summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorRobert Göhler <github@ghlr.de>2024-05-06 21:29:23 +0200
committerGitHub <noreply@github.com>2024-05-06 21:29:23 +0200
commit09e7c9ed0c1650140938dd4f4081b6106633a1cb (patch)
treefa15233ff6c7efa5131fcae50a31e45c81f798ee /docs
parent39a997dd95282c09d5f78478998d6c8be57e0ca3 (diff)
parentd6019e8c51e7c75be764b2bddb574fba5dd9ab58 (diff)
downloadvyos-documentation-09e7c9ed0c1650140938dd4f4081b6106633a1cb.tar.gz
vyos-documentation-09e7c9ed0c1650140938dd4f4081b6106633a1cb.zip
Merge pull request #1423 from vyos/mergify/bp/sagitta/pr-1422
Modified old option from 'enable-default-log' to new one 'default-log' (backport #1422)
Diffstat (limited to 'docs')
-rw-r--r--docs/configexamples/zone-policy.rst8
-rw-r--r--docs/configuration/firewall/bridge.rst8
-rw-r--r--docs/configuration/firewall/ipv4.rst8
-rw-r--r--docs/configuration/firewall/ipv6.rst10
-rw-r--r--docs/configuration/policy/route.rst6
5 files changed, 20 insertions, 20 deletions
diff --git a/docs/configexamples/zone-policy.rst b/docs/configexamples/zone-policy.rst
index 6f3d75ec..1af8454a 100644
--- a/docs/configexamples/zone-policy.rst
+++ b/docs/configexamples/zone-policy.rst
@@ -145,7 +145,7 @@ To add logging to the default rule, do:
.. code-block:: none
- set firewall name <ruleSet> enable-default-log
+ set firewall name <ruleSet> default-log
By default, iptables does not allow traffic for established sessions to
@@ -251,7 +251,7 @@ Since we have 4 zones, we need to setup the following rulesets.
Dmz-local
Even if the two zones will never communicate, it is a good idea to
-create the zone-pair-direction rulesets and set enable-default-log. This
+create the zone-pair-direction rulesets and set default-log. This
will allow you to log attempts to access the networks. Without it, you
will never see the connection attempts.
@@ -261,7 +261,7 @@ This is an example of the three base rules.
name wan-lan {
default-action drop
- enable-default-log
+ default-log
rule 1 {
action accept
state {
@@ -285,7 +285,7 @@ Here is an example of an IPv6 DMZ-WAN ruleset.
ipv6-name dmz-wan-6 {
default-action drop
- enable-default-log
+ default-log
rule 1 {
action accept
state {
diff --git a/docs/configuration/firewall/bridge.rst b/docs/configuration/firewall/bridge.rst
index 9fb019c5..bba9e56f 100644
--- a/docs/configuration/firewall/bridge.rst
+++ b/docs/configuration/firewall/bridge.rst
@@ -157,8 +157,8 @@ log options can be defined.
Enable logging for the matched packet. If this configuration command is not
present, then log is not enabled.
-.. cfgcmd:: set firewall bridge forward filter enable-default-log
-.. cfgcmd:: set firewall bridge name <name> enable-default-log
+.. cfgcmd:: set firewall bridge forward filter default-log
+.. cfgcmd:: set firewall bridge name <name> default-log
Use this command to enable the logging of the default action on
the specified chain.
@@ -325,7 +325,7 @@ Configuration example:
.. code-block:: none
set firewall bridge forward filter default-action 'drop'
- set firewall bridge forward filter enable-default-log
+ set firewall bridge forward filter default-log
set firewall bridge forward filter rule 10 action 'continue'
set firewall bridge forward filter rule 10 inbound-interface name 'eth2'
set firewall bridge forward filter rule 10 vlan id '22'
@@ -341,7 +341,7 @@ Configuration example:
set firewall bridge forward filter rule 40 destination mac-address '66:55:44:33:22:11'
set firewall bridge forward filter rule 40 source mac-address '11:22:33:44:55:66'
set firewall bridge name TEST default-action 'accept'
- set firewall bridge name TEST enable-default-log
+ set firewall bridge name TEST default-log
set firewall bridge name TEST rule 10 action 'continue'
set firewall bridge name TEST rule 10 log
set firewall bridge name TEST rule 10 vlan priority '0'
diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst
index ee83967f..840c522e 100644
--- a/docs/configuration/firewall/ipv4.rst
+++ b/docs/configuration/firewall/ipv4.rst
@@ -206,10 +206,10 @@ log options can be defined.
Enable logging for the matched packet. If this configuration command is not
present, then log is not enabled.
-.. cfgcmd:: set firewall ipv4 forward filter enable-default-log
-.. cfgcmd:: set firewall ipv4 input filter enable-default-log
-.. cfgcmd:: set firewall ipv4 output filter enable-default-log
-.. cfgcmd:: set firewall ipv4 name <name> enable-default-log
+.. cfgcmd:: set firewall ipv4 forward filter default-log
+.. cfgcmd:: set firewall ipv4 input filter default-log
+.. cfgcmd:: set firewall ipv4 output filter default-log
+.. cfgcmd:: set firewall ipv4 name <name> default-log
Use this command to enable the logging of the default action on
the specified chain.
diff --git a/docs/configuration/firewall/ipv6.rst b/docs/configuration/firewall/ipv6.rst
index 0aa8a137..c679ffd5 100644
--- a/docs/configuration/firewall/ipv6.rst
+++ b/docs/configuration/firewall/ipv6.rst
@@ -206,10 +206,10 @@ log options can be defined.
Enable logging for the matched packet. If this configuration command is not
present, then log is not enabled.
-.. cfgcmd:: set firewall ipv6 forward filter enable-default-log
-.. cfgcmd:: set firewall ipv6 input filter enable-default-log
-.. cfgcmd:: set firewall ipv6 output filter enable-default-log
-.. cfgcmd:: set firewall ipv6 name <name> enable-default-log
+.. cfgcmd:: set firewall ipv6 forward filter default-log
+.. cfgcmd:: set firewall ipv6 input filter default-log
+.. cfgcmd:: set firewall ipv6 output filter default-log
+.. cfgcmd:: set firewall ipv6 name <name> default-log
Use this command to enable the logging of the default action on
the specified chain.
@@ -1177,7 +1177,7 @@ Example Partial Config
}
name INP-ETH1 {
default-action drop
- enable-default-log
+ default-log
rule 10 {
action accept
protocol tcp_udp
diff --git a/docs/configuration/policy/route.rst b/docs/configuration/policy/route.rst
index 1a85ffc6..45975774 100644
--- a/docs/configuration/policy/route.rst
+++ b/docs/configuration/policy/route.rst
@@ -19,8 +19,8 @@ from 1 - 999999, at the first match the action of the rule will be executed.
Provide a rule-set description.
-.. cfgcmd:: set policy route <name> enable-default-log
-.. cfgcmd:: set policy route6 <name> enable-default-log
+.. cfgcmd:: set policy route <name> default-log
+.. cfgcmd:: set policy route6 <name> default-log
Option to log packets hitting default-action.
@@ -271,4 +271,4 @@ setting a different routing table.
.. cfgcmd:: set policy route <name> rule <n> set tcp-mss <500-1460>
.. cfgcmd:: set policy route6 <name> rule <n> set tcp-mss <500-1460>
- Set packet modifications: Explicitly set TCP Maximum segment size value. \ No newline at end of file
+ Set packet modifications: Explicitly set TCP Maximum segment size value.