diff options
| m--------- | docs/_include/vyos-1x | 0 | ||||
| -rw-r--r-- | docs/changelog/1.3.rst | 6 | ||||
| -rw-r--r-- | docs/changelog/1.4.rst | 19 | ||||
| -rw-r--r-- | docs/configuration/firewall/index.rst | 24 |
4 files changed, 49 insertions, 0 deletions
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject 300535e2b8b7897bc95ab2b186b4e29ebf98733 +Subproject f75da014ae295e6cdf352754bfd998a453e8174 diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index 5e59755e..b71b630d 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,12 @@ _ext/releasenotes.py +2022-06-20 +========== + +* :vytask:`T1856` (feature): Support configuring IPSec SA bytes + + 2022-06-16 ========== diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index 655417fb..1ef142fe 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,25 @@ _ext/releasenotes.py +2022-06-25 +========== + +* :vytask:`T4482` (bug): dhcp: toggle of "dhcp-options no-default-route" has no effect +* :vytask:`T4483` (feature): Upgrade fastnetmon to v1.2.2 community edition + + +2022-06-22 +========== + +* :vytask:`T1748` (feature): vbash: beautify tab completion output/line breaks + + +2022-06-20 +========== + +* :vytask:`T1856` (feature): Support configuring IPSec SA bytes + + 2022-06-18 ========== diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index 0cbc60c8..5081ce2f 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -323,6 +323,22 @@ There are a lot of matching criteria against which the package can be tested. set firewall name WAN-IN-v4 rule 101 source address !203.0.113.0/24 set firewall ipv6-name WAN-IN-v6 rule 100 source address 2001:db8::202 +.. cfgcmd:: set firewall name <name> rule <1-999999> source geoip country-code + <country> +.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> source geoip + country-code <country> +.. cfgcmd:: set firewall name <name> rule <1-999999> destination geoip + country-code <country> +.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> destination geoip + country-code <country> + +Match IP addresses based on its geolocation. More info: `geoip matching +<https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_ + +Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, +permits redistribution so we can include a database in images(~3MB +compressed). Includes cron script (manually callable by op-mode update +geoip) to keep database and rules updated. .. cfgcmd:: set firewall name <name> rule <1-999999> source mac-address <mac-address> @@ -806,3 +822,11 @@ Example Partial Config } } } + + +Update geoip database +===================== + +.. opcmd:: update geoip + + Command used to update GeoIP database and firewall sets.
\ No newline at end of file |