6d1fd06294f84799a4103df0aa4b69c026533b (diff)
downloadvyos-documentation-d712c7991ccb00aa91558c27a776907d299aa277.tar.gz
vyos-documentation-d712c7991ccb00aa91558c27a776907d299aa277.zip
Merge pull request #1317 from Giggum/master
Added conntrack-helper rules from T5614 to ipv4 rules documentation
Diffstat (limited to 'docs/configuration')
-rw-r--r--docs/configuration/firewall/ipv4.rst23
1 files changed, 23 insertions, 0 deletions
diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst
index 9a683d22..ff739418 100644
--- a/docs/configuration/firewall/ipv4.rst
+++ b/docs/configuration/firewall/ipv4.rst
@@ -325,6 +325,29 @@ There are a lot of matching criteria against which the packet can be tested.
Match criteria based on connection mark.
.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
+ conntrack-helper <module>
+.. cfgcmd:: set firewall ipv4 input filter rule <1-999999>
+ conntrack-helper <module>
+.. cfgcmd:: set firewall ipv4 output filter rule <1-999999>
+ conntrack-helper <module>
+.. cfgcmd:: set firewall ipv4 name <name> rule <1-999999>
+ conntrack-helper <module>
+
+ Match based on connection tracking protocol helper module to secure use of
+ that helper module. See below for possible completions `<module>`.
+
+ .. code-block:: none
+
+ Possible completions:
+ ftp Related traffic from FTP helper
+ h323 Related traffic from H.323 helper
+ pptp Related traffic from PPTP helper
+ nfs Related traffic from NFS helper
+ sip Related traffic from SIP helper
+ tftp Related traffic from TFTP helper
+ sqlnet Related traffic from SQLNet helper
+
+.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
source address [address | addressrange | CIDR]
.. cfgcmd:: set firewall ipv4 input filter rule <1-999999>
source address [address | addressrange | CIDR]