summaryrefslogtreecommitdiff
path: root/docs/quick-start.rst
diff options
context:
space:
mode:
authorNick Anderegg <nick@anderegg.io>2023-09-12 20:52:35 -0400
committerNick Anderegg <nick@anderegg.io>2023-09-12 20:55:59 -0400
commit7e36b163bd0799ed70a13ac01978c53d6553b950 (patch)
treef68da0212bbee90995e827b1ffedf0e80db515aa /docs/quick-start.rst
parent5a57f5968dc45df162f8643a2f575db39087fac9 (diff)
downloadvyos-documentation-7e36b163bd0799ed70a13ac01978c53d6553b950.tar.gz
vyos-documentation-7e36b163bd0799ed70a13ac01978c53d6553b950.zip
quick-start: adding missing rule to allow echo requests
Diffstat (limited to 'docs/quick-start.rst')
-rw-r--r--docs/quick-start.rst24
1 files changed, 14 insertions, 10 deletions
diff --git a/docs/quick-start.rst b/docs/quick-start.rst
index 3a149c78..03bf4e47 100644
--- a/docs/quick-start.rst
+++ b/docs/quick-start.rst
@@ -300,25 +300,29 @@ group to 4 per minute:
Allow Access to Services
------------------------
-We can now configure access to the services running on this router, allowing
-all connections coming from localhost:
+Here we're allowing the router to respond to pings. Then, we can allow access to
+the DNS recursor we configured earlier, accepting traffic bound for port 53 from
+all hosts on the ``NET-INSIDE-v4`` network:
.. code-block:: none
-
set firewall ipv4 input filter rule 30 action 'accept'
- set firewall ipv4 input filter rule 30 source address 127.0.0.0/8
-
-Finally, we can allow access to the DNS recursor we configured earlier,
-accepting traffic bound for port 53 from all hosts on the ``NET-INSIDE-v4``
-network:
-
-.. code-block:: none
+ set firewall ipv4 input filter rule 30 icmp type-name 'echo-request'
+ set firewall ipv4 input filter rule 30 protocol 'icmp'
+ set firewall ipv4 input filter rule 30 state new 'enable'
set firewall ipv4 input filter rule 40 action 'accept'
set firewall ipv4 input filter rule 40 destination port '53'
set firewall ipv4 input filter rule 40 protocol 'tcp_udp'
set firewall ipv4 input filter rule 40 source group network-group NET-INSIDE-v4
+Finally, we can now configure access to the services running on this router, allowing
+all connections coming from localhost:
+
+.. code-block:: none
+
+ set firewall ipv4 input filter rule 50 action 'accept'
+ set firewall ipv4 input filter rule 50 source address 127.0.0.0/8
+
Commit changes, save the configuration, and exit configuration mode:
.. code-block:: none