summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/cli.rst38
-rw-r--r--docs/commandtree/configmode.rst6
-rw-r--r--docs/commandtree/operationmode.rst39
-rw-r--r--docs/quick-start.rst27
4 files changed, 70 insertions, 40 deletions
diff --git a/docs/cli.rst b/docs/cli.rst
index d5f00a45..4a219eba 100644
--- a/docs/cli.rst
+++ b/docs/cli.rst
@@ -1,3 +1,5 @@
+:lastproofread: 2021-08-16
+
.. _cli:
######################
@@ -12,7 +14,8 @@ Operational Mode
Operational mode allows for commands to perform operational system tasks and
view system and service status, while configuration mode allows for the
-modification of system configuration. The :ref:`command tree page<commandtree>` lists available commands and their functions.
+modification of system configuration. The :ref:`command tree page<commandtree>`
+lists available commands and their functions.
The CLI provides a built-in help system. In the CLI the **[?]** key may be used
to display available commands. The **[tab]** key can be used to auto-complete
@@ -57,7 +60,8 @@ Example showing possible show commands:
: q
vyos@vyos:~$
-You can scroll up with the keys [Shift]+[PageUp] and sroll down with [Shift]+[PageDown].
+You can scroll up with the keys [Shift]+[PageUp] and scroll down with [Shift]+
+[PageDown].
When the output of a command results in more lines than can be displayed on the
terminal screen the output is paginated as indicated by a : prompt.
@@ -83,7 +87,8 @@ To enter configuration mode use the `configure` command:
[edit]
vyos@vyos:~#
-.. note:: Prompt changes from `$` to `#`. To exit configuration mode, type `exit`.
+.. note:: Prompt changes from `$` to `#`. To exit configuration mode, type
+`exit`.
.. code-block:: none
@@ -265,7 +270,7 @@ command.
You are now in a sublevel relative to ``interfaces ethernet eth0``, all
commands executed from this point on are relative to this sublevel. Use
-eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top
+either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top
of the hierarchy. You can also use the :cfgcmd:`up` command to move only
one level up at a time.
@@ -454,8 +459,8 @@ different levels in the hierarchy.
What if you are doing something dangerous? Suppose you want to setup
a firewall, and you are not sure there are no mistakes that will lock
you out of your system. You can use confirmed commit. If you issue
- the ``commit-confirm`` command, your changes will be commited, and if
- you don't issue issue the ``confirm`` command in 10 minutes, your
+ the ``commit-confirm`` command, your changes will be committed, and if
+ you don't issue the ``confirm`` command in 10 minutes, your
system will reboot into previous config revision.
.. code-block:: none
@@ -469,9 +474,9 @@ different levels in the hierarchy.
[edit]
- .. note:: A reboot because you did not enter ``confirm`` will not
- take you necessarily to the *saved configuration*, but to the
- point before the unfortunate commit.
+ .. note:: A reboot will be initiated if you did not enter ``confirm``
+ and will take you necessarily to the last *saved configuration*, but to
+ the point before the unfortunate commit.
.. cfgcmd:: copy
@@ -481,9 +486,8 @@ different levels in the hierarchy.
You can copy and remove configuration subtrees. Suppose you set up a
firewall ruleset ``FromWorld`` with one rule that allows traffic from
specific subnet. Now you want to setup a similar rule, but for
- different subnet. Change your edit level to
- ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then
- modify rule 20.
+ different subnet. Change your edit level to``firewall name FromWorld`` and
+ use ``copy rule 10 to rule 20``, then modify rule 20.
.. code-block:: none
@@ -549,7 +553,7 @@ different levels in the hierarchy.
The ``comment`` command allows you to insert a comment above the
``<config node>`` configuration section. When shown, comments are
enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments
- need to be commited, just like other config changes.
+ need to be committed, just like other config changes.
To remove an existing comment from your current configuration,
specify an empty string enclosed in double quote marks (``""``) as
@@ -671,7 +675,7 @@ VyOS lets you compare different configurations.
7 2013-12-12 16:25:19 vyos by cli
8 2013-12-12 15:44:36 vyos by cli
9 2013-12-12 15:42:07 root by boot-config-loader
- 10 2013-12-12 15:42:06 root by init
+ 10 2013-12-12 15:42:06 root by init
The command :cfgcmd:`compare` allows you to compare different type of
configurations. It also lets you compare different revisions through
@@ -720,7 +724,7 @@ Rollback Changes
================
You can rollback configuration changes using the rollback command. This
-will apply the selected revision and trigger a system reboot.
+will apply to the selected revision and trigger a system reboot.
