summaryrefslogtreecommitdiff
path: root/docs/quick-start.rst
diff options
context:
space:
mode:
authorsrividya0208 <a.srividya@vyos.io>2021-08-18 12:58:46 -0400
committersrividya0208 <a.srividya@vyos.io>2021-08-19 00:09:35 -0400
commitc061829d260eef67786e0972b4cac0b3caac52ac (patch)
treec96d62de95b8d03a397d36df9369d8d92b241b29 /docs/quick-start.rst
parent9eb90286c0ca7712e1f55812a5affb18facd8293 (diff)
downloadvyos-documentation-c061829d260eef67786e0972b4cac0b3caac52ac.tar.gz
vyos-documentation-c061829d260eef67786e0972b4cac0b3caac52ac.zip
grammar & spelling correction
Diffstat (limited to 'docs/quick-start.rst')
-rw-r--r--docs/quick-start.rst27
1 files changed, 20 insertions, 7 deletions
diff --git a/docs/quick-start.rst b/docs/quick-start.rst
index 80074179..c82cf4f3 100644
--- a/docs/quick-start.rst
+++ b/docs/quick-start.rst
@@ -1,3 +1,5 @@
+:lastproofread: 2021-08-18
+
.. _quick-start:
Quick Start Guide
@@ -42,6 +44,8 @@ Configure DHCP Server and DNS
And a DNS forwarder:
+.. stop_vyoslinter
+
.. code-block:: none
set service dns forwarding cache-size '0'
@@ -49,6 +53,8 @@ And a DNS forwarder:
set service dns forwarding name-server '8.8.8.8'
set service dns forwarding name-server '8.8.4.4'
+.. start_vyoslinter
+
NAT and Firewall
^^^^^^^^^^^^^^^^
@@ -79,9 +85,11 @@ This configuration creates a proper stateful firewall that blocks all traffic:
set firewall name OUTSIDE-LOCAL rule 20 protocol 'icmp'
set firewall name OUTSIDE-LOCAL rule 20 state new 'enable'
-If you wanted to enable SSH access to your firewall from the the Internet, you could create some additional rules to allow the traffic.
+If you want to enable SSH access to your firewall from the the Internet, you
+could create some additional rules to allow the traffic.
-These rules allow SSH traffic and rate limit it to 4 requests per minute. This blocks brute-forcing attempts:
+These rules allow SSH traffic and rate limit it to 4 requests per minute. This
+blocks brute-forcing attempts:
.. code-block:: none
@@ -103,7 +111,8 @@ Apply the firewall policies:
set interfaces ethernet eth0 firewall in name 'OUTSIDE-IN'
set interfaces ethernet eth0 firewall local name 'OUTSIDE-LOCAL'
-Commit changes, save the configuration, and exit configuration mode:
+Commit the changes, save the configuration, and exit from the configuration
+mode:
.. code-block:: none
@@ -122,7 +131,7 @@ The traffic policy subsystem provides an interface to Linux traffic control
One common use of traffic policy is to limit bandwidth for an interface. In
the example below we limit bandwidth for our LAN connection to 200 Mbit download
-and out WAN connection to 50 Mbit upload:
+and our WAN connection to 50 Mbit upload:
.. code-block:: none
@@ -176,7 +185,8 @@ See further information in the :ref:`qos` chapter.
Security Hardening
^^^^^^^^^^^^^^^^^^
-Especially if you are allowing SSH access from the Internet, there are a few additional configuration steps that should be taken.
+Especially if you are allowing SSH access from the Internet, there are a few
+additional configuration steps that should be taken.
Create a user to replace the default `vyos` user:
@@ -185,7 +195,8 @@ Create a user to replace the default `vyos` user:
set system login user myvyosuser level admin
set system login user myvyosuser authentication plaintext-password mysecurepassword
-Set up SSH key based authentication. For example, on Linux you'd want to run `ssh-keygen -t rsa`. Then the contents of `id_rsa.pub` would be used below:
+Set up SSH key based authentication. For example, on Linux you'd want to run
+`ssh-keygen -t rsa`. Then the contents of `id_rsa.pub` would be used below:
.. code-block:: none
@@ -196,7 +207,9 @@ Or you can use the `loadkey` command. Commit and save.
Finally, try and ssh into the VyOS install as your new user.
-Once you have confirmed that your new user can access your server, without a password, delete the original `vyos` user and disable password authentication into SSH:
+Once you have confirmed that your new user can access your server, without a
+password, delete the original `vyos` user and disable password authentication
+into SSH:
.. code-block:: none