diff options
author | Robert Göhler <github@ghlr.de> | 2024-03-10 21:01:35 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-03-10 21:01:35 +0100 |
commit | d712c7991ccb00aa91558c27a776907d299aa277 (patch) | |
tree | 13edee1b63a6010b25a21a7b7bc805ef6fa1b090 /docs/configuration | |
parent | 0d37526d22519b7234ccc8023c23ece37e49929c (diff) | |
parent | 5a6d1fd06294f84799a4103df0aa4b69c026533b (diff) | |
download | vyos-documentation-d712c7991ccb00aa91558c27a776907d299aa277.tar.gz vyos-documentation-d712c7991ccb00aa91558c27a776907d299aa277.zip |
Merge pull request #1317 from Giggum/master
Added conntrack-helper rules from T5614 to ipv4 rules documentation
Diffstat (limited to 'docs/configuration')
-rw-r--r-- | docs/configuration/firewall/ipv4.rst | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst index 9a683d22..ff739418 100644 --- a/docs/configuration/firewall/ipv4.rst +++ b/docs/configuration/firewall/ipv4.rst @@ -325,6 +325,29 @@ There are a lot of matching criteria against which the packet can be tested. Match criteria based on connection mark. .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> + conntrack-helper <module> +.. cfgcmd:: set firewall ipv4 input filter rule <1-999999> + conntrack-helper <module> +.. cfgcmd:: set firewall ipv4 output filter rule <1-999999> + conntrack-helper <module> +.. cfgcmd:: set firewall ipv4 name <name> rule <1-999999> + conntrack-helper <module> + + Match based on connection tracking protocol helper module to secure use of + that helper module. See below for possible completions `<module>`. + + .. code-block:: none + + Possible completions: + ftp Related traffic from FTP helper + h323 Related traffic from H.323 helper + pptp Related traffic from PPTP helper + nfs Related traffic from NFS helper + sip Related traffic from SIP helper + tftp Related traffic from TFTP helper + sqlnet Related traffic from SQLNet helper + +.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> source address [address | addressrange | CIDR] .. cfgcmd:: set firewall ipv4 input filter rule <1-999999> source address [address | addressrange | CIDR] |