.. cfgcmd:: rollback <N>
@@ -783,8 +787,8 @@ to load it with the ``load`` command:
Use this command to load a configuration which will replace the
running configuration. Define the location of the configuration file
- to be loaded. You can use a path to a local file, an SCP address, an
- SFTP address, an FTP address, an HTTP address, an HTTPS address or a
+ to be loaded. You can use a path to a local file, a SCP address, a
+ SFTP address, a FTP address, a HTTP address, a HTTPS address or a
TFTP address.
.. code-block:: none
diff --git a/docs/commandtree/configmode.rst b/docs/commandtree/configmode.rst
index 3e398d5a..0a443522 100644
--- a/docs/commandtree/configmode.rst
+++ b/docs/commandtree/configmode.rst
@@ -1,3 +1,5 @@
+:lastproofread: 2021-08-18
+
.. _commandtree_configmode:
Configuration mode
@@ -34,7 +36,7 @@ The ``confirm`` command confirms the prior ``commit-confirm``.
Comment
^^^^^^^
-The ``comment`` commands allow you to insert a comment above the current
+The ``comment`` command allow you to insert a comment above the current
configuration section.
The command cannot be used at the top of the configuration hierarchy, only on
subsections. Comments need to be commited, just like other config changes.
@@ -515,7 +517,7 @@ Show
^^^^
The ``show`` command in the configuration mode displays the configuration and
-show uncommitted changes.
+shows the uncommitted changes.
Shows the whole config, the address and description of eth1 is moving to vlan 2
if you commit the changes.
diff --git a/docs/commandtree/operationmode.rst b/docs/commandtree/operationmode.rst
index 8092f248..78f507b6 100644
--- a/docs/commandtree/operationmode.rst
+++ b/docs/commandtree/operationmode.rst
@@ -1,10 +1,12 @@
+:lastproofread: 2021-08-16
+
.. _commandtree_operationmode:
Operational mode
----------------
-Operational mode allows for commands to perform operational system tasks and view system and service status.
-After this is the first view after the login.
+Operational mode allows for commands to perform operational system tasks and
+view system and service status. This is the first view after the login.
Please see :ref:`cli` for navigation in the CLI
@@ -66,7 +68,8 @@ Clear
Clone
^^^^^
-The ``clone`` command allows you to clone a configuration from a system image to another one, or from the running config to another system image.
+The ``clone`` command allows you to clone a configuration from a system image
+to another one, or from the running config to another system image.
To clone the running config to a system image:
.. code-block:: none
@@ -95,7 +98,8 @@ The ``configure`` command allows you to enter configuration mode.
Connect
^^^^^^^
-The ``connect`` command allows you to bring up a connection oriented interface, like a pppoe interface.
+The ``connect`` command allows you to bring up a connection oriented interface,
+like a pppoe interface.
.. code-block:: none
@@ -104,7 +108,8 @@ The ``connect`` command allows you to bring up a connection oriented interface,
Copy
^^^^
-The ``copy`` command allows you to copy a file to your running config or over images.
+The ``copy`` command allows you to copy a file to your running config or over
+images.
It can look like this example:
@@ -147,7 +152,8 @@ Delete
Disconnect
^^^^^^^^^^
-The ``disconnect`` command allows you to take down a connection oriented interface, like a pppoe interface.
+The ``disconnect`` command allows you to take down a connection oriented
+interface, like a pppoe interface.
.. code-block:: none
@@ -196,7 +202,7 @@ The ``install`` command allows you to install the system image on the disk.
Monitor
^^^^^^^
-``monitor`` can be used to continually view what is happening on the router.
+``monitor`` can be used to continuously view what is happening on the router.
.. code-block:: none
@@ -230,7 +236,8 @@ Monitor
Ping
^^^^
-The ``ping`` command allows you to send an ICMP-EchoRequest packet and display the ICMP-EchoReply received.
+The ``ping`` command allows you to send an ICMP-EchoRequest packet and display
+the ICMP-EchoReply received.
.. code-block:: none
@@ -242,7 +249,8 @@ The ``ping`` command allows you to send an ICMP-EchoRequest packet and display t
Poweroff
^^^^^^^^
-The ``poweroff`` command allows you to properly shut down the VyOS instance. Without any modifier, the command is executed immediately.
+The ``poweroff`` command allows you to properly shut down the VyOS instance.
+Without any modifier, the command is executed immediately.
.. code-block:: none
@@ -254,7 +262,8 @@ The ``poweroff`` command allows you to properly shut down the VyOS instance. Wit
Reboot
^^^^^^
-The ``reboot`` command allows you to properly restart the VyOS instance. Without any modifier, the command is executed immediately.
+The ``reboot`` command allows you to properly restart the VyOS instance. Without
+ any modifier, the command is executed immediately.
.. code-block:: none
@@ -406,8 +415,9 @@ Show
Telnet
^^^^^^
-In the past the ``telnet`` command allowed you to connect remotely to another device using the telnet protocol.
-Telnet is unencrypted and should not use anymore. But its nice to test if an TCP Port to a host is open.
+In the past the ``telnet`` command allowed you to connect remotely to another
+device using the telnet protocol. Telnet is unencrypted and should not be used
+anymore. But its nice to test if a TCP Port to a host is open or not.
.. code-block:: none
@@ -424,7 +434,8 @@ Telnet is unencrypted and should not use anymore. But its nice to test if an TCP
Traceroute
^^^^^^^^^^
-The ``traceroute`` command allows you to trace the path taken to a particular device.
+The ``traceroute`` command allows you to trace the path taken to a particular
+device.
.. code-block:: none
@@ -441,4 +452,4 @@ Update
.. code-block:: none
dns Update DNS information
- webproxy Update webproxy \ No newline at end of file
+ webproxy Update webproxy
diff --git a/docs/quick-start.rst b/docs/quick-start.rst
index 80074179..c82cf4f3 100644
--- a/docs/quick-start.rst
+++ b/docs/quick-start.rst
@@ -1,3 +1,5 @@
+:lastproofread: 2021-08-18
+
.. _quick-start:
Quick Start Guide
@@ -42,6 +44,8 @@ Configure DHCP Server and DNS
And a DNS forwarder:
+.. stop_vyoslinter
+
.. code-block:: none
set service dns forwarding cache-size '0'
@@ -49,6 +53,8 @@ And a DNS forwarder:
set service dns forwarding name-server '8.8.8.8'
set service dns forwarding name-server '8.8.4.4'
+.. start_vyoslinter
+
NAT and Firewall
^^^^^^^^^^^^^^^^
@@ -79,9 +85,11 @@ This configuration creates a proper stateful firewall that blocks all traffic:
set firewall name OUTSIDE-LOCAL rule 20 protocol 'icmp'
set firewall name OUTSIDE-LOCAL rule 20 state new 'enable'
-If you wanted to enable SSH access to your firewall from the the Internet, you could create some additional rules to allow the traffic.
+If you want to enable SSH access to your firewall from the the Internet, you
+could create some additional rules to allow the traffic.
-These rules allow SSH traffic and rate limit it to 4 requests per minute. This blocks brute-forcing attempts:
+These rules allow SSH traffic and rate limit it to 4 requests per minute. This
+blocks brute-forcing attempts:
.. code-block:: none
@@ -103,7 +111,8 @@ Apply the firewall policies:
set interfaces ethernet eth0 firewall in name 'OUTSIDE-IN'
set interfaces ethernet eth0 firewall local name 'OUTSIDE-LOCAL'
-Commit changes, save the configuration, and exit configuration mode:
+Commit the changes, save the configuration, and exit from the configuration
+mode:
.. code-block:: none
@@ -122,7 +131,7 @@ The traffic policy subsystem provides an interface to Linux traffic control
One common use of traffic policy is to limit bandwidth for an interface. In
the example below we limit bandwidth for our LAN connection to 200 Mbit download
-and out WAN connection to 50 Mbit upload:
+and our WAN connection to 50 Mbit upload:
.. code-block:: none
@@ -176,7 +185,8 @@ See further information in the :ref:`qos` chapter.
Security Hardening
^^^^^^^^^^^^^^^^^^
-Especially if you are allowing SSH access from the Internet, there are a few additional configuration steps that should be taken.
+Especially if you are allowing SSH access from the Internet, there are a few
+additional configuration steps that should be taken.
Create a user to replace the default `vyos` user:
@@ -185,7 +195,8 @@ Create a user to replace the default `vyos` user:
set system login user myvyosuser level admin
set system login user myvyosuser authentication plaintext-password mysecurepassword
-Set up SSH key based authentication. For example, on Linux you'd want to run `ssh-keygen -t rsa`. Then the contents of `id_rsa.pub` would be used below:
+Set up SSH key based authentication. For example, on Linux you'd want to run
+`ssh-keygen -t rsa`. Then the contents of `id_rsa.pub` would be used below:
.. code-block:: none
@@ -196,7 +207,9 @@ Or you can use the `loadkey` command. Commit and save.
Finally, try and ssh into the VyOS install as your new user.
-Once you have confirmed that your new user can access your server, without a password, delete the original `vyos` user and disable password authentication into SSH:
+Once you have confirmed that your new user can access your server, without a
+password, delete the original `vyos` user and disable password authentication
+into SSH:
.. code-block:: none